password

package

v0.1.0 Latest Latest Go to latest Published: Feb 12, 2026 License: Apache-2.0 Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/openctemio/api

Links

Open Source Insights

Documentation ¶

Overview ¶

Package password provides secure password hashing and validation.

Index ¶

Constants
Variables
func GenerateResetToken() (string, error)
func GenerateSecureToken(length int) (string, error)
func GenerateVerificationToken() (string, error)
func ValidateWithPolicy(password string, policy Policy) error
type Hasher
- func New(opts ...Option) *Hasher
type Option
- func WithCost(cost int) Option
- func WithPolicy(policy Policy) Option
type Policy
- func DefaultPolicy() Policy

Constants ¶

View Source

const DefaultCost = 12

DefaultCost is the default bcrypt cost factor. This provides a good balance between security and performance.

Variables ¶

View Source

var (
	ErrPasswordTooShort    = errors.New("password is too short")
	ErrPasswordNoUppercase = errors.New("password must contain at least one uppercase letter")
	ErrPasswordNoLowercase = errors.New("password must contain at least one lowercase letter")
	ErrPasswordNoNumber    = errors.New("password must contain at least one number")
	ErrPasswordNoSpecial   = errors.New("password must contain at least one special character")
	ErrPasswordMismatch    = errors.New("password does not match")
	ErrInvalidHash         = errors.New("invalid password hash")
)

Errors for password operations.

Functions ¶

func GenerateResetToken ¶

func GenerateResetToken() (string, error)

GenerateResetToken generates a password reset token. Returns a 32-byte (256-bit) secure random token.

func GenerateSecureToken ¶

func GenerateSecureToken(length int) (string, error)

GenerateSecureToken generates a cryptographically secure random token. The token is URL-safe base64 encoded.

func GenerateVerificationToken ¶

func GenerateVerificationToken() (string, error)

GenerateVerificationToken generates an email verification token. Returns a 32-byte (256-bit) secure random token.

func ValidateWithPolicy ¶

func ValidateWithPolicy(password string, policy Policy) error

ValidateWithPolicy validates a password against a specific policy.

Types ¶

type Hasher ¶

type Hasher struct {
	// contains filtered or unexported fields
}

Hasher provides password hashing and verification operations.

func New ¶

func New(opts ...Option) *Hasher

New creates a new password hasher with the given options.

func (*Hasher) Hash ¶

func (h *Hasher) Hash(password string) (string, error)

Hash hashes a password using bcrypt.

func (*Hasher) NeedsRehash ¶

func (h *Hasher) NeedsRehash(hash string) bool

NeedsRehash checks if a hash needs to be updated due to cost changes.

func (*Hasher) Validate ¶

func (h *Hasher) Validate(password string) error

Validate checks if a password meets the policy requirements.

func (*Hasher) Verify ¶

func (h *Hasher) Verify(password, hash string) error

Verify checks if a password matches a hash.

type Option ¶

type Option func(*Hasher)

Option configures the Hasher.

func WithCost ¶

func WithCost(cost int) Option

WithCost sets the bcrypt cost factor.

func WithPolicy ¶

func WithPolicy(policy Policy) Option

WithPolicy sets the password policy.

type Policy ¶

type Policy struct {
	MinLength      int
	RequireUpper   bool
	RequireLower   bool
	RequireNumber  bool
	RequireSpecial bool
}

Policy defines password requirements.

func DefaultPolicy ¶

func DefaultPolicy() Policy

DefaultPolicy returns a sensible default password policy.

Source Files ¶

View all Source files

hasher.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL