switch to password hashes

bot/access.go

@@ -5,6 +5,7 @@ import (
 	"regexp"
 	"strings"
 
+	"github.com/raja/argon2pw"
 	"gitlab.com/etke.cc/go/mxidwc"
 	"maunium.net/go/mautrix/id"
 
@@ -85,5 +86,9 @@ func (b *Bot) AllowAuth(email, password string) bool {
 		return false
 	}
 
-	return utils.Compare(password, cfg.Password())
+	allow, err := argon2pw.CompareHashWithPassword(cfg.Password(), password)
+	if err != nil {
+		b.log.Warn("Password for %s is not valid: %v", email, err)
+	}
+	return allow
 }

bot/command_owner.go

@@ -3,6 +3,8 @@ package bot
 import (
 	"context"
 	"fmt"
+
+	"github.com/raja/argon2pw"
 )
 
 func (b *Bot) runStop(ctx context.Context) {
@@ -63,8 +65,11 @@ func (b *Bot) getOption(ctx context.Context, name string) {
 		"To set it to a new value, send a `%s %s VALUE` command.",
 		name, value, b.prefix, name)
 	if name == roomOptionPassword {
-		msg = msg + "\n\n---\n\n" +
-			"**Please, remove that message after reading.**"
+		msg = fmt.Sprintf("Password hash of this room is `%s`\n"+
+			"To set it to a new value, send a `%s %s VALUE` command.\n\n"+
+			"---\n\n"+
+			"**Please, remove that message after reading.**",
+			value, b.prefix, name)
 	}
 	b.SendNotice(ctx, evt.RoomID, msg)
 }
@@ -91,6 +96,14 @@ func (b *Bot) setOption(ctx context.Context, name, value string) {
 		return
 	}
 
+	if name == roomOptionPassword {
+		value, err = argon2pw.GenerateSaltedHash(value)
+		if err != nil {
+			b.Error(ctx, evt.RoomID, "failed to hash password: %v", err)
+			return
+		}
+	}
+
 	old := cfg.Get(name)
 	cfg.Set(name, value)