-
Notifications
You must be signed in to change notification settings - Fork 0
/
hasher.go
69 lines (56 loc) · 1.56 KB
/
hasher.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
package password_hasher
import (
"errors"
"fmt"
"os"
"strconv"
"strings"
)
type PasswordHasher interface {
HashPassword(password string, salt string, iteration int64) (string, error)
}
var passwordHashers = map[HashAlgorithmType]PasswordHasher{
HashAlgorithmPBK2DF: &PBK2DFSHA256PasswordHasher{},
}
func getPasswordHasher(algorithm HashAlgorithmType) PasswordHasher {
passwordHasher, ok := passwordHashers[algorithm]
if ok {
return passwordHasher
}
return nil
}
func MakeHashedPassword(rawPassword string, algorithm HashAlgorithmType, salt string, iteration int64) (string, error) {
hasher := getPasswordHasher(algorithm)
if hasher == nil {
return "", errors.New("hash algorithm undefined")
}
return hasher.HashPassword(rawPassword, salt, iteration)
}
func MakeHashedPasswordStore(rawPassword string) (string, error) {
salt := os.Getenv("HASH_SALT")
hash, err := MakeHashedPassword(rawPassword, HashAlgorithmPBK2DF, salt, PasswordHashIteration)
if err != nil {
return "", err
}
store := fmt.Sprintf("%s$%d$%s$%s", HashAlgorithmPBK2DF, PasswordHashIteration, salt, hash)
return store, nil
}
func ValidatePassword(password, passwordStore string) (bool, error) {
val := strings.Split(passwordStore, "$")
if len(val) != 4 {
return false, nil
}
iterations, err := strconv.ParseInt(val[1], 10, 64)
if err != nil {
return false, err
}
expectedHash := val[3]
actualHash, err := MakeHashedPassword(password, val[0], val[2], iterations)
if err != nil {
return false, err
}
if actualHash == expectedHash {
return true, nil
}
return false, nil
}