package user

import (
	"crypto/rand"
	"encoding/base64"
	"fmt"

	"golang.org/x/crypto/argon2"
)

func HashSecret(secret string) (string, error) {
	hashconf := &struct {
		memory      uint32
		iterations  uint32
		parallelism uint8
		keyLength   uint32
		saltLength  uint32
	}{64 * 1024, 3, 2, 12, 16}
	salt := make([]byte, hashconf.saltLength)
	_, err := rand.Read(salt)
	if err != nil {
		return "", err
	}

	hash := argon2.IDKey(
		[]byte(secret),
		salt,
		hashconf.iterations,
		hashconf.memory,
		hashconf.parallelism,
		hashconf.keyLength,
	)
	b64Salt := base64.RawStdEncoding.EncodeToString(salt)
	b64Hash := base64.RawStdEncoding.EncodeToString(hash)
	encodedHash := fmt.Sprintf(
		"$argon2id$v=%d$m=%d,t=%d,p=%d$%s$%s",
		argon2.Version,
		hashconf.memory,
		hashconf.iterations,
		hashconf.parallelism,
		b64Salt,
		b64Hash,
	)

	return encodedHash, nil
}