feat(auth): argon2id пароли + session store (sha256 токена)

This commit is contained in:
2026-07-03 19:50:11 +07:00
parent 3bd237d562
commit 12b7945efc
6 changed files with 203 additions and 11 deletions
+29
View File
@@ -0,0 +1,29 @@
package auth
import "testing"
func TestHashVerifyRoundTrip(t *testing.T) {
h, err := HashPassword("s3cret-pw")
if err != nil {
t.Fatal(err)
}
if h == "s3cret-pw" || len(h) < 20 {
t.Fatalf("bad hash %q", h)
}
ok, err := VerifyPassword(h, "s3cret-pw")
if err != nil || !ok {
t.Fatalf("verify failed: %v %v", ok, err)
}
bad, _ := VerifyPassword(h, "wrong")
if bad {
t.Fatal("wrong password must not verify")
}
}
func TestHashNonDeterministic(t *testing.T) {
a, _ := HashPassword("same")
b, _ := HashPassword("same")
if a == b {
t.Fatal("salt must randomize hash")
}
}