README
¶
aksk
access key/secret key auth middleware for kratos
the logic behind can refer amazon s3 authentication
Authorization = AuthorizationHeader + " " + AccessKeyId + ":" + Signature;
Signature = Base64( HashMethod( UTF-8-Encoding-Of(YourSecretKey), UTF-8-Encoding-Of( StringToSign ) ) );
StringToSign = HTTP-Verb + "\n" +
Content-MD5 + "\n" +
Content-Type + "\n" +
UnixTimeStamp + "\n" +
requestURL;
the client unixTimestamp should be passed from request header in ms. the middleware has some options:
baseAuthHeaderKey string
timeStampKey string
encodeUrl bool
hashHelper hasher.AkSKHashHelper
secretKeyProvider SecretKeyProvider
default options:
- hashHelper
Sha1 - baseAuthHeader
X-API-KEY - timestampKey
ts - url not encoded
encodeUrl = false
reference:
Documentation
¶
Index ¶
Constants ¶
View Source
const (
ContentTypeHeader string = "Content-Type"
)
Variables ¶
View Source
var ( ErrMissingAuthorizationHeader = errors.Unauthorized(reason, "Authorization Header is missing") ErrSecretKeyProviderNotSet = errors.Unauthorized(reason, "Secret Key Provider Not Set") ErrHashHelperNotSet = errors.Unauthorized(reason, "Hash Helper Not Set") ErrSignCheckFailed = errors.Unauthorized(reason, "Sign Check failed") ErrAuthorizationInvalid = errors.Unauthorized(reason, "Authorization is invalid") ErrAuthorizationExpired = errors.Unauthorized(reason, "Authorization has expired") ErrAuthorizationParseFail = errors.Unauthorized(reason, "Fail to parse Authorization") ErrUnSupportSigningMethod = errors.Unauthorized(reason, "Wrong signing method") ErrWrongContext = errors.Unauthorized(reason, "Wrong context for middleware") ErrNeedTokenProvider = errors.Unauthorized(reason, "Authorization provider is missing") ErrSignToken = errors.Unauthorized(reason, "Can not sign Authorization.Is the key correct?") ErrGetKey = errors.Unauthorized(reason, "Can not get key while signing Authorization") )
Functions ¶
func Server ¶
func Server(opts ...Option) middleware.Middleware
Types ¶
type Opt ¶ added in v0.0.2
type Opt func(generator *SignGenerator)
func WithContent ¶ added in v0.0.2
func WithContentType ¶ added in v0.0.2
func WithHttpVerb ¶ added in v0.0.2
func WithRequestUrl ¶ added in v0.0.2
func WithUnixTimeStamp ¶ added in v0.0.2
type Option ¶
type Option func(*options)
Option is ak/sk option.
func WithAuthorizationHeader ¶
WithAuthorizationHeader set the authorization header
func WithEncodeUrl ¶
WithEncodeUrl set whether to encode url
func WithHashHelper ¶
func WithHashHelper(helper hasher.AkSKHashHelper) Option
WithHashHelper set the hash helper for hash logic
func WithSecretKeyProvider ¶
func WithSecretKeyProvider(provider SecretKeyProvider) Option
WithSecretKeyProvider set the provider to get the secret key
func WithTimeStampKey ¶
WithTimeStampKey custom the WithTimeStamp key to fetch the timestamp
type SecretKeyProvider ¶
type SignGenerator ¶ added in v0.0.2
type SignGenerator struct {
// contains filtered or unexported fields
}
func New ¶ added in v0.0.2
func New(secretKey []byte, hashHelper hasher.AkSKHashHelper, options ...Opt) *SignGenerator
func (*SignGenerator) Calculate ¶ added in v0.0.2
func (g *SignGenerator) Calculate() ([]byte, error)
func (*SignGenerator) CheckSignValid ¶ added in v0.0.2
func (g *SignGenerator) CheckSignValid(targetSign []byte) (bool, error)
func (*SignGenerator) GetSignContent ¶ added in v0.0.2
func (g *SignGenerator) GetSignContent() (string, error)
Source Files
Directories
Click to show internal directories.
Click to hide internal directories.