From 2420f1e75d54a5f209b0267715f078a369d81eb1 Mon Sep 17 00:00:00 2001
From: Owen Jacobson <owen@grimoire.ca>
Date: Sun, 23 Mar 2025 15:58:33 -0400
Subject: Rename the `login` module to `user`.

---
 src/user/password.rs | 65 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 65 insertions(+)
 create mode 100644 src/user/password.rs

(limited to 'src/user/password.rs')

diff --git a/src/user/password.rs b/src/user/password.rs
new file mode 100644
index 0000000..e1d164e
--- /dev/null
+++ b/src/user/password.rs
@@ -0,0 +1,65 @@
+use std::fmt;
+
+use argon2::Argon2;
+use password_hash::{PasswordHash, PasswordHasher, PasswordVerifier, SaltString};
+use rand_core::OsRng;
+
+use crate::normalize::nfc;
+
+#[derive(sqlx::Type)]
+#[sqlx(transparent)]
+pub struct StoredHash(String);
+
+impl StoredHash {
+    pub fn verify(&self, password: &Password) -> Result<bool, password_hash::Error> {
+        let hash = PasswordHash::new(&self.0)?;
+
+        match Argon2::default().verify_password(password.as_bytes(), &hash) {
+            // Successful authentication, not an error
+            Ok(()) => Ok(true),
+            // Unsuccessful authentication, also not an error
+            Err(password_hash::errors::Error::Password) => Ok(false),
+            // Password validation failed for some other reason, treat as an error
+            Err(err) => Err(err),
+        }
+    }
+}
+
+impl fmt::Debug for StoredHash {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("StoredHash").field(&"********").finish()
+    }
+}
+
+#[derive(Clone, serde::Deserialize)]
+#[serde(transparent)]
+pub struct Password(nfc::String);
+
+impl Password {
+    pub fn hash(&self) -> Result<StoredHash, password_hash::Error> {
+        let Self(password) = self;
+        let salt = SaltString::generate(&mut OsRng);
+        let argon2 = Argon2::default();
+        let hash = argon2
+            .hash_password(password.as_bytes(), &salt)?
+            .to_string();
+        Ok(StoredHash(hash))
+    }
+
+    fn as_bytes(&self) -> &[u8] {
+        let Self(value) = self;
+        value.as_bytes()
+    }
+}
+
+impl fmt::Debug for Password {
+    fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result {
+        f.debug_tuple("Password").field(&"********").finish()
+    }
+}
+
+impl From<String> for Password {
+    fn from(password: String) -> Self {
+        Password(password.into())
+    }
+}
-- 
cgit v1.2.3