perf: sha256 for user's password (close #3552)

2023-08-06 22:09:17 +08:00
parent 30415cefbe
commit 75acbcc115
4 changed files with 62 additions and 16 deletions
--- a/server/handles/auth.go
+++ b/server/handles/auth.go
@ -28,6 +28,26 @@ type LoginReq struct {

 // Login Deprecated
 func Login(c *gin.Context) {
+	var req LoginReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	req.Password = model.HashPwd(req.Password)
+	loginHash(c, &req)
+}
+
+// LoginHash login with password hashed by sha256
+func LoginHash(c *gin.Context) {
+	var req LoginReq
+	if err := c.ShouldBind(&req); err != nil {
+		common.ErrorResp(c, err, 400)
+		return
+	}
+	loginHash(c, &req)
+}
+
+func loginHash(c *gin.Context, req *LoginReq) {
 	// check count of login
 	ip := c.ClientIP()
 	count, ok := loginCache.Get(ip)
@ -37,19 +57,14 @@ func Login(c *gin.Context) {
 		return
 	}
 	// check username
-	var req LoginReq
-	if err := c.ShouldBind(&req); err != nil {
-		common.ErrorResp(c, err, 400)
-		return
-	}
 	user, err := op.GetUserByName(req.Username)
 	if err != nil {
 		common.ErrorResp(c, err, 400)
 		loginCache.Set(ip, count+1)
 		return
 	}
-	// validate password
-	if err := user.ValidatePassword(req.Password); err != nil {
+	// validate password hash
+	if err := user.ValidatePwdHash(req.Password); err != nil {
 		common.ErrorResp(c, err, 400)
 		loginCache.Set(ip, count+1)
 		return