Version: v0.33.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Aug 20, 2021 License: Apache-2.0 Imports: 10 Imported by: 0



Package auth provides authentication to the SecretHub API.



View Source
const (
	// AuthHeaderVersionV1 is the authorization header tag used for authorization
	// headers that include the signing method.
	AuthHeaderVersionV1 = "SecretHub-v1"


View Source
var (
	ErrCannotParseDateHeader      = errNamespace.Code("parse_date_header_failed").StatusError("could not authenticate request because the date header of the auth message could not be parsed", http.StatusBadRequest)
	ErrInvalidAuthorizationHeader = errNamespace.Code("invalid_authorization_header").StatusErrorf("could not authenticate request because the authorization header has invalid format", http.StatusBadRequest)
	ErrOutdatedSignatureProtocol  = errNamespace.Code("outdated_signature_protocol").StatusError("the signature protocol used for authentication is outdated, please upgrade to a newer version", http.StatusBadRequest)

	ErrMalformedSignature = errNamespace.Code("malformed_signature").StatusError("could not authenticate request because the signature is malformed", http.StatusBadRequest)
	ErrSignatureExpired   = errNamespace.Code("signature_expired").StatusError("could not authenticate request because signature has expired", http.StatusUnauthorized)
	ErrSignatureFuture    = errNamespace.Code("signature_future").StatusError("could not authenticate request because signature timestamp is too far in the future", http.StatusUnauthorized)



This section is empty.


type Authenticator

type Authenticator interface {
	Authenticate(r *http.Request) error

Authenticator proofs that an HTTP request is made by the owner of the authenticator.

func NewHTTPSigner added in v0.21.0

func NewHTTPSigner(signer Signer) Authenticator

NewHTTPSigner creates an authenticator that uses the given signer to prove the owner of the signer is making the HTTP request.

type NopAuthenticator added in v0.21.0

type NopAuthenticator struct{}

NopAuthenticator is an authenticator that does not add any authentication to the request.

func (NopAuthenticator) Authenticate added in v0.21.0

func (s NopAuthenticator) Authenticate(r *http.Request) error

Authenticate the provided request.

type SessionSigner added in v0.21.0

type SessionSigner struct {
	// contains filtered or unexported fields

SessionSigner is an implementation of the Signer interface that uses an HMAC session to authenticate a request.

func NewSessionSigner added in v0.21.0

func NewSessionSigner(sessionID uuid.UUID, secretKey string) *SessionSigner

NewSessionSigner returns a new SessionSigner.

func (SessionSigner) ID added in v0.21.0

func (s SessionSigner) ID() (string, error)

ID returns the session id of this signer.

func (SessionSigner) Sign added in v0.21.0

func (s SessionSigner) Sign(msg []byte) ([]byte, error)

Sign the payload with an HMAC signature.

func (SessionSigner) SignMethod added in v0.21.0

func (s SessionSigner) SignMethod() string

SignMethod returns the signature method of this signer.

type Signer added in v0.21.0

type Signer interface {
	ID() (string, error)
	Sign([]byte) ([]byte, error)
	SignMethod() string

Signer provides proof that given bytes are processed by the owner of the signer.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL