imgproxy/crypt.go

package main

import (
	"crypto/hmac"
	"crypto/sha256"
	"encoding/base64"
	"errors"
)

var (
	errInvalidToken         = errors.New("Invalid token")
	errInvalidTokenEncoding = errors.New("Invalid token encoding")
)

func validatePath(token, path string) error {
	messageMAC, err := base64.RawURLEncoding.DecodeString(token)
	if err != nil {
		return errInvalidTokenEncoding
	}

	if !hmac.Equal(messageMAC, signatureFor(path)) {
		return errInvalidToken
	}

	return nil
}

func signatureFor(str string) []byte {
	mac := hmac.New(sha256.New, conf.Key)
	mac.Write(conf.Salt)
	mac.Write([]byte(str))
	expectedMAC := mac.Sum(nil)
	if conf.SignatureSize < 32 {
		return expectedMAC[:conf.SignatureSize]
	}
	return expectedMAC
}
Initial commit 2017-06-20 15:58:55 +02:00			`package main`

			`import (`
			`"crypto/hmac"`
			`"crypto/sha256"`
			`"encoding/base64"`
			`"errors"`
			`)`

Predefine static errors 2018-10-05 22:29:55 +02:00			`var (`
Typo 2018-10-05 23:01:54 +02:00			`errInvalidToken = errors.New("Invalid token")`
			`errInvalidTokenEncoding = errors.New("Invalid token encoding")`
Predefine static errors 2018-10-05 22:29:55 +02:00			`)`

Initial commit 2017-06-20 15:58:55 +02:00			`func validatePath(token, path string) error {`
			`messageMAC, err := base64.RawURLEncoding.DecodeString(token)`
			`if err != nil {`
Typo 2018-10-05 23:01:54 +02:00			`return errInvalidTokenEncoding`
Initial commit 2017-06-20 15:58:55 +02:00			`}`

Option to use truncated signature (#88) * CircleCI * Fix docs resize_type -> resizing_type (#91) As noted in my issue... * Option to use truncated signature * Don't use 0 as no-limit for SignatureSize 2018-11-02 13:10:20 +02:00			`if !hmac.Equal(messageMAC, signatureFor(path)) {`
Predefine static errors 2018-10-05 22:29:55 +02:00			`return errInvalidToken`
Initial commit 2017-06-20 15:58:55 +02:00			`}`

			`return nil`
			`}`
Option to use truncated signature (#88) * CircleCI * Fix docs resize_type -> resizing_type (#91) As noted in my issue... * Option to use truncated signature * Don't use 0 as no-limit for SignatureSize 2018-11-02 13:10:20 +02:00
			`func signatureFor(str string) []byte {`
			`mac := hmac.New(sha256.New, conf.Key)`
			`mac.Write(conf.Salt)`
			`mac.Write([]byte(str))`
			`expectedMAC := mac.Sum(nil)`
			`if conf.SignatureSize < 32 {`
			`return expectedMAC[:conf.SignatureSize]`
			`}`
			`return expectedMAC`
			`}`