mirror of
https://github.com/schollz/cowyo.git
synced 2023-08-10 21:13:00 +03:00
95401434a2
Former-commit-id: 900e1a398fd82aa1cea4f319e89b8088dd81cf6c [formerly f172c22b12c49c0291e0d986dc4af94fcc91d192] [formerly 43c5da81442a5f0ca79a6eabb1dfdfbfb3f22680 [formerly 7a39ef2b52fc10e7c980d377dbd52f5340e4e53a [formerly2694d0b183]]] Former-commit-id: fa39d6a984adc4ca8f8c82c5df145c336885a53f [formerly 94543f8081bc18b1a39daf8500cfa7e0b1ba7393] Former-commit-id: 809aae62e28a3f99a01854f71fcd5a85f89d2972 Former-commit-id:e8a4d30139
62 lines
2.1 KiB
Go
62 lines
2.1 KiB
Go
// Copyright 2012 The Gorilla Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style
|
|
// license that can be found in the LICENSE file.
|
|
|
|
/*
|
|
Package securecookie encodes and decodes authenticated and optionally
|
|
encrypted cookie values.
|
|
|
|
Secure cookies can't be forged, because their values are validated using HMAC.
|
|
When encrypted, the content is also inaccessible to malicious eyes.
|
|
|
|
To use it, first create a new SecureCookie instance:
|
|
|
|
var hashKey = []byte("very-secret")
|
|
var blockKey = []byte("a-lot-secret")
|
|
var s = securecookie.New(hashKey, blockKey)
|
|
|
|
The hashKey is required, used to authenticate the cookie value using HMAC.
|
|
It is recommended to use a key with 32 or 64 bytes.
|
|
|
|
The blockKey is optional, used to encrypt the cookie value -- set it to nil
|
|
to not use encryption. If set, the length must correspond to the block size
|
|
of the encryption algorithm. For AES, used by default, valid lengths are
|
|
16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
|
|
|
|
Strong keys can be created using the convenience function GenerateRandomKey().
|
|
|
|
Once a SecureCookie instance is set, use it to encode a cookie value:
|
|
|
|
func SetCookieHandler(w http.ResponseWriter, r *http.Request) {
|
|
value := map[string]string{
|
|
"foo": "bar",
|
|
}
|
|
if encoded, err := s.Encode("cookie-name", value); err == nil {
|
|
cookie := &http.Cookie{
|
|
Name: "cookie-name",
|
|
Value: encoded,
|
|
Path: "/",
|
|
}
|
|
http.SetCookie(w, cookie)
|
|
}
|
|
}
|
|
|
|
Later, use the same SecureCookie instance to decode and validate a cookie
|
|
value:
|
|
|
|
func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {
|
|
if cookie, err := r.Cookie("cookie-name"); err == nil {
|
|
value := make(map[string]string)
|
|
if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil {
|
|
fmt.Fprintf(w, "The value of foo is %q", value["foo"])
|
|
}
|
|
}
|
|
}
|
|
|
|
We stored a map[string]string, but secure cookies can hold any value that
|
|
can be encoded using encoding/gob. To store custom types, they must be
|
|
registered first using gob.Register(). For basic types this is not needed;
|
|
it works out of the box.
|
|
*/
|
|
package securecookie
|