tokens

README

Tokens used for access defined here.

See: type KnotFreeTokenPayload struct

and MakeToken(data *KnotFreeTokenPayload, privateKey []byte) ([]byte, error)

and func VerifyToken(ticket []byte, publicKey []byte) (*KnotFreeTokenPayload, bool)

Documentation

Overview

Package tokens comments. TODO: package comments for these crypto utils. ed25519 jwt.

Index

• Variables
• func CalcTokenPrice(token *KnotFreeTokenPayload, unixIssueTime uint32) float32
• func FindPublicKey(thekey string) string
• func GetFirebaseApp(ctx context.Context) (*firebase.App, error)
• func GetImpromptuGiantToken() string
• func GetImpromptuGiantTokenLocal() string
• func GetKnotFreePayload(token string) (string, string, error)
• func GetPrivateKey(first4 string) string
• func GetRandomB64String() string
• func LoadPrivateKeys(fname string) error
• func LoadPublicKeys()
• func LogNewToken(ctx context.Context, token *KnotFreeTokenPayload, remoteAddr string) error
• func MakeNameToken(data *SubscriptionNameReservationPayload, privateKey []byte) ([]byte, error)
• func MakeRandomPhrase(amount int) string
• func MakeToken(data *KnotFreeTokenPayload, privateKey []byte) ([]byte, error)
• func SavePublicKey(key string, publicKey string)
• type CountReader
  • func (cr *CountReader) Read(buf []byte) (int, error)
• type KnotFreeContactStats
• type KnotFreeTokenPayload
  • func GetSampleBigToken(startTime uint32, serviceUrl string) *KnotFreeTokenPayload
  • func VerifyToken(ticket []byte, publicKey []byte) (*KnotFreeTokenPayload, bool)
• type SubscriptionNameReservationPayload
  • func VerifyNameToken(ticket []byte, publicKey []byte) (*SubscriptionNameReservationPayload, bool)
• type TokenLogStruct
• type TokenReply
• type TokenRequest
• type ZeroReader
  • func (ZeroReader) Read(buf []byte) (int, error)

Variables

var AliceSecretPhrase string = "join_red_this_string_plain_does_quart_simple_buy_line_fun_look_original_deal"

name alice_vociferous_mcgrath

var BobSecretPhrase string = "tail_wait_king_particular_track_third_arrive_agree_plural_charge_rise_grew_continent_fact"

building_bob_bottomline_boldness

var CharlieSecretPhrase string = "sense_trouble_lost_final_crowd_child_fear_buy_card_apple_such_it_as_note"

var English_words = `` /* 5823-byte string literal not displayed */

var PublicKeys string = `` /* 2817-byte string literal not displayed */

no point loading them all the time. ed25519 one per line. _9sh is being used to sign tokens 8ZNP is unused yRst is used as seed to cluster box keypair the others are unused so far and the private part unloaded.

var SampleSmallToken = `` /* 408-byte string literal not displayed */

SampleSmallToken is a small token signed by "_9sh" (below) p.Input = 20 p.Output = 20 p.Subscriptions = 2 p.Connections = 2

var StrangerSecretPhrase string = "dummy-dummy-dummy-dummy-dummy-dummy-dummy-dummy-dummy-dummy-dummy"

Functions

func CalcTokenPrice

func CalcTokenPrice(token *KnotFreeTokenPayload, unixIssueTime uint32) float32

CalcTokenPrice figures out how much we would need to pay to get this token. TODO: move out of firebase

func FindPublicKey

func FindPublicKey(thekey string) string

FindPublicKey is

func GetFirebaseApp

func GetFirebaseApp(ctx context.Context) (*firebase.App, error)

func GetImpromptuGiantToken

func GetImpromptuGiantToken() string

GetImpromptuGiantToken is

func GetImpromptuGiantTokenLocal

func GetImpromptuGiantTokenLocal() string

func GetKnotFreePayload

func GetKnotFreePayload(token string) (string, string, error)

GetKnotFreePayload returns the trimmed token and the issuer. We allow all kinds of not b64 junk around our JWT's it is tolerant of junk before and after the token. Only return the issuer. Let Verify get the claims. yes, we end up unmarshaling KnotFreeTokenPayload twice.

