leptos_sync_core/security/authentication/
crypto.rs

1//! Cryptographic utilities for authentication
2
3use crate::SyncError;
4use base64::{Engine as _, engine::general_purpose};
5use rand::{Rng, rngs::OsRng};
6use sha2::{Digest, Sha256};
7
8/// Hash password with salt
9pub fn hash_password(password: &str) -> Result<(String, String), SyncError> {
10    let salt = generate_salt();
11    let mut hasher = Sha256::new();
12    hasher.update(password.as_bytes());
13    hasher.update(salt.as_bytes());
14    let hash = hasher.finalize();
15    let hash_string = general_purpose::STANDARD.encode(hash);
16    Ok((hash_string, salt))
17}
18
19/// Verify password
20pub fn verify_password(password: &str, hash: &str, salt: &str) -> Result<bool, SyncError> {
21    let mut hasher = Sha256::new();
22    hasher.update(password.as_bytes());
23    hasher.update(salt.as_bytes());
24    let computed_hash = hasher.finalize();
25    let computed_hash_string = general_purpose::STANDARD.encode(computed_hash);
26    Ok(computed_hash_string == hash)
27}
28
29/// Generate salt
30pub fn generate_salt() -> String {
31    let mut rng = OsRng;
32    let random_bytes: [u8; 16] = rng.r#gen();
33    general_purpose::STANDARD.encode(random_bytes)
34}
35
36/// Generate session token
37pub fn generate_session_token() -> String {
38    let mut rng = OsRng;
39    let random_bytes: [u8; 32] = rng.r#gen();
40    general_purpose::STANDARD.encode(random_bytes)
41}
42
43/// Generate reset token
44pub fn generate_reset_token() -> String {
45    let mut rng = OsRng;
46    let random_bytes: [u8; 32] = rng.r#gen();
47    general_purpose::STANDARD.encode(random_bytes)
48}
49
50/// Generate MFA secret
51pub fn generate_mfa_secret() -> String {
52    let mut rng = OsRng;
53    let random_bytes: [u8; 20] = rng.r#gen();
54    general_purpose::STANDARD.encode(random_bytes)
55}
56
57/// Generate user ID
58pub fn generate_user_id() -> String {
59    let mut rng = OsRng;
60    let random_bytes: [u8; 16] = rng.r#gen();
61    format!("user_{}", general_purpose::STANDARD.encode(random_bytes))
62}
63
64/// Generate TOTP code (simplified implementation)
65pub fn generate_totp_code(secret: &str) -> String {
66    use chrono::Utc;
67    // Simplified TOTP implementation - in production, use a proper TOTP library
68    let timestamp = Utc::now().timestamp() / 30;
69    let mut hasher = Sha256::new();
70    hasher.update(secret.as_bytes());
71    hasher.update(timestamp.to_be_bytes());
72    let hash = hasher.finalize();
73    let code = (hash[0] as u32 % 1000000) as u32;
74    format!("{:06}", code)
75}