- Notifications
You must be signed in to change notification settings - Fork4
hiyosi/hawk
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
Package hawk supports to use Hawk authentication scheme.
About Hawk:https://github.com/hueniverse/hawk
go get github.com/hiyosi/hawksimple client / server
// sample serverpackage mainimport ("fmt""time""github.com/hiyosi/hawk""net/http")typecredentialStorestruct{}func (c*credentialStore)GetCredential(idstring) (*hawk.Credential,error) {return&hawk.Credential{ID:id,Key:"werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg:hawk.SHA256,},nil}vartestCredStore=&credentialStore{}funchawkHandler(w http.ResponseWriter,r*http.Request) {s:=hawk.NewServer(testCredStore)// authenticate client requestcred,err:=s.Authenticate(r)iferr!=nil {w.Header().Set("WWW-Authenticate","Hawk")w.WriteHeader(401)fmt.Println(err)return}opt:=&hawk.Option{TimeStamp:time.Now().Unix(),Ext:"response-specific",}// build server response headerh,_:=s.Header(r,cred,opt)w.Header().Set("Server-Authorization",h)w.WriteHeader(200)w.Write([]byte("Hello, "+cred.ID))}funcmain() {http.HandleFunc("/resource",hawkHandler)http.ListenAndServe(":8080",nil)}
// sample clientpackage mainimport ("fmt""time""github.com/hiyosi/hawk""io/ioutil""net/http")funcmain() {c:=hawk.NewClient(&hawk.Credential{ID:"123456",Key:"werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg:hawk.SHA256,},&hawk.Option{TimeStamp:time.Now().Unix(),Nonce:"3hOHpR",Ext:"some-app-data",},)// build request headerheader,_:=c.Header("GET","http://localhost:8080/resource")req,_:=http.NewRequest("GET","http://localhost:8080/resource",nil)req.Header.Set("Authorization",header)client:=&http.Client{}resp,err:=client.Do(req)iferr!=nil {fmt.Println(err)return}deferresp.Body.Close()// authenticate server response.result,err:=c.Authenticate(resp)iferr!=nil {fmt.Println("Server Authentication Failure")}fmt.Println("Server Authentication: ",result)b,err:=ioutil.ReadAll(resp.Body)iferr==nil {fmt.Println(string(b))}}
build bewit parameter
// serverb:=hawk.NewBewitConfig(&hawk.Credential{ID:"123456",Key:"werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg:hawk.SHA256,},10*time.Minute,)bewit:=b.GetBewit("http://localhost:8080/temp/resource",nil)fmt.Println(bewit)
authenticate bewit parameter
// serverfunchawkBewitHandler(w http.ResponseWriter,r*http.Request) {s:=hawk.NewServer(testCredStore)cred,err:=s.AuthenticateBewit(r)iferr!=nil {w.Header().Set("WWW-Authenticate","Hawk")w.WriteHeader(401)fmt.Println(err)return}w.WriteHeader(200)w.Write([]byte("Access Allow, "+cred.ID))}
if behind a proxy, you can use an another header field or custom hostname.
- get host-name by specified header name.
s:=hawk.NewServer(testCredStore)s.AuthOption=&hawk.AuthOption{CustomHostNameHeader:"X-Forwarded-Host",}
- or specified hostname value yourself
s := hawk.NewServer(testCredStore) s.AuthOption = &hawk.AuthOption{ CustomHostPort: "b.example.com:8888",}See godoc for further documentation
- Fork (https://github.com/hiyosi/hawk/fork)
- Create a feature branch
- Commit your changes
- Rebase your local changes against the master branch
- Run test suite with the
go test ./...command and confirm that it passes - Run
gofmt -s - Create new Pull Request