feat: add password hash

2025-07-15 16:41:32 +00:00 · 2024-11-08 16:08:28 +08:00
parent fcd15be025
commit c07562749f
4 changed files with 234 additions and 0 deletions
--- a/frameworks/Rust/axum/Cargo.lock
+++ b/frameworks/Rust/axum/Cargo.lock
@ -47,6 +47,18 @@ version = "1.0.93"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "4c95c10ba0b00a02636238b814946408b1322d5ac4760326e6fb8ec956d85775"

+[[package]]
+name = "argon2"
+version = "0.5.3"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3c3610892ee6e0cbce8ae2700349fcf8f98adb0dbfbee85aec3c9179d29cc072"
+dependencies = [
+ "base64ct",
+ "blake2",
+ "cpufeatures",
+ "password-hash",
+]
+
 [[package]]
 name = "async-compression"
 version = "0.4.17"
@ -162,12 +174,36 @@ version = "0.22.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "72b3254f16251a8381aa12e40e3c4d2f0199f8c6508fbecb9d91f575e0fbb8c6"

+[[package]]
+name = "base64ct"
+version = "1.6.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "8c3c1a368f70d6cf7302d78f8f7093da241fb8e8807c05cc9e51a125895a6d5b"
+
 [[package]]
 name = "bitflags"
 version = "2.6.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "b048fb63fd8b5923fc5aa7b340d8e156aec7ec02f0c78fa8a6ddc2613f6f71de"

+[[package]]
+name = "blake2"
+version = "0.10.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "46502ad458c9a52b69d4d4d32775c788b7a1b85e8bc9d482d92250fc0e3f8efe"
+dependencies = [
+ "digest",
+]
+
+[[package]]
+name = "block-buffer"
+version = "0.10.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "3078c7629b62d3f0439517fa394996acacc5cbc91c5a20d8c658e77abd503a71"
+dependencies = [
+ "generic-array",
+]
+
 [[package]]
 name = "brotli"
 version = "7.0.0"
@ -195,6 +231,12 @@ version = "3.16.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "79296716171880943b8470b5f8d03aa55eb2e645a4874bdbb28adb49162e012c"

+[[package]]
+name = "byteorder"
+version = "1.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
+
 [[package]]
 name = "bytes"
 version = "1.8.0"
@ -218,6 +260,15 @@ version = "1.0.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "baf1de4339761588bc0619e3cbc0120ee582ebb74b53b4efbf79117bd2da40fd"

+[[package]]
+name = "cpufeatures"
+version = "0.2.14"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "608697df725056feaccfa42cffdaeeec3fccc4ffc38358ecd19b243e716a78e0"
+dependencies = [
+ "libc",
+]
+
 [[package]]
 name = "crc32fast"
 version = "1.4.2"
@ -227,6 +278,16 @@ dependencies = [
 "cfg-if",
 ]

+[[package]]
+name = "crypto-common"
+version = "0.1.6"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1bfb12502f3fc46cca1bb51ac28df9d618d813cdc3d2f25b9fe775a34af26bb3"
+dependencies = [
+ "generic-array",
+ "typenum",
+]
+
 [[package]]
 name = "darling"
 version = "0.20.10"
@ -271,6 +332,17 @@ dependencies = [
 "powerfmt",
 ]

+[[package]]
+name = "digest"
+version = "0.10.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9ed9a281f7bc9b7576e61468ba615a66a5c8cfdff42420a70aa82701a3b1e292"
+dependencies = [
+ "block-buffer",
+ "crypto-common",
+ "subtle",
+]
+
 [[package]]
 name = "displaydoc"
 version = "0.2.5"
@ -353,6 +425,16 @@ dependencies = [
 "slab",
 ]

+[[package]]
+name = "generic-array"
+version = "0.14.7"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "85649ca51fd72272d7821adaf274ad91c288277713d9c18820d8499a7ff69e9a"
+dependencies = [
+ "typenum",
+ "version_check",
+]
+
 [[package]]
 name = "getrandom"
 version = "0.2.15"
@ -839,6 +921,17 @@ dependencies = [
 "windows-targets",
 ]

+[[package]]
+name = "password-hash"
+version = "0.5.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "346f04948ba92c43e8469c1ee6736c7563d71012b17d40745260fe106aac2166"
+dependencies = [
+ "base64ct",
+ "rand_core",
+ "subtle",
+]
+
 [[package]]
 name = "pem"
 version = "3.0.4"
@ -860,9 +953,11 @@ name = "phthonus"
 version = "0.1.0"
 dependencies = [
 "anyhow",
+ "argon2",
 "axum",
 "dotenvy",
 "jsonwebtoken",
+ "rand",
 "serde",
 "serde_json",
 "serde_repr",
@ -899,6 +994,15 @@ version = "0.2.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "439ee305def115ba05938db6eb1644ff94165c5ab5e9420d1c1bcedbba909391"

+[[package]]
+name = "ppv-lite86"
+version = "0.2.20"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "77957b295656769bb8ad2b6a6b09d897d94f05c41b069aede1fcdaa675eaea04"
+dependencies = [
+ "zerocopy",
+]
+
 [[package]]
 name = "proc-macro-error-attr2"
 version = "2.0.0"
@ -939,6 +1043,36 @@ dependencies = [
 "proc-macro2",
 ]

