From 058d93a6fd9f186c46ff8f53a444a914fb226d8a Mon Sep 17 00:00:00 2001
From: Daniel Friesel <derf@finalrewind.org>
Date: Wed, 6 Mar 2019 17:59:00 +0100
Subject: add password hashing

---
 index.pl | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

(limited to 'index.pl')

diff --git a/index.pl b/index.pl
index 856327c..2157c03 100755
--- a/index.pl
+++ b/index.pl
@@ -3,6 +3,7 @@
 use Mojolicious::Lite;
 use Mojolicious::Plugin::Authentication;
 use Cache::File;
+use Crypt::Eksblowfish::Bcrypt qw(bcrypt en_base64);
 use DateTime;
 use DBI;
 use Encode qw(decode encode);
@@ -225,6 +226,23 @@ app->attr(
 	},
 );
 
+sub hash_password {
+	my ($password) = @_;
+	my @salt_bytes = map { int( rand(255) ) + 1 } ( 1 .. 16 );
+	my $salt = en_base64( pack( 'c[16]', @salt_bytes ) );
+
+	return bcrypt( $password, '$2a$12$' . $salt );
+}
+
+sub check_password {
+	my ( $password, $hash ) = @_;
+
+	if ( bcrypt( $password, $hash ) eq $hash ) {
+		return 1;
+	}
+	return 0;
+}
+
 sub epoch_to_dt {
 	my ($epoch) = @_;
 
-- 
cgit v1.2.3