From bb752eb1243c7fa403bbb81ba4ee924283630658 Mon Sep 17 00:00:00 2001
From: Tobie Morgan Hitchcock <tobie@abcum.com>
Date: Tue, 22 Nov 2016 13:36:57 +0000
Subject: [PATCH] Encrypt SQL LOGIN password immediately

---
 mem/mem.go   |  2 +-
 sql/ast.go   |  2 +-
 sql/exprs.go | 18 ++++++++++++++++++
 sql/login.go |  2 +-
 4 files changed, 21 insertions(+), 3 deletions(-)

diff --git a/mem/mem.go b/mem/mem.go
index 52f65fc5..34660917 100644
--- a/mem/mem.go
+++ b/mem/mem.go
@@ -45,8 +45,8 @@ type TB struct {
 
 type AC struct {
 	User string
-	Pass string
 	Uniq string
+	Pass []byte
 }
 
 type TK struct {
diff --git a/sql/ast.go b/sql/ast.go
index 2cbbe3e7..2f159c15 100644
--- a/sql/ast.go
+++ b/sql/ast.go
@@ -214,7 +214,7 @@ type DefineLoginStatement struct {
 	DB   string `cork:"-" codec:"-"`
 	Kind Token  `cork:"kind" codec:"kind"`
 	User string `cork:"user" codec:"user"`
-	Pass string `cork:"pass" codec:"pass"`
+	Pass []byte `cork:"pass" codec:"pass"`
 }
 
 // RemoveLoginStatement represents an SQL REMOVE LOGIN statement.
diff --git a/sql/exprs.go b/sql/exprs.go
index f2b85914..7ae147e2 100644
--- a/sql/exprs.go
+++ b/sql/exprs.go
@@ -18,6 +18,8 @@ import (
 	"fmt"
 	"regexp"
 	"time"
+
+	"golang.org/x/crypto/bcrypt"
 )
 
 func (p *parser) parseWhat() (mul []Expr, err error) {
@@ -287,6 +289,22 @@ func (p *parser) parseDuration() (time.Duration, error) {
 
 }
 
+func (p *parser) parseBcrypt() ([]byte, error) {
+
+	_, lit, err := p.shouldBe(STRING)
+	if err != nil {
+		return nil, &ParseError{Found: lit, Expected: []string{"string"}}
+	}
+
+	val, err := p.declare(STRING, lit)
+	if err != nil {
+		return nil, &ParseError{Found: lit, Expected: []string{"string"}}
+	}
+
+	return bcrypt.GenerateFromPassword([]byte(val.(string)), bcrypt.DefaultCost)
+
+}
+
 func (p *parser) parseExpr() (exp Expr, err error) {
 
 	// Create the root binary expression tree.
diff --git a/sql/login.go b/sql/login.go
index 6596fb2f..9d882f91 100644
--- a/sql/login.go
+++ b/sql/login.go
@@ -50,7 +50,7 @@ func (p *parser) parseDefineLoginStatement() (stmt *DefineLoginStatement, err er
 		return nil, err
 	}
 
-	if stmt.Pass, err = p.parseString(); err != nil {
+	if stmt.Pass, err = p.parseBcrypt(); err != nil {
 		return nil, err
 	}