README
¶
go-itsdangerous
Like itsdangerous but for Go.
Updates for 2016
Forked from https://github.com/iromli/go-itsdangerous, and updated to work with latest version of itsdangerous, specifically the flask secure cookie defaults (URLSafeTimedSerializer):
- Removed EPOCH (see https://github.com/pallets/itsdangerous/issues/46)
- Added zlib compression / decompression (see comment)
- Added helper functions
SignB64,UnsignB64for ease of use with theURLSafeTimedSerializer/URLSafeSerializer
Also:
- Replaced use of
stringwith[]byteto avoid casting back and forth
Documentation
¶
Overview ¶
Package itsdangerous implements various functions to deal with untrusted sources. Mainly useful for web applications.
This package exists purely as a port of https://github.com/mitsuhiko/itsdangerous, where the original version is written in Python.
Index ¶
- func ZBase64Encode(b []byte) []byte
- type HMACAlgorithm
- type Signature
- func (s *Signature) DeriveKey() ([]byte, error)
- func (s *Signature) Get(value []byte) ([]byte, error)
- func (s *Signature) Sign(value []byte) ([]byte, error)
- func (s *Signature) SignB64(value []byte) ([]byte, error)
- func (s *Signature) Unsign(signed []byte) ([]byte, error)
- func (s *Signature) UnsignB64(signed []byte) ([]byte, error)
- func (s *Signature) Verify(value, sig []byte) (bool, error)
- type SigningAlgorithm
- type TimestampSignature
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ZBase64Encode ¶
Types ¶
type HMACAlgorithm ¶
HMACAlgorithm provides signature generation using HMACs.
func (*HMACAlgorithm) GetSignature ¶
func (a *HMACAlgorithm) GetSignature(key, value []byte) []byte
GetSignature returns the signature for the given key and value.
func (*HMACAlgorithm) VerifySignature ¶
func (a *HMACAlgorithm) VerifySignature(key, value, sig []byte) bool
VerifySignature verifies the given signature matches the expected signature.
type Signature ¶
type Signature struct {
SecretKey []byte
Sep []byte
Salt []byte
KeyDerivation string
DigestMethod func() hash.Hash
Algorithm SigningAlgorithm
}
Signature can sign bytes and unsign it and validate the signature provided.
Salt can be used to namespace the hash, so that a signed string is only valid for a given namespace. Leaving this at the default value or re-using a salt value across different parts of your application where the same signed value in one part can mean something different in another part is a security risk.
func NewSignature ¶
func NewSignature(secret, salt, sep, derivation string, digest func() hash.Hash, algo SigningAlgorithm) *Signature
NewSignature creates a new Signature
func (*Signature) DeriveKey ¶
DeriveKey generates a key derivation. Keep in mind that the key derivation in itsdangerous is not intended to be used as a security method to make a complex key out of a short password. Instead you should use large random secret keys.
func (*Signature) SignB64 ¶
SignB64 first Base64 encodes the (optionally compressed) value before signing. This is compatable with itsdangerous URLSafeSerializer
type SigningAlgorithm ¶
type SigningAlgorithm interface {
GetSignature([]byte, []byte) []byte
VerifySignature(key, value, sig []byte) bool
}
SigningAlgorithm provides interfaces to generate and verify signature
type TimestampSignature ¶
type TimestampSignature struct {
Signature
}
TimestampSignature works like the regular Signature but also records the time of the signing and can be used to expire signatures.
func NewTimestampSignature ¶
func NewTimestampSignature(secret, salt, sep, derivation string, digest func() hash.Hash, algo SigningAlgorithm) *TimestampSignature
NewTimestampSignature creates a new TimestampSignature
func (*TimestampSignature) Sign ¶
func (s *TimestampSignature) Sign(value []byte) ([]byte, error)
Sign the given string.
func (*TimestampSignature) SignB64 ¶
func (s *TimestampSignature) SignB64(value []byte) ([]byte, error)
SignB64 first Base64 encodes the (optionally compressed) value before signing. This is compatable with itsdangerous URLSafeTimedSerializer
Source Files