Documentation
¶
Overview ¶
Package signer provides a signer for HTTP requests.
Index ¶
- type AccessKeyStore
- type Context
- type HeaderHoisting
- type Literal
- type Signer
- func (s *Signer) ExcludeBody(exclude bool) *Signer
- func (s *Signer) IgnoreHeader(headers ...string) *Signer
- func (s *Signer) NewSigningContext(timestamp time.Time, scopes ...string) *Context
- func (s *Signer) NewVerificationContext() *Context
- func (s *Signer) SetAccessKeyStore(store AccessKeyStore) *Signer
- func (s *Signer) SetCredential(accessKeyID string, accessKeySecret string) *Signer
- func (s *Signer) SetHeaderHoisting(hh *HeaderHoisting) *Signer
- func (s *Signer) SetLiteral(literal *Literal) *Signer
- func (s *Signer) SetTTL(d time.Duration) *Signer
- type Spec
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type AccessKeyStore ¶
AccessKeyStore defines the interface of an access key store, which returns the corresponding secret when query by an id
type Context ¶
type Context struct {
Time time.Time
Scopes []string
ExpireTime time.Duration
AccessKeyID string
AccessKeySecret string
SignedHeaders string
CanonicalHeaders string
Signature string
Query url.Values
BodyHash string
// contains filtered or unexported fields
}
Context is the signing/verfication context for a single request
func (*Context) ExcludeBody ¶
ExcludeBody is an option function for Context to exclude body from signature
type HeaderHoisting ¶
type HeaderHoisting struct {
AllowedPrefix []string `json:"allowedPrefix,omitempty" jsonschema:"uniqueItems=true"`
DisallowedPrefix []string `json:"disallowedPrefix,omitempty" jsonschema:"uniqueItems=true"`
Disallowed []string `json:"disallowed,omitempty" jsonschema:"uniqueItems=true"`
// contains filtered or unexported fields
}
HeaderHoisting defines which headers are allowed to be moved from header to query in presign: header with name has one of the allowed prefixes, but hasn't any disallowed prefixes and doesn't match any of disallowed names are allowed to be hoisted
type Literal ¶
type Literal struct {
// ScopeSuffix is the last part when build the credential scope.
// Default: megaease_request
ScopeSuffix string `json:"scopeSuffix" jsonschema:"required"`
// AlgorithmName is the query name of the signature algorithm
// Default: X-Me-Algorithm
AlgorithmName string `json:"algorithmName" jsonschema:"required"`
// AlgorithmName is the header/query value of the signature algorithm
// Default: ME-HMAC-SHA256
AlgorithmValue string `json:"algorithmValue" jsonschema:"required"`
// SignedHeaders is the header/query headers of the signed headers
// Default: X-Me-SignedHeaders
SignedHeaders string `json:"signedHeaders" jsonschema:"required"`
// Signature is the query name of the signature
// Default: X-Me-Signature
Signature string `json:"signature" jsonschema:"required"`
// Date is the header/query name of request time
// Default: X-Me-Date
Date string `json:"date" jsonschema:"required"`
// Expires is the query name of expire duration
// Default: X-Me-Expires
Expires string `json:"expires" jsonschema:"required"`
// Credential is the query name of credential
// Default: X-Me-Credential
Credential string `json:"credential" jsonschema:"required"`
// ContentSHA256 is the header name of body/payload hash
// Default: X-Me-Content-Sha256
ContentSHA256 string `json:"contentSha256" jsonschema:"required"`
// SigningKeyPrefix is prepend to access key secret when derive the signing key
// Default: ME
SigningKeyPrefix string `json:"signingKeyPrefix,omitempty"`
}
Literal is the header name, query name and other text values. The literals are string constants, but customers may want to customize them to be their own, so we make them configurable.
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer is a signature calculator for http.Request
func CreateFromSpec ¶
CreateFromSpec create a Signer from configuration
func (*Signer) ExcludeBody ¶
ExcludeBody is an option function for Signer to exclude body from signature
func (*Signer) IgnoreHeader ¶
IgnoreHeader is an option function for Signer to add ignored headers
func (*Signer) NewSigningContext ¶
NewSigningContext creates a new signing context for signing
func (*Signer) NewVerificationContext ¶
NewVerificationContext creates a new verification context for verification.
func (*Signer) SetAccessKeyStore ¶
func (s *Signer) SetAccessKeyStore(store AccessKeyStore) *Signer
SetAccessKeyStore is an option function for Signer to set access key store
func (*Signer) SetCredential ¶
SetCredential is an option function for Signer to set access key id/secret for signing
func (*Signer) SetHeaderHoisting ¶
func (s *Signer) SetHeaderHoisting(hh *HeaderHoisting) *Signer
SetHeaderHoisting is an option function for Singer to set header hoisting
func (*Signer) SetLiteral ¶
SetLiteral is an option function for Signer to set literals
type Spec ¶
type Spec struct {
Literal *Literal `json:"literal,omitempty"`
HeaderHoisting *HeaderHoisting `json:"headerHoisting,omitempty"`
IgnoredHeaders []string `json:"ignoredHeaders,omitempty" jsonschema:"uniqueItems=true"`
ExcludeBody bool `json:"excludeBody,omitempty"`
TTL string `json:"ttl,omitempty" jsonschema:"format=duration"`
AccessKeyID string `json:"accessKeyId,omitempty"`
AccessKeySecret string `json:"accessKeySecret,omitempty"`
AccessKeys map[string]string `json:"accessKeys,omitempty"`
}
Spec defines the configuration of a Signer
Source Files