mirror of
https://github.com/rcourtman/Pulse.git
synced 2026-02-18 00:17:39 +01:00
43 lines
1.1 KiB
Go
43 lines
1.1 KiB
Go
package auth
|
|
|
|
import (
|
|
"crypto/rand"
|
|
"crypto/subtle"
|
|
"encoding/hex"
|
|
|
|
"golang.org/x/crypto/sha3"
|
|
)
|
|
|
|
// GenerateAPIToken generates a secure random API token
|
|
func GenerateAPIToken() (string, error) {
|
|
bytes := make([]byte, 32)
|
|
if _, err := rand.Read(bytes); err != nil {
|
|
return "", err
|
|
}
|
|
return hex.EncodeToString(bytes), nil
|
|
}
|
|
|
|
// HashAPIToken creates a one-way hash of an API token for storage
|
|
// We use SHA3-256 for API tokens since we need to compare exact values
|
|
func HashAPIToken(token string) string {
|
|
hash := sha3.Sum256([]byte(token))
|
|
return hex.EncodeToString(hash[:])
|
|
}
|
|
|
|
// CompareAPIToken compares a provided token with a stored hash
|
|
func CompareAPIToken(token, hash string) bool {
|
|
tokenHash := HashAPIToken(token)
|
|
return subtle.ConstantTimeCompare([]byte(tokenHash), []byte(hash)) == 1
|
|
}
|
|
|
|
// IsAPITokenHashed checks if a string looks like a hashed API token
|
|
func IsAPITokenHashed(token string) bool {
|
|
// SHA3-256 produces 64 character hex strings
|
|
if len(token) != 64 {
|
|
return false
|
|
}
|
|
// Check if it's valid hex
|
|
_, err := hex.DecodeString(token)
|
|
return err == nil
|
|
}
|