securelogin

package module
Version: v0.0.0-...-0194bc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Sep 28, 2017 License: MIT Imports: 12 Imported by: 0

README

securelogin

Go implementation of SecureLogin.pw verification.

Documentation

Overview

Package securelogin implements the SecureLogin protocol.

SecureLogin is an authentication protocol created by Sakurity. The Draft RFC Specification for it can be read at:

https://github.com/sakurity/securelogin-spec/blob/master/index.md

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Marshal

func Marshal(t Token) []byte

Marshal returns encoded Token as defied by the spec.

func MarshalString

func MarshalString(t Token) string

MarshalString returns encoded Token as defied by the spec to string.

func WithChange

func WithChange(c *Config)

WithChange enablrd "change" mode verification.

func WithConnect

func WithConnect(c *Config)

WithConnect enables Connect request (OAuth replacement).

func WithHMAC

func WithHMAC(c *Config)

WithHMAC enables HMAC verification.

func WithoutExpire

func WithoutExpire(c *Config)

WithoutExpire disables expire checks.

Types

type Config

type Config struct {
	// contains filtered or unexported fields
}

Config is used for verification of a token.

func NewConfig

func NewConfig(options ...Option) Config

NewConfig returns Config with sensible defaults and applies given options.

type Decoder

type Decoder struct {
	// contains filtered or unexported fields
}

Decoder reads and decodes sltoken from an input stream.

Example
package main

import (
	"bytes"
	"fmt"

	"github.com/vladimiroff/securelogin"
)

var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
	"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
	"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
	"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
	"OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com")

func main() {
	var t securelogin.Token
	dec := securelogin.NewDecoder(bytes.NewReader(sltoken))

	if err := dec.Decode(&t); err != nil {
		fmt.Printf("decode failed: %s", err)
		return
	}

	fmt.Printf("token of %s\n", t.Email)
}
Output:

token of homakov@gmail.com

func NewDecoder

func NewDecoder(r io.Reader) *Decoder

NewDecoder returns a new decoder that reads from r.

func (*Decoder) Decode

func (dec *Decoder) Decode(t *Token) error

Decode reads sltoken encoded data and returns a Token.

type Encoder

type Encoder struct {
	// contains filtered or unexported fields
}
Example
package main

import (
	"fmt"
	"os"

	"github.com/vladimiroff/securelogin"
)

var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
	"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
	"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
	"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
	"OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com")

func main() {
	t, err := securelogin.Unmarshal(sltoken)
	if err != nil {
		fmt.Printf("unmarshal failed: %s", err)
		return
	}

	enc := securelogin.NewEncoder(os.Stdout)
	if err = enc.Encode(t); err != nil {
		fmt.Printf("encode failed: %s", err)
		return
	}

}
Output:

https://cobased.com%2Chttps://cobased.com%2C%2C1498731060,E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6mDAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=,kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6kOTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com

func NewEncoder

func NewEncoder(w io.Writer) *Encoder

func (*Encoder) Encode

func (e *Encoder) Encode(t Token) error

type Option

type Option func(*Config)

Option modifies the Configuration prior verify.

func WithOrigins

func WithOrigins(origins ...string) Option

WithOrigins adds origins to the Config.

func WithPublicKey

func WithPublicKey(pubkey []byte) Option

WithPublicKey overrides PublicKey of the token.

func WithScope

func WithScope(scope url.Values) Option

WithScope adds given values to the scope. It replaces any existing values.

func WithSecret

func WithSecret(secret []byte) Option

WithSecret overrides HMACSecret of the token.

type Token

type Token struct {

	// Provider is the origin of the app where this token should authenticate for.
	Provider string

	// Client is the front-end this token should authenticate with. Equals
	// to provider unless when used to authorize specific scope or in a
	// Connect request.
	Client string

	// Scope defines what the user is allowed to do with this token. It's
	// expected to be empty during sign-(in|up).
	Scope url.Values

	// ExpireAt is expiration time of the token in order to prevent replay
	// attacks. Clients however are allowed to ignore or extend it.
	ExpireAt time.Time

	//PublicKey for verifying Ed25519 signature. Could be overridden by
	//options during verification.
	PublicKey []byte

	// HMACSecret is the key used to sign the payload. Could be overridden
	// by options during verification.
	HMACSecret []byte

	//Signature to be verified by the Ed25519 signature algorithm.
	Signature []byte

	// HMACSignature of the signed payload.
	HMACSignature []byte

	// Email of the user. The protocol does not confirm user email and does
	// not intend to do so.
	Email string
	// contains filtered or unexported fields
}

Token is the core of SecureLogin Protocol.

func Unmarshal

func Unmarshal(data []byte) (Token, error)

Unmarshal parses encoded sltoken and returns Token and an error.

func UnmarshalString

func UnmarshalString(s string) (Token, error)

UnmarshalString parses given string and constructs a Token from it or fails with an error.

func Verify

func Verify(token []byte, opts ...Option) (Token, error)

Verify encoded token.

This is just a convenient function which unmarshals a token and then calls Verify on it with given options.

Example
package main

import (
	"fmt"

	"github.com/vladimiroff/securelogin"
)

const domain = "https://cobased.com"

var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
	"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
	"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
	"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
	"OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com")

func main() {
	t, err := securelogin.Verify(sltoken, securelogin.WithOrigins(domain), securelogin.WithoutExpire)
	if err != nil {
		fmt.Printf("verify failed: %s", err)
		return
	}

	fmt.Printf("logged in as %s\n", t.Email)
}
Output:

logged in as homakov@gmail.com

func (Token) Verify

func (t Token) Verify(opts ...Option) error

Verify token with given options.

Example
package main

import (
	"fmt"

	"github.com/vladimiroff/securelogin"
)

const domain = "https://cobased.com"

var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
	"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
	"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
	"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
	"OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com")

func main() {
	t, err := securelogin.Unmarshal(sltoken)
	if err != nil {
		fmt.Printf("unmarshal failed: %s", err)
		return
	}

	err = t.Verify(securelogin.WithOrigins(domain), securelogin.WithoutExpire)
	fmt.Printf("successful verify: %t", err == nil)
}
Output:

successful verify: true
Example (Expired)
package main

import (
	"fmt"
	"time"

	"github.com/vladimiroff/securelogin"
)

const domain = "https://cobased.com"

var sltoken = []byte("https://cobased.com%2Chttps://cobased.com%2C%2C1498731060," +
	"E5faDp1F3F4AGN2z5NgwZ/e0WB+ukZO3eMRWvTTZc4erts8mMzSy+CxGdz3OW1Xff8p6m" +
	"DAPfnSK0QqSAAHmAA==%2CcIZjUTqMWYgzYGrsYEHptNiaaLapWiqgPPsG1PI/Rsw=," +
	"kdbjcc08YBKWdCY56lQJIi92wcGOW+KcMvbSgHN6WbU=%2C1OVh/+xHRCaebQ9Lz6k" +
	"OTkTRrVm1xgvxGthABCwCQ8k=,homakov@gmail.com")

func main() {
	t, err := securelogin.Unmarshal(sltoken)
	if err != nil {
		fmt.Printf("unmarshal failed: %s", err)
		return
	}

	// Expired one hour ago
	t.ExpireAt = time.Now().Add(-1 * time.Hour)

	err = t.Verify(securelogin.WithOrigins(domain))
	fmt.Printf("%s\n", err)
}
Output:

expired token

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL