Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Hash oauth tokens with Argon2 #77

Open
zleyyij opened this issue Jun 27, 2024 · 0 comments
Open

Hash oauth tokens with Argon2 #77

zleyyij opened this issue Jun 27, 2024 · 0 comments
Labels

Comments

@zleyyij
Copy link
Contributor

zleyyij commented Jun 27, 2024

Currently, all oauth access tokens are stored in the database in plaintext. This design decision was made so that further queries could be made to the Discord API if needed, and access to the database would (probably) entail filesystem access, so they would have access to the Github (and discord) API key anyway.

SQL injection wasn't a massive concern of mine at implementation time because all queries were made with parameterized queries, and any queries that returned data of an unexpected shape would either cause a crash, or extra data would be omitted from the response by the serialization step, or sqlx.

In the current implementation, if the appropriate access tokens were obtained, an attacker could use them to access to some discord user info, and could be submitted to Hyde's API to make changes to the wiki (Currently no way to overwrite history through API, any changes made could be reverted).

I believe that one step we could take to increase the security of our application would be implementing token hashing for stored oauth tokens. While this change would prevent us from making subsequent API calls to discord, it would reduce the security risk of an individual having read access to the database. Should there be a point where we need to make subsequent API calls to discord with that token, the application structure could be changed appropriately at that time to reflect that. Tokens expire after 7 days anyway, so I'm not worried about forcing users to re-authenticate because of a breaking change.

Implementing this change would entail using the (argon2)[https://docs.rs/argon2/latest/argon2/] crate to hash API tokens before they are stored in the database, then when validating tokens, hash the provided token before checking it against the database.

@zleyyij zleyyij added the backend Rust label Jun 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant