From 4a0316c7970c59937d73744e482acaa524a6741b Mon Sep 17 00:00:00 2001
From: dan <me@danrh.co.uk>
Date: Fri, 12 May 2023 09:47:57 -0400
Subject: fix: hash passwords

---
 main.scm | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

(limited to 'main.scm')

diff --git a/main.scm b/main.scm
index b269e23..a57d8c2 100644
--- a/main.scm
+++ b/main.scm
@@ -112,14 +112,13 @@
 (define (parent-id p) (fifth p))
 (define (children-count p) (sixth p))
 
-
-(define users (alist->hash-table '(("lawrence" . "pw") ("demo" . "pw") ("dan" . "pw"))))
+(define users (alist->hash-table `(("example" . ,(crypt "pw")))))
 
 (define apikeys (make-hash-table))
 
 (define (login username password)
-  (let ([pw-in-db (hash-table-ref/default users username #f)])
-    (and password (equal? password pw-in-db)
+  (let ([pw-hash-in-db (hash-table-ref/default users username #f)])
+    (and password (string=? (crypt password pw-hash-in-db) pw-hash-in-db)
          (let ([apikey (number->string (pseudo-random-integer 340282366920938463463374607431768211455))])
            (hash-table-set! apikeys apikey username)
            apikey))))
-- 
cgit v1.2.3