feat: salting password

database/src/sqlite.rs

@@ -54,7 +54,7 @@ impl Database {
     pub async fn create_user(&self, user: &User) -> Result<SqliteQueryResult, Error> {
         debug!("Creating user - {}", user.username);
 
-        // inster user to a database
+        // insert user to a database
         let query = sqlx::query("INSERT INTO user (id, username, password) VALUES (?, ?, ?)")
             .bind(&user.id)
             .bind(&user.username)

types/src/database/user.rs

@@ -30,6 +30,9 @@ impl User {
         let sha1_name = CryptographicHash::hash(Algorithm::SHA1, username.as_bytes());
         let id = Uuid::new_v5(&Uuid::NAMESPACE_X500, &sha1_name).to_string();
 
+        // salting the password
+        let password = format!("{username}${password}");
+
         // hash password using SHA-512
         let password = hex::encode(CryptographicHash::hash(
             Algorithm::SHA512,
@@ -71,22 +74,47 @@ impl User {
 
 #[cfg(test)]
 mod tests {
+    use crypto_utils::sha::{Algorithm, CryptographicHash};
+
     use super::User;
 
-    /// Check if the username has been changed to lowercase
+    /// Check if the username is in lowercase
     #[test]
     fn check_username_is_in_lowercase() {
-        let user = User::new("MEdzIk", "SuperSecretPassword123!");
+        // example user data
+        let username = "mEDZIk";
+        let password = "password";
 
-        assert_eq!(user.username, "medzik")
+        // username in lowercase (expected username)
+        let username_expected = "medzik";
+
+        // create a new `User` type
+        let user = User::new(username, password);
+
+        // username validation with expected username
+        assert_eq!(user.username, username_expected)
     }
 
-    /// Check that the password is a checksum
+    /// Check that the password is a checksum with a salt
     #[test]
-    fn check_if_password_is_hashed() {
+    fn check_if_password_is_hashed_and_salted() {
+        // example user data
+        let username = "username";
         let password = "password";
-        let user = User::new("test", password);
 
-        assert!(user.password != password)
+        // create a new `User` type
+        let user = User::new(username, password);
+
+        // expected password salt (string)
+        let password_expected_salt = format!("{username}${password}");
+
+        // expected password (hashed)
+        let password_expected = hex::encode(CryptographicHash::hash(
+            Algorithm::SHA512,
+            password_expected_salt.as_bytes(),
+        ));
+
+        // password validation with expected password salt
+        assert_eq!(user.password, password_expected)
     }
 }

website/package.json

@@ -1,41 +0,0 @@
-{
-  "name": "@homedisk/website",
-  "description": "Fast and lightweight local cloud for your data written in Rust",
-  "version": "0.0.0",
-  "author": "MedzikUser <nivua1fn@duck.com>",
-  "license": "GPL-3.0",
-  "scripts": {
-    "dev": "next dev",
-    "build": "next build",
-    "export": "next export",
-    "start": "next start",
-    "lint": "next lint"
-  },
-  "dependencies": {
-    "@babel/core": "7.18.5",
-    "@emotion/react": "11.9.3",
-    "@emotion/styled": "11.9.3",
-    "@fortawesome/fontawesome-svg-core": "6.1.1",
-    "@fortawesome/free-solid-svg-icons": "6.1.1",
-    "@fortawesome/react-fontawesome": "0.1.18",
-    "@mui/icons-material": "5.8.4",
-    "@mui/material": "5.8.4",
-    "@mui/styled-engine-sc": "5.8.0",
-    "axios": "0.27.2",
-    "next": "12.1.6",
-    "react": "18.2.0",
-    "react-cookie": "4.1.1",
-    "react-dom": "18.2.0",
-    "react-is": "18.2.0",
-    "react-toastify": "9.0.4",
-    "styled-components": "5.3.5"
-  },
-  "devDependencies": {
-    "@types/node": "17.0.31",
-    "@types/react": "18.0.12",
-    "@types/styled-components": "5.1.25",
-    "eslint": "8.17.0",
-    "eslint-config-next": "12.1.6",
-    "typescript": "4.7.3"
-  }
-}