From 71744e0d16a23acde3e743c94838dbae9af057a9 Mon Sep 17 00:00:00 2001
From: troido <troido@protonmail.com>
Date: Thu, 23 Apr 2020 23:34:51 +0200
Subject: hash the password server-side too

---
 src/auth.rs | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

(limited to 'src/auth.rs')

diff --git a/src/auth.rs b/src/auth.rs
index 8178593..af74b08 100644
--- a/src/auth.rs
+++ b/src/auth.rs
@@ -3,9 +3,12 @@ use std::path::{PathBuf};
 use std::fs;
 use std::env;
 use std::io::ErrorKind;
-use serde_json;
 
+use serde_json;
 use serde::{Serialize, Deserialize};
+use sha2::{Sha256, Digest};
+use base64::decode;
+
 use crate::{
 	PlayerId,
 	errors::AnyError,
@@ -31,6 +34,17 @@ pub struct User {
 	pub role: UserRole
 }
 
+impl User {
+	pub fn validate_token(&self, token: &str) -> bool {
+		if let (Ok(saved), Ok(given)) = (decode(&self.pass_token), decode(token)) {
+			let hashed: Vec<u8> = Sha256::digest(&given)[..].to_vec();
+			hashed == saved
+		} else {
+			false
+		}
+	}
+}
+
 macro_rules! inv {
 	($code:expr) => {($code).map_err(|err| LoaderError::InvalidResource(Box::new(err)))}
 }
-- 
cgit