Documentation
¶
Overview ¶
Package auth handles password hashing, session generation, and bearer token generation.
Index ¶
- Constants
- func CheckPassword(hash, password string) bool
- func CheckPasswordStrength(password, policy string) (ok bool, feedback string)
- func HashPassword(password string) (string, error)
- func HashToken(token string) string
- func NewSessionID() (string, error)
- func NewToken() (plaintext, hash string, err error)
- func PasswordStrengthScore(password string) int
- func StripTokenPrefix(token string) string
Constants ¶
const TokenPrefix = "trov_"
TokenPrefix is prepended to all generated tokens for identification by secret scanners.
Variables ¶
This section is empty.
Functions ¶
func CheckPassword ¶
CheckPassword verifies a plaintext password against a bcrypt hash.
func CheckPasswordStrength ¶
CheckPasswordStrength validates a password against the given policy level. Returns ok=true if the password passes, or ok=false with a human-readable feedback message. Policy levels: "off" (always passes), "basic" (min 8 chars), "strict" (zxcvbn score >= 3).
func HashPassword ¶
HashPassword hashes a plaintext password with bcrypt.
func HashToken ¶
HashToken returns the SHA256 hex hash of a bearer token. Accepts tokens with or without the trov_ prefix.
func NewSessionID ¶
NewSessionID generates a cryptographically random session ID.
func NewToken ¶
NewToken generates a random bearer token and returns both the plaintext token (to be returned to the user once) and the SHA256 hash (stored in the database).
func PasswordStrengthScore ¶
PasswordStrengthScore returns a 0-4 score for UI strength meters.
func StripTokenPrefix ¶
StripTokenPrefix removes the trov_ prefix if present (for backward compat with old tokens).
Types ¶
This section is empty.
Source Files