ott

Documentation

Overview

Package ott provides a one-time token implementation, for common account registration tasks. The tokens can be used to authorized for password reset or email confirmation link.

Index

• func Pepper(salt, pepper string) []byte
• type Generator
  • func New(salt []byte, days uint16) *Generator
  • func (g *Generator) Generate(data ...string) string
  • func (g *Generator) Validate(token string, data ...string) bool

Functions

func Pepper

func Pepper(salt, pepper string) []byte

Pepper returns the sha256 hash of two values to be used as salt. One value is usually part of the application source code and compiled into the binary, the other values is usually read from the system environment at program runtime. This way an attacker needs both values to compromise the salt. The second good reason is that we can be certain to always have a salt with 32 bytes.

This helper is generally useful but does not justify a separate package.

Types

type Generator

type Generator struct {
	TimeoutDays uint16
	// Today returns the current time and can be mocked for testing purpose.
	Today func() time.Time
	// contains filtered or unexported fields
}

Generator is used to generate and validate this variant of one-time tokens. Both generate and validate expect data arguments. These arguments should usually include a value that would be affected by the action the token authorizes. A password reset token would pass in the revision of the credentials or the password itself.

func New

func New(salt []byte, days uint16) *Generator

New returns a new generator with the given salt and timeout in days.

func (*Generator) Generate

func (g *Generator) Generate(data ...string) string

Generate returns a new token that is valid for a number of days and the given data.

func (*Generator) Validate

func (g *Generator) Validate(token string, data ...string) bool

Validate returns whether token is currently valid for the given data.