block on hashing

2023-12-11 13:27:22 +01:00 · 2023-12-11 13:27:22 +01:00 · 4c4199cbdb
commit 4c4199cbdb
parent 15f41148df
2 changed files with 51 additions and 35 deletions
--- a/ffplayout-api/src/api/routes.rs
+++ b/ffplayout-api/src/api/routes.rs
@ -32,6 +32,7 @@ use regex::Regex;
 use serde::{Deserialize, Serialize};
 use simplelog::*;
 use sqlx::{Pool, Sqlite};
+use tokio::task;

 use crate::db::{
    handles,
@ -160,6 +161,11 @@ pub async fn login(pool: web::Data<Pool<Sqlite>>, credentials: web::Json<User>)
    let conn = pool.into_inner();
    match handles::select_login(&conn, &credentials.username).await {
        Ok(mut user) => {
+            let role = handles::select_role(&conn, &user.role_id.unwrap_or_default())
+                .await
+                .unwrap_or(Role::Guest);
+
+            let res = task::spawn_blocking(move || {
                let pass = user.password.clone();
                let hash = PasswordHash::new(&pass).unwrap();
                user.password = "".into();
@ -168,9 +174,6 @@ pub async fn login(pool: web::Data<Pool<Sqlite>>, credentials: web::Json<User>)
                    .verify_password(credentials.password.as_bytes(), &hash)
                    .is_ok()
                {
-                let role = handles::select_role(&conn, &user.role_id.unwrap_or_default())
-                    .await
-                    .unwrap_or(Role::Guest);
                    let claims = Claims::new(user.id, user.username.clone(), role.clone());

                    if let Ok(token) = create_jwt(claims) {
@ -187,6 +190,7 @@ pub async fn login(pool: web::Data<Pool<Sqlite>>, credentials: web::Json<User>)
                    .with_status(StatusCode::OK)
                } else {
                    error!("Wrong password for {}!", credentials.username);
+
                    web::Json(UserObj {
                        message: "Wrong password!".into(),
                        user: None,
@ -194,6 +198,11 @@ pub async fn login(pool: web::Data<Pool<Sqlite>>, credentials: web::Json<User>)
                    .customize()
                    .with_status(StatusCode::FORBIDDEN)
                }
+            })
+            .await
+            .unwrap();
+
+            res
        }
        Err(e) => {
            error!("Login {} failed! {e}", credentials.username);
--- a/ffplayout-api/src/db/handles.rs
+++ b/ffplayout-api/src/db/handles.rs
@ -8,6 +8,7 @@ use argon2::{
 use rand::{distributions::Alphanumeric, Rng};
 use simplelog::*;
 use sqlx::{migrate::MigrateDatabase, sqlite::SqliteQueryResult, Pool, Sqlite};
+use tokio::task;

 use crate::db::{
    db_pool,
@ -243,17 +244,23 @@ pub async fn insert_user(
    conn: &Pool<Sqlite>,
    user: User,
 ) -> Result<SqliteQueryResult, sqlx::Error> {
+    let password_hash = task::spawn_blocking(move || {
        let salt = SaltString::generate(&mut OsRng);
-    let password_hash = Argon2::default()
+        let hash = Argon2::default()
            .hash_password(user.password.clone().as_bytes(), &salt)
            .unwrap();

+        hash.to_string()
+    })
+    .await
+    .unwrap();
+
    let query = "INSERT INTO user (mail, username, password, role_id) VALUES($1, $2, $3, $4)";

    sqlx::query(query)
        .bind(user.mail)
        .bind(user.username)
-        .bind(password_hash.to_string())
+        .bind(password_hash)
        .bind(user.role_id)
        .execute(conn)
        .await