Fix issue 66

bank-service/bank/database/db.py

@@ -1,6 +1,6 @@
 import os
 import psycopg
-import hashlib
+import bcrypt
 
 from flask import g
 
@@ -29,7 +29,7 @@ def authenticate(username:int, password:str):
 			WHERE uuid = (%s);
 		""", (username,))
 		data = cursor.fetchone()
-		if data and hashlib.md5(password.encode()).hexdigest() == data['phash']:
+		if data and bcrypt.checkpw(password.encode('utf-8'), data['phash'].encode('utf-8')):
 			return {'id': data['id'], 'uuid': data['uuid']}
 		return None
 	except psycopg.Error as e:
@@ -51,7 +51,10 @@ def get_user_balance(user_id:int):
 	raise ValueError('No user with this id')
 
 def add_account(uuid:str, password:str):
-	phash = hashlib.md5(password.encode()).hexdigest()
+	phash = bcrypt.hashpw(
+		password.encode('utf-8'),
+		bcrypt.gensalt(rounds = 12)
+	).hexdigest()
 	conn = get_db()
 	try:
 		cursor = conn.cursor()

bank-service/requirements.txt

@@ -1,3 +1,4 @@
 psycopg[binary,pool]
 flask
+bcrypt
 uwsgi

store-service/requirements.txt

@@ -2,4 +2,5 @@ flask
 uwsgi
 bleach
 pillow
+bcrypt
 psycopg[binary,pool]

store-service/store/database/db_api.py

@@ -1,4 +1,5 @@
 import psycopg
+import bcrypt
 import os
 import csv
 import base64
@@ -117,20 +118,20 @@ def get_game_info(game_id:int)->dict:
 		print(f'execute game query with id={game_id}:{e}')
 		return None
 
-def check_user(user:User)->int:
+def check_user(username:str, password:str)->int:
 	db = get_db()
 	cursor = db.cursor()
 	try:
 		cursor.execute(
-			'SELECT * FROM store.users WHERE name = %s;', (user.name,)
+			'SELECT * FROM store.users WHERE name = %s;', (username,)
 		)
 		user_data = cursor.fetchone()
 
 		if not user_data:
 			raise ValueError('Unknown username')
 
 		user_data = dict(user_data)
-		if user_data['password_hash'] == user.phash:
+		if bcrypt.checkpw(password.encode('utf-8'), user_data['password_hash'].encode('utf-8')):
 			return user_data['id'], user_data['balance']
 		raise ValueError('Wrong password')
 

store-service/store/routes/routes.py

@@ -122,8 +122,7 @@ def login_register():
 			username = request.form.get('login_username')
 			password = request.form.get('login_password')
 			try:
-				user = User(username, password)
-				user_id, balance = check_user(user)
+				user_id, balance = check_user(username, password)
 
 				session['user_id'] = user_id
 				session['balance'] = balance

store-service/store/static/javascripts/Store.js

@@ -41,7 +41,7 @@ async function loadMoreGames() {
 }
 
 function checkScroll() {
-    const threshold = 200;
+    const threshold = 70;
     const { scrollTop, scrollHeight, clientHeight } = document.documentElement;
 
     if (scrollTop + clientHeight >= scrollHeight - threshold) {

store-service/store/utility/User.py

@@ -1,4 +1,4 @@
-import hashlib
+import bcrypt
 import re
 
 class User():
@@ -24,9 +24,10 @@ def __init__(self, name:str, password:str, repassword:str = None):
 			raise ValueError('Username must have only letters, numbers or _ symbol')
 
 		self.name = name
-		self.phash = hashlib.md5(password.encode()).hexdigest()
+		self.phash = bcrypt.hashpw(
+			password.encode('utf-8'),
+			bcrypt.gensalt(rounds=12)
+		).decode('utf-8')
 
-		if repassword:
-			rphash = hashlib.md5(repassword.encode()).hexdigest()
-			if rphash != self.phash:
-				raise ValueError('Passwords does not matching')
+		if repassword and not bcrypt.checkpw(repassword.encode('utf-8'), self.phash.encode('utf-8')):
+			raise ValueError('Passwords does not matching')

tools/deGenerator.py

@@ -1,5 +1,5 @@
+import bcrypt
 import csv
-import hashlib
 import random
 import io
 import os
@@ -40,7 +40,10 @@
 def generate_user(idx:int):
 	return [
 		idx,
-		hashlib.md5(f'username{idx}'.encode()).hexdigest(),
+		bcrypt.hashpw(
+			f'username{idx}'.encode('utf-8'),
+			bcrypt.gensalt(rounds=12)
+		).decode('utf-8'),
 		f'username{idx}',
 		round(random.uniform(0, 10000))
 	]