Store admin password more securely

2021-11-23 11:55:00 -05:00 · 2021-11-23 11:55:00 -05:00 · 12f16fd1d9
parent 4e3d856128
commit 12f16fd1d9
2 changed files with 35 additions and 14 deletions
--- a/src/authenticate.rs
+++ b/src/authenticate.rs
@ -1,5 +1,5 @@
 use argon2::{
-    password_hash::{PasswordHasher, SaltString},
+    password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString},
    Argon2,
 };

@ -7,19 +7,39 @@ use rocket::State;

 use std::env;

-pub fn check_password(password: &str, salt: &State<SaltString>, argon2: &State<Argon2>) -> bool {
-    let entered_password = password.as_bytes(); // Get the user entered password
-    let hashed_password = argon2 // Hash the password
-        .hash_password(entered_password, &salt.as_ref())
-        .unwrap()
-        .to_string();
-    let mut admin_password = env::var("ADMIN_PASSWD").unwrap(); // Get the provided admin password from the environment variable
-    admin_password = argon2 // Hash the admin password
-        .hash_password(admin_password.as_bytes(), &salt.as_ref())
-        .unwrap()
-        .to_string();
+pub fn admin_password_exists() -> bool {
+    match env::var("ADMIN_PASSWORD") {
+        Ok(_) => return true,
+        Err(_) => return false,
+    }
+}

-    if hashed_password == admin_password {
+pub fn set_admin_password(password: &str, salt: &State<SaltString>, argon2: &State<Argon2>) {
+    let password_hash = argon2
+        .hash_password(password.as_bytes(), &salt.as_ref())
+        .unwrap()
+        .to_string();
+    env::set_var("ADMIN_PASSWORD", &password_hash);
+    info!("{}", password_hash);
+}
+
+pub fn check_password(password: &str, argon2: &State<Argon2>) -> bool {
+    let entered_password = password.as_bytes(); // Get the user entered password
+    let admin_password = match env::var("ADMIN_PASSWORD") {
+        Ok(password) => password,
+        Err(error) => {
+            warn!("{:?}", error);
+            return false;
+        }
+    }; // Get the provided admin password from the environment variable
+
+    if argon2
+        .verify_password(
+            entered_password,
+            &PasswordHash::new(&admin_password).unwrap(),
+        )
+        .is_ok()
+    {
        return true;
    } else {
        return false;
--- a/src/main.rs
+++ b/src/main.rs
@ -46,7 +46,7 @@ impl Fairing for CORS {
 // Launch rocket
 #[launch]
 fn rocket() -> _ {
-    let mut log = paris::Logger::new();
+    let log = paris::Logger::new();
    //env_logger::init();
    info!("Starting up Rocket");

@ -61,6 +61,7 @@ fn rocket() -> _ {
        .mount(
            "/",
            routes![
+                set_password,
                new_order,
                update_order,
                order_info,