Skip to content
This repository has been archived by the owner on Oct 13, 2023. It is now read-only.

QuantozTechnology/go-http-signatures

Repository files navigation

httpsignatures-go

GoDoc Build Status

Golang middleware library for the http-signatures spec.

Application

This is server side software, and can be used as middleware in for example the "goji" framework.

Remarks

When the clockskew check is used, the X-Data header prevails over the Data header.

Example

import (
  "https://github.com/quantoztechnology/go-http-signatures"
)

var (
	ErrorIncorrectKeyIdSupplied = "Incorrect keyId supplied"
	ErrorNoAuthorization        = "Request not authorized"
)

// Authenticator checks if the request has the correct signature for authentication
func (app *App) Authenticator(c *web.C, h http.Handler) http.Handler {
	return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {

		err := verifyRequest(r)

		if err != nil {
			var httpErr int
			var msg string

			switch err.Error() {
			case ErrorIncorrectKeyIdSupplied:
				httpErr = http.StatusBadRequest
				msg = ErrorIncorrectKeyIdSupplied
			case ErrorNoAuthorization:
				httpErr = http.StatusUnauthorized
				msg = ErrorNoAuthorization
			default:
				httpErr, msg = httpsignatures.ErrorToHTTPCode(err.Error())
			}

			if httpErr == http.StatusInternalServerError {
				http.Error(w, "Internal Server Error", http.StatusInternalServerError)
			} else {
				http.Error(w, msg, httpErr)
				return
			}
		}

		h.ServeHTTP(w, r)
	})
}

func verifyRequest(r *http.Request) error {
	keyLookUp := func(keyId string) (string, error) {
		// returns the base64string encoded key to verify the signature
		return keyLookUpFun(keyId)
	}

	allowedClockSkew := -1
	requiredAlgorithm := []string{httpsignatures.AlgorithmHmacSha256}
	_, err := httpsignatures.VerifyRequest(r, keyLookUp, allowedClockSkew, requiredAlgorithm,
		httpsignatures.HeaderRequestTarget, httpsignatures.HeaderHost, httpsignatures.HeaderXDate)
	return err
}

About

Go middleware implementation of http-signatures

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages