From f803bddb718f44e9a9567e874b921191797581e9 Mon Sep 17 00:00:00 2001
From: SonyPradana <sonypradana@gmail.com>
Date: Sat, 31 Aug 2024 13:59:38 +0700
Subject: [PATCH] feat: password hash

---
 .../Security/Hashing/Argon2IdHasher.php       | 28 ++++++++++
 src/System/Security/Hashing/ArgonHasher.php   | 55 +++++++++++++++++++
 src/System/Security/Hashing/BcryptHasher.php  | 35 ++++++++++++
 src/System/Security/Hashing/DefaultHasher.php | 28 ++++++++++
 src/System/Security/Hashing/HashInterface.php | 16 ++++++
 src/System/Security/Hashing/HashManager.php   | 40 ++++++++++++++
 tests/Security/Hashing/HasherMangerTest.php   | 23 ++++++++
 tests/Security/Hashing/HasherTest.php         | 54 ++++++++++++++++++
 8 files changed, 279 insertions(+)
 create mode 100644 src/System/Security/Hashing/Argon2IdHasher.php
 create mode 100644 src/System/Security/Hashing/ArgonHasher.php
 create mode 100644 src/System/Security/Hashing/BcryptHasher.php
 create mode 100644 src/System/Security/Hashing/DefaultHasher.php
 create mode 100644 src/System/Security/Hashing/HashInterface.php
 create mode 100644 src/System/Security/Hashing/HashManager.php
 create mode 100644 tests/Security/Hashing/HasherMangerTest.php
 create mode 100644 tests/Security/Hashing/HasherTest.php

diff --git a/src/System/Security/Hashing/Argon2IdHasher.php b/src/System/Security/Hashing/Argon2IdHasher.php
new file mode 100644
index 00000000..ebe700f5
--- /dev/null
+++ b/src/System/Security/Hashing/Argon2IdHasher.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+class Argon2IdHasher extends ArgonHasher implements HashInterface
+{
+    public function make(string $value, array $options = []): string
+    {
+        $hash = @password_hash($value, PASSWORD_ARGON2ID, [
+            'memory_cost' => $options['memory'] ?? $this->memory,
+            'time_cost'   => $options['time'] ?? $this->time,
+            'threads'     => $options['threads'] ?? $this->threads,
+        ]);
+
+        if (!is_string($hash)) {
+            throw new \RuntimeException(PASSWORD_ARGON2ID . ' hashing not supported.');
+        }
+
+        return $hash;
+    }
+
+    public function isValidAlgorithm(string $hash): bool
+    {
+        return 'argon2id' === $this->info($hash)['algoName'];
+    }
+}
diff --git a/src/System/Security/Hashing/ArgonHasher.php b/src/System/Security/Hashing/ArgonHasher.php
new file mode 100644
index 00000000..8018dd57
--- /dev/null
+++ b/src/System/Security/Hashing/ArgonHasher.php
@@ -0,0 +1,55 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+class ArgonHasher extends DefaultHasher implements HashInterface
+{
+    protected int $memory = 1024;
+
+    protected int $time = 2;
+
+    protected int $threads = 2;
+
+    public function setMemory(int $memory): self
+    {
+        $this->memory = $memory;
+
+        return $this;
+    }
+
+    public function setTime(int $time): self
+    {
+        $this->time = $time;
+
+        return $this;
+    }
+
+    public function setThreads(int $threads): self
+    {
+        $this->threads = $threads;
+
+        return $this;
+    }
+
+    public function make(string $value, array $options = []): string
+    {
+        $hash = @password_hash($value, PASSWORD_ARGON2I, [
+            'memory_cost' => $options['memory'] ?? $this->memory,
+            'time_cost'   => $options['time'] ?? $this->time,
+            'threads'     => $options['threads'] ?? $this->threads,
+        ]);
+
+        if (!is_string($hash)) {
+            throw new \RuntimeException(PASSWORD_ARGON2I . ' hashing not supported.');
+        }
+
+        return $hash;
+    }
+
+    public function isValidAlgorithm(string $hash): bool
+    {
+        return 'argon2i' === $this->info($hash)['algoName'];
+    }
+}
diff --git a/src/System/Security/Hashing/BcryptHasher.php b/src/System/Security/Hashing/BcryptHasher.php
new file mode 100644
index 00000000..89e64fb1
--- /dev/null
+++ b/src/System/Security/Hashing/BcryptHasher.php
@@ -0,0 +1,35 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+class BcryptHasher extends DefaultHasher implements HashInterface
+{
+    protected int $rounds = 12;
+
+    public function setRounds(int $rounds): self
+    {
+        $this->rounds = $rounds;
+
+        return $this;
+    }
+
+    public function make(string $value, array $options = []): string
+    {
+        $hash = password_hash($value, PASSWORD_BCRYPT, [
+            'cost' => $options['rounds'] ?? $this->rounds,
+        ]);
+
+        if (false === $hash) {
+            throw new \RuntimeException('Bcrypt hashing not supported.');
+        }
+
+        return $hash;
+    }
+
+    public function isValidAlgorithm(string $hash): bool
+    {
+        return 'bcrypt' === $this->info($hash)['algoName'];
+    }
+}
diff --git a/src/System/Security/Hashing/DefaultHasher.php b/src/System/Security/Hashing/DefaultHasher.php
new file mode 100644
index 00000000..3db8372c
--- /dev/null
+++ b/src/System/Security/Hashing/DefaultHasher.php
@@ -0,0 +1,28 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+class DefaultHasher implements HashInterface
+{
