1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
|
package web
import (
"crypto/sha256"
"encoding/base64"
"fmt"
"net/http"
"strings"
"github.com/xlgmokha/x/pkg/cookie"
"github.com/xlgmokha/x/pkg/crypt"
"github.com/xlgmokha/x/pkg/env"
"github.com/xlgmokha/x/pkg/pls"
"github.com/xlgmokha/x/pkg/x"
)
var key []byte = x.Must(pls.GenerateRandomBytes(32)) // TODO:: Read fix key from environment variable
var Signer *crypt.HMACSigner = x.New[*crypt.HMACSigner](crypt.WithKey(key), crypt.WithAlgorithm(sha256.New))
var delimiter string = "--"
func NewCookie(name, value string, options ...x.Option[*http.Cookie]) *http.Cookie {
return x.New[*http.Cookie](x.Prepend[x.Option[*http.Cookie]](
options,
cookie.WithName(name),
withSignedValue(value),
cookie.WithPath("/"),
cookie.WithHttpOnly(true),
cookie.WithSecure(true),
cookie.WithSameSite(http.SameSiteDefaultMode),
cookie.WithDomain(env.Fetch("HOST", "localhost")),
)...)
}
func withSignedValue(value string) x.Option[*http.Cookie] {
signature, err := Signer.Sign([]byte(value))
if err != nil {
return nil
}
return cookie.WithValue(fmt.Sprintf(
"%v%v%v",
value,
delimiter,
base64.URLEncoding.EncodeToString(signature),
))
}
func ExpireCookie(w http.ResponseWriter, name string) {
cookie.Expire(w, name,
cookie.WithPath("/"),
cookie.WithDomain(env.Fetch("HOST", "localhost")),
cookie.WithHttpOnly(true),
cookie.WithSecure(true),
)
}
func CookieValueFrom(c *http.Cookie) string {
segments := strings.SplitN(c.Value, delimiter, 2)
if len(segments) != 2 {
return ""
}
data := segments[0]
signature, err := base64.URLEncoding.DecodeString(segments[1])
if err != nil {
return ""
}
if !Signer.Verify([]byte(data), []byte(signature)) {
return ""
}
return data
}
|
