argon2 experiment

apps/users.lua

@@ -5,7 +5,7 @@ local constants = require("constants")
 
 local util = require("util")
 
-local bcrypt = require("bcrypt")
+local auth = require("lib.auth")
 local rand = require("openssl.rand")
 
 local models = require("models")
@@ -14,7 +14,7 @@ local Sessions = models.Sessions
 local Avatars = models.Avatars
 
 local function authenticate_user(user, password)
-  return bcrypt.verify(password, user.password_hash)
+  return auth.verify(password, user.password_hash)
 end
 
 local function create_session_key()
@@ -321,7 +321,7 @@ app:post("user_signup", "/signup", function(self)
 
   local new_user = Users:create({
     username = username,
-    password_hash = bcrypt.digest(password, constants.BCRYPT_ROUNDS),
+    password_hash = auth.digest(password),
     permission = constants.PermissionLevel.GUEST,
   })
 

create_default_accounts.lua

@@ -1,4 +1,4 @@
-local bcrypt = require("bcrypt")
+local auth = require("lib.auth")
 local models = require("models")
 local constants = require("constants")
 
@@ -29,7 +29,7 @@ local function create_admin()
     password = password .. alphabet:sub(randi, randi)
   end
 
-  local hash = bcrypt.digest(password, constants.BCRYPT_ROUNDS)
+  local hash = auth.digest(password)
 
   models.Users:create({
     username = username,

docker-compose.yaml

@@ -1,13 +0,0 @@
-# Generate a random secret key
-# export PROD_SECRET_KEY=$(openssl rand -hex 32)
-# Start the container
-# docker-compose up
-version: "3"
-services:
-  porom:
-    build: 
-      context: .
-      args:
-        - PROD_SECRET_KEY=${PROD_SECRET_KEY}
-    ports: 
-      - "8080:8080"

dockerfile

@@ -1,36 +0,0 @@
-# HOW TO:
-#
-# Generate a random secret key & build the Docker image
-# ```sh
-# SECRET_KEY=$(openssl rand -hex 32) docker build --build-arg PROD_SECRET_KEY="$SECRET_KEY" -t porom:latest .
-# ```
-#
-# Then run the container
-# ```sh
-# docker run -d -p 8080:8080 --name porom porom:latest
-# ```
-#
-FROM openresty/openresty:alpine-fat
-COPY ./nginx.conf /usr/local/openresty/nginx/conf/nginx.conf
-COPY . /usr/local/openresty/nginx/html
-WORKDIR /usr/local/openresty/nginx/html
-RUN apk add --no-cache \ 
-    make \
-    git \
-    make \
-    gcc \
-    g++ \
-    musl-dev \
-    libffi-dev \
-    openssl-dev \
-    sqlite-dev \
-    imagemagick-dev \
-    lua5.1 \
-    lua5.1-dev
-RUN eval "$(luarocks --lua-version 5.1 path)"
-RUN luarocks --lua-version 5.1 build --only-deps
-ARG PROD_SECRET_KEY
-RUN echo "return { key = \"${PROD_SECRET_KEY}\",}" > /usr/local/openresty/nginx/html/secrets.lua
-EXPOSE 8080
-RUN chmod +x /usr/local/openresty/nginx/html/start.sh
-ENTRYPOINT ["/usr/local/openresty/nginx/html/start.sh", "production"]

lib/auth.lua

@@ -0,0 +1,16 @@
+local auth = {}
+
+local ls = require "luasodium"
+
+function auth.digest(password)
+  return ls.crypto_pwhash_str(
+    password,
+    ls.crypto_pwhash_OPSLIMIT_INTERACTIVE,
+    ls.crypto_pwhash_MEMLIMIT_INTERACTIVE)
+end
+
+function auth.verify(password, hash)
+  return ls.crypto_pwhash_str_verify(hash, password)
+end
+
+return auth

porom-dev-1.rockspec

@@ -16,7 +16,7 @@ dependencies = {
   "lapis == 1.16.0",
   "lsqlite3",
   "magick",
-  "bcrypt",
+  "luasodium",
   "luaossl",
 }
 

start.sh

@@ -7,9 +7,9 @@ start() {
 first_launch() {
   echo "Setting up for the first time"
   touch ".first_launch.$LAPIS_ENVIRONMENT"
-  lua5.1 schema.lua
+  luajit schema.lua
   lapis migrate
-  lua5.1 create_default_accounts.lua
+  luajit create_default_accounts.lua
 }
 
 if [[ $# -ne 1 ]]; then

views/user/user.etlua

@@ -1,5 +1,5 @@
 <% if infobox then %>
-  <% render("views.common.infobox", pop_infobox) %>
+  <% render("views.common.infobox", infobox) %>
 <% end %>
 <div class="darkbg">
   <h1 class="thread-title">Latest posts by <i><%= user.username %></i></h1>