Use rust-argon2 instead of less-maintained argonautica (#389)

2025-06-28 18:00:37 +02:00 · 2020-12-02 12:29:03 +09:00
parent 876da8cf70
commit 5c8749c2a2
4 changed files with 132 additions and 306 deletions
--- a/simple-auth-server/Cargo.toml
+++ b/simple-auth-server/Cargo.toml
@ -9,8 +9,6 @@ workspace = ".."
 actix-web = "3"
 actix-identity = "0.3"

-# FIXME: Specify the commit hash to use bindgen v0.50.
-argonautica = { git = "https://github.com/bcmyers/argonautica", rev = "67fc8d8d7d67696cd8ca7a59b92531f06b089212" }
 chrono = { version = "0.4.6", features = ["serde"] }
 derive_more = "0.99.0"
 diesel = { version = "1.4.5", features = ["postgres", "uuidv07", "r2d2", "chrono"] }
@ -18,6 +16,7 @@ dotenv = "0.15"
 env_logger = "0.7"
 futures = "0.3.1"
 r2d2 = "0.8"
+rust-argon2 = "0.8"
 lazy_static = "1.4.0"
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
--- a/simple-auth-server/README.md
+++ b/simple-auth-server/README.md
@ -9,7 +9,7 @@
 ##### Crates Used

 - [actix-web](https://crates.io/crates/actix-web) // Actix web is a simple, pragmatic and extremely fast web framework for Rust.
- [argonautica](https://docs.rs/argonautica) // crate for hashing passwords using the cryptographically-secure Argon2 hashing algorithm.
+- [rust-argon2](https://crates.io/crates/rust-argon2) // crate for hashing passwords using the cryptographically-secure Argon2 hashing algorithm.
 - [chrono](https://crates.io/crates/chrono) // Date and time library for Rust.
 - [diesel](https://crates.io/crates/diesel) // A safe, extensible ORM and Query Builder for PostgreSQL, SQLite, and MySQL.
 - [dotenv](https://crates.io/crates/dotenv) // A dotenv implementation for Rust.
--- a/simple-auth-server/src/utils.rs
+++ b/simple-auth-server/src/utils.rs
@ -1,28 +1,26 @@
 use crate::errors::ServiceError;
-use argonautica::{Hasher, Verifier};
+use argon2::{self, Config};

 lazy_static::lazy_static! {
-pub  static ref SECRET_KEY: String = std::env::var("SECRET_KEY").unwrap_or_else(|_| "0123".repeat(8));
+    pub static ref SECRET_KEY: String = std::env::var("SECRET_KEY").unwrap_or_else(|_| "0123".repeat(8));
 }

+const SALT: &'static [u8] = b"supersecuresalt";
+
 // WARNING THIS IS ONLY FOR DEMO PLEASE DO MORE RESEARCH FOR PRODUCTION USE
 pub fn hash_password(password: &str) -> Result<String, ServiceError> {
-    Hasher::default()
-        .with_password(password)
-        .with_secret_key(SECRET_KEY.as_str())
-        .hash()
-        .map_err(|err| {
-            dbg!(err);
-            ServiceError::InternalServerError
-        })
+    let config = Config {
+        secret: SECRET_KEY.as_bytes(),
+        ..Default::default()
+    };
+    argon2::hash_encoded(password.as_bytes(), &SALT, &config).map_err(|err| {
+        dbg!(err);
+        ServiceError::InternalServerError
+    })
 }

 pub fn verify(hash: &str, password: &str) -> Result<bool, ServiceError> {
-    Verifier::default()
-        .with_hash(hash)
-        .with_password(password)
-        .with_secret_key(SECRET_KEY.as_str())
-        .verify()
+    argon2::verify_encoded_ext(hash, password.as_bytes(), SECRET_KEY.as_bytes(), &[])
        .map_err(|err| {
            dbg!(err);
            ServiceError::Unauthorized