Implement ServerPadlockGenerator

src/auth.rs

@@ -8,6 +8,7 @@ use rand::{
     thread_rng,
 };
 use secrecy::ExposeSecret;
+use sha2::Sha256;
 use thiserror::Error;
 use time::{macros::format_description, OffsetDateTime};
 use tokio::sync::Mutex;
@@ -85,13 +86,25 @@ pub struct ServerPadlockGenerator {
 }
 
 impl ServerPadlockGenerator {
+    const HASH_LEN: usize = 32;
+
     pub fn new(secret: PadlockGenerationSecret) -> Self {
         Self { secret }
     }
 
+    #[instrument]
+    pub fn generate_hash() -> ServerHash {
+        ServerHash(Alphanumeric.sample_string(&mut thread_rng(), Self::HASH_LEN))
+    }
+
     #[instrument]
     pub fn generate_padlock(&self, server_hash: &ServerHash) -> ServerPadlock {
-        todo!()
+        let mut hmac: Hmac<Sha256> = Hmac::new_from_slice(self.secret.0.expose_secret())
+            .expect("HMAC should accept key of any length");
+
+        hmac.update(server_hash.0.as_bytes());
+
+        BASE64_STANDARD.encode(hmac.finalize().into_bytes()).into()
     }
 }