hmac

package module

v0.2.0 Latest Latest Go to latest Published: Jan 2, 2022 License: MIT Imports: 8 Imported by: 4

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/lockboxauth/hmac

Links

Open Source Insights

Documentation ¶

Index ¶

Variables
type Signer
- func (s Signer) AuthenticateRequest(r *http.Request, contentHash string) error
- func (s Signer) Sign(r *http.Request) string

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	// ErrNoAuthHeader is returned when authenticating a request that has no Authorization header set.
	ErrNoAuthHeader = errors.New("no Authorization header")
	// ErrMalformedAuthHeader is returned when authenticating a request that has an Authorization header,
	// but in an invalid format.
	ErrMalformedAuthHeader = errors.New("malformed Authorization header")
	// ErrUnknownOrgKey is returned when the Authorization header has an organization key that isn't
	// recognised.
	ErrUnknownOrgKey = errors.New("unknown organization portion of Authorization header")
	// ErrInvalidVersion is returned when the Authorization header has a version that isn't supported.
	ErrInvalidVersion = errors.New("invalid version in Authorization header")
	// ErrNoDateHeader is returned when authenticating a request that has no Date header set.
	ErrNoDateHeader = errors.New("no Date header")
	// ErrMalformedDateHeader is returned when authenticating a request that has a Date header, but in
	// an invalid format.
	ErrMalformedDateHeader = errors.New("invalid format for Date header")
	// ErrDateSkew is returned when authenticating a request with a Date header too far before or after
	// the current time.
	ErrDateSkew = errors.New("Date header value is too far from current time")
	// ErrSignatureMismatch is returned when the signature in an Authorization header does not match the
	// request.
	ErrSignatureMismatch = errors.New("invalid signature for request")
	// ErrUnknownKey is returned when the signature key presented in an Authorization header is not
	// recognised.
	ErrUnknownKey = errors.New("unknown key presented to be signed against")
	// ErrContentMismatch is returned when the hash of the content that is calculated does not match the
	// hash claimed in the headers.
	ErrContentMismatch = errors.New("content does not match claimed hash")
)

Functions ¶

This section is empty.

Types ¶

type Signer ¶

type Signer struct {
	OrgKey  string        // the string to use as the org when constructing the header
	MaxSkew time.Duration // the maximum difference between the current time and the Date header
	Secret  []byte        // the secret to use to generate the signature
	Key     string        // the key to use to signal which secret is being used
}

Signer holds the common configuration for authenticating requests.

func (Signer) AuthenticateRequest ¶

func (s Signer) AuthenticateRequest(r *http.Request, contentHash string) error

AuthenticateRequest reads the Authorization header to authenticate the request. The header is expected to be in the following format:

{ORG} v1 {KEY}:{SIG}

Where {ORG} is the OrgKey property of `s` and {SIG} is the base 64 encoded signature for the request.

func (Signer) Sign ¶

func (s Signer) Sign(r *http.Request) string

Sign generates a cryptographic signature to authenticate the request.

Source Files ¶

View all Source files

hmac.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL