shieldpassword

package
v0.0.0-...-1d36bab Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Oct 11, 2025 License: MIT Imports: 25 Imported by: 0

Documentation

Overview

Package password implements a user registration and login flows with password.

Index

Constants

View Source 
const (
	BcryptDefaultCost = bcrypt.DefaultCost
)

Variables

View Source 
var (
	ErrUserExists = errors.New(
		"shieldpassword: user already exists",
	)
	ErrPasswordIncorrect = errors.New("shieldpassword: password incorrect")
)
View Source 
var (
	ErrPasswordToShort      = errors.New("shieldpassword: password is too short")
	ErrMissingRequiredChars = errors.New(
		"shieldpassword: password is missing required characters",
	)
)
View Source 
var DefaultPasswordHasher = NewBcryptPasswordHasher(BcryptDefaultCost)

DefaultPasswordHasher is the default password hashing algorithm used across.

View Source 
var ErrPwnedPassword = errors.New("shieldpassword: password has been pwned")

ErrPwnedPassword is returned when a password has been pwned.

Functions

func WithHooker 

func WithHooker[U any](hooker Hooker[U]) func(*Config[U])

func WithMinLength 

func WithMinLength(minLength int) func(*PasswordStrengthCheckerConfig)

func WithPasswordHasher 

func WithPasswordHasher[U any](hasher PasswordHasher) func(*Config[U])

WithPasswordHasher configures the password hasher.

When setting a password hasher make sure to set it across all modules, i.e., user registration, password reset and password verification.

func WithRequiredChars 

func WithRequiredChars(requiredChars PasswordRequiredChars) func(*PasswordStrengthCheckerConfig)

Types

type Config 

type Config[U any] struct {
	Logger          *slog.Logger
	PasswordHasher  PasswordHasher
	PasswordChecker PasswordChecker
	Hooker          Hooker[U]
}

Config is the configuration for the password handler.

func NewConfig 

func NewConfig[U any](opts ...func(*Config[U])) *Config[U]

NewConfig creates a new config.

If no password hasher is configured, the DefaultPasswordHasher will be used.

type Handler 

type Handler[U, S any] struct {
	// contains filtered or unexported fields
}

func NewHandler 

func NewHandler[U, S any](
	pool *pgxpool.Pool,
	authenticator shieldsession.Authenticator[U, S],
	sender shieldsender.Sender,
	config *Config[U],
) *Handler[U, S]

It provides functionality to.

func (*Handler[_, S]) HandleChangeUserPassword 

func (h *Handler[_, S]) HandleChangeUserPassword(
	ctx context.Context,
	oldPassword, newPassword string,
) error

HandleChangeUserPassword changes a user password to a provided newPassword, if the current set password matching oldPassword.

The user ID is expected to be provide via a session assigned to a passed ctx context.

If no password was previously set for a user a new credential will be created.

func (*Handler[U, _]) HandleUserLogin 

func (h *Handler[U, _]) HandleUserLogin(
	ctx context.Context,
	email, password string,
) (shield.User[U], error)

func (*Handler[U, _]) HandleUserRegistration 

func (h *Handler[U, _]) HandleUserRegistration(
	ctx context.Context,
	email, password string,
) (shield.User[U], error)

type Hooker 

type Hooker[U any] interface {
	// OnUserRegistration is called when registering a new user.
	// Use this method to create an additional context for the user.
	OnUserRegistration(context.Context, typeid.TypeID, pgx.Tx) (U, error)

	// OnUserLogin is called when a user is trying to login.
	// Use this method to fetch additional data from the database for the user.
	//
	// Note that the user password is not verified at this moment yet.
	OnUserLogin(context.Context, typeid.TypeID, pgx.Tx) (U, error)
}

Hooker allows to hook into the user registration and logging in sessions and perform additional operations.

type PasswordChecker 

type PasswordChecker interface {
	// Checker checks if the password passes the verification checks.
	Check(context.Context, string) error
}

PasswordChecker checks if the password passes the verification checks.

See PwndPasswordVerifier, PasswordStrengthVerifier for concrete implementations.

func JoinPasswordChecker 

func JoinPasswordChecker(checkers ...PasswordChecker) PasswordChecker

func NewPasswordStrengthChecker 

func NewPasswordStrengthChecker(opts ...func(*PasswordStrengthCheckerConfig)) PasswordChecker

NewPasswordStrengthChecker creates a new password strength verifier.

func NewPwndPasswordChecker 

func NewPwndPasswordChecker(opts ...func(*PwndPasswordCheckerConfig)) PasswordChecker

type PasswordHasher 

type PasswordHasher interface {
	Hash(password string) (string, error)
	Verify(hashedPassword string, password string) (bool, error)
}

PasswordHasher is a hashing algorithm to hash password securely.

func NewBcryptPasswordHasher 

func NewBcryptPasswordHasher(cost int) PasswordHasher

NewBcryptPasswordHasher creates a password hasher using the bcrypt algorithm.

Please note that bcrypt has a maximum input length of 72 bytes. For passwords requiring more than 72 bytes of data, consider using an alternative algorithm such as Argon2.

type PasswordRequiredChars 

type PasswordRequiredChars []string

PasswordRequiredChars represents a list of characters that are mandatory to be presented in the password. 

var DefaultPasswordRequiredChars PasswordRequiredChars //nolint:gochecknoglobals

func (*PasswordRequiredChars) Parse 

func (s *PasswordRequiredChars) Parse(source string) error

type PasswordStrengthCheckerConfig 

type PasswordStrengthCheckerConfig struct {
	RequiredChars PasswordRequiredChars
	MinLength     int
}

type PwndPasswordCheckerConfig 

type PwndPasswordCheckerConfig struct {
	Client *http.Client
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.