+[[package]]
+name = "rand"
+version = "0.8.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "34af8d1a0e25924bc5b7c43c079c942339d8f0a8b57c39049bef581b46327404"
+dependencies = [
+ "libc",
+ "rand_chacha",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_chacha"
+version = "0.3.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "e6c10a63a0fa32252be49d21e7709d4d4baf8d231c2dbce1eaa8141b9b127d88"
+dependencies = [
+ "ppv-lite86",
+ "rand_core",
+]
+
+[[package]]
+name = "rand_core"
+version = "0.6.4"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "ec0be4795e2f6a28069bec0b5ff3e2ac9bafc99e6a9a7dc3547996c5c816922c"
+dependencies = [
+ "getrandom",
+]
+
 [[package]]
 name = "redox_syscall"
 version = "0.5.7"
@ -1175,6 +1309,12 @@ version = "0.11.1"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "7da8b5736845d9f2fcb837ea5d9e2628564b3b043a70948a3f0b778838c5fb4f"

+[[package]]
+name = "subtle"
+version = "2.6.1"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "13c2bddecc57b384dee18652358fb23172facb8a2c51ccc10d74c157bdea3292"
+
 [[package]]
 name = "syn"
 version = "2.0.87"
@ -1463,6 +1603,12 @@ dependencies = [
 "tracing-log",
 ]

+[[package]]
+name = "typenum"
+version = "1.17.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "42ff0bf0c66b8238c6f3b578df37d0b7848e55df8577b3f74f92a69acceeb825"
+
 [[package]]
 name = "unicase"
 version = "2.8.0"
@ -1549,6 +1695,12 @@ version = "0.1.0"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "830b7e5d4d90034032940e4ace0d9a9a057e7a45cd94e6c007832e39edb82f6d"

+[[package]]
+name = "version_check"
+version = "0.9.5"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "0b928f33d975fc6ad9f86c8f283853ad26bdd5b10b7f1542aa2fa15e2289105a"
+
 [[package]]
 name = "wasi"
 version = "0.11.0+wasi-snapshot-preview1"
@ -1741,6 +1893,27 @@ dependencies = [
 "synstructure",
 ]

+[[package]]
+name = "zerocopy"
+version = "0.7.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "1b9b4fd18abc82b8136838da5d50bae7bdea537c574d8dc1a34ed098d6c166f0"
+dependencies = [
+ "byteorder",
+ "zerocopy-derive",
+]
+
+[[package]]
+name = "zerocopy-derive"
+version = "0.7.35"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "fa4f8080344d4671fb4e831a13ad1e68092748387dfc4f55e356242fae12ce3e"
+dependencies = [
+ "proc-macro2",
+ "quote",
+ "syn",
+]
+
 [[package]]
 name = "zerofrom"
 version = "0.1.4"
--- a/frameworks/Rust/axum/Cargo.toml
+++ b/frameworks/Rust/axum/Cargo.toml
@ -16,6 +16,8 @@ anyhow = "1.0.93"
 thiserror = "2.0.0"
 # tools
 dotenvy = "0.15.7"
+argon2 = "0.5.3"
+rand = "0.8.5"
 serde = { version = "1.0.214", features = ["derive", "serde_derive"] }
 serde_json = { version = "1.0.132" }
 serde_repr = "0.1.19"
--- a/frameworks/Rust/axum/src/utils/mod.rs
+++ b/frameworks/Rust/axum/src/utils/mod.rs
@ -2,6 +2,7 @@ use tokio::signal;
 use tracing_subscriber::{fmt, prelude::*, registry, EnvFilter};

 pub mod jwt;
+pub mod password;

 /// Initializes the logger for tracing.
 pub fn init_logger() {
--- a/frameworks/Rust/axum/src/utils/password.rs
+++ b/frameworks/Rust/axum/src/utils/password.rs
@ -0,0 +1,58 @@
+use anyhow::{anyhow, Context};
+use tokio::task;
+
+use argon2::password_hash::SaltString;
+use argon2::{password_hash, Argon2, PasswordHash, PasswordHasher, PasswordVerifier};
+
+/// 生成 hash
+///
+/// ## Arguments
+///
+/// - `password`: 用户输入的明文密码
+pub async fn hash(password: String) -> anyhow::Result<String> {
+    task::spawn_blocking(move || {
+        let salt = SaltString::generate(rand::thread_rng());
+        Ok(Argon2::default()
+            .hash_password(password.as_bytes(), &salt)
+            .map_err(|e| anyhow!(e).context("failed to hash password"))?
+            .to_string())
+    })
+    .await
+    .context("panic in hash()")?
+}
+
+/// 验证 hash
+///
+/// ## Arguments
+///
+/// - `password`: 用户输入的明文密码
+/// - `hash`：数据库中保存的 hash
+pub async fn verify(password: String, hash: String) -> anyhow::Result<bool> {
+    task::spawn_blocking(move || {
+        let hash = PasswordHash::new(&hash)
+            .map_err(|e| anyhow!(e).context("BUG: password hash invalid"))?;
+
+        let res = Argon2::default().verify_password(password.as_bytes(), &hash);
+
+        match res {
+            Ok(()) => Ok(true),
+            Err(password_hash::Error::Password) => Ok(false),
+            Err(e) => Err(anyhow!(e).context("failed to verify password")),
+        }
+    })
+    .await
+    .context("panic in verify()")?
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    #[tokio::test]
+    async fn hash_works() {
+        let passwd = "xfyxfy";
+        let hashed = hash(passwd.to_string()).await.unwrap();
+        let verified = verify(passwd.to_string(), hashed).await.unwrap();
+        assert!(verified)
+    }
+}