package auth import ( "strings" "golang.org/x/crypto/bcrypt" ) func HashPassword(password string) (string, error) { b, err := bcrypt.GenerateFromPassword([]byte(password), bcrypt.DefaultCost) return string(b), err } func CheckPassword(hash, password string) bool { return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil } // HashIngressKey stores a SHA-256 hex digest for O(1) cache lookup. func HashIngressKey(key string) string { return HashToken(key) } func IsLegacyIngressHash(hash string) bool { return strings.HasPrefix(hash, "$2a$") || strings.HasPrefix(hash, "$2b$") } // CheckIngressKey verifies legacy bcrypt-hashed ingress keys. func CheckIngressKey(hash, key string) bool { return bcrypt.CompareHashAndPassword([]byte(hash), []byte(key)) == nil }