garrity-software/smolban
1
0
Fork 0
Code Issues Pull requests Releases Activity Actions

Bit of docs

Browse source
This commit is contained in:
Pat Garrity 2026-02-03 07:39:22 -06:00
parent 5481686e08
commit 42e89fa169
Signed by: pfm
GPG key ID: 5CA5D21BAB7F3A76
1 changed files with 14 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

15
modules/db/src/main/scala/gs/smolban/db/doobie/DoobieAuthDb.scala
View file

@ -78,7 +78,7 @@ final class DoobieAuthDb[F[_]: Sync](
initialPermissions: PermissionSet, initialPermissions: PermissionSet,
createdAt: CreatedAt createdAt: CreatedAt
): F[ConnectionIO[Either[DbError, User]]] = ): F[ConnectionIO[Either[DbError, User]]] =
// Prepare Password // Prepare Password -- exchange the encrypted version for a hashed version.
exchangeEncryptedForHash(initialPassword.unwrap()).map { passwordHash => exchangeEncryptedForHash(initialPassword.unwrap()).map { passwordHash =>
// Insert the base user record. // Insert the base user record.
val accountId = AccountId.generate() val accountId = AccountId.generate()
@ -129,6 +129,19 @@ final class DoobieAuthDb[F[_]: Sync](
} }
} }
/** Exchange an encrypted set of bytes for a hashed set of bytes. This is used
* for credential updates. Performs a decrypt followed by a hash.
*
* This function is the _only time_ an incoming credential exists in clear
* text. Note that _generated credentials_ for service accounts are returned
* in clear text (once) so that the user can record them for integration into
* other applications.
*
* @param rsa
* The RSA encrypted bytes.
* @return
* The hashed version of the previously-encrypted data.
*/
private def exchangeEncryptedForHash(rsa: RsaEncryptedBytes): F[Argon2Hash] = private def exchangeEncryptedForHash(rsa: RsaEncryptedBytes): F[Argon2Hash] =
rsaDecryption.decrypt(rsa).flatMap(argon2.calculateHash) rsaDecryption.decrypt(rsa).flatMap(argon2.calculateHash)