refactor: cleanup-api-functions (#94)

* cleanup items endpoints * refactor group routes * refactor labels routes * remove old partial * refactor location routes * formatting * update names * cleanup func * speedup test runner with disable hasher * remove duplicate code
2022-10-16 18:50:44 -08:00 · 2022-10-16 18:50:44 -08:00 · 18488f5b15
commit 18488f5b15
parent 434f1fa411
15 changed files with 259 additions and 339 deletions
--- a/backend/pkgs/hasher/password.go
+++ b/backend/pkgs/hasher/password.go
@ -1,13 +1,37 @@
 package hasher

-import "golang.org/x/crypto/bcrypt"
+import (
+	"fmt"
+	"os"
+
+	"golang.org/x/crypto/bcrypt"
+)
+
+var enabled = true
+
+func init() {
+	disableHas := os.Getenv("UNSAFE_DISABLE_PASSWORD_PROJECTION") == "yes_i_am_sure"
+
+	if disableHas {
+		fmt.Println("WARNING: Password projection is disabled. This is unsafe in production.")
+		enabled = false
+	}
+}

 func HashPassword(password string) (string, error) {
+	if !enabled {
+		return password, nil
+	}
+
 	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 14)
 	return string(bytes), err
 }

 func CheckPasswordHash(password, hash string) bool {
+	if !enabled {
+		return password == hash
+	}
+
 	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
 	return err == nil
 }