refactor the password hashing / password autoupgrade system

2018-08-05 22:51:39 -04:00 · 2018-08-05 22:51:39 -04:00 · dfb0a57040
commit dfb0a57040
parent 6260869068
18 changed files with 277 additions and 380 deletions
--- a/irc/config.go
+++ b/irc/config.go
@ -82,6 +82,7 @@ type AccountRegistrationConfig struct {
 		}
 	}
 	AllowMultiplePerConnection bool `yaml:"allow-multiple-per-connection"`
+	BcryptCost                 uint `yaml:"bcrypt-cost"`
 }

 type VHostConfig struct {
@ -152,15 +153,6 @@ type OperConfig struct {
 	Modes     string
 }

-// PasswordBytes returns the bytes represented by the password hash.
-func (conf *OperConfig) PasswordBytes() []byte {
-	bytes, err := passwd.DecodePasswordHash(conf.Password)
-	if err != nil {
-		log.Fatal("decode password error: ", err)
-	}
-	return bytes
-}
-
 // LineLenConfig controls line lengths.
 type LineLenLimits struct {
 	Tags int
@ -384,7 +376,11 @@ func (conf *Config) Operators(oc map[string]*OperClass) (map[string]*Oper, error
 		}
 		oper.Name = name

-		oper.Pass = opConf.PasswordBytes()
+		oper.Pass, err = decodeLegacyPasswordHash(opConf.Password)
+		if err != nil {
+			return nil, err
+		}
+
 		oper.Vhost = opConf.Vhost
 		class, exists := oc[opConf.Class]
 		if !exists {
@ -713,11 +709,14 @@ func LoadConfig(filename string) (config *Config, err error) {
 	config.Channels.defaultModes = ParseDefaultChannelModes(config.Channels.RawDefaultModes)

 	if config.Server.Password != "" {
-		bytes, err := passwd.DecodePasswordHash(config.Server.Password)
+		config.Server.passwordBytes, err = decodeLegacyPasswordHash(config.Server.Password)
 		if err != nil {
 			return nil, err
 		}
-		config.Server.passwordBytes = bytes
+	}
+
+	if config.Accounts.Registration.BcryptCost == 0 {
+		config.Accounts.Registration.BcryptCost = passwd.DefaultCost
 	}

 	return config, nil