From 2bfd21de0d60915e478b6034db061481d55471dd Mon Sep 17 00:00:00 2001
From: Udo Heyn <heyn@pks.de>
Date: Wed, 24 Oct 2018 11:24:06 +0200
Subject: [PATCH] password sha1 encryption - only use hashed password in
 database

---
 meta_store.go | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/meta_store.go b/meta_store.go
index daafdbf..af9f56d 100644
--- a/meta_store.go
+++ b/meta_store.go
@@ -12,6 +12,9 @@ import (
 	"time"
 
 	"github.com/boltdb/bolt"
+
+  "crypto/sha1"
+  "encoding/hex"
 )
 
 // MetaStore implements a metadata storage. It stores user credentials and Meta information
@@ -316,7 +319,10 @@ func (s *MetaStore) AddUser(user, pass string) error {
 			return errNoBucket
 		}
 
-		err := bucket.Put([]byte(user), []byte(pass))
+		pass_sha1b := sha1.Sum([]byte(pass))
+		pass_sha1 := hex.EncodeToString(pass_sha1b[:])
+
+		err := bucket.Put([]byte(user), []byte(pass_sha1))
 		if err != nil {
 			return err
 		}
@@ -439,5 +445,8 @@ func (s *MetaStore) Authenticate(user, password string) (string, bool) {
 		return nil
 	})
 
-	return user, value != "" && value == password
+	pass_sha1b := sha1.Sum([]byte(password))
+	pass_sha1 := hex.EncodeToString(pass_sha1b[:])
+
+	return user, value != "" && value == pass_sha1
 }