Mrixs/MrixsCraft-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: migrate passwords from SHA-256 to bcrypt

Browse Source 
- Replace SHA-256 hex hashing with bcrypt (cost 10) for password storage
- VerifyPassword now uses bcrypt.CompareHashAndPassword
- HashPassword returns (string, error) instead of string
- Add IsBcryptHash helper to detect legacy hashes for future migration
- Remove duplicate verifyPassword from api.go (already done in prev commit)
- Promote golang.org/x/crypto to direct dependency
This commit is contained in:
Vladimir Zagainov
2026-05-27 16:31:38 +03:00
parent 01cce981c5
commit 81c42e1a9a
3 changed files with 31 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
internal/api/api.go
View File

@@ -179,7 +179,11 @@ func (h *Handler) register(w http.ResponseWriter, r *http.Request) {
}
uuid := auth.GenerateUUID()
passwordHash := auth.HashPassword(req.Password)
passwordHash, err := auth.HashPassword(req.Password)
if err != nil {
writeError(w, http.StatusInternalServerError, "Failed to hash password")
return
}
_, err = h.db.Pool().Exec(r.Context(),
`INSERT INTO users (username, email, password_hash, uuid, role)