03c9188d79
* ci: consolidate duplicate workflows and merge CodeQL configs Remove 17 duplicate workflow files that were split copies of the combined originals. Each family (CI, CodeQL, Coverage, PR Build, Alpha Release) had the same job duplicated across separate push/pull_request/schedule/manual trigger files. Merge codeql.yml and codescan.yml into a single codeql.yml with a language matrix covering go, javascript-typescript, python, and actions — matching the previous default setup coverage. Remaining workflows (one per family): - ci.yml (push + PR + manual) - codeql.yml (push + PR + schedule, all languages) - coverage.yml (push + PR + manual) - alpha-release.yml (push + manual) - pr-build.yml (PR + manual) - release.yml (tag push) - agent-verify.yml, auto-label.yml, auto-project.yml Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> * feat: add collect, config, crypt, plugin packages and fix all lint issues Add four new infrastructure packages with CLI commands: - pkg/config: layered configuration (defaults → file → env → flags) - pkg/crypt: crypto primitives (Argon2id, AES-GCM, ChaCha20, HMAC, checksums) - pkg/plugin: plugin system with GitHub-based install/update/remove - pkg/collect: collection subsystem (GitHub, BitcoinTalk, market, papers, excavate) Fix all golangci-lint issues across the entire codebase (~100 errcheck, staticcheck SA1012/SA1019/ST1005, unused, ineffassign fixes) so that `core go qa` passes with 0 issues. Closes #167, #168, #170, #250, #251, #252, #253, #254, #255, #256 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com> --------- Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
74 lines
1.5 KiB
Go
74 lines
1.5 KiB
Go
package crypt
|
|
|
|
import (
|
|
"fmt"
|
|
|
|
"github.com/host-uk/core/pkg/cli"
|
|
"github.com/host-uk/core/pkg/crypt"
|
|
"golang.org/x/crypto/bcrypt"
|
|
)
|
|
|
|
// Hash command flags
|
|
var (
|
|
hashBcrypt bool
|
|
hashVerify string
|
|
)
|
|
|
|
func addHashCommand(parent *cli.Command) {
|
|
hashCmd := cli.NewCommand("hash", "Hash a password with Argon2id or bcrypt", "", func(cmd *cli.Command, args []string) error {
|
|
return runHash(args[0])
|
|
})
|
|
hashCmd.Args = cli.ExactArgs(1)
|
|
|
|
cli.BoolFlag(hashCmd, &hashBcrypt, "bcrypt", "b", false, "Use bcrypt instead of Argon2id")
|
|
cli.StringFlag(hashCmd, &hashVerify, "verify", "", "", "Verify input against this hash")
|
|
|
|
parent.AddCommand(hashCmd)
|
|
}
|
|
|
|
func runHash(input string) error {
|
|
// Verify mode
|
|
if hashVerify != "" {
|
|
return runHashVerify(input, hashVerify)
|
|
}
|
|
|
|
// Hash mode
|
|
if hashBcrypt {
|
|
hash, err := crypt.HashBcrypt(input, bcrypt.DefaultCost)
|
|
if err != nil {
|
|
return cli.Wrap(err, "failed to hash password")
|
|
}
|
|
fmt.Println(hash)
|
|
return nil
|
|
}
|
|
|
|
hash, err := crypt.HashPassword(input)
|
|
if err != nil {
|
|
return cli.Wrap(err, "failed to hash password")
|
|
}
|
|
fmt.Println(hash)
|
|
return nil
|
|
}
|
|
|
|
func runHashVerify(input, hash string) error {
|
|
var match bool
|
|
var err error
|
|
|
|
if hashBcrypt {
|
|
match, err = crypt.VerifyBcrypt(input, hash)
|
|
} else {
|
|
match, err = crypt.VerifyPassword(input, hash)
|
|
}
|
|
|
|
if err != nil {
|
|
return cli.Wrap(err, "failed to verify hash")
|
|
}
|
|
|
|
if match {
|
|
cli.Success("Password matches hash")
|
|
return nil
|
|
}
|
|
|
|
cli.Error("Password does not match hash")
|
|
return cli.Err("hash verification failed")
|
|
}
|