Encrypt SQL LOGIN password immediately

2016-11-22 13:36:57 +00:00 · 2016-11-22 13:36:57 +00:00 · bb752eb124
commit bb752eb124
parent 5bfe938fcf
4 changed files with 21 additions and 3 deletions
--- a/mem/mem.go
+++ b/mem/mem.go
@ -45,8 +45,8 @@ type TB struct {

 type AC struct {
 	User string
-	Pass string
 	Uniq string
+	Pass []byte
 }

 type TK struct {
--- a/sql/ast.go
+++ b/sql/ast.go
@ -214,7 +214,7 @@ type DefineLoginStatement struct {
 	DB   string `cork:"-" codec:"-"`
 	Kind Token  `cork:"kind" codec:"kind"`
 	User string `cork:"user" codec:"user"`
-	Pass string `cork:"pass" codec:"pass"`
+	Pass []byte `cork:"pass" codec:"pass"`
 }

 // RemoveLoginStatement represents an SQL REMOVE LOGIN statement.
--- a/sql/exprs.go
+++ b/sql/exprs.go
@ -18,6 +18,8 @@ import (
 	"fmt"
 	"regexp"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )

 func (p *parser) parseWhat() (mul []Expr, err error) {
@ -287,6 +289,22 @@ func (p *parser) parseDuration() (time.Duration, error) {

 }

+func (p *parser) parseBcrypt() ([]byte, error) {
+
+	_, lit, err := p.shouldBe(STRING)
+	if err != nil {
+		return nil, &ParseError{Found: lit, Expected: []string{"string"}}
+	}
+
+	val, err := p.declare(STRING, lit)
+	if err != nil {
+		return nil, &ParseError{Found: lit, Expected: []string{"string"}}
+	}
+
+	return bcrypt.GenerateFromPassword([]byte(val.(string)), bcrypt.DefaultCost)
+
+}
+
 func (p *parser) parseExpr() (exp Expr, err error) {

 	// Create the root binary expression tree.
--- a/sql/login.go
+++ b/sql/login.go
@ -50,7 +50,7 @@ func (p *parser) parseDefineLoginStatement() (stmt *DefineLoginStatement, err er
 		return nil, err
 	}

-	if stmt.Pass, err = p.parseString(); err != nil {
+	if stmt.Pass, err = p.parseBcrypt(); err != nil {
 		return nil, err
 	}