Documentation
¶
Index ¶
Constants ¶
const ( HeaderVerified = "X-E2A-Auth-Verified" HeaderSender = "X-E2A-Auth-Sender" HeaderSignature = "X-E2A-Auth-Signature" HeaderDelegation = "X-E2A-Auth-Delegation" HeaderEntityType = "X-E2A-Auth-Entity-Type" HeaderTimestamp = "X-E2A-Auth-Timestamp" HeaderDomainCheck = "X-E2A-Auth-Domain-Check" HeaderMessageID = "X-E2A-Auth-Message-Id" HeaderBodyHash = "X-E2A-Auth-Body-Hash" )
const DefaultMaxAge = 5 * time.Minute
Variables ¶
This section is empty.
Functions ¶
func HashBody ¶
HashBody returns the lowercase hex SHA-256 of the raw message body. Used both at sign time (to populate the canonical) and at verify time (so recipients can hash the bytes they received and compare to the signed canonical). Centralizing here ensures sender and verifier use identical encoding.
func Verify ¶ added in v0.3.0
func Verify(secrets []string, h AuthHeaders) bool
Verify checks a header set against any of the provided secrets and the default replay window. Returns true if any secret produces a matching signature. Used by recipients holding multiple active keys during a rotation.
func VerifyWithMaxAge ¶ added in v0.3.0
func VerifyWithMaxAge(secrets []string, h AuthHeaders, maxAge time.Duration) bool
VerifyWithMaxAge is the configurable-window variant of Verify.
Types ¶
type AuthHeaders ¶
func Sign ¶ added in v0.3.0
func Sign(secret string, p AuthPayload) AuthHeaders
Sign produces signed auth headers using the given HMAC secret. This is the canonical entry point — callers (the relay, in particular) look up the per-user secret and pass it in directly. The Signer struct below is a thin wrapper kept for tests and the legacy deployment-wide signing path.
type AuthPayload ¶
type AuthPayload struct {
Verified bool
Sender string
EntityType string // "human" or "agent"
DomainCheck string // e.g. "spf=pass; dkim=none"
AgentID string
HumanID string
// MessageID binds the signature to a specific message so a captured
// (headers, MAC) pair cannot be lifted onto a different message
// within the replay window. Required.
MessageID string
// BodyHash is the hex SHA-256 of the raw message bytes the recipient
// will receive. Binding the MAC to the body hash prevents an
// attacker from replaying valid headers under a modified body.
// Callers should use HashBody(body) to compute it.
BodyHash string
}
type Signer ¶
type Signer struct {
// contains filtered or unexported fields
}
Signer is a thin wrapper around a single secret. Kept for the legacy deployment-wide signing path used in tests and the contract server; new code should call Sign/Verify directly.
func (*Signer) Sign ¶
func (s *Signer) Sign(p AuthPayload) AuthHeaders
func (*Signer) Verify ¶
func (s *Signer) Verify(h AuthHeaders) bool
func (*Signer) VerifyWithMaxAge ¶
func (s *Signer) VerifyWithMaxAge(h AuthHeaders, maxAge time.Duration) bool
Source Files