Documentation
¶
Index ¶
- Constants
- Variables
- func BuildCanonicalHeaders(host string, rule Rule, header http.Header, length int64) (signed http.Header, signedHeaders, canonicalHeadersStr string)
- func BuildCredentialScope(signingTime SigningTime, region, service string) string
- func EscapePath(path string, encodeSep bool) string
- func GetURIPath(u *url.URL) string
- func HMACSHA256(key []byte, data []byte) []byte
- func HasPrefixFold(s, prefix string) bool
- func InitializeEscape()
- func SanitizeHostForHeader(r *http.Request)
- func StripExcessSpaces(str string) string
- type AllowList
- type Credentials
- type DenyList
- type ExcludeList
- type InclusiveRules
- type MapRule
- type Patterns
- type Rule
- type Rules
- type SigningKeyDeriver
- type SigningTime
Constants ¶
const AmzAlgorithmKey = "X-Amz-Algorithm"
const AmzCredentialKey = "X-Amz-Credential"
AmzCredentialKey is the access key ID and credential scope
const AmzDateKey = "X-Amz-Date"
const AmzSecurityTokenKey = "X-Amz-Security-Token"
AmzSecurityTokenKey indicates the security token to be used with temporary credentials
const AmzSignedHeadersKey = "X-Amz-SignedHeaders"
AmzSignedHeadersKey is the set of headers signed for the request
const AuthorizationHeader = "Authorization"
const ShortTimeFormat = "20060102"
ShortTimeFormat is the shorten time format used in the credential scope
const SigningAlgorithm = "AWS4-HMAC-SHA256"
const TimeFormat = "20060102T150405Z"
TimeFormat is the time format to be used in the X-Amz-Date header or query parameter
Variables ¶
var AllowedQueryHoisting = InclusiveRules{ DenyList{RequiredSignedHeaders}, Patterns{"X-Amz-"}, }
AllowedQueryHoisting is a whitelist for Build query headers. The boolean value represents whether or not it is a pattern.
var IgnoredHeaders = Rules{ ExcludeList{ MapRule{ "Authorization": struct{}{}, "User-Agent": struct{}{}, "X-Amzn-Trace-Id": struct{}{}, "Expect": struct{}{}, }, }, }
var RequiredSignedHeaders = Rules{ AllowList{ MapRule{ "Cache-Control": struct{}{}, "Content-Disposition": struct{}{}, "Content-Encoding": struct{}{}, "Content-Language": struct{}{}, "Content-Md5": struct{}{}, "Content-Type": struct{}{}, "Expires": struct{}{}, "If-Match": struct{}{}, "If-Modified-Since": struct{}{}, "If-None-Match": struct{}{}, "If-Unmodified-Since": struct{}{}, "Range": struct{}{}, "X-Amz-Acl": struct{}{}, "X-Amz-Copy-Source": struct{}{}, "X-Amz-Copy-Source-If-Match": struct{}{}, "X-Amz-Copy-Source-If-Modified-Since": struct{}{}, "X-Amz-Copy-Source-If-None-Match": struct{}{}, "X-Amz-Copy-Source-If-Unmodified-Since": struct{}{}, "X-Amz-Copy-Source-Range": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Copy-Source-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Grant-Full-control": struct{}{}, "X-Amz-Grant-Read": struct{}{}, "X-Amz-Grant-Read-Acp": struct{}{}, "X-Amz-Grant-Write": struct{}{}, "X-Amz-Grant-Write-Acp": struct{}{}, "X-Amz-Metadata-Directive": struct{}{}, "X-Amz-Mfa": struct{}{}, "X-Amz-Request-Payer": struct{}{}, "X-Amz-Server-Side-Encryption": struct{}{}, "X-Amz-Server-Side-Encryption-Aws-Kms-Key-Id": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Algorithm": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key": struct{}{}, "X-Amz-Server-Side-Encryption-Customer-Key-Md5": struct{}{}, "X-Amz-Storage-Class": struct{}{}, "X-Amz-Website-Redirect-Location": struct{}{}, "X-Amz-Content-Sha256": struct{}{}, "X-Amz-Tagging": struct{}{}, }, }, Patterns{"X-Amz-Meta-"}, }
RequiredSignedHeaders is a whitelist for Build canonical headers.
Functions ¶
func BuildCanonicalHeaders ¶
func BuildCredentialScope ¶
func BuildCredentialScope(signingTime SigningTime, region, service string) string
BuildCredentialScope builds part of credential string to be used as X-Amz-Credential header or query parameter.
func EscapePath ¶
EscapePath escapes part of a URL path in Amazon style.
func GetURIPath ¶
func HMACSHA256 ¶
func HasPrefixFold ¶
func InitializeEscape ¶
func InitializeEscape()
func SanitizeHostForHeader ¶
SanitizeHostForHeader removes default port from host and updates request.Host
func StripExcessSpaces ¶
Types ¶
type Credentials ¶
type Credentials struct {
// AccessKeyID is AWS Access key ID
AccessKeyID string
// SecretAccessKey is AWS Secret Access Key
SecretAccessKey string
// SessionToken is AWS Session Token
SessionToken string
// Source of the AWS credentials
Source string
// CanExpire states if the AWS credentials can expire or not.
CanExpire bool
// Expires is the time the AWS credentials will expire at. Should be ignored if CanExpire is false.
Expires time.Time
}
Credentials is the type to represent AWS credentials
type ExcludeList ¶
type ExcludeList struct {
Rule
}
func (ExcludeList) IsValid ¶
func (b ExcludeList) IsValid(value string) bool
IsValid for ExcludeList checks if the value is not within the ExcludeList
type InclusiveRules ¶
type InclusiveRules []Rule
InclusiveRules rules allow for rules to depend on one another
func (InclusiveRules) IsValid ¶
func (r InclusiveRules) IsValid(value string) bool
IsValid will return true if all rules are true
type SigningKeyDeriver ¶
type SigningKeyDeriver struct {
// contains filtered or unexported fields
}
SigningKeyDeriver derives a signing key from a set of credentials
func NewSigningKeyDeriver ¶
func NewSigningKeyDeriver() *SigningKeyDeriver
func (*SigningKeyDeriver) DeriveKey ¶
func (k *SigningKeyDeriver) DeriveKey(credential Credentials, service, region string, signingTime SigningTime) []byte
DeriveKey returns a derived signing key from the given credentials to be used with SigV4 signing.
type SigningTime ¶
func NewSigningTime ¶
func NewSigningTime(t time.Time) SigningTime
func (*SigningTime) ShortTimeFormat ¶
func (m *SigningTime) ShortTimeFormat() string
ShortTimeFormat provides a time formatted of 20060102.
func (*SigningTime) TimeFormat ¶
func (m *SigningTime) TimeFormat() string
Source Files