.devcontainer/Dockerfile

@@ -5,14 +5,17 @@ WORKDIR /app
 ARG GO_VERSION
 ARG GOLANGCI_LINT_VERSION
 ARG MIGRATE_VERSION
+ARG AIR_VERSION
 
 RUN apt update &&\
     apt install git wget curl -y &&\
     wget https://go.dev/dl/go$GO_VERSION.linux-amd64.tar.gz &&\
     rm -rf /usr/local/go && tar -C /usr/local -xzf go$GO_VERSION.linux-amd64.tar.gz &&\
-    curl -sSfL https://raw.githubusercontent.com/air-verse/air/master/install.sh | sh -s -- -b /usr/local/go/bin &&\
     wget https://github.com/golangci/golangci-lint/releases/download/v$GOLANGCI_LINT_VERSION/golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\
     dpkg -i golangci-lint-$GOLANGCI_LINT_VERSION-linux-amd64.deb &&\
     wget https://github.com/golang-migrate/migrate/releases/download/v$MIGRATE_VERSION/migrate.linux-amd64.deb &&\
     dpkg -i migrate.linux-amd64.deb &&\
+    wget https://github.com/air-verse/air/releases/download/v$AIR_VERSION/air_${AIR_VERSION}_linux_amd64 &&\
+    chmod +x air_${AIR_VERSION}_linux_amd64 &&\
+    mv air_${AIR_VERSION}_linux_amd64 /usr/local/go/bin/air &&\
     echo "export PATH=$PATH:/usr/local/go/bin" > /root/.bashrc

.devcontainer/devcontainer.json

@@ -6,7 +6,8 @@
         "args": {
             "GO_VERSION": "1.24.1",
             "GOLANGCI_LINT_VERSION": "1.64.5",
-            "MIGRATE_VERSION": "4.18.2"
+            "MIGRATE_VERSION": "4.18.2",
+            "AIR_VERSION": "1.61.7"
         }
     },
     "customizations": {

go.mod

@@ -3,11 +3,13 @@ module gitea.qpismont.fr/qpismont/trepa
 go 1.24.0
 
 require (
+	github.com/go-playground/validator/v10 v10.25.0
 	github.com/golang-jwt/jwt/v5 v5.2.1
 	github.com/jackc/pgx v3.6.2+incompatible
 	github.com/jmoiron/sqlx v1.4.0
 	github.com/joho/godotenv v1.5.1
 	github.com/magiconair/properties v1.8.9
+	github.com/matthewhartstonge/argon2 v1.2.0
 	github.com/stretchr/testify v1.10.0
 )
 
@@ -17,16 +19,15 @@ require (
 	github.com/gabriel-vasile/mimetype v1.4.8 // indirect
 	github.com/go-playground/locales v0.14.1 // indirect
 	github.com/go-playground/universal-translator v0.18.1 // indirect
-	github.com/go-playground/validator/v10 v10.25.0 // indirect
 	github.com/gofrs/uuid v4.4.0+incompatible // indirect
 	github.com/jackc/fake v0.0.0-20150926172116-812a484cc733 // indirect
 	github.com/leodido/go-urn v1.4.0 // indirect
 	github.com/pkg/errors v0.9.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/shopspring/decimal v1.4.0 // indirect
-	golang.org/x/crypto v0.33.0 // indirect
+	golang.org/x/crypto v0.36.0 // indirect
 	golang.org/x/net v0.34.0 // indirect
-	golang.org/x/sys v0.30.0 // indirect
-	golang.org/x/text v0.22.0 // indirect
+	golang.org/x/sys v0.31.0 // indirect
+	golang.org/x/text v0.23.0 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )

go.sum

@@ -6,6 +6,8 @@ github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/gabriel-vasile/mimetype v1.4.8 h1:FfZ3gj38NjllZIeJAmMhr+qKL8Wu+nOoI3GqacKw1NM=
 github.com/gabriel-vasile/mimetype v1.4.8/go.mod h1:ByKUIKGjh1ODkGM1asKUbQZOLGrPjydw3hYPU2YU9t8=
+github.com/go-playground/assert/v2 v2.2.0 h1:JvknZsQTYeFEAhQwI4qEt9cyV5ONwRHC+lYKSsYSR8s=
+github.com/go-playground/assert/v2 v2.2.0/go.mod h1:VDjEfimB/XKnb+ZQfWdccd7VUvScMdVu0Titje2rxJ4=
 github.com/go-playground/locales v0.14.1 h1:EWaQ/wswjilfKLTECiXz7Rh+3BjFhfDFKv/oXslEjJA=
 github.com/go-playground/locales v0.14.1/go.mod h1:hxrqLVvrK65+Rwrd5Fc6F2O76J/NuW9t0sjnWqG1slY=
 github.com/go-playground/universal-translator v0.18.1 h1:Bcnm0ZwsGyWbCzImXv+pAJnYK9S473LQFuzCbDbfSFY=
@@ -32,6 +34,8 @@ github.com/lib/pq v1.10.9 h1:YXG7RB+JIjhP29X+OtkiDnYaXQwpS4JEWq7dtCCRUEw=
 github.com/lib/pq v1.10.9/go.mod h1:AlVN5x4E4T544tWzH6hKfbfQvm3HdbOxrmggDNAPY9o=
 github.com/magiconair/properties v1.8.9 h1:nWcCbLq1N2v/cpNsy5WvQ37Fb+YElfq20WJ/a8RkpQM=
 github.com/magiconair/properties v1.8.9/go.mod h1:Dhd985XPs7jluiymwWYZ0G4Z61jb3vdS329zhj2hYo0=
+github.com/matthewhartstonge/argon2 v1.2.0 h1:oHo0H92JcmG4q5Ax6MuwDHa6iuJPz97RLwSfqcrjsSY=
+github.com/matthewhartstonge/argon2 v1.2.0/go.mod h1:2zMl2u3Ooe9zkpeU61cmcAJ4vgMC3YfvRbKWnPg0wAU=
 github.com/mattn/go-sqlite3 v1.14.22 h1:2gZY6PC6kBnID23Tichd1K+Z0oS6nE/XwU+Vz/5o4kU=
 github.com/mattn/go-sqlite3 v1.14.22/go.mod h1:Uh1q+B4BYcTPb+yiD3kU8Ct7aC0hY9fxUwlHK0RXw+Y=
 github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
@@ -42,14 +46,14 @@ github.com/shopspring/decimal v1.4.0 h1:bxl37RwXBklmTi0C79JfXCEBD1cqqHt0bbgBAGFp
 github.com/shopspring/decimal v1.4.0/go.mod h1:gawqmDU56v4yIKSwfBSFip1HdCCXN8/+DMd9qYNcwME=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-golang.org/x/crypto v0.33.0 h1:IOBPskki6Lysi0lo9qQvbxiQ+FvsCC/YWOecCHAixus=
-golang.org/x/crypto v0.33.0/go.mod h1:bVdXmD7IV/4GdElGPozy6U7lWdRXA4qyRVGJV57uQ5M=
+golang.org/x/crypto v0.36.0 h1:AnAEvhDddvBdpY+uR+MyHmuZzzNqXSe/GvuDeob5L34=
+golang.org/x/crypto v0.36.0/go.mod h1:Y4J0ReaxCR1IMaabaSMugxJES1EpwhBHhv2bDHklZvc=
 golang.org/x/net v0.34.0 h1:Mb7Mrk043xzHgnRM88suvJFwzVrRfHEHJEl5/71CKw0=
 golang.org/x/net v0.34.0/go.mod h1:di0qlW3YNM5oh6GqDGQr92MyTozJPmybPK4Ev/Gm31k=
-golang.org/x/sys v0.30.0 h1:QjkSwP/36a20jFYWkSue1YwXzLmsV5Gfq7Eiy72C1uc=
-golang.org/x/sys v0.30.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
-golang.org/x/text v0.22.0 h1:bofq7m3/HAFvbF51jz3Q9wLg3jkvSPuiZu/pD1XwgtM=
-golang.org/x/text v0.22.0/go.mod h1:YRoo4H8PVmsu+E3Ou7cqLVH8oXWIHVoX0jqUWALQhfY=
+golang.org/x/sys v0.31.0 h1:ioabZlmFYtWhL+TRYpcnNlLwhyxaM9kWTDEmfnprqik=
+golang.org/x/sys v0.31.0/go.mod h1:BJP2sWEmIv4KK5OTEluFJCKSidICx8ciO85XgH3Ak8k=
+golang.org/x/text v0.23.0 h1:D71I7dUrlY+VX0gQShAThNGHFxZ13dGLBHQLVl1mJlY=
+golang.org/x/text v0.23.0/go.mod h1:/BLNzu4aZCJ1+kcD0DNRotWKage4q2rGVAg4o22unh4=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=

internal/accounts/service/account.go

@@ -19,7 +19,12 @@ func (s *Service) Login(login domain.AccountLogin) (*domain.Account, *core.HTTPE
 		return nil, domain.ErrAccountNotFound
 	}
 
-	if !core.ComparePassword(login.Password, account.Password) {
+	ok, err := core.ComparePassword(login.Password, account.Password)
+	if err != nil {
+		return nil, domain.ErrBadPassword
+	}
+
+	if !ok {
 		return nil, domain.ErrBadPassword
 	}
 

internal/core/hash.go

@@ -1,12 +1,29 @@
 package core
 
-import "golang.org/x/crypto/argon2"
+import (
+	"github.com/matthewhartstonge/argon2"
+)
 
-func HashPassword(password string) string {
-	return string(argon2.IDKey([]byte(password), nil, 1, 64*1024, 4, 32))
+func HashPassword(password string) (string, error) {
+	argon := instanceArgon2()
+
+	hash, err := argon.HashEncoded([]byte(password))
+	if err != nil {
+		return "", err
 	}
 
-func ComparePassword(password string, hash string) bool {
-	hashedPassword := HashPassword(password)
-	return hashedPassword == hash
+	return string(hash), nil
+}
+
+func ComparePassword(password string, hash string) (bool, error) {
+	ok, err := argon2.VerifyEncoded([]byte(password), []byte(hash))
+	if err != nil {
+		return false, err
+	}
+
+	return ok, nil
+}
+
+func instanceArgon2() argon2.Config {
+	return argon2.DefaultConfig()
 }

internal/core/hash_test.go

@@ -8,14 +8,11 @@ import (
 
 func TestHashPassword(t *testing.T) {
 	password := "password"
-	hashedPassword := HashPassword(password)
-	assert.NotEmpty(t, hashedPassword)
-	t.Log(hashedPassword)
-	assert.Equal(t, hashedPassword, "LOLPASSWORD")
-}
+	hashedPassword, err := HashPassword(password)
 
-func TestComparePassword(t *testing.T) {
-	password := "password"
-	hashedPassword := HashPassword(password)
-	assert.True(t, ComparePassword(password, hashedPassword))
+	assert.NoError(t, err)
+
+	hashedOk, err := ComparePassword(password, hashedPassword)
+	assert.NoError(t, err)
+	assert.True(t, hashedOk)
 }