Documentation
¶
Index ¶
- Constants
- func DataFileExistsInAny(dirs ...string) bool
- func Decrypt(data, password []byte) ([]byte, error)
- func DeleteEncryptedData(configDir string, fallbackDirs ...string) error
- func DeriveKey(password, salt []byte) []byte
- func Encrypt(plaintext, password []byte) ([]byte, error)
- func GetMACAddress() (string, error)
- type SecureTokenStorage
- type TokenData
Constants ¶
const ( // SaltSize is the byte length of the random salt prepended to ciphertext. SaltSize = 32 // NonceSize is the byte length of the GCM nonce. NonceSize = 12 // KeySize is the AES-256 key length in bytes. KeySize = 32 // Iterations is the PBKDF2 iteration count. Iterations = 600_000 )
const DataFileName = ".data"
DataFileName is the encrypted token data file name.
Variables ¶
This section is empty.
Functions ¶
func DataFileExistsInAny ¶
DataFileExistsInAny checks whether .data exists in any of the given dirs.
func Decrypt ¶
Decrypt decrypts data produced by Encrypt. Expects salt(32) || nonce(12) || ciphertext+tag.
func DeleteEncryptedData ¶
DeleteEncryptedData removes .data files from the given directories.
func Encrypt ¶
Encrypt encrypts plaintext using PBKDF2-derived AES-256-GCM. Output format: salt(32) || nonce(12) || ciphertext+tag.
func GetMACAddress ¶
GetMACAddress returns the first physical (non-loopback, non-virtual) MAC address, sorted lexicographically for determinism. If no physical NIC is found (e.g. inside a Docker container), it falls back to the first non-loopback virtual MAC address so that token encryption still works.
Types ¶
type SecureTokenStorage ¶
type SecureTokenStorage struct {
// contains filtered or unexported fields
}
SecureTokenStorage provides encrypted token persistence using MAC.
func NewSecureTokenStorage ¶
func NewSecureTokenStorage(configDir, fallbackDir, macAddr string) *SecureTokenStorage
NewSecureTokenStorage creates a new secure storage instance. fallbackDir may be empty.
func (*SecureTokenStorage) DataDirs ¶
func (s *SecureTokenStorage) DataDirs() []string
DataDirs returns all configured data directories.
func (*SecureTokenStorage) DeleteToken ¶
func (s *SecureTokenStorage) DeleteToken() error
DeleteToken removes encrypted data files from all configured dirs.
func (*SecureTokenStorage) Exists ¶
func (s *SecureTokenStorage) Exists() bool
Exists checks whether an encrypted data file exists in any configured dir.
func (*SecureTokenStorage) LoadToken ¶
func (s *SecureTokenStorage) LoadToken() (*TokenData, error)
LoadToken reads and decrypts .data; tries configDir first, then fallbackDir.
func (*SecureTokenStorage) SaveToken ¶
func (s *SecureTokenStorage) SaveToken(data *TokenData) error
SaveToken encrypts and persists token data using atomic write with fsync.
type TokenData ¶
type TokenData struct {
AccessToken string `json:"access_token"`
RefreshToken string `json:"refresh_token"`
PersistentCode string `json:"persistent_code"`
ExpiresAt time.Time `json:"expires_at"`
RefreshExpAt time.Time `json:"refresh_expires_at"`
CorpID string `json:"corp_id"`
UserID string `json:"user_id,omitempty"`
UserName string `json:"user_name,omitempty"`
CorpName string `json:"corp_name,omitempty"`
UpdatedAt string `json:"updated_at,omitempty"`
Source string `json:"source,omitempty"`
}
TokenData mirrors auth.TokenData for the security layer.
Source Files