cookie

package
v0.0.86 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Dec 9, 2023 License: MIT Imports: 12 Imported by: 0

Documentation

Overview

Package cookie provides utilities for using HTTP cookies.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func Delete

func Delete(w http.ResponseWriter, name, domain string)

Delete removes the named cookie.

func Get added in v0.0.27

func Get(r *http.Request, name string) (*http.Cookie, error)

Get returns a copy of the named cookie.

func GetEncrypted added in v0.0.11

func GetEncrypted(
	r *http.Request,
	name string,
	secretKey string,
) (*http.Cookie, error)

GetEncrypted authenticates, un-encrypts and returns a copy of the named cookie with the value decrypted.

func Set

func Set(
	w http.ResponseWriter,
	name string,
	value string,
	domain string,
	mAge time.Duration,
	jsAccess bool,
)

Set creates a cookie on the HTTP response.

If domain is an empty string, the cookie is set for the current host(excluding subdomains) else it is set for the given domain and its subdomains. If mAge == 0, a session cookie is created. If mAge < 0, it means delete the cookie now. If jsAccess is false, the cookie will be in-accesible to Javascript. In most cases you should set it to false(exceptions are rare, like when setting a csrf cookie)

func SetAntiReplay added in v0.0.83

func SetAntiReplay(r *http.Request, antiReplay string) *http.Request

SetAntiReplay uses antiReplay to try and mitigate against replay attacks. This mitigation not foolproof.

func SetEncrypted added in v0.0.11

func SetEncrypted(
	r *http.Request,
	w http.ResponseWriter,
	name string,
	value string,
	domain string,
	mAge time.Duration,
	secretKey string,
)

SetEncrypted creates a cookie on the HTTP response. The cookie value(but not the name) is encrypted and authenticated using cry.Enc.

Note: While encrypted cookies can guarantee that the data has not been tampered with, that it is all there and correct, and that the clients cannot read its raw value; they cannot guarantee freshness. This means that (similar to plain-text cookies), they are still susceptible to replay attacks

Also see Set

Example
package main

import (
	"encoding/json"
	"fmt"
	"net/http"
	"net/http/httptest"
	"time"

	"github.com/komuw/ong/cookie"
)

type shoppingCart struct {
	ItemName string
	Price    uint8
}

func shoppingCartHandler() http.HandlerFunc {
	return func(w http.ResponseWriter, r *http.Request) {
		cookieName := "cart"
		secretKey := "superSecret"
		item := shoppingCart{ItemName: "shoe", Price: 89}

		b, err := json.Marshal(item)
		if err != nil {
			panic(err)
		}

		cookie.SetEncrypted(
			r,
			w,
			cookieName,
			string(b),
			"example.com",
			2*time.Hour,
			secretKey,
		)

		fmt.Fprint(w, "thanks for shopping!")
	}
}

func main() {
	rec := httptest.NewRecorder()
	req := httptest.NewRequest(http.MethodGet, "/shop", nil)
	shoppingCartHandler().ServeHTTP(rec, req)

	res := rec.Result()
	defer res.Body.Close()

	if res.StatusCode != http.StatusOK {
		panic("unexcpected")
	}

	fmt.Println(res.Cookies()[0].Name)

}
Output:

cart

func UseClientForAntiReplay added in v0.0.84

func UseClientForAntiReplay(r *http.Request) string

UseClientForAntiReplay uses the client IP address and client TLS fingerprint to try and mitigate against replay attacks.

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL