README
¶
Secure-Cookie-Faker
security tool to encode/decode Golang web-frameworks' client-side session cookie which use gorilla/securecookie or gorilla/sessions, such as Gin, Echo or Iris
Stats
top stars Go web-frameworks' using of gorilla/securecookie or gorilla/sessions
(stars count comes from go-web-framework-stars)
| web framework | stars | uses gorilla's securecookie or sessions? |
|---|---|---|
| gin | 28126 | ✔ |
| beego | 20805 | ✘ |
| iris | 15102 | ✔ |
| echo | 14180 | ✔ |
| kit | 13920 | ✘ |
| revel | 11125 | ✘ |
| martini | 10572 | ✔ |
and many personal application using them as a basic web application toolkit link
Usage
you can build from source code or download binaries from releases page
Secure Cookie Faker v0.1
Usage: faker [enc/dec] [-n cookie_name] [-k secret_key] [-o object_string / -c cookie_string]
Mode:
dec
decode mode, cookie => object
enc
encode mode, object => cookie
Options:
--help show help
-k string
secret keys, string like "key" or multiple keys like "key1, key2, key3"
-n string
the cookie name
-o string
object to be encoded, string like "{key1[type]: value1[type], key2[type]: value2[type]}"
type hint could be `int`, `float`, `bool`, `string`, `byte`
when type is `string`, it could be omitted. like this {str1: str2}
if mode is encode, this param is required
-c string
cookie to be decoded
if mode is decode, this param is required
-way string
serialize way: gob | json | nop(default "gob")
Example
choosing a mode is required: enc or dec
decode cookie
$ ./faker dec -c "MTU2MTE4NjQzNHxFXy1CQkFFQkEwOWlhZ0hfZ2dBQkVBRVFBQUJUXzRJQUF3WnpkSEpwYm1jTUJnQUVkWE5sY2daemRISnBibWNNQndBRllXUnRhVzRHYzNSeWFXNW5EQVFBQW1sa0EybHVkQVFDQUFBR2MzUnlhVzVuREFjQUJYQnZhVzUwQTJsdWRBUUZBUDBERFQ0PXwKR14WwPjXeUBZlZ0sKcEfRu-n7_va9drjsFaIEVahmA=="
-c: cookie to be decoded
encode object
$ ./faker enc -n "mysession" -k "secret" -o "{user: admin, id: 0[int]}"
-o : object string,its like a K-V map, it should have type hints
-n : cookie name, its required because the HMAC hash's generation relies on it
-k : secret key(s), could be multiple: -k "key1, key2", the first is hash key, and the second is encrypt block key
when element's type is string, the type tag can be omitted
type tag can only be int, uint, float, bool, string, byte
change serializer
$ ./faker enc -n "mysession" -k "secret" -o "some-string" -way json
$ ./faker enc -n "mysession" -k "secret" -o "{id: 0[int]}" -way json
$ ./faker enc -n "mysession" -k "secret" -o "some-string" -way nop
$ ./faker dec -c "MTU2NjkxMjI4NXxleUoxYzJWeUlqb2lZV1J0YVc0aWZRbz18OibftwH33BZStXtep7TbN_mbyk8RftQe9t_wxCJXhHo=" -way json
Documentation
¶
There is no documentation for this package.
Source Files