MVP, no mod tools or anything but it works

vendor/gopkg.in/hlandau/passlib.v1/hash/bcrypt/bcrypt.go

@@ -0,0 +1,72 @@
+// Package bcrypt implements the bcrypt password hashing mechanism.
+//
+// Please note that bcrypt truncates passwords to 72 characters in length. Consider using
+// a more modern hashing scheme such as scrypt or sha-crypt. If you must use bcrypt,
+// consider using bcrypt-sha256 instead.
+package bcrypt
+
+import "golang.org/x/crypto/bcrypt"
+import "gopkg.in/hlandau/passlib.v1/abstract"
+import "fmt"
+
+// An implementation of Scheme implementing bcrypt.
+//
+// Uses RecommendedCost.
+var Crypter abstract.Scheme
+
+// The recommended cost for bcrypt. This may change with subsequent releases.
+const RecommendedCost = 12
+
+// bcrypt.DefaultCost is a bit low (10), so use 12 instead.
+
+func init() {
+	Crypter = New(RecommendedCost)
+}
+
+// Create a new scheme implementing bcrypt. The recommended cost is RecommendedCost.
+func New(cost int) abstract.Scheme {
+	return &scheme{
+		Cost: cost,
+	}
+}
+
+type scheme struct {
+	Cost int
+}
+
+func (s *scheme) SupportsStub(stub string) bool {
+	return len(stub) >= 3 && stub[0] == '$' && stub[1] == '2' &&
+		(stub[2] == '$' || (len(stub) >= 4 && stub[3] == '$' &&
+			(stub[2] == 'a' || stub[2] == 'b' || stub[2] == 'y')))
+}
+
+func (s *scheme) Hash(password string) (string, error) {
+	h, err := bcrypt.GenerateFromPassword([]byte(password), s.Cost)
+	if err != nil {
+		return "", err
+	}
+
+	return string(h), nil
+}
+
+func (s *scheme) Verify(password, hash string) error {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	if err == bcrypt.ErrMismatchedHashAndPassword {
+		err = abstract.ErrInvalidPassword
+	}
+
+	return err
+}
+
+func (s *scheme) NeedsUpdate(stub string) bool {
+	cost, err := bcrypt.Cost([]byte(stub))
+	if err != nil {
+		return false
+	}
+
+	return cost < s.Cost
+}
+
+func (s *scheme) String() string {
+	return fmt.Sprintf("bcrypt(%d)", s.Cost)
+}