switch to password hashes

2022-09-23 11:17:34 +03:00
parent ce53d85806
commit 4bf0f0dee3
5 changed files with 25 additions and 26 deletions
--- a/bot/access.go
+++ b/bot/access.go
@@ -5,6 +5,7 @@ import (
 	"regexp"
 	"strings"

+	"github.com/raja/argon2pw"
 	"gitlab.com/etke.cc/go/mxidwc"
 	"maunium.net/go/mautrix/id"

@@ -85,5 +86,9 @@ func (b *Bot) AllowAuth(email, password string) bool {
 		return false
 	}

-	return utils.Compare(password, cfg.Password())
+	allow, err := argon2pw.CompareHashWithPassword(cfg.Password(), password)
+	if err != nil {
+		b.log.Warn("Password for %s is not valid: %v", email, err)
+	}
+	return allow
 }