package auth import ( "crypto/aes" "crypto/cipher" "crypto/rand" "crypto/sha256" "encoding/base64" "errors" "fmt" "io" ) func deriveKey(secret string) []byte { h := sha256.Sum256([]byte(secret)) return h[:] } func Encrypt(plaintext, secret string) (string, error) { key := deriveKey(secret) block, err := aes.NewCipher(key) if err != nil { return "", err } gcm, err := cipher.NewGCM(block) if err != nil { return "", err } nonce := make([]byte, gcm.NonceSize()) if _, err := io.ReadFull(rand.Reader, nonce); err != nil { return "", err } ciphertext := gcm.Seal(nonce, nonce, []byte(plaintext), nil) return base64.StdEncoding.EncodeToString(ciphertext), nil } func Decrypt(encoded, secret string) (string, error) { data, err := base64.StdEncoding.DecodeString(encoded) if err != nil { return "", err } key := deriveKey(secret) block, err := aes.NewCipher(key) if err != nil { return "", err } gcm, err := cipher.NewGCM(block) if err != nil { return "", err } nonceSize := gcm.NonceSize() if len(data) < nonceSize { return "", errors.New("ciphertext too short") } nonce, ciphertext := data[:nonceSize], data[nonceSize:] plain, err := gcm.Open(nil, nonce, ciphertext, nil) if err != nil { return "", err } return string(plain), nil } func HashToken(token string) string { h := sha256.Sum256([]byte(token)) return fmt.Sprintf("%x", h) } func GenerateToken(n int) (string, error) { b := make([]byte, n) if _, err := rand.Read(b); err != nil { return "", err } return base64.URLEncoding.EncodeToString(b)[:n], nil }