The highest tagged major version is
Documentation
¶
Index ¶
- func GenerateCSRFToken() (string, error)
- func GenerateSessionToken() (string, error)
- func GenerateToken(length int) (string, error)
- func GenerateVerificationToken() (string, error)
- func HashPassword(password string) (string, error)
- func HashVerificationToken(token string) string
- func VerifyPassword(password, hash string) (bool, error)
- func VerifyVerificationToken(plainToken, hashedToken string) bool
- type Argon2PasswordHasher
- type CipherManager
- func (cm *CipherManager) Decrypt(encryptedData string) (string, error)
- func (cm *CipherManager) DecryptBytes(encryptedData []byte) ([]byte, error)
- func (cm *CipherManager) Encrypt(plaintext string) (string, error)
- func (cm *CipherManager) EncryptBytes(plaintext []byte) ([]byte, error)
- func (cm *CipherManager) GetEncrypter() *Encrypter
- func (cm *CipherManager) GetSigner() *Signer
- func (cm *CipherManager) Hash(data string) string
- type Encrypter
- type OAuthTokenData
- type OAuthTokenEncrypter
- func (ote *OAuthTokenEncrypter) DecryptAccessToken(encryptedToken string) (string, error)
- func (ote *OAuthTokenEncrypter) DecryptIDToken(encryptedToken string) (string, error)
- func (ote *OAuthTokenEncrypter) DecryptRefreshToken(encryptedToken string) (string, error)
- func (ote *OAuthTokenEncrypter) DecryptTokens(encryptedData string) (*OAuthTokenData, error)
- func (ote *OAuthTokenEncrypter) EncryptAccessToken(token string) (string, error)
- func (ote *OAuthTokenEncrypter) EncryptIDToken(token string) (string, error)
- func (ote *OAuthTokenEncrypter) EncryptRefreshToken(token string) (string, error)
- func (ote *OAuthTokenEncrypter) EncryptTokens(data *OAuthTokenData) (string, error)
- type SecretGenerator
- type Signer
- func (s *Signer) Sign(data string) (string, error)
- func (s *Signer) SignAndFormat(data string) (string, error)
- func (s *Signer) SignBytes(data []byte) ([]byte, error)
- func (s *Signer) Verify(data string, signatureB64 string) (bool, error)
- func (s *Signer) VerifyAndExtract(token string) (string, error)
- func (s *Signer) VerifyBytes(data []byte, signature []byte) (bool, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateCSRFToken ¶
GenerateCSRFToken generates a CSRF token (32 bytes)
func GenerateSessionToken ¶
GenerateSessionToken generates a session token (32 bytes)
func GenerateToken ¶
GenerateToken generates a secure random token of the specified length This is useful for verification tokens, reset tokens, etc.
func GenerateVerificationToken ¶
GenerateVerificationToken generates a verification token (24 bytes)
func HashPassword ¶
HashPassword is a convenience function to hash a password using the default hasher
func HashVerificationToken ¶
HashVerificationToken hashes a verification token using SHA256 This is used to securely store the token in the database
func VerifyPassword ¶
VerifyPassword is a convenience function to verify a password using the default hasher
func VerifyVerificationToken ¶
VerifyVerificationToken verifies a plain token against its hash Returns true if the token matches the hash, false otherwise
Types ¶
type Argon2PasswordHasher ¶
type Argon2PasswordHasher struct {
// contains filtered or unexported fields
}
Argon2PasswordHasher provides utilities for hashing and verifying passwords using Argon2
func NewArgon2PasswordHasher ¶
func NewArgon2PasswordHasher() *Argon2PasswordHasher
NewArgon2PasswordHasher creates a new password hasher with secure defaults Time: 1 iteration (recommended minimum is 1-4) Memory: 64 MB Threads: 4 (number of parallel threads) KeyLen: 32 bytes
func NewArgon2PasswordHasherCustom ¶
func NewArgon2PasswordHasherCustom(time, memory uint32, threads uint8, keyLen uint32) *Argon2PasswordHasher
NewArgon2PasswordHasherCustom creates a password hasher with custom parameters
type CipherManager ¶
type CipherManager struct {
// contains filtered or unexported fields
}
CipherManager is a high-level interface that combines encryption and signing It derives separate keys for encryption and signing from a base secret using HKDF
func NewCipherManager ¶
func NewCipherManager(secret string) (*CipherManager, error)
NewCipherManager creates a new cipher manager from a base secret string It derives encryption and signing keys from the secret using SHA256-based key derivation
func (*CipherManager) Decrypt ¶
func (cm *CipherManager) Decrypt(encryptedData string) (string, error)
Decrypt verifies the signature and decrypts the data Input should be in the format created by Encrypt: ciphertext.signature
func (*CipherManager) DecryptBytes ¶
func (cm *CipherManager) DecryptBytes(encryptedData []byte) ([]byte, error)
DecryptBytes verifies the signature and decrypts the data
func (*CipherManager) Encrypt ¶
func (cm *CipherManager) Encrypt(plaintext string) (string, error)
Encrypt encrypts plaintext and signs the ciphertext for integrity Returns encrypted data and a signature in the format: base64(ciphertext).base64(signature)
func (*CipherManager) EncryptBytes ¶
func (cm *CipherManager) EncryptBytes(plaintext []byte) ([]byte, error)
EncryptBytes encrypts raw bytes and signs the ciphertext Returns encrypted data as bytes
func (*CipherManager) GetEncrypter ¶
func (cm *CipherManager) GetEncrypter() *Encrypter
GetEncrypter returns the encrypter for low-level encryption operations
func (*CipherManager) GetSigner ¶
func (cm *CipherManager) GetSigner() *Signer
GetSigner returns the signer for low-level signing operations
func (*CipherManager) Hash ¶
func (cm *CipherManager) Hash(data string) string
Hash generates a SHA256 hash of the data and returns it as base64 Useful for one-way hashing like passwords, tokens, etc.
