From fffd68764114b7d13f334afd966d37c1ba96de50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maciej=20Krzy=C5=BCanowski?= <krzmaciek@gmail.com>
Date: Fri, 22 Mar 2024 18:12:44 +0100
Subject: [PATCH] Passwords are now stored as bcrypt hashes

---
 go.mod  |  2 ++
 go.sum  |  2 ++
 main.go | 30 ++++++++++++++++++------------
 3 files changed, 22 insertions(+), 12 deletions(-)
 create mode 100644 go.sum

diff --git a/go.mod b/go.mod
index 46178f4..9b1f977 100644
--- a/go.mod
+++ b/go.mod
@@ -1,3 +1,5 @@
 module krzyzanowski.dev/p2pchat
 
 go 1.21.7
+
+require golang.org/x/crypto v0.21.0
diff --git a/go.sum b/go.sum
new file mode 100644
index 0000000..e02e133
--- /dev/null
+++ b/go.sum
@@ -0,0 +1,2 @@
+golang.org/x/crypto v0.21.0 h1:X31++rzVUdKhX5sWmSOFZxx8UW/ldWx55cbf08iNAMA=
+golang.org/x/crypto v0.21.0/go.mod h1:0BP7YvVV9gBbVKyeTG0Gyn+gZm94bibOW5BjDEYAOMs=
diff --git a/main.go b/main.go
index 5a3f8f0..6632d13 100644
--- a/main.go
+++ b/main.go
@@ -9,11 +9,13 @@ import (
 	"os"
 	"sync"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )
 
 type Account struct {
 	nickname string
-	password string
+	passHash []byte
 }
 
 type ServerContext struct {
@@ -169,7 +171,6 @@ func handleEcho(_ *HandlerContext, reqBytes []byte) (resBytes []byte, err error)
 }
 
 func handleListPeers(handlerCtx *HandlerContext, reqBytes []byte) (resBytes []byte, err error) {
-	// For the sake of conciseness -> currently unmarshalling empty slice to empty struct
 	var listPeersReq ListPeersRequest
 	err = json.Unmarshal(reqBytes, &listPeersReq)
 
@@ -215,7 +216,7 @@ func handleAuth(handlerCtx *HandlerContext, reqBytes []byte) (resBytes []byte, e
 
 	if ok {
 		// Check if password matches
-		if authReq.Password == account.password {
+		if bcrypt.CompareHashAndPassword(account.passHash, []byte(authReq.Password)) == nil {
 			authRes = AuthResponse{true}
 			handlerCtx.srvCtx.peersListLock.Lock()
 			handlerCtx.peer.hasAccount = true
@@ -226,14 +227,20 @@ func handleAuth(handlerCtx *HandlerContext, reqBytes []byte) (resBytes []byte, e
 		}
 	} else {
 		authRes = AuthResponse{true}
-		newAcc := Account{authReq.Nickname, authReq.Password}
-		handlerCtx.srvCtx.accountsLock.Lock()
-		handlerCtx.srvCtx.accounts[newAcc.nickname] = &newAcc
-		handlerCtx.srvCtx.accountsLock.Unlock()
-		handlerCtx.srvCtx.peersListLock.Lock()
-		handlerCtx.peer.hasAccount = true
-		handlerCtx.peer.account = &newAcc
-		handlerCtx.srvCtx.peersListLock.Unlock()
+		passHash, err := bcrypt.GenerateFromPassword([]byte(authReq.Password), bcrypt.DefaultCost)
+
+		if err != nil {
+			authRes = AuthResponse{false}
+		} else {
+			newAcc := Account{authReq.Nickname, passHash}
+			handlerCtx.srvCtx.accountsLock.Lock()
+			handlerCtx.srvCtx.accounts[newAcc.nickname] = &newAcc
+			handlerCtx.srvCtx.accountsLock.Unlock()
+			handlerCtx.srvCtx.peersListLock.Lock()
+			handlerCtx.peer.hasAccount = true
+			handlerCtx.peer.account = &newAcc
+			handlerCtx.srvCtx.peersListLock.Unlock()
+		}
 	}
 
 	resBytes, err = json.Marshal(authRes)
@@ -265,7 +272,6 @@ func printConnectedPeers(srvCtx *ServerContext) {
 func runServer() {
 	idCounter := 0
 	srvCtx := &ServerContext{peersList: make([]*Peer, 0), accounts: make(map[string]*Account)}
-	srvCtx.accounts["xd"] = &Account{"xd", "XD"}
 	ln, err := net.Listen("tcp", ":8080")
 
 	if err != nil {