Implementing password Hashing[reviewed]

config.go

@@ -269,7 +269,7 @@ func loadConfig() (*config, error) {
 		}
 		return nil, err
 	}
-	
+
 	// Set the active network.
 	minRequired := 1
 	switch cfg.Network {

vspd.go

@@ -41,8 +41,8 @@ func main() {
 //Implementing password hash to increase security for AdminPass
 //hashPassword hash cfg.AdminPass and returns the hash.
 func hashPassword(password string) (string, error) {
-    bytes, err := bcrypt.GenerateFromPassword([]byte(password), 15)
-    return string(bytes), err
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), 15)
+	return string(bytes), err
 }
 
 // run is the main startup and teardown logic performed by the main package. It
@@ -86,23 +86,25 @@ func run(ctx context.Context) error {
 	hash, err := db.GetAdminHash()
 
 	//Ensure adminpass option is set
-	if cfg.AdminPass == "" &&  err != nil {
+	if cfg.AdminPass == "" && err != nil {
 		return errors.New("the adminpass option is not set")
 	}
 
-	if hash != nil && cfg.AdminPass != "" {
-	//Hash the cfg.AdminPass value
-	cfg.AdminPass, err = hashPassword(cfg.AdminPass)
+	if cfg.AdminPass != "" {
+		//Hash the cfg.AdminPass value
+		cfg.AdminPass, err = hashPassword(cfg.AdminPass)
 
-	if err != nil {
-		return fmt.Errorf("Hashing AdminPass Failed: %w", err)
-	}
+		if err != nil {
+			return fmt.Errorf("Hashing AdminPass Failed: %w", err)
+		}
 
-	//if adminpass is set, overwrite the saved adminpass hash in database.
-	db.UpdateAdminPass(cfg.AdminPass)
-
+		//if adminpass is set, overwrite the saved adminpass hash in database.
+		db.UpdateAdminPass(cfg.AdminPass)
+
+	} else {
+		cfg.AdminPass = string(hash)
 	}
-	
+
 	// Create RPC client for local dcrd instance (used for broadcasting and
 	// checking the status of fee transactions).
 	dcrd := rpc.SetupDcrd(cfg.DcrdUser, cfg.DcrdPass, cfg.DcrdHost, cfg.dcrdCert, nil)

webapi/admin.go

@@ -202,8 +202,8 @@ func ticketSearch(c *gin.Context) {
 func CheckPasswordHash(hash []byte, password string) bool {
     err := bcrypt.CompareHashAndPassword(hash, []byte(password))
     return err == nil
-}
 
+}
 // adminLogin is the handler for "POST /admin". If a valid password is provided,
 // the current session will be authenticated as an admin.
 func adminLogin(c *gin.Context) {
@@ -214,7 +214,7 @@ func adminLogin(c *gin.Context) {
 	}
 
 	ok := CheckPasswordHash(hashedPass, password)
-	
+
 	if !ok {
 		log.Warnf("Failed login attempt from %s", c.ClientIP())
 		c.HTML(http.StatusUnauthorized, "login.html", gin.H{

webapi/webapi.go

@@ -255,7 +255,7 @@ func router(debugMode bool, cookieSecret []byte, dcrd rpc.DcrdConnect, wallets r
 	basic := router.Group("/admin").Use(
 		withDcrdClient(dcrd), withWalletClients(wallets), gin.BasicAuth(gin.Accounts{
 			"admin": cfg.AdminPass,
-		}),
+		}), 
 	)
 	basic.GET("/status", statusJSON)