can check hashed passwords

server/db/sqlite.go

@@ -49,6 +49,32 @@ func (db *SQLite) CreateUser(name, pass, salt string) error {
 }
 
 func (db *SQLite) CheckPassword(name, pass string) error {
+	rows, err := db.db.Query(`
+	select phash, psalt from users where name = ?;
+	`, name)
+	if err != nil {
+		return fmt.Errorf("failed to fetch row for user %s: %v", name, err)
+	}
+	defer rows.Close()
+
+	scannedRows := 0
+	for rows.Next() {
+		var (
+			dbhash string
+			dbsalt string
+		)
+		if err := rows.Scan(&dbhash, &dbsalt); err != nil {
+			return fmt.Errorf("failed to scan row: %v", err)
+		}
+		scannedRows++
+		if err := bcrypt.CompareHashAndPassword([]byte(dbhash), []byte(pass+dbsalt)); err != nil {
+			return fmt.Errorf("failed hash match: %v", err)
+		}
+	}
+	if scannedRows == 0 {
+		return fmt.Errorf("no such user")
+	}
+
 	return nil
 }
 

server/main.go

@@ -78,6 +78,20 @@ func runUserCreate(cmd *cobra.Command, args []string) {
 	fmt.Printf("created:\n\tuser:\t%s\n\tpass:\t%s\n", user, pass)
 }
 
+func runUserCheckPassword(cmd *cobra.Command, args []string) {
+	conn, err := db.OpenSQLite(cmd.Flag("db").Value.String())
+	if err != nil {
+		fmt.Fprintf(os.Stderr, "unable to open sqlite database: %v\n", err)
+	}
+	defer conn.Close()
+
+	user := args[0]
+	pass := args[1]
+	if err := conn.CheckPassword(user, pass); err != nil {
+		fmt.Fprintf(os.Stderr, "failed password check: %v\n", err)
+	}
+}
+
 func main() {
 	cmd := &cobra.Command{
 		Use: "kloam",
@@ -106,5 +120,13 @@ func main() {
 	}
 	user.AddCommand(userCreate)
 
+	userCheckPassword := &cobra.Command{
+		Use:   "check-password",
+		Short: "checks a users password",
+		Args:  cobra.ExactArgs(2),
+		Run:   runUserCheckPassword,
+	}
+	user.AddCommand(userCheckPassword)
+
 	cmd.Execute()
 }