{"id":23419771,"url":"https://github.com/mooreds/hashapi","last_synced_at":"2025-04-09T09:22:57.054Z","repository":{"id":145796753,"uuid":"125422093","full_name":"mooreds/hashapi","owner":"mooreds","description":"This is an implementation of a password hashing API in golang.","archived":false,"fork":false,"pushed_at":"2018-03-23T18:02:51.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":1,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-02-15T03:28:19.123Z","etag":null,"topics":["authentication","golang","toy-project"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/mooreds.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2018-03-15T20:23:41.000Z","updated_at":"2018-03-23T18:02:52.000Z","dependencies_parsed_at":"2023-05-09T11:48:44.631Z","dependency_job_id":null,"html_url":"https://github.com/mooreds/hashapi","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mooreds%2Fhashapi","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mooreds%2Fhashapi/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mooreds%2Fhashapi/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/mooreds%2Fhashapi/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/mooreds","download_url":"https://codeload.github.com/mooreds/hashapi/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":248009236,"owners_count":21032691,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["authentication","golang","toy-project"],"created_at":"2024-12-23T01:44:12.221Z","updated_at":"2025-04-09T09:22:57.036Z","avatar_url":"https://github.com/mooreds.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"\n# Password Hash API\n\n## Purpose\n\nThis is a go API that will hash a password using SHA 512.\n\n## Startup\n\nTo run the server on ubuntu: `go build \u0026\u0026 sudo ./hashapi`\n\nYou must start it as root because it binds to port 80, a privileged port. \n\n## Client actions\n\nTo hash a password: `curl --data \"password=angryMonkey1\" http://localhost/hash`\n\nThis will pass back an id (which the client can save).\n\nTo retrieve the hashed password: `curl http://localhost/hash/1` where `1` is the previously retrieved id. If the id was not previously returned, or if the password is not yet generated, a 404 error will be returned.\n\nTo shut the server down (finishes existing requests, but new requests will be sent a 503 error): `curl http://localhost/shutdown`\n\nTo access statistics about the number of passwords hashed and the average amount of time taken: `curl http://localhost/stats`\n\n## Development notes\n\nTo run the server on ubuntu: `sudo go run main.go password.go statistics.go`\n\nrun `go fmt \u003cfilename\u003e` on any changed files before checkin.\n\nIf you are creating any http tests, make sure you run `resetVariablesToStartingValues` before any tests to reset the global variables. You also need to add any other global variables to that function.\n\nYou can run all tests by running `go test` or a particular test by running `go test -run TestYYY` \n\n## TODO\n\nUses port 80 and requires sudo to run the server\nNo error message on invalid/nonexistent id (but returns appropriate error msg)\nUses the same handler for both hash and hash/id routes with some confusing/unnecessary logic based on the retrieved id for discerning between the GET and POST paths: basically attempts to retrieve an id on both routes before checking for the request type.\nshutdown route does not use shutdown method on the server but instead sleeps in a loop and checks whether a shutdown has been received and then calls os.Exit!\nShutdown also does not wait for hashing go-routines to finish\ngetIdPointerFromPath function (used to parse the id from the GET request) returns a (*int)(nil) pointer, instead of just returning a tuple (int, error).\nStats reading not protected by read mutex\nthe password hash map is not mutex protected at all\nRace condition on creating new hash IDs. uses atomic.AddInt32 to protect incrementing the hash value, but ignores the output of the function which is what should be used thereafter. So he's safely incrementing the value, but then using the pointer to the value afterwards - at the same time another request could come in and increment the value.\nChooses to protect each piece of the statistic with the same mutex, but in separate functions. This means at any time you have a race condition where the total count of requests doesn't match up with the total time.\nTons of test-specific race conditions due to resetVariablesToStartingValues method resetting global state.\nSprintf format is incorrent in several places\nUses port 80 locally\nIgnores errors in places\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmooreds%2Fhashapi","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmooreds%2Fhashapi","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmooreds%2Fhashapi/lists"}