/* Required for the gen_random_bytes function */
CREATE EXTENSION pgcrypto;

CREATE FUNCTION password_hash(salt_hex char(32), pass bytea)
RETURNS char(96)
LANGUAGE plpgsql
AS
$$
BEGIN
	RETURN (
		SELECT
			salt_hex ||
			encode(
				sha256(
					decode(salt_hex, 'hex') || /* salt in binary */
					pass                       /* password */
				),
				'hex'
			)
	);
END;
$$;

/* Password has to be able to accommodate 96 characters instead of previous 64.
 * It can't be char(96), because then the password would be padded to 96 characters. */
ALTER TABLE public."user" ALTER COLUMN "password" TYPE varchar(96) USING "password"::varchar;

/* Update all users with salted and hashed passwords */
UPDATE public.user
SET password = password_hash( encode(gen_random_bytes(16),'hex'), password::bytea);

/* After the password hashing, all passwords are now hex encoded 32 characters salt and 64 characters hash,
 * and the varchar type is not longer necessary. */
ALTER TABLE public."user" ALTER COLUMN "password" TYPE char(96) USING "password"::varchar;