adds token management and password validation to
both tokens and passwords are stored in the
Qaul state as
auth respectively. passwords are hashed using
bcrypt as we're already pulling in it's
blake2 core and it's a modern, state of the art algorithm. tokens are 256 random bits base64 encoded with the
URL_SAFE character set, however after generation they are strictly treated as strings. this also adds a new
user_authentication method which should probably take the place of
UserAuth::trusted in most cases as it does the same unwrapping while also validating that that key goes with that user.
bcryptwhat we should be using. it's state of the art but as a consequence it takes about a second on my machine to hash a password. this could be a deal breaker on lower end devices or in power critical situations.
- is pulling in
base64worth it just to generate a key, we could do a slightly more complicated picking random characters from a list approach at a similar cost