Update dependencies, improve password handling, and enhance devcontainer configuration. Bump Go version to 1.24.1, add Air version to Dockerfile, and refactor password hashing and comparison functions to return errors. Update tests accordingly.

.devcontainer/Dockerfile

@@ -5,14 +5,17 @@ WORKDIR /app
 ARG GO_VERSION
 ARG GOLANGCI_LINT_VERSION
 ARG MIGRATE_VERSION
+ARG AIR_VERSION
 
 RUN apt update &&\
     apt install git wget curl -y &&\
     wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz &&\
     rm -rf /usr/local/go && tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz &&\
-    curl -sSfL https://raw.githubusercontent.com/air-verse/air/master/install.sh | sh -s -- -b /usr/local/go/bin &&\
     wget https://github.com/golangci/golangci-lint/releases/download/v$GOLANGCI_LINT_VERSION/golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\
     dpkg -i golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\
     wget https://github.com/golang-migrate/migrate/releases/download/v$MIGRATE_VERSION/migrate.linux-amd64.deb &&\
     dpkg -i migrate.linux-amd64.deb &&\
+    wget https://github.com/air-verse/air/releases/download/v$AIR_VERSION/air_${AIR_VERSION}_linux_amd64 &&\
+    chmod +x air_${AIR_VERSION}_linux_amd64 &&\
+    mv air_${AIR_VERSION}_linux_amd64 /usr/local/go/bin/air &&\
     echo "export PATH=$PATH:/usr/local/go/bin" > /root/.bashrc

.devcontainer/devcontainer.json

@@ -6,7 +6,8 @@
         "args": {
             "GO_VERSION": "1.24.1",
             "GOLANGCI_LINT_VERSION": "1.64.5",
-            "MIGRATE_VERSION": "4.18.2"
+            "MIGRATE_VERSION": "4.18.2",
+            "AIR_VERSION": "1.61.7"
         }
     },
     "customizations": {

go.mod

@@ -3,11 +3,13 @@ module gitea.qpismont.fr/qpismont/trepa
 go 1.24.0
 
 require (
+	github.com/go-playground/validator/v10 v10.25.0
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/jackc/pgx v3.6.2+incompatible
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
 	github.com/magiconair/properties v1.8.9
+	github.com/matthewhartstonge/argon2 v1.2.0
 	github.com/stretchr/testify v1.10.0
 )
 
@@ -17,16 +19,15 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.25.0 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
@@ -32,6 +34,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
 github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/matthewhartstonge/argon2 v1.2.0 h1:oHo0H92JcmG4q5Ax6MuwDHa6iuJPz97RLwSfqcrjsSY=
+github.com/matthewhartstonge/argon2 v1.2.0/go.mod h1:2zMl2u3Ooe9zkpeU61cmcAJ4vgMC3YfvRbKWnPg0wAU=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -42,14 +46,14 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

internal/accounts/service/account.go

@@ -19,7 +19,12 @@ func (s *Service) Login(login domain.AccountLogin) (*domain.Account, *core.HTTPE
 		return nil, domain.ErrAccountNotFound
 	}
 
-	if !core.ComparePassword(login.Password, account.Password) {
+	ok, err := core.ComparePassword(login.Password, account.Password)
+	if err != nil {
+		return nil, domain.ErrBadPassword
+	}
+
+	if !ok {
 		return nil, domain.ErrBadPassword
 	}
 

internal/core/hash.go

@@ -1,12 +1,29 @@
 package core
 
-import "golang.org/x/crypto/argon2"
+import (
+	"github.com/matthewhartstonge/argon2"
+)
 
-func HashPassword(password string) string {
+func HashPassword(password string) (string, error) {
-	return string(argon2.IDKey([]byte(password), nil, 1, 64*1024, 4, 32))
+	argon := instanceArgon2()
+
+	hash, err := argon.HashEncoded([]byte(password))
+	if err != nil {
+		return "", err
+	}
+
+	return string(hash), nil
 }
 
-func ComparePassword(password string, hash string) bool {
+func ComparePassword(password string, hash string) (bool, error) {
-	hashedPassword := HashPassword(password)
+	ok, err := argon2.VerifyEncoded([]byte(password), []byte(hash))
-	return hashedPassword == hash
+	if err != nil {
+		return false, err
+	}
+
+	return ok, nil
+}
+
+func instanceArgon2() argon2.Config {
+	return argon2.DefaultConfig()
 }

internal/core/hash_test.go

@@ -8,14 +8,11 @@ import (
 
 func TestHashPassword(t *testing.T) {
 	password := "password"
-	hashedPassword := HashPassword(password)
+	hashedPassword, err := HashPassword(password)
-	assert.NotEmpty(t, hashedPassword)
-	t.Log(hashedPassword)
-	assert.Equal(t, hashedPassword, "LOLPASSWORD")
-}
 
-func TestComparePassword(t *testing.T) {
+	assert.NoError(t, err)
-	password := "password"
+
-	hashedPassword := HashPassword(password)
+	hashedOk, err := ComparePassword(password, hashedPassword)
-	assert.True(t, ComparePassword(password, hashedPassword))
+	assert.NoError(t, err)
+	assert.True(t, hashedOk)
 }