Documentation ¶
Overview ¶
Package nonce implements a service for generating and redeeming nonces. To generate a nonce, it encrypts a monotonically increasing counter (latest) using an authenticated cipher. To redeem a nonce, it checks that the nonce decrypts to a valid integer between the earliest and latest counter values, and that it's not on the cross-off list. To avoid a constantly growing cross-off list, the nonce service periodically retires the oldest counter values by finding the lowest counter value in the cross-off list, deleting it, and setting "earliest" to its value. To make this efficient, the cross-off list is represented two ways: Once as a map, for quick lookup of a given value, and once as a heap, to quickly find the lowest value. The MaxUsed value determines how long a generated nonce can be used before it is forgotten. To calculate that period, divide the MaxUsed value by average redemption rate (valid POSTs per second).
Index ¶
Constants ¶
const MaxUsed = 65536
MaxUsed defines the maximum number of Nonces we're willing to hold in memory.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type NonceService ¶
type NonceService struct {
// contains filtered or unexported fields
}
NonceService generates, cancels, and tracks Nonces.
func NewNonceService ¶
func NewNonceService(scope metrics.Scope) (*NonceService, error)
NewNonceService constructs a NonceService with defaults
func (*NonceService) Nonce ¶
func (ns *NonceService) Nonce() (string, error)
Nonce provides a new Nonce.
func (*NonceService) Valid ¶
func (ns *NonceService) Valid(nonce string) bool
Valid determines whether the provided Nonce string is valid, returning true if so.