Migrate from scrypt to sha256. (#8969)

This reduces the server time to compute the hash from 40ms to 5µs, which should remove this as a noticable chunk of CPU time in production. (An attacker who has access to our database will now need only 10^54 years of CPU time instead of 10^58 to brute force a token). Release Notes: - Improved sign in latency by 40ms.
2024-03-06 20:51:43 -07:00 · 2024-03-06 20:51:43 -07:00 · 75a42c27db
commit 75a42c27db
parent 4d2156e2ad
6 changed files with 197 additions and 27 deletions
--- a/crates/collab/src/db/queries/access_tokens.rs
+++ b/crates/collab/src/db/queries/access_tokens.rs
@ -55,4 +55,22 @@ impl Database {
        })
        .await
    }
+
+    /// Retrieves the access token with the given ID.
+    pub async fn update_access_token_hash(
+        &self,
+        id: AccessTokenId,
+        new_hash: &str,
+    ) -> Result<access_token::Model> {
+        self.transaction(|tx| async move {
+            Ok(access_token::Entity::update(access_token::ActiveModel {
+                id: ActiveValue::unchanged(id),
+                hash: ActiveValue::set(new_hash.into()),
+                ..Default::default()
+            })
+            .exec(&*tx)
+            .await?)
+        })
+        .await
+    }
 }