auth

package
v0.5.6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 12, 2026 License: AGPL-3.0 Imports: 9 Imported by: 0

Documentation

Overview

Package auth holds akari-server's credential primitives: argon2id password hashing, opaque token and id generation, and token hashing. It is pure crypto with no storage or HTTP dependencies.

Index

Constants

This section is empty.

Variables

View Source
var ErrInvalidHash = errors.New("invalid password hash format")

ErrInvalidHash is returned when a stored password hash cannot be parsed.

Functions

func HashPassword

func HashPassword(password string) (string, error)

HashPassword returns a PHC-encoded argon2id hash with a fresh random salt.

func HashToken

func HashToken(token string) string

HashToken returns the hex sha256 of a presented secret. Only hashes are stored, so a database read never exposes a usable token.

func NewPublicID

func NewPublicID() (string, error)

NewPublicID returns an unguessable, URL-safe id for a published session (144 bits of entropy). Unlike a token it is stored in the clear: it is a capability URL, so possession of the link is what grants logged-out read access.

func NewToken

func NewToken() (string, error)

NewToken returns a new opaque secret (URL-safe, 256 bits of entropy) suitable for an API token, invite token, or session cookie id.

func VerifyPassword

func VerifyPassword(password, encoded string) (bool, error)

VerifyPassword reports whether password matches the PHC-encoded hash, using the parameters and salt embedded in the hash. The comparison is constant-time.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL