signer

package

v2.7.3 Latest Latest Go to latest Published: Mar 26, 2024 License: Apache-2.0 Imports: 13 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/megaease/easegress

Links

Open Source Insights

Documentation ¶

Overview ¶

Package signer provides a signer for HTTP requests.

Index ¶

type AccessKeyStore
type Context
type HeaderHoisting
type Literal
type Signer
- func CreateFromSpec(spec *Spec) *Signer
- func New() *Signer
type Spec

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type AccessKeyStore ¶

type AccessKeyStore interface {
	GetSecret(id string) (string, bool)
}

AccessKeyStore defines the interface of an access key store, which returns the corresponding secret when query by an id

type Context ¶

type Context struct {
	Time   time.Time
	Scopes []string

	ExpireTime time.Duration

	AccessKeyID      string
	AccessKeySecret  string
	SignedHeaders    string
	CanonicalHeaders string

	Signature string
	Query     url.Values
	BodyHash  string
	// contains filtered or unexported fields
}

Context is the signing/verfication context for a single request

func (*Context) ExcludeBody ¶

func (ctx *Context) ExcludeBody(exclude bool)

ExcludeBody is an option function for Context to exclude body from signature

func (*Context) Presign ¶

func (ctx *Context) Presign(req *http.Request, expireTime time.Duration) error

Presign calculate the signature and add it to request url

func (*Context) Sign ¶

func (ctx *Context) Sign(req *http.Request, getBody func() io.Reader) error

Sign calculate the signature and add it to request header

func (*Context) Verify ¶

func (ctx *Context) Verify(req *http.Request, getBody func() io.Reader) error

Verify verifies the signature of a request

type HeaderHoisting ¶

type HeaderHoisting struct {
	AllowedPrefix    []string `json:"allowedPrefix,omitempty" jsonschema:"uniqueItems=true"`
	DisallowedPrefix []string `json:"disallowedPrefix,omitempty" jsonschema:"uniqueItems=true"`
	Disallowed       []string `json:"disallowed,omitempty" jsonschema:"uniqueItems=true"`
	// contains filtered or unexported fields
}

HeaderHoisting defines which headers are allowed to be moved from header to query in presign: header with name has one of the allowed prefixes, but hasn't any disallowed prefixes and doesn't match any of disallowed names are allowed to be hoisted

type Literal ¶

type Literal struct {
	// ScopeSuffix is the last part when build the credential scope.
	// Default: megaease_request
	ScopeSuffix string `json:"scopeSuffix" jsonschema:"required"`

	// AlgorithmName is the query name of the signature algorithm
	// Default: X-Me-Algorithm
	AlgorithmName string `json:"algorithmName" jsonschema:"required"`

	// AlgorithmName is the header/query value of the signature algorithm
	// Default: ME-HMAC-SHA256
	AlgorithmValue string `json:"algorithmValue" jsonschema:"required"`

	// SignedHeaders is the header/query headers of the signed headers
	// Default: X-Me-SignedHeaders
	SignedHeaders string `json:"signedHeaders" jsonschema:"required"`

	// Signature is the query name of the signature
	// Default: X-Me-Signature
	Signature string `json:"signature" jsonschema:"required"`

	// Date is the header/query name of request time
	// Default: X-Me-Date
	Date string `json:"date" jsonschema:"required"`

	// Expires is the query name of expire duration
	// Default: X-Me-Expires
	Expires string `json:"expires" jsonschema:"required"`

	// Credential is the query name of credential
	// Default: X-Me-Credential
	Credential string `json:"credential" jsonschema:"required"`

	// ContentSHA256 is the header name of body/payload hash
	// Default: X-Me-Content-Sha256
	ContentSHA256 string `json:"contentSha256" jsonschema:"required"`

	// SigningKeyPrefix is prepend to access key secret when derive the signing key
	// Default: ME
	SigningKeyPrefix string `json:"signingKeyPrefix,omitempty"`
}

Literal is the header name, query name and other text values. The literals are string constants, but customers may want to customize them to be their own, so we make them configurable.

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer is a signature calculator for http.Request

func CreateFromSpec ¶

func CreateFromSpec(spec *Spec) *Signer

CreateFromSpec create a Signer from configuration

func New ¶

func New() *Signer

New creates a new signer

func (*Signer) ExcludeBody ¶

func (s *Signer) ExcludeBody(exclude bool) *Signer

ExcludeBody is an option function for Signer to exclude body from signature

func (*Signer) IgnoreHeader ¶

func (s *Signer) IgnoreHeader(headers ...string) *Signer

IgnoreHeader is an option function for Signer to add ignored headers

func (*Signer) NewSigningContext ¶

func (s *Signer) NewSigningContext(timestamp time.Time, scopes ...string) *Context

NewSigningContext creates a new signing context for signing

func (*Signer) NewVerificationContext ¶

func (s *Signer) NewVerificationContext() *Context

NewVerificationContext creates a new verification context for verification.

func (*Signer) SetAccessKeyStore ¶

func (s *Signer) SetAccessKeyStore(store AccessKeyStore) *Signer

SetAccessKeyStore is an option function for Signer to set access key store

func (*Signer) SetCredential ¶

func (s *Signer) SetCredential(accessKeyID string, accessKeySecret string) *Signer

SetCredential is an option function for Signer to set access key id/secret for signing

func (*Signer) SetHeaderHoisting ¶

func (s *Signer) SetHeaderHoisting(hh *HeaderHoisting) *Signer

SetHeaderHoisting is an option function for Singer to set header hoisting

func (*Signer) SetLiteral ¶

func (s *Signer) SetLiteral(literal *Literal) *Signer

SetLiteral is an option function for Signer to set literals

func (*Signer) SetTTL ¶

func (s *Signer) SetTTL(d time.Duration) *Signer

SetTTL is an option function for Signer to set time to live of a signature

type Spec ¶

type Spec struct {
	Literal         *Literal          `json:"literal,omitempty"`
	HeaderHoisting  *HeaderHoisting   `json:"headerHoisting,omitempty"`
	IgnoredHeaders  []string          `json:"ignoredHeaders,omitempty" jsonschema:"uniqueItems=true"`
	ExcludeBody     bool              `json:"excludeBody,omitempty"`
	TTL             string            `json:"ttl,omitempty" jsonschema:"format=duration"`
	AccessKeyID     string            `json:"accessKeyId,omitempty"`
	AccessKeySecret string            `json:"accessKeySecret,omitempty"`
	AccessKeys      map[string]string `json:"accessKeys,omitempty"`
}

Spec defines the configuration of a Signer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL