From 9fd161b0e8044ef7969ff4f18817df423f378d3c Mon Sep 17 00:00:00 2001
From: EETagent <vojta.jungmann@gmail.com>
Date: Fri, 28 Oct 2022 15:02:59 +0200
Subject: [PATCH] feat: use random salt for argon2, better security

---
 core/src/crypto.rs | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/core/src/crypto.rs b/core/src/crypto.rs
index 2c9706b..f236fa5 100644
--- a/core/src/crypto.rs
+++ b/core/src/crypto.rs
@@ -35,14 +35,16 @@ pub async fn hash_password(
 
     let hash = tokio::task::spawn_blocking(move || {
         let password = password_plain_text.as_bytes();
-        let salt = "c2VjcmV0bHl0ZXN0aW5nZXZlcnl0aGluZw";
 
-        let encrypted = argon_config.hash_password(password, salt);
-        encrypted
-    })
-    .await??;
+        let salt_str = argon2::password_hash::SaltString::generate(rand::thread_rng());
+        let salt = salt_str.as_salt();
 
-    return Ok(hash.to_string());
+        return argon_config.hash_password(password, &salt).map(|x| x.serialize().to_string());
+    });
+
+    let hash_string = hash.await??;
+
+    return Ok(hash_string);
 }
 
 // TODO: No unwrap for spawn_blocking