mirror of
https://github.com/imgproxy/imgproxy.git
synced 2025-01-08 10:45:04 +02:00
42 lines
858 B
Go
42 lines
858 B
Go
package main
|
|
|
|
import (
|
|
"crypto/hmac"
|
|
"crypto/sha256"
|
|
"encoding/base64"
|
|
"errors"
|
|
)
|
|
|
|
var (
|
|
errInvalidSignature = errors.New("Invalid signature")
|
|
errInvalidSignatureEncoding = errors.New("Invalid signature encoding")
|
|
)
|
|
|
|
type securityKey []byte
|
|
|
|
func validatePath(signature, path string) error {
|
|
messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
|
|
if err != nil {
|
|
return errInvalidSignatureEncoding
|
|
}
|
|
|
|
for i := 0; i < len(conf.Keys); i++ {
|
|
if hmac.Equal(messageMAC, signatureFor(path, i)) {
|
|
return nil
|
|
}
|
|
}
|
|
|
|
return errInvalidSignature
|
|
}
|
|
|
|
func signatureFor(str string, pairInd int) []byte {
|
|
mac := hmac.New(sha256.New, conf.Keys[pairInd])
|
|
mac.Write(conf.Salts[pairInd])
|
|
mac.Write([]byte(str))
|
|
expectedMAC := mac.Sum(nil)
|
|
if conf.SignatureSize < 32 {
|
|
return expectedMAC[:conf.SignatureSize]
|
|
}
|
|
return expectedMAC
|
|
}
|