1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2024-12-09 09:56:01 +02:00
imgproxy/crypt.go
2018-11-20 19:05:16 +06:00

42 lines
858 B
Go

package main
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"errors"
)
var (
errInvalidSignature = errors.New("Invalid signature")
errInvalidSignatureEncoding = errors.New("Invalid signature encoding")
)
type securityKey []byte
func validatePath(signature, path string) error {
messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
if err != nil {
return errInvalidSignatureEncoding
}
for i := 0; i < len(conf.Keys); i++ {
if hmac.Equal(messageMAC, signatureFor(path, i)) {
return nil
}
}
return errInvalidSignature
}
func signatureFor(str string, pairInd int) []byte {
mac := hmac.New(sha256.New, conf.Keys[pairInd])
mac.Write(conf.Salts[pairInd])
mac.Write([]byte(str))
expectedMAC := mac.Sum(nil)
if conf.SignatureSize < 32 {
return expectedMAC[:conf.SignatureSize]
}
return expectedMAC
}