Documentation

Index

Constants

View Source
const (
	// EmptyStringSHA256 is the hex encoded sha256 value of an empty string
	EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`

	// UnsignedPayload indicates that the request payload body is unsigned
	UnsignedPayload = "UNSIGNED-PAYLOAD"

	// AmzAlgorithmKey indicates the signing algorithm
	AmzAlgorithmKey = "X-Amz-Algorithm"

	// AmzSecurityTokenKey indicates the security token to be used with temporary credentials
	AmzSecurityTokenKey = "X-Amz-Security-Token"

	// AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z'
	AmzDateKey = "X-Amz-Date"

	// AmzCredentialKey is the access key ID and credential scope
	AmzCredentialKey = "X-Amz-Credential"

	// AmzSignedHeadersKey is the set of headers signed for the request
	AmzSignedHeadersKey = "X-Amz-SignedHeaders"

	// AmzSignatureKey is the query parameter to store the SigV4 signature
	AmzSignatureKey = "X-Amz-Signature"

	// TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
	TimeFormat = "20060102T150405Z"

	// ShortTimeFormat is the shorten time format used in the credential scope
	ShortTimeFormat = "20060102"

	// ContentSHAKey is the SHA256 of request body
	ContentSHAKey = "X-Amz-Content-Sha256"
)

Variables

View Source
var AllowedQueryHoisting = InclusiveRules{
	Blacklist{RequiredSignedHeaders},
	Patterns{"X-Amz-"},
}

    AllowedQueryHoisting is a whitelist for Build query headers. The boolean value represents whether or not it is a pattern.

    View Source
    var IgnoredHeaders = Rules{
    	Blacklist{
    		MapRule{
    			"Authorization":   struct{}{},
    			"User-Agent":      struct{}{},
    			"X-Amzn-Trace-Id": struct{}{},
    		},
    	},
    }

      IgnoredHeaders is a list of headers that are ignored during signing

      View Source
      var RequiredSignedHeaders = Rules{
      	Whitelist{
      		MapRule{
      			"Cache-Control":                         struct{}{},
      			"Content-Disposition":                   struct{}{},
      			"Content-Encoding":                      struct{}{},
      			"Content-Language":                      struct{}{},
      			"Content-Md5":                           struct{}{},
      			"Content-Type":                          struct{}{},
      			"Expires":                               struct{}{},
      			"If-Match":                              struct{}{},
      			"If-Modified-Since":                     struct{}{},
      			"If-None-Match":                         struct{}{},
      			"If-Unmodified-Since":                   struct{}{},
      			"Range":                                 struct{}{},
      			"X-Amz-Acl":                             struct{}{},
      			"X-Amz-Copy-Source":                     struct{}{},
      			"X-Amz-Copy-Source-If-Match":            struct{}{},
      			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
      			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
      			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
      			"X-Amz-Copy-Source-Range":               struct{}{},
      			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
      			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
      			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
      			"X-Amz-Grant-Full-control":                                    struct{}{},
      			"X-Amz-Grant-Read":                                            struct{}{},
      			"X-Amz-Grant-Read-Acp":                                        struct{}{},
      			"X-Amz-Grant-Write":                                           struct{}{},
      			"X-Amz-Grant-Write-Acp":                                       struct{}{},
      			"X-Amz-Metadata-Directive":                                    struct{}{},
      			"X-Amz-Mfa":                                                   struct{}{},
      			"X-Amz-Request-Payer":                                         struct{}{},
      			"X-Amz-Server-Side-Encryption":                                struct{}{},
      			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
      			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
      			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
      			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
      			"X-Amz-Storage-Class":                                         struct{}{},
      			"X-Amz-Website-Redirect-Location":                             struct{}{},
      			"X-Amz-Content-Sha256":                                        struct{}{},
      			"X-Amz-Tagging":                                               struct{}{},
      		},
      	},
      	Patterns{"X-Amz-Meta-"},
      }

        RequiredSignedHeaders is a whitelist for Build canonical headers.

