From f0354894e4f4bcaad3a695b138f51b3e68d690af Mon Sep 17 00:00:00 2001
From: Wisdurm <luukas.kola@gmail.com>
Date: Wed, 26 Nov 2025 13:59:57 +0200
Subject: [PATCH] Password hashing

---
 .gitignore     | 1 +
 .gitmodules    | 3 +++
 CMakeLists.txt | 3 +++
 deps/libbcrypt | 1 +
 src/main.cpp   | 9 ++++++++-
 5 files changed, 16 insertions(+), 1 deletion(-)
 create mode 160000 deps/libbcrypt

diff --git a/.gitignore b/.gitignore
index 70bcea8..ff6895e 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,4 @@
 build/
 .cache/
 sessions/
+compile_commands.json
diff --git a/.gitmodules b/.gitmodules
index 73d1159..ac81bda 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -1,3 +1,6 @@
 [submodule "deps/libpqxx"]
 	path = deps/libpqxx
 	url = https://github.com/jtv/libpqxx.git
+[submodule "deps/libbcrypt"]
+	path = deps/libbcrypt
+	url = https://github.com/trusch/libbcrypt.git
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3fffb07..b0bc1bc 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -20,6 +20,8 @@ CPMAddPackage(Crow
 # postgresssssqll
 add_subdirectory(deps/libpqxx build-pqxx)
 
+add_subdirectory(${CMAKE_SOURCE_DIR}/deps/libbcrypt)
+include_directories(${CMAKE_SOURCE_DIR}/deps/libbcrypt/include)
 
 add_executable(koivuhaka
 	src/main.cpp
@@ -29,4 +31,5 @@ target_link_libraries(koivuhaka
 	PRIVATE
 	Crow::Crow
 	pqxx
+	bcrypt
 )
diff --git a/deps/libbcrypt b/deps/libbcrypt
new file mode 160000
index 0000000..d6523c3
--- /dev/null
+++ b/deps/libbcrypt
@@ -0,0 +1 @@
+Subproject commit d6523c370de6e724ce4ec703e2449b5b028ea3b1
diff --git a/src/main.cpp b/src/main.cpp
index 6f0af7c..26037a8 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -5,6 +5,8 @@
 #include "crow/multipart_view.h"
 #include "crow/mustache.h"
 #include <pqxx/pqxx>
+#include "bcrypt/BCrypt.hpp"
+
 #include <vector>
 #include <fstream>
 #include <cstdlib>
@@ -15,6 +17,7 @@ namespace utils
 {
 	// Katso onko kirjautumistiedot oikein
 	bool logged_in(const std::string& name, const std::string& password) {
+		const std::string salt = "whatsapp"; // Good enough
 		try
 		{
 			pqxx::connection cx("dbname = postgres user = postgres password = 1234 \
@@ -38,7 +41,8 @@ namespace utils
 				return false;
 			}
 			// Tarkista tiedot
-			return r[0][2].as<std::string>() == password;
+			std::string dbPassword = r[0][2].as<std::string>();
+			return BCrypt::validatePassword(password + salt, dbPassword);
 		}
 		catch (const std::exception &e)
 		{
@@ -97,6 +101,7 @@ int main()
 				CROW_LOG_ERROR << "Incorrect parameters supplied to post request";
 				res.redirect("/");
 				res.end();
+				return;
 			}
 			// Hanki params
 			std::string reqName = req.get_body_params().get("name");
@@ -109,6 +114,7 @@ int main()
 				// Kun POST request ohi, redirect admin sivulle
 				res.redirect("/admin");
 				res.end();
+				return;
 			}
 			else { // Kirjautuminen ei onnistunut
 				CROW_LOG_INFO << "Account " << reqName <<  " failed login";
@@ -131,6 +137,7 @@ int main()
 			// Jos ei kirjauduttu sisään, potki pois
 			res.redirect("/");
 			res.end();
+			return;
 		}
 		// Jatka jos kirjautunut sisään
 		// Renderöi sivu
-- 
2.47.3