Documentation
¶
Index ¶
- Variables
- func DecodeBase64(data []byte, length uint32) ([]byte, error)
- func EncodeBase64(data []byte) string
- func GenerateUUID(basis string) string
- func NewArgon2Hash(secret []byte, opts *options.CredentialOptions) ([]byte, []byte, error)
- func RandBytes(length uint32) ([]byte, error)
- func RandString(length uint32) (string, error)
- func ValidateArgon2Hash(secret []byte, salt []byte, target []byte, opts *options.CredentialOptions) bool
Constants ¶
This section is empty.
Variables ¶
var ErrFailedToBaseDecode = credstackError.NewError(500, "FAILED_TO_BASE_DECODE", "user: failed to decode base64 data during user credential validation")
ErrFailedToBaseDecode - Provides a named error for when base64 decoding data fails during a user credential validation
Functions ¶
func DecodeBase64 ¶
DecodeBase64 - Decodes base64 data passed in the data parameter. A length is provided here to enforce specific size requirements in the event that they are required.
Any errors propagated here are returned in the form of the named error: ErrFailedToBaseDecode. This error is wrapped, so if you need to access the underlying error you can use errors.Unwrap
func EncodeBase64 ¶
EncodeBase64 - Encodes any data passed into the data parameter to a URL-Safe Base64 Encoded byte array
func GenerateUUID ¶
GenerateUUID - Generates a basic version 5 UUID to use in the header.Identifier field. The basis that is passed in the parameter here is hashed along with the UUID namespace URL and a new UUID is generated from it. Using a basis for this generation provides an additional layer of protection against duplication as if the same basis is used, then the same UUID is generated
func NewArgon2Hash ¶
NewArgon2Hash - Generates a ArgonV2ID hash for the secret provided in the first parameter. Any options that are provided here for hashing should be persisted using the user.UserCredential model as this ensures the same ones can be used when you need to validate the hash
Unlike other functions implemented in this library, the opts parameter is forced. This is done to ensure that the caller is fully aware of the parameters that they are passing to this function.
func RandBytes ¶
RandBytes - A function for generating cryptographically secure, random byte arrays of a fixed size. Most commonly used for generating Argon2 hashes, or secured version 5 UUIDs. The error returned from this function can be safely ignored as it is passed directly from rand.Read
func RandString ¶
RandString - Generates a base64 encoded string that was generated with a cryptographically secure byte array. This is primarily used for client ID generation for the application struct, but can be used in other situations
func ValidateArgon2Hash ¶
func ValidateArgon2Hash(secret []byte, salt []byte, target []byte, opts *options.CredentialOptions) bool
ValidateArgon2Hash - Validates that the hashed result of 'secret' matches the hash provided in 'target'. The secret parameter should be a raw, non-encoded secret provided by the user. The salt parameter should be the salt that both hashes share, and the target parameter should be an Argon2 hashed secret. The salt is required here as it ensures that we can adequately hash the result. Any options provided with opts, should reflect what is stored in the user.UserCredential structure.
A returned value of true indicates that the hashes match, any other result indicates that they do not
Types ¶
This section is empty.
Source Files