proofkeys

package

v1.1.0 Latest Latest Go to latest Published: Mar 18, 2025 License: Apache-2.0 Imports: 14 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/opencloud-eu/opencloud

Links

Documentation ¶

Index ¶

type PubKeys
type Verifier
- func NewVerifyHandler(discoveryURL string, insecure bool, cachedDur time.Duration) Verifier
type VerifyHandler
- func (vh *VerifyHandler) Verify(accessToken, url, timestamp, sig64, oldSig64 string, opts ...VerifyOption) error
type VerifyOption
- func VerifyWithLogger(val *zerolog.Logger) VerifyOption
type VerifyOptions

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PubKeys ¶

type PubKeys struct {
	Key        *rsa.PublicKey
	OldKey     *rsa.PublicKey
	ExpireTime time.Time
}

type Verifier ¶

type Verifier interface {
	Verify(accessToken, url, timestamp, sig64, oldSig64 string, opts ...VerifyOption) error
}

func NewVerifyHandler ¶

func NewVerifyHandler(discoveryURL string, insecure bool, cachedDur time.Duration) Verifier

NewVerifyHandler will return a new Verifier with the provided parameters The discoveryURL must point to the https://office.wopi/hosting/discovery address, which contains the xml with the proof keys (and more information) The insecure parameter can be used to disable certificate verification when conecting to the provided discoveryURL CachedDur is the duration the keys will be cached in memory. The cached keys will be used for the duration provided, after that new keys will be fetched from the discoveryURL.

For WOPI apps whose proof keys rotate after a while, you must ensure that the provided duration is shorter than the rotation time. This should guarantee that we can't fail to verify a request due to obsolete keys.

type VerifyHandler ¶

type VerifyHandler struct {
	// contains filtered or unexported fields
}

func (*VerifyHandler) Verify ¶

func (vh *VerifyHandler) Verify(accessToken, url, timestamp, sig64, oldSig64 string, opts ...VerifyOption) error

Verify the request comes from a trusted source All the provided parameters are strings: * accessToken: The access token used for this request (targeting this collaboration service) * url: The full url for this request, including scheme, host and all query parameters, something like "https://wopi.opencloud.test/wopi/file/abcbcbd?access_token=oiuiu" or "http://wopiserver:8888/wopi/file/abcdef?access_token=zzxxyy" * timestamp: The timestamp provided by the WOPI app in the "X-WOPI-TimeStamp" header, as string * sig64: The base64-encoded signature, which should come directly from the "X-WOPI-Proof" header * oldSig64: The base64-encoded previous signature, coming from the "X-WOPI-ProofOld" header

The public keys will be obtained from the /hosting/discovery path of the target WOPI app. Note that the method will perform the following checks in that order: * current signature with the current key * old signature with the current key * current signature with the old key If all of those checks are wrong, the method will fail, and the request should be rejected.

The method will return an error if something fails, or nil if everything is ok

type VerifyOption ¶

type VerifyOption func(o *VerifyOptions)

VerifyOption defines a single option function.

func VerifyWithLogger ¶

func VerifyWithLogger(val *zerolog.Logger) VerifyOption

VerifyWithLogger provides a function to set the Logger option.

type VerifyOptions ¶

type VerifyOptions struct {
	Logger *zerolog.Logger
}

VerifyOptions defines the available options for the Verify function.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL