登录 注册
开源 企业版 高校版 私有云 模力方舟 模力方舟 AI 队友
扫描微信二维码支付
取消
支付完成
Ai
Watch
不关注 关注所有动态 仅关注版本发行动态 关注但不提醒动态
1 Star 0 Fork 0

go-better/go

代码 Issues 0 Pull Requests 0 Wiki 统计 流水线
服务
加入 Gitee
与超过 1200万 开发者一起发现、参与优秀开源项目,私有仓库也完全免费 :)
免费加入
文件
克隆/下载
secure_cookie.go 4.22 KB
一键复制 编辑 原始数据 按行查看 历史
proce 提交于 2022-03-21 20:37 +08:00 . save
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158
package cookiestore



import (

	"bytes"

	"crypto/hmac"

	"crypto/sha256"

	"crypto/subtle"

	"encoding/base64"

	"errors"

	"fmt"

	"hash"

	"strconv"

	"time"

)



var ErrorEncodedValueTooLong = errors.New("the encoded value is too long")

var ErrorValueToDecodeToolong = errors.New("the value to decode is too long")

var ErrorValueToDecodeIllegal = errors.New("the value to decode is illegal")

var ErrorSignWrong = errors.New("the sign is wrong")

var ErrorSessionExpired = errors.New("the session has expired")



type SecureCookie struct {

	hashKey          []byte

	MaxLength        int

	timestampForTest int64

}



func NewSecureCookie(hashKey []byte) *SecureCookie {

	s := &SecureCookie{

		hashKey:   hashKey,

		MaxLength: 4096,

	}

	return s

}



// Encode encodes a cookie value.

//

// It signs the value with a message authentication code, and encodes it.

//

// The name argument is the cookie name. It is signed with the encoded value.

// The value argument is the value to be encoded.

func (s *SecureCookie) Encode(name string, value []byte) ([]byte, error) {

	b := []byte(fmt.Sprintf("%s|%d|%s|", name, s.nowTimestamp(), value))

	b = append(b, s.createSign(b)...) // append sign

	b = b[len(name)+1:]               // remove name

	b = base64encode(b)

	if s.MaxLength != 0 && len(b) > s.MaxLength {

		return nil, ErrorEncodedValueTooLong

	}

	return b, nil

}



// Decode decodes a cookie value.

//

// It decodes the value, and verifies a message authentication code.

//

// The name argument is the cookie name. It must be the same name used when it was stored.

// The value argument is the encoded cookie value.

// The maxAge argument is the max seconds since the value is generated.

func (s *SecureCookie) Decode(name string, value []byte, maxAge int64) ([]byte, error) {

	if s.MaxLength != 0 && len(value) > s.MaxLength {

		return nil, ErrorValueToDecodeToolong

	}

	b, err := base64decode(value)

	if err != nil {

		return nil, err

	}

	// now b is "timestamp|value|sign".

	b, err = s.verifyAndRemoveSign(name, b)

	if err != nil {

		return nil, err

	}

	// now b is "timestamp|value".

	return s.verifyAndRemoveTimestamp(b, maxAge)

}



func (s *SecureCookie) createSign(b []byte) []byte {

	var h hash.Hash

	if len(s.hashKey) > 0 {

		h = hmac.New(sha256.New, s.hashKey)

	} else {

		h = sha256.New()

	}

	h.Write(b)

	return h.Sum(nil)

}



func (s *SecureCookie) verifyAndRemoveSign(name string, b []byte) ([]byte, error) {

	// now b is "timestamp|value|sign".

	pos := len(b) - sha256.Size // position of the first byte of the signature.

	// there must be at lease 4 byte before pos, example:  "0|v|"

	if pos < 4 || b[pos-1] != '|' {

		return nil, ErrorValueToDecodeIllegal

	}

	gotSign := b[pos:]

	b = b[:pos]

	// now b is "timestamp|value|".

	realSign := s.createSign(append([]byte(name+"|"), b...))

	if subtle.ConstantTimeCompare(gotSign, realSign) != 1 {

		return nil, ErrorSignWrong

	}

	return b[:len(b)-1], nil

}



func (s *SecureCookie) verifyAndRemoveTimestamp(b []byte, maxAge int64) ([]byte, error) {

	// now b is "timestamp|value".

	pos := bytes.IndexByte(b, '|')

	if pos < 1 {

		return nil, ErrorValueToDecodeIllegal

	}

	gotTimestamp, err := strconv.ParseInt(string(b[:pos]), 10, 64)

	if err != nil {

		return nil, ErrorValueToDecodeIllegal

	}

	if maxAge > 0 && s.nowTimestamp()-gotTimestamp > maxAge {

		return nil, ErrorSessionExpired

	}

	return b[pos+1:], nil

}



func (s *SecureCookie) GetTimestamp(value []byte) (int64, error) {

	b, err := base64decode(value)

	if err != nil {

		return 0, err

	}

	// now b is "timestamp|value|sign".

	pos := bytes.IndexByte(b, '|')

	if pos < 1 {

		return 0, ErrorValueToDecodeIllegal

	}

	gotTimestamp, err := strconv.ParseInt(string(b[:pos]), 10, 64)

	if err != nil {

		return 0, ErrorValueToDecodeIllegal

	}

	return gotTimestamp, nil

}



func (s *SecureCookie) nowTimestamp() int64 {

	if s.timestampForTest > 0 {

		return s.timestampForTest

	}

	return time.Now().UTC().Unix()

}



func base64encode(value []byte) []byte {

	encoded := make([]byte, base64.RawURLEncoding.EncodedLen(len(value)))

	base64.RawURLEncoding.Encode(encoded, value)

	return encoded

}



func base64decode(value []byte) ([]byte, error) {

	decoded := make([]byte, base64.RawURLEncoding.DecodedLen(len(value)))

	n, err := base64.RawURLEncoding.Decode(decoded, value)

	if err != nil {

		return nil, err

	}

	return decoded[:n], nil

}
Loading...
马建仓 AI 助手
尝试更多
代码解读
代码找茬
代码优化
Go
1
https://gitee.com/go-better/go.git
git@gitee.com:go-better/go.git
go-better
go
go
d31700df43a9
点此查找更多帮助

搜索帮助

Git 命令在线学习 如何在 Gitee 导入 GitHub 仓库
Git 仓库基础操作
企业版和社区版功能对比
SSH 公钥设置
如何处理代码冲突
仓库体积过大,如何减小?
如何找回被删除的仓库数据
Gitee 产品配额说明
GitHub仓库快速导入Gitee及同步更新
什么是 Release(发行版)
将 PHP 项目自动发布到 packagist.org
评论
仓库举报
回到顶部