ilk

svc/internal/security/errors.go

@@ -0,0 +1,11 @@
+package security
+
+import "errors"
+
+var (
+	ErrPasswordTooShort = errors.New("password must be at least 8 characters")
+	ErrPasswordUpper    = errors.New("password must contain an uppercase letter")
+	ErrPasswordLower    = errors.New("password must contain a lowercase letter")
+	ErrPasswordDigit    = errors.New("password must contain a digit")
+	ErrPasswordSpecial  = errors.New("password must contain a special character")
+)

svc/internal/security/password_policy.go

@@ -0,0 +1,35 @@
+package security
+
+import (
+	"errors"
+	"regexp"
+	"strings"
+)
+
+var (
+	reUpper   = regexp.MustCompile(`[A-Z]`)
+	reLower   = regexp.MustCompile(`[a-z]`)
+	reDigit   = regexp.MustCompile(`[0-9]`)
+	reSpecial = regexp.MustCompile(`[^A-Za-z0-9]`)
+)
+
+func ValidatePassword(pw string) error {
+	pw = strings.TrimSpace(pw)
+
+	if len(pw) < 8 {
+		return errors.New("Parola en az 8 karakter olmalı")
+	}
+	if !reUpper.MatchString(pw) {
+		return errors.New("Parola en az 1 büyük harf içermeli")
+	}
+	if !reLower.MatchString(pw) {
+		return errors.New("Parola en az 1 küçük harf içermeli")
+	}
+	if !reDigit.MatchString(pw) {
+		return errors.New("Parola en az 1 rakam içermeli")
+	}
+	if !reSpecial.MatchString(pw) {
+		return errors.New("Parola en az 1 özel karakter içermeli")
+	}
+	return nil
+}

svc/internal/security/password_reset.go

@@ -0,0 +1,13 @@
+package security
+
+import (
+	"os"
+)
+
+func BuildResetURL(token string) string {
+	base := os.Getenv("FRONTEND_URL")
+	if base == "" {
+		base = "http://localhost:9000"
+	}
+	return base + "/password-reset/" + token
+}

svc/internal/security/refresh_token.go

@@ -0,0 +1,23 @@
+package security
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+func GenerateRefreshToken() (plain string, hash string, err error) {
+	b := make([]byte, 32) // 256 bit
+	if _, err = rand.Read(b); err != nil {
+		return
+	}
+	plain = hex.EncodeToString(b)
+	sum := sha256.Sum256([]byte(plain))
+	hash = hex.EncodeToString(sum[:])
+	return
+}
+
+func HashRefreshToken(plain string) string {
+	sum := sha256.Sum256([]byte(plain))
+	return hex.EncodeToString(sum[:])
+}

svc/internal/security/reset_token.go

@@ -0,0 +1,26 @@
+package security
+
+import (
+	"crypto/rand"
+	"crypto/sha256"
+	"encoding/hex"
+)
+
+func GenerateResetToken() (plain string, hash string, err error) {
+	b := make([]byte, 32) // 256 bit
+	if _, err = rand.Read(b); err != nil {
+		return
+	}
+
+	plain = hex.EncodeToString(b)
+
+	sum := sha256.Sum256([]byte(plain))
+	hash = hex.EncodeToString(sum[:])
+
+	return
+}
+
+func HashToken(plain string) string {
+	sum := sha256.Sum256([]byte(plain))
+	return hex.EncodeToString(sum[:])
+}