3x-ui/util/crypto/crypto.go

// Package crypto provides cryptographic utilities for password hashing and verification.
package crypto

import (
	"crypto/sha256"
	"encoding/hex"

	"golang.org/x/crypto/bcrypt"
)

// HashPasswordAsBcrypt generates a bcrypt hash of the given password.
func HashPasswordAsBcrypt(password string) (string, error) {
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)
	return string(hash), err
}

// CheckPasswordHash verifies if the given password matches the bcrypt hash.
func CheckPasswordHash(hash, password string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
}

func IsHashed(s string) bool {
	_, err := bcrypt.Cost([]byte(s))
	return err == nil
}

// HashTokenSHA256 returns the hex-encoded SHA-256 digest of token. API tokens
// are high-entropy random strings, so a fast unsalted digest is sufficient to
// keep them irrecoverable at rest while allowing constant-time verification.
func HashTokenSHA256(token string) string {
	sum := sha256.Sum256([]byte(token))
	return hex.EncodeToString(sum[:])
}

// IsSHA256Hex reports whether s looks like a hex-encoded SHA-256 digest
// (64 lowercase hex characters), used to skip already-hashed token rows.
func IsSHA256Hex(s string) bool {
	if len(s) != 64 {
		return false
	}
	for _, c := range s {
		if (c < '0' || c > '9') && (c < 'a' || c > 'f') {
			return false
		}
	}
	return true
}
docs: add comments for all functions 2025-09-20 07:35:50 +00:00			`// Package crypto provides cryptographic utilities for password hashing and verification.`
feat: hashing user passwords solves problems #2944, #2783 2025-05-03 09:27:53 +00:00			`package crypto`

			`import (`
fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated. 2026-06-03 20:57:50 +00:00			`"crypto/sha256"`
			`"encoding/hex"`

feat: hashing user passwords solves problems #2944, #2783 2025-05-03 09:27:53 +00:00			`"golang.org/x/crypto/bcrypt"`
			`)`

docs: add comments for all functions 2025-09-20 07:35:50 +00:00			`// HashPasswordAsBcrypt generates a bcrypt hash of the given password.`
feat: hashing user passwords solves problems #2944, #2783 2025-05-03 09:27:53 +00:00			`func HashPasswordAsBcrypt(password string) (string, error) {`
			`hash, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost)`
			`return string(hash), err`
			`}`

docs: add comments for all functions 2025-09-20 07:35:50 +00:00			`// CheckPasswordHash verifies if the given password matches the bcrypt hash.`
feat: hashing user passwords solves problems #2944, #2783 2025-05-03 09:27:53 +00:00			`func CheckPasswordHash(hash, password string) bool {`
Refactor code and fix linter warnings (#3627) * refactor: use any instead of empty interface * refactor: code cleanup 2026-01-05 04:54:56 +00:00			`return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil`
feat: hashing user passwords solves problems #2944, #2783 2025-05-03 09:27:53 +00:00			`}`
fix(db): make password-hash migration idempotent to prevent lock-out (#4612) The UserPasswordHash seeder bcrypt-hashed user.Password unconditionally, assuming plaintext. If it ran on an already-bcrypt value (DB restore, SQLite<->Postgres switch, history_of_seeders inconsistency on upgrade) it double-hashed the password, locking the admin out with both old and new passwords rejected. Skip any password that is already a bcrypt hash. 2026-06-01 18:48:12 +00:00
			`func IsHashed(s string) bool {`
			`_, err := bcrypt.Cost([]byte(s))`
			`return err == nil`
			`}`
fix(api-token): hash tokens at rest and show plaintext only once Store API tokens as SHA-256 hashes instead of plaintext and return the token value only in the create response. List no longer exposes the token, and the UI drops the Show/Copy buttons in favor of a one-time reveal modal at creation. Match hashes the presented bearer token before the constant-time compare, and a migration hashes any pre-existing plaintext rows in place so existing tokens keep authenticating. Docs and translations updated. 2026-06-03 20:57:50 +00:00
			`// HashTokenSHA256 returns the hex-encoded SHA-256 digest of token. API tokens`
			`// are high-entropy random strings, so a fast unsalted digest is sufficient to`
			`// keep them irrecoverable at rest while allowing constant-time verification.`
			`func HashTokenSHA256(token string) string {`
			`sum := sha256.Sum256([]byte(token))`
			`return hex.EncodeToString(sum[:])`
			`}`

			`// IsSHA256Hex reports whether s looks like a hex-encoded SHA-256 digest`
			`// (64 lowercase hex characters), used to skip already-hashed token rows.`
			`func IsSHA256Hex(s string) bool {`
			`if len(s) != 64 {`
			`return false`
			`}`
			`for _, c := range s {`
			`if (c < '0' \|\| c > '9') && (c < 'a' \|\| c > 'f') {`
			`return false`
			`}`
			`}`
			`return true`
			`}`