Documentation ¶
Overview ¶
nonce provides you with a small set of tools for working with an in-memory nonce store. Typically you would create a nonce in your application to help validate the authenticity of requested actions as well as prevent certain kinds of attacks, such as reply attacks.
An example use case would be for a web app which allows users to interract with widgets. In this case we want to create a nonce which we can later use to validate that user ID 123 does, in fact, want to delete widget "foo"
store, _ := nonce.New() nonce := store.Nonce("123:foo:delete") // ... if store.Verify(nonce, "123:foo:delete") { // delete the widget } else { // the nonce has expired, // or the action has already occured, // or the user was being tricked into doing dsomething gainst their // wishes such as a CSRF attack // or the user is poking their nose around your API and trying to // figure our how your app works. Sometimes the worst case is // just paranoia :) }
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Store ¶
type Store struct {
// contains filtered or unexported fields
}
Store provides a non-persisted in-memory store for, as well as functions to create and verify, nonces.
func New ¶
New returns a new nonce store. You should always use this function instead of var something = &nonce.Store{} because it sets defaults, and begins the goroutine responsible for cleaning up expired nonces from the store.
func (*Store) Nonce ¶
Nonce creates a nonce for the provided action. Given the resulting string and the original action string you can use *store.Verify() and *store.Peek() at a later time to validate the nonce.
func (*Store) Peek ¶
Peek allows you to see if a valid matching nonce exists without actually removing it from the store.
func (*Store) Salt ¶
Salt allows you to specify the salt used internally while creating nonces. This should only be done after creating the store but before using it as changing this value will immediately invalidate all existing nonces regardless of their existence or expiration
func (*Store) Timeout ¶
Timeout allows you to specify how long nonces are valid for. This function is normally only called directly after creating the store, but before using it. Updating this value has the side effect of updating how often the go map (which actually holds all of the nonces internally) is scanned for expired nonces.