// Package auth provides password hashing and verification using bcrypt.
package auth

import (
	"errors"
	"regexp"

	"golang.org/x/crypto/bcrypt"
)

const bcryptCost = 12

var usernameRegex = regexp.MustCompile(`^[a-zA-Z0-9_]{3,20}$`)

func HashPassword(password string) (string, error) {
	hash, err := bcrypt.GenerateFromPassword([]byte(password), bcryptCost)
	return string(hash), err
}

func CheckPassword(password, hash string) bool {
	return bcrypt.CompareHashAndPassword([]byte(hash), []byte(password)) == nil
}

func ValidateUsername(username string) error {
	if !usernameRegex.MatchString(username) {
		return errors.New("username must be 3-20 characters, alphanumeric and underscore only")
	}
	return nil
}

func ValidatePassword(password string) error {
	if len(password) < 8 {
		return errors.New("password must be at least 8 characters")
	}
	return nil
}