Security News
Opengrep Emerges as Open Source Alternative Amid Semgrep Licensing Controversy
Opengrep forks Semgrep to preserve open source SAST in response to controversial licensing changes.
By Sarah Gooding - Jan 28, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/codevault-llc/gofingerprint
- Version published
- Created
Go-Fingerprint
A fingerprinting library for golang applications with a middleware for http servers.
Usage
package main
import (
"fmt"
"net/http"
"github.com/codevault-llc/gofingerprint"
)
func main() {
// Create a new http server
mux := http.NewServeMux()
// Apply the fingerprinting middleware to the HelloHandler
mux.Handle("/hello", gofingerprint.FingerprintMiddleware(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
// The Fingerprint adds the required headers to the response.
// Here is how you can access the fingerprint data.
fingerprintHeader := r.Header.Get("X-Fingerprint") // The header returned by the middleware
var fingerprint gofingerprint.Fingerprint // The struct to hold the fingerprint data
err := json.Unmarshal([]byte(fingerprintHeader), &fingerprint) // Parse the header into the struct
if err != nil {
http.Error(w, "Error parsing fingerprint", http.StatusInternalServerError)
return
}
// Now you can access the fingerprint data
fmt.Println(fingerprint.Hash) // The hash returned of all the calculations done by the middleware, save this to verify the fingerprint later.
fmt.Fprintf(w, "Hello, World!")
})))
// Start the server
http.ListenAndServe(":8080", mux)
}
Understanding the Fingerprint
The fingerprint is a simple function that calculates a hash of the requests the user is sending. After making a correct hash, we then send it over to the developer for them to do whatever they want. The hash is often stored in a database at the API, and then verified how many times the hash has been seen and so fourth. Generally just a ID for the user.
When you implement the middleware, we are calculating some different things, such as if its a local ip, the user agent, the time, and the request method. We then hash all of these things together to create a unique hash for the user. This is then sent back to the user in the X-Fingerprint header. The value of the header is a stringified JSON object that is equal to the Fingerprint struct.
License
This project is licensed under the MIT License - see the LICENSE file for details
FAQs
Unknown package
Package last updated on 27 Sep 2024
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Node.js EOL Versions CVE Dubbed the "Worst CVE of the Year" by Security Experts
Critics call the Node.js EOL CVE a misuse of the system, sparking debate over CVE standards and the growing noise in vulnerability databases.
By Sarah Gooding - Jan 24, 2025
Security News
cURL Project and Go Security Teams Reject CVSS as Broken
cURL and Go security teams are publicly rejecting CVSS as flawed for assessing vulnerabilities and are calling for more accurate, context-aware approaches.
By Sarah Gooding - Jan 24, 2025