import "v.io/x/ref/services/identity/internal/util"
Package util implements miscellaneous utility functions needed by the identity HTTP server.
blessings_info.go certs.go csrf.go doc.go macaroon.go write.go
HTTPBadRequest sends an HTTP 400 error on 'w' and renders a pretty page. If err is not nil, it also renders the string representation of err in the response page.
func HTTPServerError(w http.ResponseWriter, err error)
ServerError sends an HTTP 500 error on 'w' and renders a pretty page that also has the string representation of err.
Circuitious route to obtain the certificate chain because the use of security.MarshalBlessings is discouraged.
WriteCertAndKey creates a certificate and private key for a given host and duration and writes them to cert.pem and key.pem in tmpdir. It returns the locations of the files, or an error if one is encountered.
type CSRFCop struct {
// contains filtered or unexported fields
}
CSRFCop implements utilities for generating and validating tokens for cross-site-request-forgery prevention (also called XSRF).
func (c *CSRFCop) MaybeSetCookie(w http.ResponseWriter, req *http.Request, cookieName string) ([]byte, error)
func (c *CSRFCop) NewToken(w http.ResponseWriter, r *http.Request, cookieName string, data interface{}) (string, error)
NewToken creates an anti-cross-site-request-forgery, aka CSRF aka XSRF token with some data bound to it that can be obtained by ValidateToken. It returns an error if the token could not be created.
func (c *CSRFCop) ValidateToken(token string, req *http.Request, cookieName string, decoded interface{}) error
ValidateToken checks the validity of the provided CSRF token for the provided request, and extracts the data encoded in the token into 'decoded'. If the token is invalid, return an error. This error should not be shown to end users, it is meant for the consumption by the server process only.
Macaroon encapsulates an arbitrary slice of data signed with a Private Key. Term borrowed from http://research.google.com/pubs/pub41892.html.
NewMacaroon creates an opaque token that encodes "data".
Input can be extracted from the returned token only if the Signature is valid.
Decode returns the input if the macaroon was signed by the current principal.
Package util imports 18 packages (graph) and is imported by 20 packages. Updated 2020-10-24. Refresh now. Tools for package owners.