xpaseto

package
v0.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 25, 2025 License: MIT Imports: 11 Imported by: 1

Documentation

Overview

Package xpaseto contains light wrappers around aidanwoods.dev/go-paseto types with a more ergonomic API.

Index

Constants

This section is empty.

Variables

View Source 
var ErrKeyTokenProtocolMismatch = errors.New("token's version and purpose doesn't match the key's")

ErrKeyTokenProtocolMismatch indicates that the token's version and purpose don't match the key's.

Functions

func AllowAudiences added in v0.2.0 

func AllowAudiences(auds []string) paseto.Rule

AllowAudiences checks that the token has a valid "aud" field, and that its value is contained in auds.

func AllowIssuers added in v0.2.0 

func AllowIssuers(issuers []string) paseto.Rule

AllowIssuers checks that the token has a valid "iss" field, and that its value is contained in issuers.

func AllowSubjects added in v0.2.0 

func AllowSubjects(subs []string) paseto.Rule

AllowSubjects checks that the token has a valid "sub" field, and that its value is contained in subs.

func ClaimTimeConsistency 

func ClaimTimeConsistency() paseto.Rule

ClaimTimeConsistency checks that the "iat", "nbf", and "exp" fields exist and are valid, and that their times are consistent with each other. Specifically it checks that iat <= nbf <= exp.

func NotBeforeNbf 

func NotBeforeNbf(t time.Time, tolerance time.Duration) paseto.Rule

NotBeforeNbf checks that the token has a valid "nbf" field, and that its time is before the given time. This is the same rule as paseto.NotBeforeNbf, just with a time argument.

func NotExpired 

func NotExpired(t time.Time, tolerance time.Duration) paseto.Rule

NotExpired checks that the token has a valid "exp" field, and that its time is after the given time. This is the same rule as paseto.NotExpired, just with a time argument.

func NotIssuedAfter 

func NotIssuedAfter(t time.Time, tolerance time.Duration) paseto.Rule

NotIssuedAfter checks that the token has a valid "iat" field, and that its time is before the given time. This is a subset of the paseto.ValidAt rule.

func TokenProtocol 

func TokenProtocol(token string) (paseto.Protocol, error)

TokenProtocol determines the PASETO protocol from a token string.

Types

type Claim 

type Claim struct {
	Code  string
	Name  string
	Value any
}

Claim represents a token claim with a code, human-readable name, and value.

func ClaimAudience 

func ClaimAudience(aud string) Claim

ClaimAudience creates an audience claim with the specified value.

func ClaimExpiration 

func ClaimExpiration(t time.Time) Claim

ClaimExpiration creates an expiration claim with the specified time.

func ClaimID 

func ClaimID(id string) Claim

ClaimID creates an ID claim with the specified value.

func ClaimIssuedAt 

func ClaimIssuedAt(t time.Time) Claim

ClaimIssuedAt creates an issued at claim with the specified time.

func ClaimIssuer 

func ClaimIssuer(iss string) Claim

ClaimIssuer creates an issuer claim with the specified value.

func ClaimNotBefore 

func ClaimNotBefore(t time.Time) Claim

ClaimNotBefore creates a not before claim with the specified time.

func ClaimSubject 

func ClaimSubject(sub string) Claim

ClaimSubject creates a subject claim with the specified value.

func NewClaim 

func NewClaim(code, name string, value any) Claim

NewClaim creates a new claim with the specified code, name, and value.

func RegisteredClaims added in v0.2.0 

func RegisteredClaims() []Claim

RegisteredClaims returns the registered claims with empty values.

type Key 

type Key struct {
	// contains filtered or unexported fields
}

Key represents a PASETO key for encryption, decryption, signing, or verification.

func LoadKey 

func LoadKey(encData []byte, ver paseto.Version, purpose paseto.Purpose, kt KeyType) (*Key, error)

LoadKey loads a key from encoded data with the specified version, purpose, and type.

func NewKey 

func NewKey(ver paseto.Version, p paseto.Purpose, k key) (*Key, error)

NewKey creates a new Key with the specified version, purpose, and underlying key. If k is nil, a new key or key pair will be generated.

func (Key) Encrypt 

func (k Key) Encrypt(token *Token) (string, error)

Encrypt encrypts a token using this symmetric key.

func (Key) Public 

func (k Key) Public() *Key

Public returns the public key corresponding to this private key, or nil if this is not a private key.

func (Key) Render 

func (k Key) Render(enc KeyEncoding) string

Render returns the key encoded in the specified format.

func (Key) Sign 

func (k Key) Sign(token *Token) (string, error)

Sign signs a token using this private key.

func (Key) Type 

func (k Key) Type() KeyType

Type returns the type of this key.

func (Key) Write 

func (k Key) Write(w io.Writer, enc KeyEncoding, extra bool) error

Write writes the key to the specified writer in the given encoding format. If extra is true, additional information is written for hex keys.

type KeyEncoding 

type KeyEncoding string

KeyEncoding represents the encoding format for keys. 

const (
	KeyEncodingHex KeyEncoding = "hex"
	KeyEncodingPEM KeyEncoding = "pem"
)

type KeyType 

type KeyType string

KeyType represents the type of cryptographic key. 

const (
	KeyTypePrivate   KeyType = "private"
	KeyTypePublic    KeyType = "public"
	KeyTypeSymmetric KeyType = "symmetric"
)

func (KeyType) Long 

func (kt KeyType) Long() string

Long returns a human-readable description of the key type.

func (KeyType) Short 

func (kt KeyType) Short() string

Short returns a shortened representation of the key type.

type Token 

type Token struct {
	*paseto.Token
}

Token represents a PASETO token with claims.

func NewToken 

func NewToken(timeNowFn func() time.Time, claims ...Claim) (*Token, error)

NewToken creates a new token with the specified claims. Default claims (iat, nbf, exp) are automatically added if not provided.

func ParseToken 

func ParseToken(key *Key, token string) (*Token, error)

ParseToken parses a PASETO token string using the provided key.

func (*Token) Claims added in v0.2.0 

func (tk *Token) Claims() ([]Claim, error)

Claims returns all claims of this token in a stable order. Registered claims will be first in the order defined by RegisteredClaims, followed by custom claims ordered lexicographically by name. An error is returned if converting a registered claim value to its expected type fails.

func (*Token) ClaimsRaw added in v0.2.0 

func (tk *Token) ClaimsRaw() map[string]any

ClaimsRaw returns the raw claim data.

func (*Token) Validate 

func (tk *Token) Validate(
	timeNowFn func() time.Time, timeSkewTolerance time.Duration,
	extraRules ...paseto.Rule,
) (err error)

Validate validates the token against default and additional rules.

func (*Token) Write 

func (tk *Token) Write(w io.Writer, f TokenFormat) error

Write writes the token data to the specified writer in the given format.

type TokenFormat 

type TokenFormat string

TokenFormat represents the output format for token display. 

const (
	TokenFormatText TokenFormat = "text"
	TokenFormatJSON TokenFormat = "json"
)

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.