Mrixs/MrixsCraft-server
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: migrate passwords from SHA-256 to bcrypt

Browse Source 
- Replace SHA-256 hex hashing with bcrypt (cost 10) for password storage
- VerifyPassword now uses bcrypt.CompareHashAndPassword
- HashPassword returns (string, error) instead of string
- Add IsBcryptHash helper to detect legacy hashes for future migration
- Remove duplicate verifyPassword from api.go (already done in prev commit)
- Promote golang.org/x/crypto to direct dependency
This commit is contained in:
Vladimir Zagainov
2026-05-27 16:31:38 +03:00
parent 01cce981c5
commit 81c42e1a9a
3 changed files with 31 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
go.mod
View File

@@ -1,6 +1,6 @@
module gitea.mrixs.me/Mrixs/MrixsCraft-server
go 1.22
go 1.25.0
require github.com/jackc/pgx/v5 v5.6.0
@@ -8,7 +8,7 @@ require (
github.com/jackc/pgpassfile v1.0.0 // indirect
github.com/jackc/pgservicefile v0.0.0-20221227161230-091c0ba34f0a // indirect
github.com/jackc/puddle/v2 v2.2.1 // indirect
golang.org/x/crypto v0.17.0 // indirect
golang.org/x/sync v0.1.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/crypto v0.52.0
golang.org/x/sync v0.20.0 // indirect
golang.org/x/text v0.37.0 // indirect
)