From 491cb3eb34d20140aed80dbb9edc39c4db5335d2 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 15 Sep 2024 23:50:41 -0400
Subject: Consolidate most repository types into a repo module.

Having them contained in the individual endpoint groups conveyed an unintended sense that their intended scope was _only_ that endpoint group. It also made most repo-related import paths _quite_ long. This splits up the repos as follows:

* "General applicability" repos - those that are only loosely connected to a single task, and are likely to be shared between tasks - go in crate::repo.

* Specialized repos - those tightly connected to a specific task - go in the module for that task, under crate::PATH::repo.

In both cases, each repo goes in its own submodule, to make it easier to use the module name as a namespace.

Which category a repo goes in is a judgment call. `crate::channel::repo::broadcast` (formerly `channel::repo::messages`) is used outside of `crate::channel`, for example, but its main purpose is to support channel message broadcasts. It could arguably live under `crate::event::repo::channel`, but the resulting namespace is less legible to me.
---
 src/password.rs | 31 +++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 src/password.rs

(limited to 'src/password.rs')

diff --git a/src/password.rs b/src/password.rs
new file mode 100644
index 0000000..b14f728
--- /dev/null
+++ b/src/password.rs
@@ -0,0 +1,31 @@
+use argon2::Argon2;
+use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
+use rand_core::OsRng;
+
+#[derive(Debug, sqlx::Type)]
+#[sqlx(transparent)]
+pub struct StoredHash(String);
+
+impl StoredHash {
+    pub fn new(password: &str) -> Result<Self, password_hash::Error> {
+        let salt = SaltString::generate(&mut OsRng);
+        let argon2 = Argon2::default();
+        let hash = argon2
+            .hash_password(password.as_bytes(), &salt)?
+            .to_string();
+        Ok(Self(hash))
+    }
+
+    pub fn verify(&self, password: &str) -> Result<bool, password_hash::Error> {
+        let hash = PasswordHash::new(&self.0)?;
+
+        match Argon2::default().verify_password(password.as_bytes(), &hash) {
+            // Successful authentication, not an error
+            Ok(()) => Ok(true),
+            // Unsuccessful authentication, also not an error
+            Err(password_hash::errors::Error::Password) => Ok(false),
+            // Password validation failed for some other reason, treat as an error
+            Err(err) => Err(err),
+        }
+    }
+}
-- 
cgit v1.2.3