From 5d037e8297a192996b7281af0ca761c160aaed30 Mon Sep 17 00:00:00 2001
From: Ryan Mehri <ryan.mehri1@gmail.com>
Date: Fri, 15 May 2020 17:58:09 -0600
Subject: Add encryption to content when password is specified

---
 backend/security/hash.go | 41 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 41 insertions(+)
 create mode 100644 backend/security/hash.go

(limited to 'backend/security/hash.go')

diff --git a/backend/security/hash.go b/backend/security/hash.go
new file mode 100644
index 0000000..b6ce167
--- /dev/null
+++ b/backend/security/hash.go
@@ -0,0 +1,41 @@
+package security
+
+import (
+	"crypto/md5"
+	"encoding/hex"
+	"golang.org/x/crypto/bcrypt"
+	"math/big"
+	"time"
+)
+
+const UrlLength = 7
+
+// GenerateURI creates a unique identifier for a paste based on ip and timestamp
+func GenerateURI(ip string) string {
+	timeStamp := time.Now().String()
+	return hashString(ip + timeStamp)[:UrlLength]
+}
+
+// hashes using MD5 and then converts to base 62
+func hashString(text string) string {
+	hash := md5.Sum([]byte(text))
+	hexStr := hex.EncodeToString(hash[:])
+
+	bi := big.NewInt(0)
+	bi.SetString(hexStr, 16)
+	return bi.Text(62)
+}
+
+func HashPassword(password string) (string, error) {
+	hashedPassword, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
+	return string(hashedPassword), err
+}
+
+func PasswordsEqual(dbPassword, parsedPassword string) bool {
+	dbPassBytes := []byte(dbPassword)
+	parsedPassBytes := []byte(parsedPassword)
+	compErr := bcrypt.CompareHashAndPassword(dbPassBytes, parsedPassBytes)
+
+	// if comparison error, the given password is not valid
+	return compErr == nil
+}
\ No newline at end of file
-- 
cgit v1.2.3