package auth

import "golang.org/x/crypto/bcrypt"

func clear(b []byte) {
	for i := 0; i < len(b); i++ {
		b[i] = 0
	}
}

func HashPass(password []byte) ([]byte, error) {
	// Clear memory where plaintext password was stored.
	// http://stackoverflow.com/questions/18545676/golang-app-engine-securely-hashing-a-users-password#comment36585613_19828153
	defer clear(password)
	// Return hash
	return bcrypt.GenerateFromPassword(password, 12)
}

func Authenticated(hash, pass []byte) bool {
	return bcrypt.CompareHashAndPassword(hash, pass) == nil
}