server-side hashing now uses a salt

2 files changed, 7 insertions, 5 deletions

diff --git a/Cargo.toml b/Cargo.toml
index fdd99da..29f65fd 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -19,4 +19,4 @@ ctrlc = { version = "3.1", features = ["termination"] }
 structopt = "0.3"
 unicode_categories = "0.1.1"
 base64 = "0.12.0"
-sha2 = "0.8.1"
+ring = "0.16.12"
diff --git a/src/auth.rs b/src/auth.rs
index af74b08..9541a2e 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -6,8 +6,8 @@ use std::io::ErrorKind;
 
 use serde_json;
 use serde::{Serialize, Deserialize};
-use sha2::{Sha256, Digest};
-use base64::decode;
+use ring::digest;
+use base64;
 
 use crate::{
 	PlayerId,
@@ -31,13 +31,15 @@ pub enum UserRole {
 pub struct User {
 	pub name: String,
 	pub pass_token: String,
+	pub salt: String,
 	pub role: UserRole
 }
 
 impl User {
 	pub fn validate_token(&self, token: &str) -> bool {
-		if let (Ok(saved), Ok(given)) = (decode(&self.pass_token), decode(token)) {
-			let hashed: Vec<u8> = Sha256::digest(&given)[..].to_vec();
+		if let (Ok(saved), Ok(mut given), Ok(mut salt)) = (base64::decode(&self.pass_token), base64::decode(token), base64::decode(&self.salt)) {
+			given.append(&mut salt);
+			let hashed: Vec<u8> = digest::digest(&digest::SHA256, &given).as_ref().to_vec();
 			hashed == saved
 		} else {
 			false