From d63ceba18368bf30671891adacbccb791ec089cb Mon Sep 17 00:00:00 2001 From: potapova-ad Date: Thu, 5 Jun 2025 02:51:31 +0300 Subject: [PATCH 1/3] =?UTF-8?q?=D0=98=D0=B7=D0=BC=D0=B5=D0=BD=D0=B5=D0=BD?= =?UTF-8?q?=D0=B8=D0=B5=20=D0=B2=D0=B7=D0=B0=D0=B8=D0=BC=D0=BE=D0=B4=D0=B5?= =?UTF-8?q?=D0=B9=D1=81=D1=82=D0=B2=D0=B8=D1=8F=20=D1=81=20=D0=B8=D0=BD?= =?UTF-8?q?=D1=81=D1=82=D1=80=D1=83=D0=BC=D0=B5=D0=BD=D1=82=D0=B0=D0=BC?= =?UTF-8?q?=D0=B8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- check-ci => tools/check-ci | 0 tools/prepare.sh | 7 ------- 2 files changed, 7 deletions(-) rename check-ci => tools/check-ci (100%) delete mode 100644 tools/prepare.sh diff --git a/check-ci b/tools/check-ci similarity index 100% rename from check-ci rename to tools/check-ci diff --git a/tools/prepare.sh b/tools/prepare.sh deleted file mode 100644 index 2e3bd9d..0000000 --- a/tools/prepare.sh +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/bash -# TODO: NOT CROSS PLATFORM FIX THIS ISSUE - -cd bank-service && ./cert_gen.sh -cd store-service && ./cert_gen.sh - - From c41e38d1f6d6c72e131d798803f5dc4abe56ff44 Mon Sep 17 00:00:00 2001 From: potapova-ad Date: Thu, 5 Jun 2025 03:28:21 +0300 Subject: [PATCH 2/3] =?UTF-8?q?Fixes=20#66:=20=D0=94=D0=BB=D1=8F=20=D1=85?= =?UTF-8?q?=D1=80=D0=B0=D0=BD=D0=B5=D0=BD=D0=B8=D1=8F=20=D1=85=D0=B5=D1=88?= =?UTF-8?q?=D0=B5=D0=B9=20=D0=BF=D0=B0=D1=80=D0=BE=D0=BB=D0=B5=D0=B9=20?= =?UTF-8?q?=D0=B8=D1=81=D0=BF=D0=BE=D0=BB=D1=8C=D0=B7=D1=83=D0=B5=D0=BC=20?= =?UTF-8?q?brcypt?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- bank-service/bank/database/db.py | 9 ++++++--- bank-service/requirements.txt | 1 + store-service/requirements.txt | 1 + store-service/store/database/db_api.py | 7 ++++--- store-service/store/routes/routes.py | 3 +-- store-service/store/utility/User.py | 13 +++++++------ tools/deGenerator.py | 7 +++++-- 7 files changed, 25 insertions(+), 16 deletions(-) diff --git a/bank-service/bank/database/db.py b/bank-service/bank/database/db.py index 24271c2..9933d23 100644 --- a/bank-service/bank/database/db.py +++ b/bank-service/bank/database/db.py @@ -1,6 +1,6 @@ import os import psycopg -import hashlib +import bcrypt from flask import g @@ -29,7 +29,7 @@ def authenticate(username:int, password:str): WHERE uuid = (%s); """, (username,)) data = cursor.fetchone() - if data and hashlib.md5(password.encode()).hexdigest() == data['phash']: + if data and bcrypt.checkpw(password.encode('utf-8'), data['phash'].encode('utf-8')): return {'id': data['id'], 'uuid': data['uuid']} return None except psycopg.Error as e: @@ -51,7 +51,10 @@ def get_user_balance(user_id:int): raise ValueError('No user with this id') def add_account(uuid:str, password:str): - phash = hashlib.md5(password.encode()).hexdigest() + phash = bcrypt.hashpw( + password.encode('utf-8'), + bcrypt.gensalt(rounds = 12) + ).hexdigest() conn = get_db() try: cursor = conn.cursor() diff --git a/bank-service/requirements.txt b/bank-service/requirements.txt index 2ae8c58..5e916e9 100644 --- a/bank-service/requirements.txt +++ b/bank-service/requirements.txt @@ -1,3 +1,4 @@ psycopg[binary,pool] flask +bcrypt uwsgi diff --git a/store-service/requirements.txt b/store-service/requirements.txt index d74e3de..d3173be 100644 --- a/store-service/requirements.txt +++ b/store-service/requirements.txt @@ -2,4 +2,5 @@ flask uwsgi bleach pillow +bcrypt psycopg[binary,pool] diff --git a/store-service/store/database/db_api.py b/store-service/store/database/db_api.py index 6d32e74..8a24ad0 100644 --- a/store-service/store/database/db_api.py +++ b/store-service/store/database/db_api.py @@ -1,4 +1,5 @@ import psycopg +import bcrypt import os import csv import base64 @@ -117,12 +118,12 @@ def get_game_info(game_id:int)->dict: print(f'execute game query with id={game_id}:{e}') return None -def check_user(user:User)->int: +def check_user(username:str, password:str)->int: db = get_db() cursor = db.cursor() try: cursor.execute( - 'SELECT * FROM store.users WHERE name = %s;', (user.name,) + 'SELECT * FROM store.users WHERE name = %s;', (username,) ) user_data = cursor.fetchone() @@ -130,7 +131,7 @@ def check_user(user:User)->int: raise ValueError('Unknown username') user_data = dict(user_data) - if user_data['password_hash'] == user.phash: + if bcrypt.checkpw(password.encode('utf-8'), user_data['password_hash'].encode('utf-8')): return user_data['id'], user_data['balance'] raise ValueError('Wrong password') diff --git a/store-service/store/routes/routes.py b/store-service/store/routes/routes.py index a3a9179..2643523 100644 --- a/store-service/store/routes/routes.py +++ b/store-service/store/routes/routes.py @@ -122,8 +122,7 @@ def login_register(): username = request.form.get('login_username') password = request.form.get('login_password') try: - user = User(username, password) - user_id, balance = check_user(user) + user_id, balance = check_user(username, password) session['user_id'] = user_id session['balance'] = balance diff --git a/store-service/store/utility/User.py b/store-service/store/utility/User.py index b90bde5..0e7bbe4 100644 --- a/store-service/store/utility/User.py +++ b/store-service/store/utility/User.py @@ -1,4 +1,4 @@ -import hashlib +import bcrypt import re class User(): @@ -24,9 +24,10 @@ def __init__(self, name:str, password:str, repassword:str = None): raise ValueError('Username must have only letters, numbers or _ symbol') self.name = name - self.phash = hashlib.md5(password.encode()).hexdigest() + self.phash = bcrypt.hashpw( + password.encode('utf-8'), + bcrypt.gensalt(rounds=12) + ).decode('utf-8') - if repassword: - rphash = hashlib.md5(repassword.encode()).hexdigest() - if rphash != self.phash: - raise ValueError('Passwords does not matching') + if repassword and not bcrypt.checkpw(repassword.encode('utf-8'), self.phash.encode('utf-8')): + raise ValueError('Passwords does not matching') diff --git a/tools/deGenerator.py b/tools/deGenerator.py index 5328c59..f9483fc 100644 --- a/tools/deGenerator.py +++ b/tools/deGenerator.py @@ -1,5 +1,5 @@ +import bcrypt import csv -import hashlib import random import io import os @@ -40,7 +40,10 @@ def generate_user(idx:int): return [ idx, - hashlib.md5(f'username{idx}'.encode()).hexdigest(), + bcrypt.hashpw( + f'username{idx}'.encode('utf-8'), + bcrypt.gensalt(rounds=12) + ).decode('utf-8'), f'username{idx}', round(random.uniform(0, 10000)) ] From 7ff9098b4278317b283c0951daff0cb725409ab4 Mon Sep 17 00:00:00 2001 From: potapova-ad Date: Thu, 5 Jun 2025 03:33:15 +0300 Subject: [PATCH 3/3] =?UTF-8?q?=D0=A3=D0=BB=D1=83=D1=87=D1=88=D0=B5=D0=BD?= =?UTF-8?q?=D0=BE=20=D0=B2=D0=B7=D0=B0=D0=B8=D0=BC=D0=BE=D0=B4=D0=B5=D0=B9?= =?UTF-8?q?=D1=81=D1=82=D0=B2=D0=B8=D0=B5=20=D1=81=D0=BE=20=D1=81=D1=82?= =?UTF-8?q?=D1=80=D0=B0=D0=BD=D0=B8=D1=86=D0=B5=D0=B9=20=D0=BC=D0=B0=D0=B3?= =?UTF-8?q?=D0=B0=D0=B7=D0=B8=D0=BD=D0=B0:=20=D0=BF=D1=80=D0=B8=20=D0=BF?= =?UTF-8?q?=D0=BB=D0=B0=D0=B2=D0=BD=D0=BE=D0=BC=20=D0=BF=D1=80=D0=BE=D0=BA?= =?UTF-8?q?=D1=80=D1=83=D1=87=D0=B8=D0=B2=D0=B0=D0=BD=D0=B8=D0=B8=20=D0=BD?= =?UTF-8?q?=D0=B5=20=D0=B4=D0=BE=D0=BB=D0=B6=D0=BD=D0=B0=20=D0=BF=D0=BE?= =?UTF-8?q?=D1=8F=D0=B2=D0=BB=D1=8F=D1=82=D1=8C=D1=81=D1=8F=20=D0=BF=D1=80?= =?UTF-8?q?=D0=BE=D0=B1=D0=BB=D0=B5=D0=BC=D0=B0=20=D0=BD=D0=B5=D0=BF=D1=80?= =?UTF-8?q?=D0=B0=D0=B2=D0=B8=D0=BB=D1=8C=D0=BD=D0=B0=D1=8F=20=D0=BF=D1=80?= =?UTF-8?q?=D0=BE=D0=B3=D1=80=D1=83=D0=B7=D0=BA=D0=B0=20=D0=B4=D0=BE=D0=BF?= =?UTF-8?q?=D0=BE=D0=BB=D0=BD=D0=B8=D1=82=D0=B5=D0=BB=D1=8C=D0=BD=D1=8B?= =?UTF-8?q?=D1=85=20=D1=8D=D0=BB=D0=B5=D0=BC=D0=B5=D0=BD=D1=82=D0=BE=D0=B2?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- store-service/store/static/javascripts/Store.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/store-service/store/static/javascripts/Store.js b/store-service/store/static/javascripts/Store.js index 0c118f5..bd634d7 100644 --- a/store-service/store/static/javascripts/Store.js +++ b/store-service/store/static/javascripts/Store.js @@ -41,7 +41,7 @@ async function loadMoreGames() { } function checkScroll() { - const threshold = 200; + const threshold = 70; const { scrollTop, scrollHeight, clientHeight } = document.documentElement; if (scrollTop + clientHeight >= scrollHeight - threshold) {