JustAnotherArchivist
/
transfer.sh
forkattu lähteestä kiska/transfer.sh
1
0
Fork 1
Koodi Ongelmat 0 Pull-pyynnöt 0 Julkaisut 0 Wiki Toiminta
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
306 Commitit
17 Branchit
34 MiB
Puu: 03d8efbf13
Branchit Tagit
${ item.name }
Create branch ${ searchTerm }
from '03d8efbf13'
${ noResults }
transfer.sh/vendor/github.com/gorilla/securecookie/README.md

README.md 2.7 KiB
Raaka Normaali näkymä Historia

Major rewrite * use dep for vendoring * lets encrypt * moved web to transfer.sh-web repo * single command install * added first tests
7 vuotta sitten
 12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576 
  1. securecookie

  2. ============

  3. [![GoDoc](https://godoc.org/github.com/gorilla/securecookie?status.svg)](https://godoc.org/github.com/gorilla/securecookie) [![Build Status](https://travis-ci.org/gorilla/securecookie.png?branch=master)](https://travis-ci.org/gorilla/securecookie)

  4. 

  5. securecookie encodes and decodes authenticated and optionally encrypted 

  6. cookie values.

  7. 

  8. Secure cookies can't be forged, because their values are validated using HMAC.

  9. When encrypted, the content is also inaccessible to malicious eyes. It is still

  10. recommended that sensitive data not be stored in cookies, and that HTTPS be used

  11. to prevent cookie [replay attacks](https://en.wikipedia.org/wiki/Replay_attack).

  12. 

  13. ## Examples

  14. 

  15. To use it, first create a new SecureCookie instance:

  16. 

  17. ```go

  18. // Hash keys should be at least 32 bytes long

  19. var hashKey = []byte("very-secret")

  20. // Block keys should be 16 bytes (AES-128) or 32 bytes (AES-256) long.

  21. // Shorter keys may weaken the encryption used.

  22. var blockKey = []byte("a-lot-secret")

  23. var s = securecookie.New(hashKey, blockKey)

  24. ```

  25. 

  26. The hashKey is required, used to authenticate the cookie value using HMAC.

  27. It is recommended to use a key with 32 or 64 bytes.

  28. 

  29. The blockKey is optional, used to encrypt the cookie value -- set it to nil

  30. to not use encryption. If set, the length must correspond to the block size

  31. of the encryption algorithm. For AES, used by default, valid lengths are

  32. 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.

  33. 

  34. Strong keys can be created using the convenience function GenerateRandomKey().

  35. 

  36. Once a SecureCookie instance is set, use it to encode a cookie value:

  37. 

  38. ```go

  39. func SetCookieHandler(w http.ResponseWriter, r *http.Request) {

  40. 	value := map[string]string{

  41. 		"foo": "bar",

  42. 	}

  43. 	if encoded, err := s.Encode("cookie-name", value); err == nil {

  44. 		cookie := &http.Cookie{

  45. 			Name:  "cookie-name",

  46. 			Value: encoded,

  47. 			Path:  "/",

  48. 		}

  49. 		http.SetCookie(w, cookie)

  50. 	}

  51. }

  52. ```

  53. 

  54. Later, use the same SecureCookie instance to decode and validate a cookie

  55. value:

  56. 

  57. ```go

  58. func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {

  59. 	if cookie, err := r.Cookie("cookie-name"); err == nil {

  60. 		value := make(map[string]string)

  61. 		if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil {

  62. 			fmt.Fprintf(w, "The value of foo is %q", value["foo"])

  63. 		}

  64. 	}

  65. }

  66. ```

  67. 

  68. We stored a map[string]string, but secure cookies can hold any value that

  69. can be encoded using `encoding/gob`. To store custom types, they must be

  70. registered first using gob.Register(). For basic types this is not needed;

  71. it works out of the box. An optional JSON encoder that uses `encoding/json` is

  72. available for types compatible with JSON.

  73. 

  74. ## License

  75. 

  76. BSD licensed. See the LICENSE file for details.