Add optional FAKTORY_WEBUI_PASSWORD with argon2id, bcrypt, scrypt, and PBKDF2 support
#511
Conversation
|
Looks like some CI failures? |
|
Code looks great and nice PR writeup. Well done. |
| @@ -4,17 +4,17 @@ go 1.24 | |||
|
|
|||
| require ( | |||
| github.com/BurntSushi/toml v1.5.0 | |||
| github.com/contribsys/faktory_worker_go v1.7.0 | |||
There was a problem hiding this comment.
@mperham FYI looks like this module isn't used anymore and tidy dropped it.
|
@mperham should be good for another CI run and ready for merge at your convenience. Needed a |
|
I'm not a fan of creating a new |
|
Makes sense to me. Once I did that, I had a random memory usage test fail in |
Closes #510
New functionality:
FAKTORY_WEBUI_PASSWORDcan be specified. If set, it will configure the Web UI with that password otherwise will fallback toFAKTORY_PASSWORDvalue. This is the existing behaviour for the undocumented TOML config[web]subsystem'spasswordelement.Rationale:
/etc/shadowafter all these years. It's considered the de facto standard for representing password hashes in a non-standardized world of password hashing. It's what's used by Argon2 and the likes. Popular hashing libraries like Python's passlib use it and should come as no surprise to developers using Faktory.golang.org/x/cryptomodule, so we can trust the implementations are cryptographically correct.Interface:
There is a new
passwordmodule withfunc Verify(candidate string, configured string) (bool, error). This is what will allow detection of password hashing algos and match accordingly (or fallback to plaintext).