42 lines
1.1 KiB
Go
42 lines
1.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"encoding/base64"
|
|
"math/rand"
|
|
|
|
"epigas.gitea.cloud/RiskRancher/core/pkg/domain"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// Handler encapsulates all Identity and Access HTTP logic
|
|
type Handler struct {
|
|
Store domain.Store
|
|
}
|
|
|
|
// NewHandler creates a new Auth Handler
|
|
func NewHandler(store domain.Store) *Handler {
|
|
return &Handler{Store: store}
|
|
}
|
|
|
|
// HashPassword takes a plaintext password, automatically generates a secure salt
|
|
func HashPassword(password string) (string, error) {
|
|
bytes, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
|
|
return string(bytes), err
|
|
}
|
|
|
|
// CheckPasswordHash securely compares a plaintext password with a stored bcrypt hash.
|
|
func CheckPasswordHash(password, hash string) bool {
|
|
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
|
|
return err == nil
|
|
}
|
|
|
|
// GenerateSessionToken creates a cryptographically secure random string
|
|
func GenerateSessionToken() (string, error) {
|
|
b := make([]byte, 32)
|
|
_, err := rand.Read(b)
|
|
if err != nil {
|
|
return "", err
|
|
}
|
|
return base64.URLEncoding.EncodeToString(b), nil
|
|
}
|