add PasswordHasher interface with bcrypt implementation

Introduce an injectable abstraction over password_hash and password_verify so callers can be swapped for a fast fake in tests without paying bcrypt's CPU cost. The bcrypt implementation is a direct passthrough using PASSWORD_DEFAULT, matching the prior inline behavior, so existing stored hashes continue to verify. Wired into the DI container alongside the other auth primitives (Clock, TokenGenerator). No callers reference it yet, so production behavior is unchanged.
2026-04-26 09:06:17 +03:00 · 2026-04-26 09:06:17 +03:00 · b1247d2fa1
commit b1247d2fa1
parent d93b668d5a
3 changed files with 29 additions and 0 deletions
--- a/app/Auth/BcryptPasswordHasher.php
+++ b/app/Auth/BcryptPasswordHasher.php
@ -0,0 +1,16 @@
+<?php
+
+namespace App\Auth;
+
+class BcryptPasswordHasher implements PasswordHasher
+{
+    public function hash(string $plaintext): string
+    {
+        return password_hash($plaintext, PASSWORD_DEFAULT);
+    }
+
+    public function verify(string $plaintext, string $hash): bool
+    {
+        return password_verify($plaintext, $hash);
+    }
+}
--- a/app/Auth/PasswordHasher.php
+++ b/app/Auth/PasswordHasher.php
@ -0,0 +1,10 @@
+<?php
+
+namespace App\Auth;
+
+interface PasswordHasher
+{
+    public function hash(string $plaintext): string;
+
+    public function verify(string $plaintext, string $hash): bool;
+}