Pulse/internal/auth/password.go
rcourtman 0f67fb526a chore: reduce minimum password length to 1
Allows users to choose their own password security level instead of
enforcing a 12-character minimum. Users are adults.
2025-12-13 21:29:00 +00:00

43 lines
1.2 KiB
Go

package auth
import (
"fmt"
"golang.org/x/crypto/bcrypt"
)
const (
// BcryptCost is the cost factor for bcrypt hashing
// Higher values are more secure but slower
BcryptCost = 12
// MinPasswordLength is the minimum required password length
// Set to 1 to allow users to choose their own password security
MinPasswordLength = 1
)
// HashPassword generates a bcrypt hash from a plain text password
func HashPassword(password string) (string, error) {
bytes, err := bcrypt.GenerateFromPassword([]byte(password), BcryptCost)
if err != nil {
return "", err
}
return string(bytes), nil
}
// CheckPasswordHash compares a plain text password with a hash
func CheckPasswordHash(password, hash string) bool {
err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
return err == nil
}
// ValidatePasswordComplexity checks if a password meets complexity requirements
func ValidatePasswordComplexity(password string) error {
if len(password) < MinPasswordLength {
return fmt.Errorf("password must be at least %d characters long", MinPasswordLength)
}
// That's it - let users choose their own passwords
// No annoying character type requirements
return nil
}