HashAPIKey returns the HMAC-SHA256 hex digest of the given plaintext key. If hmacSecret is empty, falls back to plain SHA-256 for backward compatibility.
(plaintext, hmacSecret string)
| 37 | // HashAPIKey returns the HMAC-SHA256 hex digest of the given plaintext key. |
| 38 | // If hmacSecret is empty, falls back to plain SHA-256 for backward compatibility. |
| 39 | func HashAPIKey(plaintext, hmacSecret string) string { |
| 40 | if hmacSecret == "" { |
| 41 | h := sha256.Sum256([]byte(plaintext)) |
| 42 | return hex.EncodeToString(h[:]) |
| 43 | } |
| 44 | mac := hmac.New(sha256.New, []byte(hmacSecret)) |
| 45 | mac.Write([]byte(plaintext)) |
| 46 | return hex.EncodeToString(mac.Sum(nil)) |
| 47 | } |
| 48 | |
| 49 | // CreateAPIKey generates and stores a new API key for the given user. |
| 50 | // Returns the plaintext key (shown once) and the database record. |
no test coverage detected