mirror/rogueserver
1
0
Fork 0
mirror of https://github.com/pagefaultgames/rogueserver.git synced 2025-10-14 15:20:42 +08:00
Code Issues Packages Projects Releases Wiki Activity

Merge 41293d4fc592ef51f7b36f41827a3ba20c905727 into 992746d8ad4718f6ff9de0cd3f8ee47eabcd34b7

Browse Source
This commit is contained in:
Elouan Martinet 2025-10-05 23:33:20 +00:00 committed by GitHub
commit 3cb7965bf2
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
api/account/login.go
View File

@ -18,8 +18,8 @@
package account package account
import ( import (
"bytes"
"crypto/rand" "crypto/rand"
"crypto/subtle"
"database/sql" "database/sql"
"encoding/base64" "encoding/base64"
"errors" "errors"
@ -54,7 +54,7 @@ func Login[T LoginStore](store T, username, password string) (LoginResponse, err
return response, err return response, err
} }
if !bytes.Equal(key, deriveArgon2IDKey([]byte(password), salt)) { if subtle.ConstantTimeCompare(key, deriveArgon2IDKey([]byte(password), salt)) == 0 {
return response, fmt.Errorf("password doesn't match") return response, fmt.Errorf("password doesn't match")
} }