Added checks of the master password for /add_account and /get_account

2023-04-27 19:38:34 +03:00
parent 3f8adb96f9
commit 8aadf96020
8 changed files with 79 additions and 23 deletions
--- a/src/entity/account.rs
+++ b/src/entity/account.rs
@ -86,19 +86,14 @@ impl Model {
    }
 }

-#[derive(Copy, Clone, EnumIter, DeriveColumn, Debug)]
-enum GetNamesQuery {
-    AccountName,
-}
-
 impl Entity {
    /// Gets a list of account names of a user
    pub async fn get_names(user_id: u64, db: &DatabaseConnection) -> crate::Result<Vec<String>> {
        Self::find()
            .select_only()
-            .column_as(Column::Name, GetNamesQuery::AccountName)
+            .column(Column::Name)
            .filter(Column::UserId.eq(user_id))
-            .into_values::<_, GetNamesQuery>()
+            .into_tuple()
            .all(db)
            .await
            .map_err(|err| err.into())
--- a/src/entity/master_pass.rs
+++ b/src/entity/master_pass.rs
@ -20,22 +20,38 @@ pub enum Relation {}

 impl ActiveModelBehavior for ActiveModel {}

+fn hash_password(password: &[u8], salt: &[u8]) -> crate::Result<Vec<u8>> {
+    let params = Params::new(14, Params::RECOMMENDED_R, Params::RECOMMENDED_P, 64)?;
+    let mut password_hash = vec![0; 64];
+    scrypt(password.as_ref(), &salt, &params, &mut password_hash)?;
+    Ok(password_hash)
+}
+
 impl ActiveModel {
    pub fn from_unencrypted(user_id: u64, password: &str) -> crate::Result<Self> {
        let mut salt = vec![0; 64];
        OsRng.fill_bytes(&mut salt);
-        let params = Params::new(
-            Params::RECOMMENDED_LOG_N,
-            Params::RECOMMENDED_R,
-            Params::RECOMMENDED_P,
-            64,
-        )?;
-        let mut password_hash = vec![0; 64];
-        scrypt(password.as_ref(), &salt, &params, &mut password_hash)?;
+        let password_hash = Set(hash_password(password.as_ref(), &salt)?);
        Ok(Self {
            user_id: Set(user_id),
            salt: Set(salt),
-            password_hash: Set(password_hash),
+            password_hash,
        })
    }
 }
+
+impl Entity {
+    pub async fn verify_master_pass(
+        user_id: u64,
+        master_pass: &str,
+        db: &DatabaseConnection,
+    ) -> crate::Result<Option<bool>> {
+        let model = match Self::find_by_id(user_id).one(db).await {
+            Ok(Some(model)) => model,
+            Ok(None) => return Ok(None),
+            Err(err) => return Err(err.into()),
+        };
+        let password_hash = hash_password(master_pass.as_ref(), &model.salt)?;
+        Ok(Some(password_hash == model.password_hash))
+    }
+}