Types

ScramState = object clientNonce*: string clientFirstBare*: string serverSignature*: array[32, byte]: Intermediate state for SCRAM-SHA-256 authentication handshake.

Procs

proc md5AuthHash(user, password: string; salt: array[4, byte]): string {. ...raises: [], tags: [], forbids: [].}: Compute MD5 authentication hash for PostgreSQL. Returns "md5" followed by hex of MD5(MD5(password+user) + salt).
proc scramClientFinalMessage(password: string; serverFirstData: openArray[byte]; state: var ScramState): seq[byte] {. ...raises: [CatchableError, CatchableError], tags: [RootEffect], forbids: [].}: Generate the SCRAM-SHA-256 client-final message from the server's first response. Computes the client proof and stores the expected server signature in state.
proc scramClientFirstMessage(user: string; nonce: string; state: var ScramState): seq[ byte] {....raises: [], tags: [], forbids: [].}: Overload with explicit nonce for testing.
proc scramClientFirstMessage(user: string; state: var ScramState): seq[byte] {. ...raises: [CatchableError], tags: [], forbids: [].}: Generate the SCRAM-SHA-256 client-first message with a random nonce.
proc scramEscapeUsername(user: string): string {....raises: [], tags: [], forbids: [].}: Escape username for SCRAM per RFC 5802 Section 5.1. '=' is encoded as '=3D' and ',' is encoded as '=2C'.
proc scramVerifyServerFinal(serverFinalData: openArray[byte]; state: ScramState): bool {. ...raises: [], tags: [], forbids: [].}: Verify the server's final SCRAM-SHA-256 signature matches the expected value.