type Encrypter ¶
type Encrypter struct {
// contains filtered or unexported fields
}
Encrypter provides AES-256-GCM encryption utilities
func NewEncrypter ¶
NewEncrypter creates a new encrypter with a 32-byte (256-bit) key
func (*Encrypter) Decrypt ¶
Decrypt decrypts base64-encoded ciphertext using AES-256-GCM The input should be in the format created by Encrypt
func (*Encrypter) DecryptBytes ¶
DecryptBytes decrypts raw bytes using AES-256-GCM
type OAuthTokenData ¶
type OAuthTokenData struct {
AccessToken *string `json:"access_token,omitempty"`
RefreshToken *string `json:"refresh_token,omitempty"`
IDToken *string `json:"id_token,omitempty"`
AccessTokenExpiresAt *int64 `json:"access_token_expires_at,omitempty"`
RefreshTokenExpiresAt *int64 `json:"refresh_token_expires_at,omitempty"`
Scope *string `json:"scope,omitempty"`
}
OAuthTokenData represents encrypted OAuth token data
type OAuthTokenEncrypter ¶
type OAuthTokenEncrypter struct {
// contains filtered or unexported fields
}
OAuthTokenEncrypter provides encryption/decryption for OAuth tokens
func NewOAuthTokenEncrypter ¶
func NewOAuthTokenEncrypter(secretStr string) (*OAuthTokenEncrypter, error)
NewOAuthTokenEncrypter creates a new OAuth token encrypter
func (*OAuthTokenEncrypter) DecryptAccessToken ¶
func (ote *OAuthTokenEncrypter) DecryptAccessToken(encryptedToken string) (string, error)
DecryptAccessToken decrypts an access token
func (*OAuthTokenEncrypter) DecryptIDToken ¶
func (ote *OAuthTokenEncrypter) DecryptIDToken(encryptedToken string) (string, error)
DecryptIDToken decrypts an ID token
func (*OAuthTokenEncrypter) DecryptRefreshToken ¶
func (ote *OAuthTokenEncrypter) DecryptRefreshToken(encryptedToken string) (string, error)
DecryptRefreshToken decrypts a refresh token
func (*OAuthTokenEncrypter) DecryptTokens ¶
func (ote *OAuthTokenEncrypter) DecryptTokens(encryptedData string) (*OAuthTokenData, error)
DecryptTokens decrypts an encrypted token string and returns the token data
func (*OAuthTokenEncrypter) EncryptAccessToken ¶
func (ote *OAuthTokenEncrypter) EncryptAccessToken(token string) (string, error)
EncryptAccessToken encrypts just the access token
func (*OAuthTokenEncrypter) EncryptIDToken ¶
func (ote *OAuthTokenEncrypter) EncryptIDToken(token string) (string, error)
EncryptIDToken encrypts just the ID token
func (*OAuthTokenEncrypter) EncryptRefreshToken ¶
func (ote *OAuthTokenEncrypter) EncryptRefreshToken(token string) (string, error)
EncryptRefreshToken encrypts just the refresh token
func (*OAuthTokenEncrypter) EncryptTokens ¶
func (ote *OAuthTokenEncrypter) EncryptTokens(data *OAuthTokenData) (string, error)
EncryptTokens encrypts OAuth token data and returns a single encrypted string
type SecretGenerator ¶
type SecretGenerator struct {
// contains filtered or unexported fields
}
SecretGenerator provides utilities for generating and validating secrets
func NewSecretGenerator ¶
func NewSecretGenerator() *SecretGenerator
NewSecretGenerator creates a new secret generator with default minimum length of 32
func (*SecretGenerator) GenerateSecret ¶
func (sg *SecretGenerator) GenerateSecret(length int) (string, error)
GenerateSecret generates a cryptographically secure random secret of the specified length Length is in bytes, and it will be base64 encoded (resulting in ~1.33x longer string)
func (*SecretGenerator) GenerateSecretDefault ¶
func (sg *SecretGenerator) GenerateSecretDefault() (string, error)
GenerateSecretDefault generates a secret with the default length (32 bytes)
func (*SecretGenerator) ValidateSecret ¶
func (sg *SecretGenerator) ValidateSecret(secret string) error
ValidateSecret validates that a secret meets minimum requirements
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer provides HMAC-SHA256 signing utilities for data integrity verification
func NewSigner ¶
NewSigner creates a new signer with the provided key For HMAC, any key size is acceptable, but at least 32 bytes is recommended
func (*Signer) Sign ¶
Sign creates an HMAC-SHA256 signature for the given data and returns it as base64
func (*Signer) SignAndFormat ¶
SignAndEncrypt signs the data and returns "data.signature" format This is useful for tokens where you want to send both data and signature
func (*Signer) Verify ¶
Verify verifies that the given signature matches the data Returns true if the signature is valid, false otherwise
func (*Signer) VerifyAndExtract ¶
VerifyAndExtract extracts the data from a "data.signature" format and verifies it
Source Files