From ee583b700b7fc3cdcd86ab8a62246c3545123e46 Mon Sep 17 00:00:00 2001
From: Alper Reha Yazgan <alperreha@gmail.com>
Date: Wed, 7 Feb 2024 00:56:50 +0300
Subject: [PATCH] v9.20.6: bcrypt salt cost from env var support added

---
 README.md        |  6 ++++++
 models/admin.go  | 16 +++++++++++++++-
 models/record.go | 15 ++++++++++++++-
 3 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 8eaefba7f..cf1a37731 100644
--- a/README.md
+++ b/README.md
@@ -61,6 +61,9 @@ export CGO_ENABLED=0
 exprot LOGS_DATABASE="postgresql://user:pass@localhost/logs?sslmode=disable"
 export DATABASE="postgresql://user:pass@localhost/postgres?sslmode=disable"
 
+# optional ENV_VARS
+export BCRYPT_COST=10 # default is 12
+
 # export is success you can run the project ✅
 go run -tags pq ./examples/base serve  
 
@@ -134,6 +137,9 @@ export CGO_ENABLED=0
 export LOGS_DATABASE="postgresql://user:pass@localhost/logs?sslmode=disable"
 export DATABASE="postgresql://user:pass@localhost/postgres?sslmode=disable"
 
+# optional ENV_VARS
+export BCRYPT_COST=10 # default is 12
+
 # run the application
 go run -tags pq main.go serve --http=0.0.0.0:8090
 ```
diff --git a/models/admin.go b/models/admin.go
index b995bcc8f..12495178b 100644
--- a/models/admin.go
+++ b/models/admin.go
@@ -2,6 +2,8 @@ package models
 
 import (
 	"errors"
+	"os"
+	"strconv"
 
 	"github.com/AlperRehaYAZGAN/postgresbase/tools/security"
 	"github.com/AlperRehaYAZGAN/postgresbase/tools/types"
@@ -47,8 +49,20 @@ func (m *Admin) SetPassword(password string) error {
 		return errors.New("The provided plain password is empty")
 	}
 
+	// !CHANGED: bcrypt salt amount is increased from 10 to 12 (old ersion: 10). Get it from env var
+	// get cost from env
+	cost := 12
+	costArg := os.Getenv("BCRYPT_COST")
+	if costArg != "" {
+		costAi, err := strconv.Atoi(costArg)
+		if err != nil {
+			return errors.New("The provided BCRYPT_COST is not a valid number")
+		}
+		cost = costAi
+	}
+
 	// hash the password
-	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 12)
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), cost)
 	if err != nil {
 		return err
 	}
diff --git a/models/record.go b/models/record.go
index 7012f5fe5..425bb543a 100644
--- a/models/record.go
+++ b/models/record.go
@@ -4,6 +4,7 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
+	"os"
 	"regexp"
 	"strconv"
 	"time"
@@ -930,8 +931,20 @@ func (m *Record) SetPassword(password string) error {
 		return errors.New("The provided plain password is empty")
 	}
 
+	// !CHANGED: bcrypt salt amount is increased from 10 to 12 (old ersion: 10). Get it from env var
+	// get cost from env
+	cost := 12
+	costArg := os.Getenv("BCRYPT_COST")
+	if costArg != "" {
+		costAi, err := strconv.Atoi(costArg)
+		if err != nil {
+			return errors.New("The provided BCRYPT_COST is not a valid number")
+		}
+		cost = costAi
+	}
+
 	// hash the password
-	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), 12)
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), cost)
 	if err != nil {
 		return err
 	}