fixe password encryption problem

Author: 陈弘桂

admin.sql

@@ -77,7 +77,7 @@ LOCK TABLES `goadmin_users` WRITE;
 
 INSERT INTO `goadmin_users` (`id`, `username`, `password`, `name`, `avatar`, `remember_token`, `created_at`, `updated_at`)
 VALUES
-	(1,'admin','8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918','admin',NULL,'tlNcBVK9AvfYH7WEnwB1RKvocJu8FfRy4um3DJtwdHuJy0dwFsLOgAc0xUfh','2018-05-13 10:00:33','2018-05-13 10:00:33');
+	(1,'admin','$2a$10$YDoHIAPcGpa3/Pm0f5Q/HeAlhOaRUgL.eyF8Ne/Mc1dp9esEQEV5e','admin',NULL,'tlNcBVK9AvfYH7WEnwB1RKvocJu8FfRy4um3DJtwdHuJy0dwFsLOgAc0xUfh','2018-05-13 10:00:33','2018-05-13 10:00:33');
 
 /*!40000 ALTER TABLE `goadmin_users` ENABLE KEYS */;
 UNLOCK TABLES;

auth/auth.go

@@ -1,12 +1,11 @@
 package auth
 
 import (
-	"crypto/sha256"
-	"encoding/hex"
 	"github.com/valyala/fasthttp"
 	"goAdmin/connections/mysql"
 	"strconv"
 	"time"
+	"golang.org/x/crypto/bcrypt"
 )
 
 func Check(password []byte, username string) (user User, ok bool) {
@@ -16,8 +15,7 @@ func Check(password []byte, username string) (user User, ok bool) {
 	if len(admin) < 1 {
 		ok = false
 	} else {
-		hashpwd := EncodePassword(password)
-		if hashpwd == admin[0]["password"].(string) {
+		if ComparePassword(password, admin[0]["password"].(string)) {
 			ok = true
 			user.ID = strconv.FormatInt(admin[0]["id"].(int64), 10)
 			user.Level = "super"
@@ -31,11 +29,21 @@ func Check(password []byte, username string) (user User, ok bool) {
 	return
 }
 
+func ComparePassword(comPwd []byte, pwdHash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(pwdHash), comPwd)
+	if err != nil {
+		return false
+	} else {
+		return true
+	}
+}
+
 func EncodePassword(pwd []byte) string {
-	hash := sha256.New()
-	hash.Write(pwd)
-	md := hash.Sum(nil)
-	return hex.EncodeToString(md)
+	hash, err := bcrypt.GenerateFromPassword(pwd, bcrypt.DefaultCost)
+	if err != nil {
+		return ""
+	}
+	return string(hash[:])
 }
 
 func SetCookie(ctx *fasthttp.RequestCtx, user User) bool {

server.go

@@ -143,7 +143,7 @@ func NotFoundHandler(ctx *fasthttp.RequestCtx)  {
 
 	defer controller.GlobalDeferHandler(ctx)
 
-	if !PathExist(string(ctx.Path())) {
+	if !PathExist("./resources" + string(ctx.Path())) {
 		ctx.SetStatusCode(fasthttp.StatusNotFound)
 		ctx.SetContentType("application/json")
 		ctx.WriteString(`{"code":404, "msg":"route not found"}`)

vendor/vendor.json

@@ -112,6 +112,10 @@
 			"revision": "ceec8f93295a060cdb565ec25e4ccf17941dbd55",
 			"revisionTime": "2016-11-14T21:01:44Z"
 		},
+		{
+			"path": "golang.org/x/crypto/bcrypt",
+			"revision": ""
+		},
 		{
 			"path": "golang.org/x/sys/unix",
 			"revision": ""