securecookie

package
v0.1.0-develop.2026060... Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 9, 2026 License: MIT Imports: 14 Imported by: 0

Documentation

Overview

Package securecookie encodes and decodes cookie values with HMAC-SHA256 signing and optional AES-GCM encryption using Go standard library crypto only.

ref: gorilla/securecookie — HMAC+AES codec pattern ref: gofiber/fiber — stdlib-only cookie security approach

Index

Constants

This section is empty.

Variables

View Source
var (
	ErrHashKeyTooShort = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieHashKeyTooShort,
		"securecookie: hashKey must be at least 32 bytes")
	ErrInvalidBlockKey = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieInvalidBlockKey,
		"securecookie: blockKey must be 16, 24, or 32 bytes (or nil)")
	ErrEncodingTooShort = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieEncodingTooShort,
		"securecookie: encoded value too short")
	ErrHMACInvalid = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieHMACInvalid,
		"securecookie: HMAC verification failed")
	ErrExpired = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieExpired,
		"securecookie: cookie has expired")
	ErrDecryptFailed = errcode.New(errcode.KindInvalid, errcode.ErrSecureCookieDecryptFailed,
		"securecookie: decryption failed")
	ErrClockRequired = errcode.New(errcode.KindInvalid, errcode.ErrValidationFailed,
		"securecookie: clock is required (nil or typed-nil rejected)")
	ErrMaxAgeRequired = errcode.New(errcode.KindInvalid, errcode.ErrValidationFailed,
		"securecookie: MaxAge must be greater than zero")
)

Functions

This section is empty.

Types

type Clock

type Clock interface {
	Now() time.Time
}

Clock abstracts the wall-clock reads this package needs to time-stamp cookies and check expiry. It is intentionally local: pkg/ may not import kernel/, so SecureCookie defines the minimal Now() interface that any kernel/clock.Clock satisfies structurally. Callers in higher layers pass their injected clock.Clock through Config.

type Config

type Config struct {
	// HashKey is the HMAC-SHA256 signing key. It must be at least 32 bytes.
	HashKey []byte
	// BlockKey optionally enables AES-GCM encryption. nil means signing only;
	// non-nil values must be 16, 24, or 32 bytes.
	BlockKey []byte
	// Clock is required for timestamps and expiry checks.
	Clock Clock
	// MaxAge is required and must be greater than zero.
	MaxAge int
}

Config contains all required SecureCookie construction inputs.

type SecureCookie

type SecureCookie struct {
	// contains filtered or unexported fields
}

SecureCookie encodes and decodes cookie values with HMAC-SHA256 signing and optional AES-GCM encryption.

func New

func New(cfg Config) (*SecureCookie, error)

New creates a SecureCookie from cfg. Returns ErrClockRequired if cfg.Clock is nil or a typed-nil (interface wrapping a nil pointer) — making this the single, error-style fail-fast point for clock injection (no panic anywhere in the package).

HashKey is required (min 32 bytes). BlockKey may be nil (signing only) or 16/24/32 bytes (AES-128/192/256-GCM). Clock is required: pass the caller's injected clock.Clock at the composition root, or a clockmock.FakeClock in tests. MaxAge is required and must be greater than zero.

func (*SecureCookie) Decode

func (sc *SecureCookie) Decode(name, encoded string) ([]byte, error)

Decode verifies signature, checks freshness, decrypts, and returns the original value.

func (*SecureCookie) Encode

func (sc *SecureCookie) Encode(name string, value []byte) (string, error)

Encode signs (and optionally encrypts) value, returning a base64url string.

Format: base64url( timestamp(8) | [nonce(12) | ciphertext(N)] or payload(N) | hmac(32) ) HMAC input: len(name)(4) | name | timestamp | nonce | payload.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL