meshauth

package
v0.0.0-...-2a6dfc0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 3, 2024 License: Apache-2.0 Imports: 27 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CheckVAPID 

func CheckVAPID(tok string, now time.Time) (jwt *meshauth.JWT, pub []byte, err error)

CheckVAPID verifies the signature and returns the token and public key. expCheck should be set to current time to set expiration

Data is extracted from VAPID header - 'vapid' scheme and t/k params

Does not check audience or other parms.

func ParseAuthorization 

func ParseAuthorization(auth string) (string, string, map[string]string)

ParseAuthorization splits the Authorization header, returning the scheme and parameters. Used with the "scheme k=v,k=v" format.

func WebpushSubscriptionToDest 

func WebpushSubscriptionToDest(b []byte) (*meshauth.Dest, error)

Subscription holds the useful values from a PushSubscription object acquired from the browser.

https://w3c.github.io/push-api/

Returned as result of /subscribe WebpushSubscriptionToDest is a convenience function that decodes a JSON encoded PushSubscription object acquired from the browser

Types

type Subscription 

type Subscription struct {
	// Endpoint is the URL to send the Web Push message to. Comes from the
	// endpoint field of the PushSubscription.
	Endpoint string

	// Key is the client's public key. From the getKey("p256dh") or keys.p256dh field.
	Key []byte

	// Auth is a value used by the client to validate the encryption. From the
	// keys.auth field.
	// The encrypted aes128gcm will have 16 bytes authentication tag derived from this.
	// This is the pre-shared authentication secret.
	Auth []byte

	// Used by the UA to receive messages, as PUSH promises
	Location string
}

Subscription holds the useful values from a PushSubscription object acquired from the browser.

https://w3c.github.io/push-api/

Returned as result of /subscribe

func SubscriptionFromJSON 

func SubscriptionFromJSON(b []byte) (*Subscription, error)

SubscriptionFromJSON is a convenience function that takes a JSON encoded PushSubscription object acquired from the browser and returns a pointer to a node.

type Webpush 

type Webpush struct {
	Mesh *meshauth.Mesh

	// cached PublicKeyBase64 encoding of the public key, for EC256 VAPID.
	PublicKeyBase64 string

	EC256Key string
	EC256Pub string

	// EC256Priv is the 'raw' private key, in the standard format (not DER - i.e. D.Bytes())
	EC256Priv []byte `json:-`
}

func New 

func New(m *meshauth.Mesh) *Webpush

func (*Webpush) GetToken 

func (v *Webpush) GetToken(ctx context.Context, aud string) (string, error)

VAPIDToken creates a token with the specified endpoint, using configured Sub id and a default expiration (1h). The Mesh identity must be based on EC256.

Format is "vapid t=TOKEN k=PUBKEY

The optional (unauthenticated) Sub field is populated from Name@Domain or TrustDomain. The DMesh VIP is based on the public key of the signer. AUD is the URL from the subscription - for DMesh https://VIP:5228/s or https://DOMAIN:5228/s

func (*Webpush) NewRequest 

func (v *Webpush) NewRequest(dest string, key, authK []byte,
	message string, ttlSec int, ma *meshauth.Mesh) (*http.Request, error)

NewVapidRequest creates a valid Web Push HTTP request for sending a message to a subscriber, using Vapid authentication.

You can add more headers to configure collapsing, TTL.

func (*Webpush) SendMessage 

func (v *Webpush) SendMessage(hc *http.Client, subs string, show bool, msg string)

Send an encrypted message to a node.

type WebpushEncryption 

type WebpushEncryption struct {
	// Full body of the encrypted message, including header (salt, server pub).
	//
	// Format:
	// 16 B Salt
	// 4B rs {0,0, 16, 0} - 4k
	// 1B WorkloadID-Size {65}
	// 65B SendPublicKey
	// Up to 4k encrypted text - with 0x02 appended at the end before encryption
	// Wasted: 7 const.
	// Overhead: 16 salt, 16 sig, 64 pub. Total: 103 (64+32+7)
	Ciphertext []byte

	// 16B For encryption: must be a random generated by sender.
	Salt []byte

	// Temp EC key for encryption, 65B
	SendPublic []byte

	// UA Public bytes - from subscription
	UAPublic []byte

	// Only used for encrypt
	SendPrivate []byte

	// Only used for decrypt
	UAPrivate []byte

	// Auth - from subscription. If missing, a default value can be used - either zero or
	// a hash of the recipinent URL or public key.
	Auth []byte
	// contains filtered or unexported fields
}

WebpushEncruption is used for encryption and decryption of messages using webpush protocol.

It stores the source and result of encrypting a message and associated parameters.

func NewWebpushDecryption 

func NewWebpushDecryption(uapriv string, uapub, auth []byte) *WebpushEncryption

NewWebpushDecryption creates a context for decrypting message by a UA.

func NewWebpushEncryption 

func NewWebpushEncryption(uapub, auth []byte) *WebpushEncryption

NewWebpushEncryption creates a new encryption context for sending, based on the subscription pub key and auth.

func (*WebpushEncryption) Decrypt 

func (er *WebpushEncryption) Decrypt(cypher []byte) ([]byte, error)

func (*WebpushEncryption) Encrypt 

func (er *WebpushEncryption) Encrypt(plaintext []byte) ([]byte, error)

Encrypt a message such that it can be sent using the Web Push protocol.

RFC8030 - message RFC8291 - encryption

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.