+    public function info(string $hash): array
+    {
+        return password_get_info($hash);
+    }
+
+    public function verify(string $value, string $hashed_value, array $options = []): bool
+    {
+        return password_verify($value, $hashed_value);
+    }
+
+    public function make(string $value, array $options = []): string
+    {
+        return password_hash($value, PASSWORD_DEFAULT);
+    }
+
+    public function isValidAlgorithm(string $hash): bool
+    {
+        return 'bcrypt' === $this->info($hash)['algoName'];
+    }
+}
diff --git a/src/System/Security/Hashing/HashInterface.php b/src/System/Security/Hashing/HashInterface.php
new file mode 100644
index 00000000..68a5bd70
--- /dev/null
+++ b/src/System/Security/Hashing/HashInterface.php
@@ -0,0 +1,16 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+interface HashInterface
+{
+    public function info(string $hash): array;
+
+    public function verify(string $value, string $hashed_value, array $options = []): bool;
+
+    public function make(string $value, array $options = []): string;
+
+    public function isValidAlgorithm(string $hash): bool;
+}
diff --git a/src/System/Security/Hashing/HashManager.php b/src/System/Security/Hashing/HashManager.php
new file mode 100644
index 00000000..6fa58669
--- /dev/null
+++ b/src/System/Security/Hashing/HashManager.php
@@ -0,0 +1,40 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Security\Hashing;
+
+class HashManager implements HashInterface
+{
+    private ?HashInterface $driver = null;
+
+    public function setDriver(HashInterface $driver)
+    {
+        $this->driver = $driver;
+    }
+
+    private function driver(?string $driver = null): HashInterface
+    {
+        return $driver ?? $this->driver ?? new DefaultHasher();
+    }
+
+    public function info(string $hashed_value): array
+    {
+        return $this->driver()->info($hashed_value);
+    }
+
+    public function make(string $value, array $options = []): string
+    {
+        return $this->driver()->make($value, $options);
+    }
+
+    public function verify(string $value, string $hashed_value, array $options = []): bool
+    {
+        return $this->driver()->verify($value, $hashed_value, $options);
+    }
+
+    public function isValidAlgorithm(string $hash): bool
+    {
+        return $this->driver()->isValidAlgorithm($hash);
+    }
+}
diff --git a/tests/Security/Hashing/HasherMangerTest.php b/tests/Security/Hashing/HasherMangerTest.php
new file mode 100644
index 00000000..dafd64cd
--- /dev/null
+++ b/tests/Security/Hashing/HasherMangerTest.php
@@ -0,0 +1,23 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Test\Security\Hashing;
+
+use PHPUnit\Framework\TestCase;
+use System\Security\Hashing\BcryptHasher;
+use System\Security\Hashing\HashManager;
+
+class HasherMangerTest extends TestCase
+{
+    /** @test */
+    public function itCanHashDefaultHasher()
+    {
+        $hasher = new HashManager();
+        $hasher->setDriver(new BcryptHasher());
+        $hash   = $hasher->make('password');
+        $this->assertNotSame('password', $hash);
+        $this->assertTrue($hasher->verify('password', $hash));
+        $this->assertTrue($hasher->isValidAlgorithm($hash));
+    }
+}
diff --git a/tests/Security/Hashing/HasherTest.php b/tests/Security/Hashing/HasherTest.php
new file mode 100644
index 00000000..05198953
--- /dev/null
+++ b/tests/Security/Hashing/HasherTest.php
@@ -0,0 +1,54 @@
+<?php
+
+declare(strict_types=1);
+
+namespace System\Test\Security\Hashing;
+
+use PHPUnit\Framework\TestCase;
+use System\Security\Hashing\Argon2IdHasher;
+use System\Security\Hashing\ArgonHasher;
+use System\Security\Hashing\BcryptHasher;
+use System\Security\Hashing\DefaultHasher;
+
+class HasherTest extends TestCase
+{
+    /** @test */
+    public function itCanHashDefaultHasher()
+    {
+        $hasher = new DefaultHasher();
+        $hash   = $hasher->make('password');
+        $this->assertNotSame('password', $hash);
+        $this->assertTrue($hasher->verify('password', $hash));
+        $this->assertTrue($hasher->isValidAlgorithm($hash));
+    }
+
+    /** @test */
+    public function itCanHashBryptHasher()
+    {
+        $hasher = new BcryptHasher();
+        $hash   = $hasher->make('password');
+        $this->assertNotSame('password', $hash);
+        $this->assertTrue($hasher->verify('password', $hash));
+        $this->assertTrue($hasher->isValidAlgorithm($hash));
+    }
+
+    /** @test */
+    public function itCanHashArgonHasher()
+    {
+        $hasher = new ArgonHasher();
+        $hash   = $hasher->make('password');
+        $this->assertNotSame('password', $hash);
+        $this->assertTrue($hasher->verify('password', $hash));
+        $this->assertTrue($hasher->isValidAlgorithm($hash));
+    }
+
+    /** @test */
+    public function itCanHashArgon2IdHasher()
+    {
+        $hasher = new Argon2IdHasher();
+        $hash   = $hasher->make('password');
+        $this->assertNotSame('password', $hash);
+        $this->assertTrue($hasher->verify('password', $hash));
+        $this->assertTrue($hasher->isValidAlgorithm($hash));
+    }
+}