auth/password.ts

Password hashing type definitions.
Defines the PasswordHashDeps injectable interface and PASSWORD_LENGTH_MIN.
Concrete Argon2id implementation lives in password_argon2.ts.

Declarations
#

5 declarations

view source

Password
#

auth/password.ts view source

ZodString

Password for account creation or password change — enforces current length policy. Also usable for client-side UX validation.

PASSWORD_LENGTH_MAX
#

auth/password.ts view source

300

Maximum password length. Caps hashing cost to prevent DoS via oversized passwords.

PASSWORD_LENGTH_MIN
#

auth/password.ts view source

12

Minimum password length (OWASP recommendation).

PasswordHashDeps
#

auth/password.ts view source

PasswordHashDeps

Injectable password hashing dependencies.
Groups all three password operations for injection in route factories
and other callers. Use Pick<PasswordHashDeps, ...> when only a subset is needed:

examples

// Login handler only needs verification
password: Pick<PasswordHashDeps, 'verify_password' | 'verify_dummy'>;
// Bootstrap only needs hashing
password: Pick<PasswordHashDeps, 'hash_password'>;

`hash_password`

type (password: string) => Promise<string>

`verify_password`

type (password: string, password_hash: string) => Promise<boolean>

`verify_dummy`

type (password: string) => Promise<boolean>

PasswordProvided
#

auth/password.ts view source

ZodString

Password submitted for login or verification — minimal validation for forward-compatibility if length requirements change.