2017-06-20 16:58:55 +03:00
|
|
|
package main
|
|
|
|
|
|
|
|
import (
|
|
|
|
"crypto/hmac"
|
|
|
|
"crypto/sha256"
|
|
|
|
"encoding/base64"
|
|
|
|
"errors"
|
|
|
|
)
|
|
|
|
|
2018-10-06 02:29:55 +06:00
|
|
|
var (
|
2018-10-06 03:01:54 +06:00
|
|
|
errInvalidToken = errors.New("Invalid token")
|
|
|
|
errInvalidTokenEncoding = errors.New("Invalid token encoding")
|
2018-10-06 02:29:55 +06:00
|
|
|
)
|
|
|
|
|
2017-06-20 16:58:55 +03:00
|
|
|
func validatePath(token, path string) error {
|
|
|
|
messageMAC, err := base64.RawURLEncoding.DecodeString(token)
|
|
|
|
if err != nil {
|
2018-10-06 03:01:54 +06:00
|
|
|
return errInvalidTokenEncoding
|
2017-06-20 16:58:55 +03:00
|
|
|
}
|
|
|
|
|
2018-11-02 14:10:20 +03:00
|
|
|
if !hmac.Equal(messageMAC, signatureFor(path)) {
|
2018-10-06 02:29:55 +06:00
|
|
|
return errInvalidToken
|
2017-06-20 16:58:55 +03:00
|
|
|
}
|
|
|
|
|
|
|
|
return nil
|
|
|
|
}
|
2018-11-02 14:10:20 +03:00
|
|
|
|
|
|
|
func signatureFor(str string) []byte {
|
|
|
|
mac := hmac.New(sha256.New, conf.Key)
|
|
|
|
mac.Write(conf.Salt)
|
|
|
|
mac.Write([]byte(str))
|
|
|
|
expectedMAC := mac.Sum(nil)
|
|
|
|
if conf.SignatureSize < 32 {
|
|
|
|
return expectedMAC[:conf.SignatureSize]
|
|
|
|
}
|
|
|
|
return expectedMAC
|
|
|
|
}
|