Documentation ¶
Overview ¶
Package check verify REST policies
Package check verify REST policies ¶
Package check verify REST policies ¶
Package check verify REST policies
Index ¶
- Constants
- Variables
- func BuildStringToSign(r *http.Request, secretId string) (string, error)
- func GenerateSignature(stringToSign, secret string) string
- func HTTPAccept(r *http.Request) bool
- func HTTPAcceptCharset(r *http.Request) bool
- func HTTPAcceptLanguage(r *http.Request) (*messages.LanguagePack, bool)
- func HTTPAuthorization(r *http.Request, secretFinder func(string) (string, error)) (bool, error)
- func HTTPContentMD5(r *http.Request, body []byte) bool
- func HTTPContentType(r *http.Request) bool
- func HTTPDate(r *http.Request) (bool, error)
- func HTTPIfMatch(r *http.Request, etag string) bool
- func HTTPIfModifiedSince(r *http.Request, lastModifiedAt time.Time) (bool, error)
- func HTTPIfNoneMatch(r *http.Request, etag string) bool
- func HTTPIfUnmodifiedSince(r *http.Request, lastModifiedAt time.Time) (bool, error)
Constants ¶
const ( // Variable defining the supported content type for the system. For now we only support JSON, but // the idea is to support in a near future XML SupportedContentType = "application/vnd.shelter+json" // Define the supported charset of the system. For now we use for everything utf-8, from database // to data manipulation. There's no conversion for any special charset SupportedCharset = "utf-8" // Variable used to determinate the namespace in Authorization HTTP header. The format // is "<namespace> <secretId>:<secret>" SupportedNamespace = "shelter" )
Variables ¶
var ( ErrHTTPAuthorizationNotFound = errors.New("Missing HTTP Authorization header") ErrInvalidHTTPAuthorization = errors.New("Invalid HTTP Authorization header") )
List of possible errors that can occur when calling functions from this file. Other erros can also occurs from low level layers
var ( ErrHTTPContentMD5NotFound = errors.New("Content-MD5 HTTP header not found") ErrHTTPContentTypeNotFound = errors.New("Content-Type HTTP header not found") ErrHTTPDateNotFound = errors.New("Date HTTP header not found") )
List of possible errors that can occur when calling functions from this file. Other erros can also occurs from low level layers. Some HTTP headers are mandatory because of the system authentication mechanisms
Functions ¶
func BuildStringToSign ¶
Build the string that will be used to generate the signature of the HTTP Authorization header field. The format is defined bellow.
StringToSign = HTTP-Verb + "\n" +
Content-MD5 + "\n" + // RFC1864 Content-Type + "\n" + Date + "\n" + AccessKeyID + "\n" + Path + "\n" + CanonicalizedQueryString;
func GenerateSignature ¶
func HTTPAccept ¶
This method check the content type that the user support for answers. If the user doesn't support the system content types we should return an HTTP error code
func HTTPAcceptCharset ¶
Accept Charset HTTP header field is verified in this method. For now we only support UTF-8 namesepace, there're no intentions to addopt ISO-8859-1
func HTTPAcceptLanguage ¶
func HTTPAcceptLanguage(r *http.Request) (*messages.LanguagePack, bool)
The accept language check beyond verifying if the language exists in out system, set the first language found in the context
func HTTPAuthorization ¶
HTTPAuthorization garantees that the user was the only that really sent the information. Using a group of information of the request and a shared secret the server can recreate the authorization data and compare it with the header field. We are using the same approach that Amazon company used in their Cloud API. More information can be found in http://docs.aws.amazon.com/AmazonS3/latest/dev/RESTAuthentication.html#ConstructingTheAuthenticationHeader
func HTTPContentMD5 ¶
To garantee that the content was not modified during the network phase or is incomplete, we check the hash of the content and compare with the HTTP header field
func HTTPContentType ¶
Check the user current content type format. For now we only accept JSON content respecting the Shelter protocol, but in a near future we plan to accept XML too
func HTTPDate ¶
HTTPDate method is responsable for checking the time frame of the request, avoiding reply attacks, that's when an attacker use the same request again in a different moment to corrupt the data
func HTTPIfModifiedSince ¶
Types ¶
This section is empty.