chore: remove legacy support for md5 hashed passwords

chore: remove password from encoded cookie content as not used anyway

utils/auth.go

@@ -1,9 +1,7 @@
 package utils
 
 import (
-	"crypto/md5"
 	"encoding/base64"
-	"encoding/hex"
 	"errors"
 	"github.com/muety/wakapi/config"
 	"github.com/muety/wakapi/models"
@@ -46,21 +44,17 @@ func ExtractBearerAuth(r *http.Request) (key string, err error) {
 	return string(keyBytes), err
 }
 
-func ExtractCookieAuth(r *http.Request, config *config.Config) (login *models.Login, err error) {
+func ExtractCookieAuth(r *http.Request, config *config.Config) (username *string, err error) {
 	cookie, err := r.Cookie(models.AuthCookieKey)
 	if err != nil {
 		return nil, errors.New("missing authentication")
 	}
 
-	if err := config.Security.SecureCookie.Decode(models.AuthCookieKey, cookie.Value, &login); err != nil {
-		return nil, errors.New("invalid parameters")
+	if err := config.Security.SecureCookie.Decode(models.AuthCookieKey, cookie.Value, &username); err != nil {
+		return nil, errors.New("cookie is invalid")
 	}
 
-	return login, nil
-}
-
-func IsMd5(hash string) bool {
-	return md5Regex.Match([]byte(hash))
+	return username, nil
 }
 
 func CompareBcrypt(wanted, actual, pepper string) bool {
@@ -69,11 +63,6 @@ func CompareBcrypt(wanted, actual, pepper string) bool {
 	return err == nil
 }
 
-// deprecated, only here for backwards compatibility
-func CompareMd5(wanted, actual, pepper string) bool {
-	return HashMd5(actual, pepper) == wanted
-}
-
 func HashBcrypt(plain, pepper string) (string, error) {
 	plainPepperedPassword := []byte(strings.TrimSpace(plain) + pepper)
 	bytes, err := bcrypt.GenerateFromPassword(plainPepperedPassword, bcrypt.DefaultCost)
@@ -82,10 +71,3 @@ func HashBcrypt(plain, pepper string) (string, error) {
 	}
 	return "", err
 }
-
-func HashMd5(plain, pepper string) string {
-	plainPepperedPassword := []byte(strings.TrimSpace(plain) + pepper)
-	hash := md5.Sum(plainPepperedPassword)
-	hashStr := hex.EncodeToString(hash[:])
-	return hashStr
-}