First release of open core

pkg/auth/auth.go

@@ -0,0 +1,41 @@
+package auth
+
+import (
+	"encoding/base64"
+	"math/rand"
+
+	"epigas.gitea.cloud/RiskRancher/core/pkg/domain"
+	"golang.org/x/crypto/bcrypt"
+)
+
+// Handler encapsulates all Identity and Access HTTP logic
+type Handler struct {
+	Store domain.Store
+}
+
+// NewHandler creates a new Auth Handler
+func NewHandler(store domain.Store) *Handler {
+	return &Handler{Store: store}
+}
+
+// HashPassword takes a plaintext password, automatically generates a secure salt
+func HashPassword(password string) (string, error) {
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(bytes), err
+}
+
+// CheckPasswordHash securely compares a plaintext password with a stored bcrypt hash.
+func CheckPasswordHash(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}
+
+// GenerateSessionToken creates a cryptographically secure random string
+func GenerateSessionToken() (string, error) {
+	b := make([]byte, 32)
+	_, err := rand.Read(b)
+	if err != nil {
+		return "", err
+	}
+	return base64.URLEncoding.EncodeToString(b), nil
+}