Implement bcrypt

bcrypt/verifier.go

@@ -0,0 +1,15 @@
+package bcrypt
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Verifier verifys passwords using Bcrypt
+type Verifier struct {
+	cost int
+}
+
+// Verify verifys a Password
+func (bv *Verifier) Verify(password string, hashOnDb string) error {
+	return bcrypt.CompareHashAndPassword([]byte(hashOnDb), []byte(password))
+}

cmd/budgeteer/main.go

@@ -1,6 +1,7 @@
 package main
 
 import (
+	"git.javil.eu/jacob1123/budgeteer/bcrypt"
 	"git.javil.eu/jacob1123/budgeteer/config"
 	"git.javil.eu/jacob1123/budgeteer/http"
 	"git.javil.eu/jacob1123/budgeteer/jwt"
@@ -13,13 +14,15 @@ func main() {
 		panic("Could not load Config from config.json")
 	}
 
+	bv := &bcrypt.Verifier{}
 	db := postgres.Connect(cfg.DatabaseHost, cfg.DatabaseUser, cfg.DatabasePassword, cfg.DatabaseName)
 	us := &postgres.UserService{DB: db}
 	tv := &jwt.TokenVerifier{}
 
 	h := &http.Handler{
-		UserService:   us,
+		UserService:         us,
-		TokenVerifier: tv,
+		TokenVerifier:       tv,
+		CredentialsVerifier: bv,
 	}
 	h.Serve()
 }

http/http.go

@@ -11,8 +11,9 @@ import (
 
 // Handler handles incoming requests
 type Handler struct {
-	UserService   budgeteer.UserService
+	UserService         budgeteer.UserService
-	TokenVerifier budgeteer.TokenVerifier
+	TokenVerifier       budgeteer.TokenVerifier
+	CredentialsVerifier budgeteer.CredentialVerifier
 }
 
 const (
@@ -113,7 +114,7 @@ func (h *Handler) loginPost(c *gin.Context) {
 		return
 	}
 
-	if password != user.Password {
+	if err = h.CredentialsVerifier.Verify(password, user.Password); err != nil {
 		c.AbortWithStatus(http.StatusUnauthorized)
 		return
 	}

user.go

@@ -16,3 +16,8 @@ type UserService interface {
 	CreateUser(u *User) error
 	//DeleteUser(id int) error
 }
+
+// CredentialVerifier verifies the provided credentials
+type CredentialVerifier interface {
+	Verify(password string, hashOnDb string) error
+}