1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
|
package web
import (
"crypto/sha256"
"encoding/base64"
"fmt"
"net/http"
"strings"
"github.com/xlgmokha/x/pkg/cookie"
"github.com/xlgmokha/x/pkg/crypt"
"github.com/xlgmokha/x/pkg/pls"
"github.com/xlgmokha/x/pkg/x"
)
var key []byte = x.Must(pls.GenerateRandomBytes(32)) // TODO:: https://gitlab.com/gitlab-org/software-supply-chain-security/authorization/sparkled/-/issues/2
var Signer *crypt.HMACSigner = x.New[*crypt.HMACSigner](crypt.WithKey(key), crypt.WithAlgorithm(sha256.New))
var delimiter string = "--"
func NewCookie(name, value string, options ...x.Option[*http.Cookie]) *http.Cookie {
return x.New[*http.Cookie](x.Prepend[x.Option[*http.Cookie]](
options,
cookie.WithName(name),
withSignedValue(value),
cookie.WithPath("/"),
cookie.WithHttpOnly(true),
cookie.WithSecure(true),
)...)
}
func withSignedValue(value string) x.Option[*http.Cookie] {
signature, err := Signer.Sign([]byte(value))
if err != nil {
return cookie.WithValue(value)
}
return cookie.WithValue(fmt.Sprintf(
"%v%v%v",
value,
delimiter,
base64.URLEncoding.EncodeToString(signature),
))
}
func ExpireCookie(w http.ResponseWriter, name string) error {
return WriteCookie(w, cookie.Reset(name,
cookie.WithPath("/"),
cookie.WithHttpOnly(true),
cookie.WithSecure(true),
))
}
func CookieValueFrom(c *http.Cookie) string {
segments := strings.SplitN(c.Value, delimiter, 2)
if len(segments) != 2 {
return ""
}
data := segments[0]
signature, err := base64.URLEncoding.DecodeString(segments[1])
if err != nil {
return ""
}
if !Signer.Verify([]byte(data), []byte(signature)) {
return ""
}
return data
}
func WriteCookie(w http.ResponseWriter, c *http.Cookie) error {
if err := c.Valid(); err != nil {
return err
}
cookie.Write(w, c)
return nil
}
|
