From bd2ebe456996a51ad4230ea9c69f2d7c0879cf9d Mon Sep 17 00:00:00 2001
From: bt <bt@rctt.net>
Date: Sun, 24 May 2026 19:17:10 +0200
Subject: [daemon] Authorize using database

---
 core/internal.go | 15 +++++++++++++++
 server/user.go   | 19 +++++++++++++------
 2 files changed, 28 insertions(+), 6 deletions(-)

diff --git a/core/internal.go b/core/internal.go
index e00c0f2..7c80ca9 100644
--- a/core/internal.go
+++ b/core/internal.go
@@ -2,6 +2,7 @@ package core
 
 import (
 	"encoding/base64"
+	"log"
 
 	"golang.org/x/crypto/bcrypt"
 )
@@ -22,3 +23,17 @@ func HashPass(pass string) (string, error) {
 	hash, err := bcrypt.GenerateFromPassword([]byte(pass), 12)
 	return base64.StdEncoding.EncodeToString(hash), err
 }
+
+func CheckPass(pass, hash string) bool {
+	hashBytes, err := base64.StdEncoding.DecodeString(hash)
+	if err != nil {
+		log.Println("cannot decode base64 string:", err)
+		return false
+	}
+
+	if bcrypt.CompareHashAndPassword(hashBytes, []byte(pass)) != nil {
+		return false
+	}
+
+	return true
+}
diff --git a/server/user.go b/server/user.go
index 5b8049f..c27c6a1 100644
--- a/server/user.go
+++ b/server/user.go
@@ -84,15 +84,16 @@ func (s *Server) performUserAuth(conn net.Conn) (string, error) {
 		return "", core.ErrUnexpectedPayloadType
 	}
 
-	// For testing ---
-	if clientAuth.Pass != "valid" {
-		if err := core.Send(conn, core.Error{core.ErrorAuthFailed}); err != nil {
-			log.Println("cannot send auth error:", err)
-		}
+	hash, err := s.Storage.GetUserPass(clientAuth.Name)
+	if err != nil {
+		s.authFail(conn)
+		return "", core.ErrAuthInvalidUser
+	}
 
+	if !core.CheckPass(clientAuth.Pass, hash) {
+		s.authFail(conn)
 		return "", core.ErrAuthInvalidPassword
 	}
-	// ---
 
 	if err := core.Send(conn, core.Success{}); err != nil {
 		return "", err
@@ -101,6 +102,12 @@ func (s *Server) performUserAuth(conn net.Conn) (string, error) {
 	return clientAuth.Name, nil
 }
 
+func (s *Server) authFail(conn net.Conn) {
+	if err := core.Send(conn, core.Error{core.ErrorAuthFailed}); err != nil {
+		log.Println("cannot send auth error:", err)
+	}
+}
+
 func (s *Server) readUserInput(user *User, conn net.Conn) error {
 	for {
 		payload, err := core.Decode(conn)
-- 
cgit v1.2.3