Documentation
¶
Overview ¶
Package password provides password hashing and verification utilities.
It defines a Hasher interface with multiple implementations:
- BcryptHasher: industry-standard bcrypt hashing
- Argon2Hasher: modern argon2id hashing (recommended for new projects)
Usage:
hasher := password.NewBcryptHasher()
hash, err := hasher.Hash("my-password")
err = hasher.Verify("my-password", hash)
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func GenerateToken ¶
GenerateToken creates a cryptographically secure random token of the specified byte length, returned as a hex-encoded string. Common usage: session tokens, API keys, email verification tokens.
func HashSHA256 ¶
HashSHA256 returns the SHA-256 hex digest of the input string. Useful for hashing tokens before storing them in a database (store the hash, compare hashes — never store raw tokens).
Types ¶
type Argon2Hasher ¶
type Argon2Hasher struct {
// contains filtered or unexported fields
}
Argon2Hasher implements Hasher using argon2id.
func NewArgon2Hasher ¶
func NewArgon2Hasher(opts ...Argon2Option) *Argon2Hasher
NewArgon2Hasher creates an argon2id-based password hasher. Defaults follow OWASP recommendations: time=1, memory=64MB, threads=4.
func (*Argon2Hasher) Verify ¶
func (h *Argon2Hasher) Verify(password, encodedHash string) error
type Argon2Option ¶
type Argon2Option func(*Argon2Hasher)
Argon2Option configures the argon2id hasher.
func WithArgon2Memory ¶
func WithArgon2Memory(m uint32) Argon2Option
WithArgon2Memory sets the memory usage in KiB (default: 64*1024 = 64MB).
func WithArgon2Threads ¶
func WithArgon2Threads(t uint8) Argon2Option
WithArgon2Threads sets the parallelism (default: 4).
func WithArgon2Time ¶
func WithArgon2Time(t uint32) Argon2Option
WithArgon2Time sets the number of iterations (default: 1).
type BcryptHasher ¶
type BcryptHasher struct {
// contains filtered or unexported fields
}
BcryptHasher implements Hasher using bcrypt.
func NewBcryptHasher ¶
func NewBcryptHasher(opts ...BcryptOption) *BcryptHasher
NewBcryptHasher creates a bcrypt-based password hasher.
func (*BcryptHasher) Verify ¶
func (h *BcryptHasher) Verify(password, hash string) error
type BcryptOption ¶
type BcryptOption func(*BcryptHasher)
BcryptOption configures the bcrypt hasher.
func WithCost ¶
func WithCost(cost int) BcryptOption
WithCost sets the bcrypt cost parameter (default: 12, range: 4-31).
type Config ¶
type Config struct {
// Algorithm selects the hashing algorithm (default: "bcrypt").
Algorithm Algorithm `mapstructure:"algorithm"`
// BcryptCost is the bcrypt cost parameter (default: 12, range: 4-31).
// Only used when Algorithm is "bcrypt".
BcryptCost int `mapstructure:"bcrypt_cost"`
// Argon2Time is the number of iterations for argon2id (default: 1).
Argon2Time uint32 `mapstructure:"argon2_time"`
// Argon2Memory is the memory usage in KiB for argon2id (default: 65536 = 64MB).
Argon2Memory uint32 `mapstructure:"argon2_memory"`
// Argon2Threads is the parallelism for argon2id (default: 4).
Argon2Threads uint8 `mapstructure:"argon2_threads"`
// MinLength is the minimum password length (default: 8).
MinLength int `mapstructure:"min_length"`
}
Config configures password hashing behavior. Loadable from YAML/env via mapstructure tags.
func (*Config) ApplyDefaults ¶
func (c *Config) ApplyDefaults()
ApplyDefaults sets sensible defaults for zero-valued fields.
type Hasher ¶
type Hasher interface {
// Hash returns a hashed representation of the password.
Hash(password string) (string, error)
// Verify checks if a password matches the given hash.
// Returns nil if they match, an error otherwise.
Verify(password, hash string) error
}
Hasher defines the interface for password hashing and verification. Projects choose which implementation to use based on their requirements.
Source Files