From 054ea372398428bde697353a5954e8fa98814fcc Mon Sep 17 00:00:00 2001
From: Daniel Ponte <amigan@gmail.com>
Date: Mon, 15 Jul 2024 22:44:17 -0400
Subject: [PATCH] timing attack

---
 pkg/gordio/server/auth.go | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/pkg/gordio/server/auth.go b/pkg/gordio/server/auth.go
index adacfc9..fe5be0e 100644
--- a/pkg/gordio/server/auth.go
+++ b/pkg/gordio/server/auth.go
@@ -42,12 +42,13 @@ func (s *Server) Login(ctx context.Context, username, password string) (token st
 	}
 
 	if found == nil {
+		_ = bcrypt.CompareHashAndPassword([]byte("lol@timing"), []byte(password))
 		return "", ErrLoginFailed
-	}
-
-	err = bcrypt.CompareHashAndPassword([]byte(found.Password), []byte(password))
-	if err != nil {
-		return "", ErrLoginFailed
+	} else {
+		err = bcrypt.CompareHashAndPassword([]byte(found.Password), []byte(password))
+		if err != nil {
+			return "", ErrLoginFailed
+		}
 	}
 
 	return s.NewToken(found.ID), nil