From 48e97ea40661b79d4f486e5690b31f93e39c346e Mon Sep 17 00:00:00 2001
From: H4CK3R-01 <resiaknairolf@gmail.com>
Date: Sun, 27 Mar 2022 20:42:11 +0200
Subject: [PATCH] Updated api to use bcrypt

---
 api/helper_functions.py | 9 +++------
 api/models.py           | 2 +-
 api/requirements.txt    | 3 ++-
 3 files changed, 6 insertions(+), 8 deletions(-)

diff --git a/api/helper_functions.py b/api/helper_functions.py
index 3bb74ee..d805602 100644
--- a/api/helper_functions.py
+++ b/api/helper_functions.py
@@ -1,7 +1,6 @@
-import hashlib
 import os
-import uuid
 
+import bcrypt
 import jwt
 from apiflask import abort
 from flask import request, jsonify
@@ -11,13 +10,11 @@ from models import User
 
 
 def hash_password(password):
-    salt = uuid.uuid4().hex
-    return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
 
 
 def check_password(hashed_password, user_password):
-    password, salt = hashed_password.split(':')
-    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
+    return bcrypt.checkpw(hashed_password.encode("utf-8"), user_password)
 
 
 def get_token():
diff --git a/api/models.py b/api/models.py
index 20c4830..f63451a 100644
--- a/api/models.py
+++ b/api/models.py
@@ -4,7 +4,7 @@ from db import db
 class User(db.Model):
     __tablename__ = 'users'
     email = db.Column('email', db.String(255), primary_key=True, nullable=False, unique=True)
-    password = db.Column('password', db.String(255), nullable=False, server_default='')
+    password = db.Column('password', db.BINARY(60), nullable=False)
     username = db.Column('username', db.String(255), nullable=False, server_default='')
     telegram_user_id = db.Column('telegram_user_id', db.String(255), nullable=True, server_default='')
     admin = db.Column('admin', db.Boolean(), server_default='0')
diff --git a/api/requirements.txt b/api/requirements.txt
index bcc5fee..4b9b4eb 100644
--- a/api/requirements.txt
+++ b/api/requirements.txt
@@ -6,4 +6,5 @@ python-dotenv==0.20.0
 pymysql==1.0.2
 pyjwt==2.3.0
 apiflask==0.12.0
-flask-cors==3.0.10
\ No newline at end of file
+flask-cors==3.0.10
+bcrypt==3.1.0
\ No newline at end of file