v4

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 20, 2024 License: AGPL-3.0 Imports: 6 Imported by: 0

Documentation

Index

Constants

View Source
const (
	// EmptyStringSHA256 is the hex encoded sha256 value of an empty string
	EmptyStringSHA256 = `e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855`

	// UnsignedPayload indicates that the request payload body is unsigned
	UnsignedPayload = "UNSIGNED-PAYLOAD"

	// AmzAlgorithmKey indicates the signing algorithm
	AmzAlgorithmKey = "X-Amz-Algorithm"

	// AmzSecurityTokenKey indicates the security token to be used with temporary credentials
	AmzSecurityTokenKey = "X-Amz-Security-Token"

	// AmzDateKey is the UTC timestamp for the request in the format YYYYMMDD'T'HHMMSS'Z'
	AmzDateKey = "X-Amz-Date"

	// AmzCredentialKey is the access key ID and credential scope
	AmzCredentialKey = "X-Amz-Credential"

	// AmzSignedHeadersKey is the set of headers signed for the request
	AmzSignedHeadersKey = "X-Amz-SignedHeaders"

	// AmzSignatureKey is the query parameter to store the SigV4 signature
	AmzSignatureKey = "X-Amz-Signature"

	// TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
	TimeFormat = "20060102T150405Z"

	// ShortTimeFormat is the shorten time format used in the credential scope
	ShortTimeFormat = "20060102"

	// ContentSHAKey is the SHA256 of request body
	ContentSHAKey = "X-Amz-Content-Sha256"
)

Variables

View Source
var AllowedQueryHoisting = InclusiveRules{
	DenyList{RequiredSignedHeaders},
	Patterns{"X-Amz-"},
}

AllowedQueryHoisting is a whitelist for Build query headers. The boolean value represents whether or not it is a pattern.

View Source
var IgnoredHeaders = Rules{
	DenyList{
		MapRule{
			"Authorization": struct{}{},

			"X-Amzn-Trace-Id": struct{}{},
		},
	},
}

IgnoredHeaders is a list of headers that are ignored during signing drop User-Agent header to be compatible with aws sdk java v1.

View Source
var IgnoredPresignedHeaders = Rules{
	DenyList{
		MapRule{
			"Authorization":   struct{}{},
			"User-Agent":      struct{}{},
			"X-Amzn-Trace-Id": struct{}{},
		},
	},
}

IgnoredPresignedHeaders is a list of headers that are ignored during signing

View Source
var RequiredSignedHeaders = Rules{
	AllowList{
		MapRule{
			"Cache-Control":                         struct{}{},
			"Content-Disposition":                   struct{}{},
			"Content-Encoding":                      struct{}{},
			"Content-Language":                      struct{}{},
			"Content-Md5":                           struct{}{},
			"Content-Type":                          struct{}{},
			"Expires":                               struct{}{},
			"If-Match":                              struct{}{},
			"If-Modified-Since":                     struct{}{},
			"If-None-Match":                         struct{}{},
			"If-Unmodified-Since":                   struct{}{},
			"Range":                                 struct{}{},
			"X-Amz-Acl":                             struct{}{},
			"X-Amz-Copy-Source":                     struct{}{},
			"X-Amz-Copy-Source-If-Match":            struct{}{},
			"X-Amz-Copy-Source-If-Modified-Since":   struct{}{},
			"X-Amz-Copy-Source-If-None-Match":       struct{}{},
			"X-Amz-Copy-Source-If-Unmodified-Since": struct{}{},
			"X-Amz-Copy-Source-Range":               struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key":       struct{}{},
			"X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5":   struct{}{},
			"X-Amz-Grant-Full-control":                                    struct{}{},
			"X-Amz-Grant-Read":                                            struct{}{},
			"X-Amz-Grant-Read-Acp":                                        struct{}{},
			"X-Amz-Grant-Write":                                           struct{}{},
			"X-Amz-Grant-Write-Acp":                                       struct{}{},
			"X-Amz-Metadata-Directive":                                    struct{}{},
			"X-Amz-Mfa":                                                   struct{}{},
			"X-Amz-Request-Payer":                                         struct{}{},
			"X-Amz-Server-Side-Encryption":                                struct{}{},
			"X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id":                 struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Algorithm":             struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key":                   struct{}{},
			"X-Amz-Server-Side-Encryption-Customer-Key-Md5":               struct{}{},
			"X-Amz-Storage-Class":                                         struct{}{},
			"X-Amz-Website-Redirect-Location":                             struct{}{},
			"X-Amz-Content-Sha256":                                        struct{}{},
			"X-Amz-Tagging":                                               struct{}{},
		},
	},
	Patterns{"X-Amz-Meta-"},
}

RequiredSignedHeaders is a whitelist for Build canonical headers.

Functions

func GetURIPath

func GetURIPath(u *url.URL) string

GetURIPath returns the escaped URI component from the provided URL

func HMACSHA256

func HMACSHA256(key []byte, data []byte) []byte

HMACSHA256 computes a HMAC-SHA256 of data given the provided key.

func HasPrefixFold

func HasPrefixFold(s, prefix string) bool

HasPrefixFold tests whether the string s begins with prefix, interpreted as UTF-8 strings, under Unicode case-folding.

func SanitizeHostForHeader

func SanitizeHostForHeader(r *http.Request)

SanitizeHostForHeader removes default port from host and updates request.Host

func StripExcessSpaces

func StripExcessSpaces(str string) string

StripExcessSpaces will rewrite the passed in slice's string values to not contain muliple side-by-side spaces.

Types

type AllowList

type AllowList struct {
	Rule
}

AllowList is a generic Rule for whitelisting

func (AllowList) IsValid

func (w AllowList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type DenyList

type DenyList struct {
	Rule
}

DenyList is a generic Rule for blacklisting

func (DenyList) IsValid

func (b DenyList) IsValid(value string) bool

IsValid for AllowList checks if the value is within the AllowList

type InclusiveRules

type InclusiveRules []Rule

InclusiveRules rules allow for rules to depend on one another

func (InclusiveRules) IsValid

func (r InclusiveRules) IsValid(value string) bool

IsValid will return true if all rules are true

type MapRule

type MapRule map[string]struct{}

MapRule generic Rule for maps

func (MapRule) IsValid

func (m MapRule) IsValid(value string) bool

IsValid for the map Rule satisfies whether it exists in the map

type Patterns

type Patterns []string

Patterns is a list of strings to match against

func (Patterns) IsValid

func (p Patterns) IsValid(value string) bool

IsValid for Patterns checks each pattern and returns if a match has been found

type Rule

type Rule interface {
	IsValid(value string) bool
}

Rule interface allows for more flexible rules and just simply checks whether or not a value adheres to that Rule

type Rules

type Rules []Rule

Rules houses a set of Rule needed for validation of a string value

func (Rules) IsValid

func (r Rules) IsValid(value string) bool

IsValid will iterate through all rules and see if any rules apply to the value and supports nested rules

type SigningTime

type SigningTime struct {
	time.Time
	// contains filtered or unexported fields
}

SigningTime provides a wrapper around a time.Time which provides cached values for SigV4 signing.

func NewSigningTime

func NewSigningTime(t time.Time) SigningTime

NewSigningTime creates a new SigningTime given a time.Time

func (*SigningTime) ShortTimeFormat

func (m *SigningTime) ShortTimeFormat() string

ShortTimeFormat provides a time formatted of 20060102.

func (*SigningTime) TimeFormat

func (m *SigningTime) TimeFormat() string

TimeFormat provides a time formatted in the X-Amz-Date format.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL