promote

pkg/lzkit/crypto/bcrypt.go

@@ -0,0 +1,28 @@
+package crypto
+
+import (
+	"golang.org/x/crypto/bcrypt"
+)
+
+// PasswordHash 使用bcrypt对密码进行加密
+// cost参数确定加密的复杂度，默认为10，越高越安全但性能消耗越大
+func PasswordHash(password string, cost ...int) (string, error) {
+	defaultCost := 10
+	if len(cost) > 0 && cost[0] > 0 {
+		defaultCost = cost[0]
+	}
+
+	bytes, err := bcrypt.GenerateFromPassword([]byte(password), defaultCost)
+	if err != nil {
+		return "", err
+	}
+
+	return string(bytes), nil
+}
+
+// PasswordVerify 验证密码是否匹配
+// password是用户输入的明文密码，hash是存储的加密密码
+func PasswordVerify(password, hash string) bool {
+	err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(password))
+	return err == nil
+}

pkg/lzkit/crypto/bcrypt_test.go

@@ -0,0 +1,105 @@
+package crypto
+
+import (
+	"testing"
+)
+
+func TestPasswordHashAndVerify(t *testing.T) {
+	tests := []struct {
+		name     string
+		password string
+		cost     []int
+	}{
+		{
+			name:     "普通密码-默认复杂度",
+			password: "password123",
+			cost:     []int{},
+		},
+		{
+			name:     "普通密码-低复杂度",
+			password: "password123",
+			cost:     []int{4},
+		},
+		{
+			name:     "空密码",
+			password: "",
+			cost:     []int{},
+		},
+		{
+			name:     "中文密码",
+			password: "密码123",
+			cost:     []int{},
+		},
+		{
+			name:     "特殊字符密码",
+			password: "p@$$w0rd!#*&",
+			cost:     []int{},
+		},
+		{
+			name:     "我的密码",
+			password: "aA2021.12.31",
+			cost:     []int{10},
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			// 1. 测试加密
+			hash, err := PasswordHash(tt.password, tt.cost...)
+			if err != nil {
+				t.Errorf("PasswordHash() error = %v", err)
+				return
+			}
+			if hash == "" {
+				t.Error("PasswordHash() 返回空哈希值")
+			}
+			if hash == tt.password {
+				t.Error("PasswordHash() 返回的哈希值与明文密码相同")
+			}
+
+			// 2. 测试验证 - 正确密码
+			if !PasswordVerify(tt.password, hash) {
+				t.Error("PasswordVerify() 无法验证正确的密码")
+			}
+
+			// 3. 测试验证 - 错误密码
+			if PasswordVerify(tt.password+"wrong", hash) {
+				t.Error("PasswordVerify() 错误地验证了错误的密码")
+			}
+			t.Logf("用户名: %s, 密码: %s, 哈希值: %s", tt.name, tt.password, hash)
+		})
+	}
+}
+
+func TestPasswordHashWithInvalidCost(t *testing.T) {
+	// bcrypt库的cost范围是4-31，超出范围会返回错误
+	password := "testpassword"
+
+	// 测试过低的cost
+	_, err := PasswordHash(password, 2)
+	if err == nil {
+		t.Error("PasswordHash() 应该对过低的cost返回错误")
+	}
+
+	// 测试过高的cost
+	_, err = PasswordHash(password, 32)
+	if err == nil {
+		t.Error("PasswordHash() 应该对过高的cost返回错误")
+	}
+}
+
+func BenchmarkPasswordHash(b *testing.B) {
+	password := "benchmark-password"
+	for i := 0; i < b.N; i++ {
+		_, _ = PasswordHash(password)
+	}
+}
+
+func BenchmarkPasswordVerify(b *testing.B) {
+	password := "benchmark-password"
+	hash, _ := PasswordHash(password)
+	b.ResetTimer()
+	for i := 0; i < b.N; i++ {
+		_ = PasswordVerify(password, hash)
+	}
+}