Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Hasher ¶
type Hasher interface {
// Sign creates an HMAC signature from the given payload.
//
// If nonce size is 0, the same payload will always produce the same signature.
//
// In order to use the signature as CSRF token, pass a non-zero value for the nonce size (16 is a good length).
// According to
// https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#pseudo-code-for-implementing-hmac-csrf-tokens,
// the payload should include the session id and any other information you wish. Do not include a random value
// in the payload; this method already creates the random value for you from the given nonce size.
Sign(ctx context.Context, payload []byte, nonceSize byte) ([]byte, error)
// Verify validates the given signature against the expected payload.
//
// The signature should have been created by a previous call to Sign.
//
// The boolean return value is true if and only if the signature has passed all validation. When the boolean
// return value is false and there is no error, the signature passes all parsing but fails at the final
// comparing step. Otherwise, any parsing error will be returned.
Verify(ctx context.Context, signature, payload []byte) (bool, error)
}
Hasher provides HMAC signing and validation methods.
See New regarding options to create a Hasher instance.
func New ¶
func New(keyProvider KeyProvider, optFns ...Option) Hasher
New returns a new Hasher for creating and validating signed tokens.
If you have static key, pass WithKey. If you want to retrieve secret binary from AWS Secrets Hasher, pass WithKeyFromSecretsManager. If you are running in AWS Lambda with AWS Parameters and Secrets Lambda Extension (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html) enabled, pass WithKeyFromLambdaExtensionSecrets.
If you want to use a specific hash function instead of sha256.New, use WithHash.
type KeyProvider ¶
type KeyProvider func(*lev)
KeyProvider customises how the Hasher retrieves its key.
func WithKey ¶
func WithKey(key []byte) KeyProvider
WithKey uses a fixed key for signing and verification.
func WithKeyFromLambdaExtensionSecrets ¶
func WithKeyFromLambdaExtensionSecrets(secretId string) KeyProvider
WithKeyFromLambdaExtensionSecrets retrieves key from AWS Parameters and Secrets Lambda Extension (https://docs.aws.amazon.com/secretsmanager/latest/userguide/retrieving-secrets_lambda.html).
func WithKeyFromSecretsManager ¶
func WithKeyFromSecretsManager(client endec.GetSecretValueAPIClient, secretId string, optFns ...func(*endec.SecretsManagerEndecOptions)) KeyProvider
WithKeyFromSecretsManager retrieves key from AWS Secrets Hasher.
Source Files