func GetPrivateKey

func GetPrivateKey(first4 string) string

GetPrivateKey is

func GetRandomB64String

func GetRandomB64String() string

GetRandomB64String returns 18 bytes or 18 * 8 = 144 bits of randomness

func LoadPrivateKeys

func LoadPrivateKeys(fname string) error

LoadPrivateKeys is

func LoadPublicKeys

func LoadPublicKeys()

LoadPublicKeys adds the public keys below

func LogNewToken

func LogNewToken(ctx context.Context, token *KnotFreeTokenPayload, remoteAddr string) error

LogNewToken to make a record that this token was delivered to customer. Let's not include the whole jwt.

func MakeNameToken

func MakeNameToken(data *SubscriptionNameReservationPayload, privateKey []byte) ([]byte, error)

MakeNameToken is

func MakeRandomPhrase

func MakeRandomPhrase(amount int) string

func MakeToken

func MakeToken(data *KnotFreeTokenPayload, privateKey []byte) ([]byte, error)

MakeToken is

func SavePublicKey

func SavePublicKey(key string, publicKey string)

SavePublicKey goes with FindPublicKey. We're using the first couple of bytes, in base54, of the 32byte public key as a name and looking them up in a gadget here. publicKey is actually an immutable array of bytes and not utf8. Is that going to be a problem?

Types

type CountReader

type CountReader struct {
	// contains filtered or unexported fields
}

CountReader is too public

func (*CountReader) Read

func (cr *CountReader) Read(buf []byte) (int, error)

type KnotFreeContactStats

type KnotFreeContactStats struct {
	//
	Input         float32 `json:"in"`  // bytes per sec
	Output        float32 `json:"out"` // bytes per sec
	Subscriptions float32 `json:"su"`  // seconds per sec
	Connections   float32 `json:"co"`  // seconds per sec
}

KnotFreeContactStats is the numeric part of the token claims it is floats to compress numbers and allow fractions in json these don't count above 2^24 or else we need more bits.

type KnotFreeTokenPayload

type KnotFreeTokenPayload struct {
	//
	ExpirationTime uint32 `json:"exp,omitempty"` // unix seconds
	Issuer         string `json:"iss"`           // first 4 bytes (or more) of base64 public key of issuer
	JWTID          string `json:"jti,omitempty"` // a unique serial number for this Issuer

	KnotFreeContactStats // limits on what we're allowed to do.

	URL string `json:"url"` // address of the service eg. "knotfree.net" or knotfree0.com for localhost
}

KnotFreeTokenPayload is our JWT 'claims'.

func GetSampleBigToken

func GetSampleBigToken(startTime uint32, serviceUrl string) *KnotFreeTokenPayload

GetSampleBigToken is used for testing.

func VerifyToken

func VerifyToken(ticket []byte, publicKey []byte) (*KnotFreeTokenPayload, bool)

VerifyToken is

type SubscriptionNameReservationPayload

type SubscriptionNameReservationPayload struct {
	//
	ExpirationTime uint32 `json:"exp,omitempty"` // unix seconds
	Issuer         string `json:"iss"`           // first 4 bytes (or more) of base64 public key of issuer
	JWTID          string `json:"jti,omitempty"` // a unique serial number for this Issuer. must be public key of user
	Name           string `json:"name"`          // the subscription name
}

func VerifyNameToken

func VerifyNameToken(ticket []byte, publicKey []byte) (*SubscriptionNameReservationPayload, bool)

VerifyToken is

type TokenLogStruct

type TokenLogStruct struct {
	RemoteAddr string

	When uint32 // unix time

	Token *KnotFreeTokenPayload
}

type TokenReply

type TokenReply struct {
	Pkey    string `json:"pkey"` // a curve25519 pub key of server
	Payload string `json:"payload"`
	Nonce   string `json:"nonce"`
}

TokenReply is created here and boxed and sent back to js

type TokenRequest

type TokenRequest struct {
	//
	Pkey    string                `json:"pkey"` // a curve25519 pub key of caller
	Payload *KnotFreeTokenPayload `json:"payload"`
	Comment string                `json:"comment"`
}

TokenRequest is created in javascript and sent as json.

type ZeroReader

type ZeroReader struct{}

ZeroReader is too public

func (ZeroReader) Read

func (ZeroReader) Read(buf []byte) (int, error)