Documentation
¶
Index ¶
Constants ¶
View Source
const ( HeaderVerified = "X-E2A-Auth-Verified" HeaderSender = "X-E2A-Auth-Sender" HeaderSignature = "X-E2A-Auth-Signature" HeaderDelegation = "X-E2A-Auth-Delegation" HeaderEntityType = "X-E2A-Auth-Entity-Type" HeaderTimestamp = "X-E2A-Auth-Timestamp" HeaderDomainCheck = "X-E2A-Auth-Domain-Check" HeaderMessageID = "X-E2A-Auth-Message-Id" HeaderBodyHash = "X-E2A-Auth-Body-Hash" )
View Source
const DefaultMaxAge = 5 * time.Minute
Variables ¶
This section is empty.
Functions ¶
func HashBody ¶
HashBody returns the lowercase hex SHA-256 of the raw message body. Used both at sign time (to populate the canonical) and at verify time (so recipients can hash the bytes they received and compare to the signed canonical). Centralizing here ensures sender and verifier use identical encoding.
Types ¶
type AuthHeaders ¶
type AuthPayload ¶
type AuthPayload struct {
Verified bool
Sender string
EntityType string // "human" or "agent"
DomainCheck string // e.g. "spf=pass; dkim=none"
AgentID string
HumanID string
// MessageID binds the signature to a specific message so a captured
// (headers, MAC) pair cannot be lifted onto a different message
// within the replay window. Required.
MessageID string
// BodyHash is the hex SHA-256 of the raw message bytes the recipient
// will receive. Binding the MAC to the body hash prevents an
// attacker from replaying valid headers under a modified body.
// Callers should use HashBody(body) to compute it.
BodyHash string
}
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
func (*Signer) Sign ¶
func (s *Signer) Sign(p AuthPayload) AuthHeaders
func (*Signer) Verify ¶
func (s *Signer) Verify(h AuthHeaders) bool
func (*Signer) VerifyWithMaxAge ¶
func (s *Signer) VerifyWithMaxAge(h AuthHeaders, maxAge time.Duration) bool
Source Files
Click to show internal directories.
Click to hide internal directories.