Start with security package

2025-02-17 16:15:43 +01:00 · 2025-02-17 16:15:43 +01:00 · 965e1be803
commit 965e1be803
parent 3a4eef4ef0
2 changed files with 35 additions and 2 deletions
--- a/dev.metalisp.survey.asd
+++ b/dev.metalisp.survey.asd
@ -2,14 +2,15 @@

 (defsystem "dev.metalisp.survey"
  :description "Create questionnaires and analyze the results."
-  :version "0.5.24"
+  :version "0.5.25"
  :author "Marcus Kammer <marcus.kammer@mailbox.org>"
  :source-control (:git "https://code.metalisp.dev/marcuskammer/dev.metalisp.survey.git")
  :licence "MIT"
-  :depends-on ("local-time" "hunchentoot" "dev.metalisp.sbt" "dev.metalisp.qmetrics")
+  :depends-on ("ironclad" "local-time" "hunchentoot" "dev.metalisp.sbt" "dev.metalisp.qmetrics")
  :components ((:module "src/"
                :components ((:file "fileops")
                             (:file "app")
+                             (:file "password-hasher")
                             (:module "models/"
                              :serial t
                              :components ((:file "package")
--- a/src/password-hasher.lisp
+++ b/src/password-hasher.lisp
@ -0,0 +1,32 @@
+;;; -*- mode: lisp; coding: utf-8; -*-
+
+(defpackage :ml-survey/security
+  (:use #:cl)
+  (:export #:password-hasher
+           #:hash-password))
+
+(in-package :ml-survey/security)
+
+(defclass user ()
+  ((name :initarg :name :reader user-name)
+   (password-hash :initarg :password-hash :reader user-password-hash)))
+
+(defclass password-hasher ()
+  ((salt-length :initarg :salt-length :initform 8 :reader salt-length)
+   (iterations :initarg :iterations :initform 100000 :reader iterations)
+   (digest :initarg :digest :initform :sha256 :reader digest)))
+
+(defgeneric hash-password (hasher password)
+  (:documentation "Hash PASSWORD using the given HASHER."))
+
+(defmethod hash-password ((hasher password-hasher) password)
+  (let* ((salt (ironclad:make-random-salt (salt-length hasher)))
+         (password-bytes (ironclad:ascii-string-to-byte-array password))
+         (derived-key (ironclad:pbkdf2-hash-password password-bytes
+                                                     :salt salt
+                                                     :iterations (iterations hasher)
+                                                     :digest (digest hasher))))
+    (concatenate 'string
+                 (ironclad:byte-array-to-hex-string salt)
+                 ":"
+                 (ironclad:byte-array-to-hex-string derived-key))))