Add password hashing to loginHandler

gmemstr · gmemstr · commit 84992b73ebf1 · 2017-10-09T17:34:04.000-07:00
Will create user management page for admins soon as well. This will be fine for the time being though -> https://www.dailycred.com/article/bcrypt-calculator for generating hashes.
diff --git a/.gitignore b/.gitignore
@@ -21,4 +21,5 @@ feed\.rss
 
 assets/static/custom\.css
 
-config\.json
+config\.json
+vendor/
diff --git a/Godeps/Godeps.json b/Godeps/Godeps.json
diff --git a/assets/config/users.json b/assets/config/users.json
@@ -1,4 +1,4 @@
 {
-	"admin": "password1",
-	"gabriel": "password"
+	"admin": "$2a$04$ZAf88Bao4Q768vKfCaKBlOqtPumwKwFhrcpBCdfMWWFX69wyhgTqi",
+	"gabriel": "$2a$04$KrhZ1q6FpOGqs0FVKMYhQ.BTYeVXztnjrM9RbK.0buI1OHfmyNEAy"
 }
diff --git a/router/router.go b/router/router.go
@@ -7,6 +7,7 @@ import (
 	"log"
 	"net/http"
 	"strings"
+	"golang.org/x/crypto/bcrypt"
 
 	"github.com/gorilla/mux"
 	"github.com/gmemstr/pogo/admin"
@@ -146,7 +147,7 @@ func loginHandler() common.Handler {
 
 		// Iterate through map until we find matching username
 		for k, v := range u {
-			if k == username && v == password {
+			if k == username && bcrypt.CompareHashAndPassword([]byte(v), []byte(password)) == nil {
 				// Create a cookie here because the credentials are correct
 				c, err := auth.CreateSession(&common.User{
 					Username: k,

Original file line number	Diff line number	Diff line change
`@@ -1,4 +1,4 @@`
`1`	`1`	`{`
`2`		`- "admin": "password1",`
`3`		`- "gabriel": "password"`
	`2`	`+ "admin": "$2a$04$ZAf88Bao4Q768vKfCaKBlOqtPumwKwFhrcpBCdfMWWFX69wyhgTqi",`
	`3`	`+ "gabriel": "$2a$04$KrhZ1q6FpOGqs0FVKMYhQ.BTYeVXztnjrM9RbK.0buI1OHfmyNEAy"`
`4`	`4`	`}`