Documentation
¶
Overview ¶
Package passwords provides bcrypt password hashing, email normalization, and breach-check via the HaveIBeenPwned k-anonymity API. Pure utility code, no DB or HTTP server dependency.
Index ¶
Constants ¶
View Source
const ( // Cost is the bcrypt cost used by Hash. Cost = 12 // FakeHash is a pre-computed bcrypt hash used for constant-time comparison // when a user is not found, to prevent timing-based user enumeration. FakeHash = "$2a$12$000000000000000000000uGLIFPqxVmExfOiAa9ebvJpSsQd/pxuu" )
Variables ¶
View Source
var (
// HIBPEndpoint is overridable for tests.
HIBPEndpoint = "https://api.pwnedpasswords.com/range/"
)
Functions ¶
func CheckStrength ¶
CheckStrength rejects passwords that are too short, too long, or known to be compromised per the HaveIBeenPwned breach database. Returns nil on the HIBP network error path (failing open) — only a confirmed breach hit blocks.
func NormalizeEmail ¶
NormalizeEmail lowercases, trims, and IDN-canonicalizes the domain. Returns the normalized form or an error if the address is malformed.
func VerifyFake ¶
func VerifyFake(pw []byte)
VerifyFake runs a bcrypt compare against FakeHash. Used to preserve constant-time response when a user lookup fails, avoiding user enumeration.
Types ¶
This section is empty.
Source Files
Click to show internal directories.
Click to hide internal directories.