Merge branch 'master' into clients-patch

# Conflicts: # util/util.go
2025-07-09 17:34:25 +03:00 · 2022-10-02 12:02:09 +08:00 · 2022-10-02 12:02:09 +08:00 · 59a4ade8c6
commit 59a4ade8c6
parent 05cfe56ab9 887bc778df
14 changed files with 128 additions and 33 deletions
--- a/handler/routes.go
+++ b/handler/routes.go
@ -51,7 +51,18 @@ func Login(db store.IStore) echo.HandlerFunc {
 		}

 		userCorrect := subtle.ConstantTimeCompare([]byte(user.Username), []byte(dbuser.Username)) == 1
-		passwordCorrect := subtle.ConstantTimeCompare([]byte(user.Password), []byte(dbuser.Password)) == 1
+
+		var passwordCorrect bool
+		if dbuser.PasswordHash != "" {
+			match, err := util.VerifyHash(dbuser.PasswordHash, user.Password)
+			if err != nil {
+				return c.JSON(http.StatusInternalServerError, jsonHTTPResponse{false, "Cannot verify password"})
+			}
+			passwordCorrect = match
+		} else {
+			passwordCorrect = subtle.ConstantTimeCompare([]byte(user.Password), []byte(dbuser.Password)) == 1
+		}
+
 		if userCorrect && passwordCorrect {
 			// TODO: refresh the token
 			sess, _ := session.Get("session", c)