initial

2026-03-01 22:52:08 +07:00
commit 1244f3e2d5
63 changed files with 6075 additions and 0 deletions
--- a/internal/database/password.go
+++ b/internal/database/password.go
@@ -0,0 +1,187 @@
+package database
+
+import (
+	"crypto/rand"
+	"crypto/subtle"
+	"encoding/base64"
+	"fmt"
+	"math/big"
+	"strings"
+
+	"golang.org/x/crypto/argon2"
+)
+
+// Argon2 parameters - these are up-to-date secure defaults
+const (
+	argon2Time    = 1
+	argon2Memory  = 64 * 1024 // 64 MB
+	argon2Threads = 4
+	argon2KeyLen  = 32
+	argon2SaltLen = 16
+)
+
+// PasswordConfig holds Argon2 configuration
+type PasswordConfig struct {
+	Time    uint32
+	Memory  uint32
+	Threads uint8
+	KeyLen  uint32
+	SaltLen uint32
+}
+
+// DefaultPasswordConfig returns secure default Argon2 parameters
+func DefaultPasswordConfig() *PasswordConfig {
+	return &PasswordConfig{
+		Time:    argon2Time,
+		Memory:  argon2Memory,
+		Threads: argon2Threads,
+		KeyLen:  argon2KeyLen,
+		SaltLen: argon2SaltLen,
+	}
+}
+
+// HashPassword generates an Argon2id hash of the password
+func HashPassword(password string) (string, error) {
+	config := DefaultPasswordConfig()
+
+	// Generate a salt
+	salt := make([]byte, config.SaltLen)
+	if _, err := rand.Read(salt); err != nil {
+		return "", err
+	}
+
+	// Generate the hash
+	hash := argon2.IDKey([]byte(password), salt, config.Time, config.Memory, config.Threads, config.KeyLen)
+
+	// Encode the hash and parameters
+	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
+	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
+
+	// Format: $argon2id$v=19$m=65536,t=1,p=4$salt$hash
+	encoded := fmt.Sprintf("$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
+		argon2.Version, config.Memory, config.Time, config.Threads, b64Salt, b64Hash)
+
+	return encoded, nil
+}
+
+// VerifyPassword checks if the provided password matches the hash
+func VerifyPassword(password, encodedHash string) (bool, error) {
+	// Extract parameters and hash from encoded string
+	config, salt, hash, err := decodeHash(encodedHash)
+	if err != nil {
+		return false, err
+	}
+
+	// Generate hash of the provided password
+	otherHash := argon2.IDKey([]byte(password), salt, config.Time, config.Memory, config.Threads, config.KeyLen)
+
+	// Compare hashes using constant time comparison
+	return subtle.ConstantTimeCompare(hash, otherHash) == 1, nil
+}
+
+// decodeHash extracts parameters, salt, and hash from an encoded hash string
+func decodeHash(encodedHash string) (*PasswordConfig, []byte, []byte, error) {
+	parts := strings.Split(encodedHash, "$")
+	if len(parts) != 6 {
+		return nil, nil, nil, fmt.Errorf("invalid hash format")
+	}
+
+	if parts[1] != "argon2id" {
+		return nil, nil, nil, fmt.Errorf("invalid algorithm")
+	}
+
+	var version int
+	if _, err := fmt.Sscanf(parts[2], "v=%d", &version); err != nil {
+		return nil, nil, nil, err
+	}
+	if version != argon2.Version {
+		return nil, nil, nil, fmt.Errorf("incompatible argon2 version")
+	}
+
+	config := &PasswordConfig{}
+	if _, err := fmt.Sscanf(parts[3], "m=%d,t=%d,p=%d", &config.Memory, &config.Time, &config.Threads); err != nil {
+		return nil, nil, nil, err
+	}
+
+	salt, err := base64.RawStdEncoding.DecodeString(parts[4])
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	saltLen := len(salt)
+	if saltLen < 0 || saltLen > int(^uint32(0)) {
+		return nil, nil, nil, fmt.Errorf("salt length out of range")
+	}
+	config.SaltLen = uint32(saltLen) // nolint:gosec // checked above
+
+	hash, err := base64.RawStdEncoding.DecodeString(parts[5])
+	if err != nil {
+		return nil, nil, nil, err
+	}
+	hashLen := len(hash)
+	if hashLen < 0 || hashLen > int(^uint32(0)) {
+		return nil, nil, nil, fmt.Errorf("hash length out of range")
+	}
+	config.KeyLen = uint32(hashLen) // nolint:gosec // checked above
+
+	return config, salt, hash, nil
+}
+
+// GenerateRandomPassword generates a cryptographically secure random password
+func GenerateRandomPassword(length int) (string, error) {
+	const (
+		uppercase = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
+		lowercase = "abcdefghijklmnopqrstuvwxyz"
+		digits    = "0123456789"
+		special   = "!@#$%^&*()_+-=[]{}|;:,.<>?"
+	)
+
+	// Combine all character sets
+	allChars := uppercase + lowercase + digits + special
+
+	// Create password slice
+	password := make([]byte, length)
+
+	// Ensure at least one character from each set for password complexity
+	if length >= 4 {
+		// Get one character from each set
+		password[0] = uppercase[cryptoRandInt(len(uppercase))]
+		password[1] = lowercase[cryptoRandInt(len(lowercase))]
+		password[2] = digits[cryptoRandInt(len(digits))]
+		password[3] = special[cryptoRandInt(len(special))]
+
+		// Fill the rest randomly from all characters
+		for i := 4; i < length; i++ {
+			password[i] = allChars[cryptoRandInt(len(allChars))]
+		}
+
+		// Shuffle the password to avoid predictable pattern
+		for i := len(password) - 1; i > 0; i-- {
+			j := cryptoRandInt(i + 1)
+			password[i], password[j] = password[j], password[i]
+		}
+	} else {
+		// For very short passwords, just use all characters
+		for i := 0; i < length; i++ {
+			password[i] = allChars[cryptoRandInt(len(allChars))]
+		}
+	}
+
+	return string(password), nil
+}
+
+// cryptoRandInt generates a cryptographically secure random integer in [0, max)
+func cryptoRandInt(max int) int {
+	if max <= 0 {
+		panic("max must be positive")
+	}
+
+	// Calculate the maximum valid value to avoid modulo bias
+	// For example, if max=200 and we have 256 possible values,
+	// we only accept values 0-199 (reject 200-255)
+	nBig, err := rand.Int(rand.Reader, big.NewInt(int64(max)))
+	if err != nil {
+		panic(fmt.Sprintf("crypto/rand error: %v", err))
+	}
+
+	return int(nBig.Int64())
+}