需求
laravel 框架中密码验证非常简单 hash::check()
和 hash::make()
hash::needRefresh()
即可。
而laravel中的这些代码其实是封装了PHP自带的三个函数
- password_verify
- password_hash
- password_needs_rehash
使用Golang实现
package password
import "golang.org/x/crypto/bcrypt"
func HashMake(plainPwd string) (hashedPwd string, err error) {
var hashed []byte
hashed, err = bcrypt.GenerateFromPassword([]byte(plainPwd), bcrypt.DefaultCost)
if err != nil {
return
}
hashedPwd = string(hashed)
return
}
func HashIsSame(plainPwd, hashedPwd string) (yes bool, err error) {
err = bcrypt.CompareHashAndPassword([]byte(hashedPwd), []byte(plainPwd))
if err != nil {
return
}
yes = true
return
}
func HashNeedRefresh(hashedPwd string) bool {
hashCost, err := bcrypt.Cost([]byte(hashedPwd))
return err != nil || hashCost != bcrypt.DefaultCost
}
PHP的验证参数
var_dump(password_needs_rehash($hashedPwd, PASSWORD_BCRYPT, [
'cost' => 10
]));
生成的密码格式示例:
$2a$10$nnBguPdoIu7LSDbnkFWjAu5A3OCbeEuJMkMy94MuOKOjI9xrPqHaK