api/helper_functions.py

@@ -1,7 +1,6 @@
-import hashlib
 import os
-import uuid
 
+import bcrypt
 import jwt
 from apiflask import abort
 from flask import request, jsonify
@@ -11,13 +10,11 @@ from models import User
 
 
 def hash_password(password):
-    salt = uuid.uuid4().hex
+    return bcrypt.hashpw(password.encode("utf-8"), bcrypt.gensalt())
-    return hashlib.sha256(salt.encode() + password.encode()).hexdigest() + ':' + salt
 
 
 def check_password(hashed_password, user_password):
-    password, salt = hashed_password.split(':')
+    return bcrypt.checkpw(hashed_password.encode("utf-8"), user_password)
-    return password == hashlib.sha256(salt.encode() + user_password.encode()).hexdigest()
 
 
 def get_token():

api/models.py

@@ -4,7 +4,7 @@ from db import db
 class User(db.Model):
     __tablename__ = 'users'
     email = db.Column('email', db.String(255), primary_key=True, nullable=False, unique=True)
-    password = db.Column('password', db.String(255), nullable=False, server_default='')
+    password = db.Column('password', db.BINARY(60), nullable=False)
     username = db.Column('username', db.String(255), nullable=False, server_default='')
     telegram_user_id = db.Column('telegram_user_id', db.String(255), nullable=True, server_default='')
     admin = db.Column('admin', db.Boolean(), server_default='0')

api/requirements.txt

@@ -6,4 +6,5 @@ python-dotenv==0.20.0
 pymysql==1.0.2
 pyjwt==2.3.0
 apiflask==0.12.0
-flask-cors==3.0.10
+flask-cors==3.0.10
+bcrypt==3.1.0