        Functions

        func GetURIPath

        func GetURIPath(u *url.URL) string

          GetURIPath returns the escaped URI component from the provided URL

          func HMACSHA256

          func HMACSHA256(key []byte, data []byte) []byte

            HMACSHA256 computes a HMAC-SHA256 of data given the provided key.

            func SanitizeHostForHeader

            func SanitizeHostForHeader(r *http.Request)

              SanitizeHostForHeader removes default port from host and updates request.Host

              func StripExcessSpaces

              func StripExcessSpaces(str string) string

                StripExcessSpaces will rewrite the passed in slice's string values to not contain muliple side-by-side spaces.

                Types

                type Blacklist

                type Blacklist struct {
                	Rule
                }

                  Blacklist is a generic Rule for blacklisting

                  func (Blacklist) IsValid

                  func (b Blacklist) IsValid(value string) bool

                    IsValid for Whitelist checks if the value is within the Whitelist

                    type InclusiveRules

                    type InclusiveRules []Rule

                      InclusiveRules rules allow for rules to depend on one another

                      func (InclusiveRules) IsValid

                      func (r InclusiveRules) IsValid(value string) bool

                        IsValid will return true if all rules are true

                        type MapRule

                        type MapRule map[string]struct{}

                          MapRule generic Rule for maps

                          func (MapRule) IsValid

                          func (m MapRule) IsValid(value string) bool

                            IsValid for the map Rule satisfies whether it exists in the map

                            type Patterns

                            type Patterns []string

                              Patterns is a list of strings to match against

                              func (Patterns) IsValid

                              func (p Patterns) IsValid(value string) bool

                                IsValid for Patterns checks each pattern and returns if a match has been found

                                type Rule

                                type Rule interface {
                                	IsValid(value string) bool
                                }

                                  Rule interface allows for more flexible rules and just simply checks whether or not a value adheres to that Rule

                                  type Rules

                                  type Rules []Rule

                                    Rules houses a set of Rule needed for validation of a string value

                                    func (Rules) IsValid

                                    func (r Rules) IsValid(value string) bool

                                      IsValid will iterate through all rules and see if any rules apply to the value and supports nested rules

                                      type SigningKeyDeriver

                                      type SigningKeyDeriver struct {
                                      	// contains filtered or unexported fields
                                      }

                                        SigningKeyDeriver derives a signing key from a set of credentials

                                        func NewSigningKeyDeriver

                                        func NewSigningKeyDeriver() *SigningKeyDeriver

                                          NewSigningKeyDeriver returns a new SigningKeyDeriver

                                          func (*SigningKeyDeriver) DeriveKey

                                          func (k *SigningKeyDeriver) DeriveKey(credential aws.Credentials, service, region string, signingTime SigningTime) []byte

                                            DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.

                                            type SigningTime

                                            type SigningTime struct {
                                            	time.Time
                                            	// contains filtered or unexported fields
                                            }

                                              SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing.

                                              func NewSigningTime

                                              func NewSigningTime(t time.Time) SigningTime

                                                NewSigningTime creates a new SigningTime given a time.Time

                                                func (*SigningTime) ShortTimeFormat

                                                func (m *SigningTime) ShortTimeFormat() string

                                                  ShortTimeFormat provides a time formatted of 20060102.

                                                  func (*SigningTime) TimeFormat

                                                  func (m *SigningTime) TimeFormat() string

                                                    TimeFormat provides a time formatted in the X-Amz-Date format.

                                                    type Whitelist

                                                    type Whitelist struct {
                                                    	Rule
                                                    }

                                                      Whitelist is a generic Rule for whitelisting

                                                      func (Whitelist) IsValid

                                                      func (w Whitelist) IsValid(value string) bool

                                                        IsValid for Whitelist checks if the value is within the Whitelist