Documentation
¶
Overview ¶
Package basculehash provides basic hash support for things like passwords or other sensitive data that needs to be stored externally to the application.
Index ¶
- func NewValidator[S any](cmp Comparer, creds Credentials) bascule.Validator[S]
- type Bcrypt
- type Comparer
- type Credentials
- type Digest
- type Hasher
- type HasherComparer
- type Principals
- type Store
- func (s *Store) Delete(_ context.Context, principals ...string)
- func (s *Store) Get(ctx context.Context, principal string) (d Digest, exists bool)
- func (s *Store) MarshalJSON() (data []byte, err error)
- func (s *Store) Set(ctx context.Context, principal string, d Digest)
- func (s *Store) UnmarshalJSON(data []byte) (err error)
- func (s *Store) Update(_ context.Context, more Principals)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func NewValidator ¶
func NewValidator[S any](cmp Comparer, creds Credentials) bascule.Validator[S]
NewValidator returns a bascule.Validator that always uses the same hash Comparer. The source S is unused, but conforms to the Validator interface.
Types ¶
type Bcrypt ¶
type Bcrypt struct {
// Cost is the cost parameter for bcrypt. If unset, the internal
// bcrypt cost is used. If this value is higher than the max,
// Hash will return an error.
//
// See: https://pkg.go.dev/golang.org/x/crypto/bcrypt#pkg-constants
Cost int
}
Bcrypt is a Hasher and Comparer based around the bcrypt hashing algorithm.
type Comparer ¶
type Comparer interface {
// Matches tests if the given plaintext matches the given hash.
// For example, this method can test if a password matches the
// one-way hashed password from a config file or database.
Matches(plaintext []byte, d Digest) error
}
Comparer is a strategy for comparing plaintext values with a hash digest from a Hasher.
type Credentials ¶
type Credentials interface {
// Get returns the Digest associated with the given Principal.
// This method returns false if the principal did not exist.
Get(ctx context.Context, principal string) (d Digest, exists bool)
// Set associates a principal with a Digest. If the principal already
// exists, its digest is replaced.
Set(ctx context.Context, principal string, d Digest)
// Delete removes one or more principals from this set.
Delete(ctx context.Context, principals ...string)
// Update performs a bulk update of these credentials. Any existing
// principals are replaced.
Update(ctx context.Context, p Principals)
}
Credentials is a source of principals and their associated digests. A credentials instance may be in-memory or a remote system.
type Digest ¶
type Digest []byte
Digest is the result of applying a Hasher to plaintext. A digest must be valid UTF-8, preferably using the format described by https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md.
func (Digest) MarshalText ¶
MarshalText simply returns this Digest as a byte slice. This method ensures that the digest is written as is instead of encoded as base64 or some other encoding.
func (*Digest) UnmarshalText ¶
UnmarshalText uses the given text as is.
type Hasher ¶
type Hasher interface {
// Hash returns a digest of the given plaintext. The returned Digest
// must be recognizable to a Comparer in order to be validated.
//
// If this method returns a nil error, it MUST return a valid Digest.
// If this method returns an error, the Digest is not guaranteed to have
// any particular value and should be discarded.
//
// The format of the digest must be ASCII. The recommended format is
// the PHC format documented at:
//
// https://github.com/P-H-C/phc-string-format/blob/master/phc-sf-spec.md
Hash(plaintext []byte) (Digest, error)
}
Hasher is a strategy for one-way hashing.
Comparer is the interface for comparing hash digests with plaintext. A given Comparer will correspond to the format written by a Hasher.
type HasherComparer ¶
HasherComparer provides both hashing and corresponding comparison. This is the typical interface that a hashing algorithm will implement.
func Default ¶
func Default() HasherComparer
Default returns the default algorithm to use for comparing hashed passwords.
type Principals ¶
Principals is a Credentials implementation that is a simple map of principals to digests. This type is not safe for concurrent usage.
This type is appropriate if the set of credentials is either immutable or protected from concurrent updates by some other means.
func (Principals) Delete ¶
func (p Principals) Delete(_ context.Context, principals ...string)
Delete removes the given principal(s) from this set.
func (Principals) Get ¶
Get returns the Digest associated with the principal. This method returns false if the principal did not exist.
func (Principals) Set ¶
func (p Principals) Set(_ context.Context, principal string, d Digest)
Set adds or replaces the given principal and its associated digest.
func (Principals) Update ¶
func (p Principals) Update(_ context.Context, more Principals)
Update performs a bulk update of credentials. Each digest is copied before storing in this instance.
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store is an in-memory, threadsafe Credentials implementation. A Store instance is safe for concurrent reads and writes. Instances of this type must not be copied after creation.
The zero value of this type is valid and ready to use.
func (*Store) MarshalJSON ¶
MarshalJSON writes the current state of this Store to JSON.
func (*Store) UnmarshalJSON ¶
UnmarshalJSON unmarshals data and replaces the current set of principals. If unmarshalling returned an error, this Store's state remains unchanged.
Source Files