// Copyright 2023 The Gitea Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package hash

import (
	"golang.org/x/crypto/bcrypt"
)

func init() {
	MustRegister("bcrypt", NewBcryptHasher)
}

// BcryptHasher implements PasswordHasher
// and uses the bcrypt password hash function.
type BcryptHasher struct {
	cost int
}

// HashWithSaltBytes a provided password and salt
func (hasher *BcryptHasher) HashWithSaltBytes(password string, salt []byte) string {
	if hasher == nil {
		return ""
	}
	hashedPassword, _ := bcrypt.GenerateFromPassword([]byte(password), hasher.cost)
	return string(hashedPassword)
}

func (hasher *BcryptHasher) VerifyPassword(password, hashedPassword, salt string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hashedPassword), []byte(password)) == nil
}

// NewBcryptHasher is a factory method to create an BcryptHasher
// The provided config should be either empty or the string representation of the "<cost>"
// as an integer
func NewBcryptHasher(config string) *BcryptHasher {
	// This matches the original configuration for `bcrypt` prior to storing hash parameters
	// in the database.
	// THESE VALUES MUST NOT BE CHANGED OR BACKWARDS COMPATIBILITY WILL BREAK
	hasher := &BcryptHasher{
		cost: 10, // cost=10. i.e. 2^10 rounds of key expansion.
	}

	if config == "" {
		return hasher
	}
	var err error
	hasher.cost, err = parseIntParam(config, "cost", "bcrypt", config, nil)
	if err != nil {
		return nil
	}

	return hasher
}