Allow binary values in signed cookies

Make signedValue & Validate operate on []byte by default and not assume/cast string. Any casting will be done from callers.
2025-06-15 00:15:00 +02:00 · 2020-05-04 11:34:01 -07:00
parent f9025a8f8f
commit b4530b9292
4 changed files with 11 additions and 11 deletions
--- a/pkg/encryption/cipher.go
+++ b/pkg/encryption/cipher.go
@ -39,7 +39,7 @@ func SecretBytes(secret string) []byte {
 // additionally, the 'value' is encrypted so it's opaque to the browser

 // Validate ensures a cookie is properly signed
-func Validate(cookie *http.Cookie, seed string, expiration time.Duration) (value string, t time.Time, ok bool) {
+func Validate(cookie *http.Cookie, seed string, expiration time.Duration) (value []byte, t time.Time, ok bool) {
 	// value, timestamp, sig
 	parts := strings.Split(cookie.Value, "|")
 	if len(parts) != 3 {
@ -59,7 +59,7 @@ func Validate(cookie *http.Cookie, seed string, expiration time.Duration) (value
 			// it's a valid cookie. now get the contents
 			rawValue, err := base64.URLEncoding.DecodeString(parts[0])
 			if err == nil {
-				value = string(rawValue)
+				value = rawValue
 				ok = true
 				return
 			}
@ -69,8 +69,8 @@ func Validate(cookie *http.Cookie, seed string, expiration time.Duration) (value
 }

 // SignedValue returns a cookie that is signed and can later be checked with Validate
-func SignedValue(seed string, key string, value string, now time.Time) string {
-	encodedValue := base64.URLEncoding.EncodeToString([]byte(value))
+func SignedValue(seed string, key string, value []byte, now time.Time) string {
+	encodedValue := base64.URLEncoding.EncodeToString(value)
 	timeStr := fmt.Sprintf("%d", now.Unix())
 	sig := cookieSignature(sha256.New, seed, key, encodedValue, timeStr)
 	cookieVal := fmt.Sprintf("%s|%s|%s", encodedValue, timeStr, sig)