hawk
packagemodule
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Open Source Insights
README¶
hawk
Package hawk supports to use Hawk authentication scheme.
About Hawk:https://github.com/hueniverse/hawk
Installation
go get github.com/hiyosi/hawkExample
simple client / server
// sample serverpackage mainimport ("fmt""time""github.com/hiyosi/hawk""net/http")type credentialStore struct{}func (c *credentialStore) GetCredential(id string) (*hawk.Credential, error) {return &hawk.Credential{ID: id,Key: "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg: hawk.SHA256,}, nil}var testCredStore = &credentialStore{}func hawkHandler(w http.ResponseWriter, r *http.Request) {s := hawk.NewServer(testCredStore)// authenticate client requestcred, err := s.Authenticate(r)if err != nil {w.Header().Set("WWW-Authenticate", "Hawk")w.WriteHeader(401)fmt.Println(err)return}opt := &hawk.Option{TimeStamp: time.Now().Unix(),Ext: "response-specific",}// build server response headerh, _ := s.Header(r, cred, opt)w.Header().Set("Server-Authorization", h)w.WriteHeader(200)w.Write([]byte("Hello, " + cred.ID))}func main() {http.HandleFunc("/resource", hawkHandler)http.ListenAndServe(":8080", nil)}// sample clientpackage mainimport ("fmt""time""github.com/hiyosi/hawk""io/ioutil""net/http")func main() {c := hawk.NewClient(&hawk.Credential{ID: "123456",Key: "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg: hawk.SHA256,},&hawk.Option{TimeStamp: time.Now().Unix(),Nonce: "3hOHpR",Ext: "some-app-data",},)// build request headerheader, _ := c.Header("GET", "http://localhost:8080/resource")req, _ := http.NewRequest("GET", "http://localhost:8080/resource", nil)req.Header.Set("Authorization", header)client := &http.Client{}resp, err := client.Do(req)if err != nil {fmt.Println(err)return}defer resp.Body.Close()// authenticate server response.result, err := c.Authenticate(resp)if err != nil {fmt.Println("Server Authentication Failure")}fmt.Println("Server Authentication: ", result)b, err := ioutil.ReadAll(resp.Body)if err == nil {fmt.Println(string(b))}}build bewit parameter
// serverb := hawk.NewBewitConfig(&hawk.Credential{ID: "123456",Key: "werxhqb98rpaxn39848xrunpaw3489ruxnpa98w4rxn",Alg: hawk.SHA256,},10 * time.Minute,)bewit := b.GetBewit("http://localhost:8080/temp/resource", nil)fmt.Println(bewit)authenticate bewit parameter
// serverfunc hawkBewitHandler(w http.ResponseWriter, r *http.Request) {s := hawk.NewServer(testCredStore)cred, err := s.AuthenticateBewit(r)if err != nil {w.Header().Set("WWW-Authenticate", "Hawk")w.WriteHeader(401)fmt.Println(err)return}w.WriteHeader(200)w.Write([]byte("Access Allow, " + cred.ID))}if behind a proxy, you can use an another header field or custom hostname.
- get host-name by specified header name.
s := hawk.NewServer(testCredStore)s.AuthOption = &hawk.AuthOption{ CustomHostNameHeader: "X-Forwarded-Host",}- or specified hostname value yourself
s := hawk.NewServer(testCredStore) s.AuthOption = &hawk.AuthOption{ CustomHostPort: "b.example.com:8888",}See godoc for further documentation
Contribution
- Fork (https://github.com/hiyosi/hawk/fork)
- Create a feature branch
- Commit your changes
- Rebase your local changes against the master branch
- Run test suite with the
go test ./...command and confirm that it passes - Run
gofmt -s - Create new Pull Request
License
Documentation¶
Overview¶
Package hawk provides support for Hawk authentication.
Index¶
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
Types¶
typeAuthOption¶
typeBewitConfig¶
type BewitConfig struct {Credential *CredentialTtltime.DurationExtstringLocalTimeOffsettime.Duration}funcNewBewitConfig¶
func NewBewitConfig(c *Credential, ttltime.Duration) *BewitConfig
typeClient¶
type Client struct {Credential *CredentialOption *Option}funcNewClient¶
func NewClient(c *Credential, o *Option) *Client
func (*Client)Authenticate¶
Authenticate authenticate the Hawk server response from the HTTP response.Successful case returns true.
typeClock¶
type Clock interface {// Now returns the current unix-time obtained by adding a offset value.Now(offsettime.Duration)int64}Clock returns a time.
typeCredential¶
typeCredentialStore¶
type CredentialStore interface {GetCredential(idstring) (*Credential,error)}typeLocalClock¶
type LocalClock struct{}typeMac¶
typeNonceValidator¶
typePayloadHash¶
func (*PayloadHash)String¶
func (h *PayloadHash) String()string
String returns a base64 encoded hash value of payload
typeServer¶
type Server struct {CredentialStoreCredentialStoreNonceValidatorNonceValidatorTimeStampSkewtime.DurationLocaltimeOffsettime.DurationPayloadstringAuthOption *AuthOption}func (*Server)Authenticate¶
func (s *Server) Authenticate(req *http.Request) (*Credential,error)
Authenticate authenticate the Hawk request from the HTTP request.Successful case returns credential information about requested user.
func (*Server)AuthenticateBewit¶
func (s *Server) AuthenticateBewit(req *http.Request) (*Credential,error)
AuthenticateBewit authenticate the Hawk bewit request from the HTTP request.Successful case returns credential information about requested user.
Source Files