Files
xlgo-core/validation/hash.go
T
杭州明婳科技 2dfcbbbb22 init
2026-04-30 23:26:14 +08:00

69 lines
1.9 KiB
Go

package validation
import (
"golang.org/x/crypto/bcrypt"
)
// 默认加密成本(bcrypt 推荐值)
const defaultCost = 12
// HashPassword 对密码进行加密
func HashPassword(password string) (string, error) {
return HashPasswordWithCost(password, defaultCost)
}
// HashPasswordWithCost 使用指定成本对密码进行加密
// cost 范围: 4-31,值越大越安全但越慢
func HashPasswordWithCost(password string, cost int) (string, error) {
if cost < bcrypt.MinCost {
cost = bcrypt.MinCost
}
if cost > bcrypt.MaxCost {
cost = bcrypt.MaxCost
}
bytes, err := bcrypt.GenerateFromPassword([]byte(password), cost)
if err != nil {
return "", err
}
return string(bytes), nil
}
// CheckPassword 验证密码是否匹配
// hashedPassword 是加密后的密码,password 是明文密码
func CheckPassword(hashedPassword, password string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
return err == nil
}
// CheckPasswordAndUpgrade 验证密码并在需要时升级加密成本
// 返回:是否匹配、是否需要升级、升级后的密码、错误
func CheckPasswordAndUpgrade(hashedPassword, password string, targetCost int) (match bool, needUpgrade bool, newHash string, err error) {
// 验证密码
err = bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password))
if err != nil {
return false, false, "", err
}
// 检查是否需要升级
cost, err := bcrypt.Cost([]byte(hashedPassword))
if err != nil {
return true, false, "", nil
}
if cost < targetCost {
newHash, err = HashPasswordWithCost(password, targetCost)
if err != nil {
return true, false, "", err
}
return true, true, newHash, nil
}
return true, false, "", nil
}
// GetPasswordCost 获取加密密码的成本
func GetPasswordCost(hashedPassword string) (int, error) {
return bcrypt.Cost([]byte(hashedPassword))
}