Product
Introducing License Enforcement in Socket
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
gopkg.in/twindagger/httpsig.v1
httpsig is a go package with for HTTP Signature. It also implements extensions to the standard, as LeisureLink uses an anticipated jwt extension.
import "gopkg.in/LeisureLink/httpsig.v1"
This example signs a request and includes the date, and (request-target) header components in the signature.
// set key as a string from file read, memory, etc.
req, _ := http.NewRequest("GET", "http://example.com/path/to/resource", nil)
signer, _ := httpsig.NewRequestSigner("my-key-id", key, "rsa-sha256")
err := signer.SignRequest(req, []string{"date", "(request-target)"}, jwt)
This example verifies that a request contains a signature and returns a 401 Unauthorized response if a signature is not present or not verifiable.
func HandleReq(w http.ResponseWriter, r *http.Request) {
parsed, err := ParseRequest(req)
if err != nil {
w.WriteHeader(http.StatusUnauthorized)
return
}
publicKey := lookupPubKey(parsed.KeyId())
verified, err := VerifySignature(parsed, publicKey)
if err != nil || !verified {
w.WriteHeader(http.StatusUnauthorized)
return
}
w.WriteHeader(http.StatusOK)
w.Write("Authoirzation Passed")
}
func main() {
http.HandleFunc("/", HandleReq)
http.ListenAndServe(":8080", nil)
}
go get gopkg.in/LeisureLink/httpsig.v1
MIT.
FAQs
Unknown package
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Ensure open-source compliance with Socket’s License Enforcement Beta. Set up your License Policy and secure your software!
Product
We're launching a new set of license analysis and compliance features for analyzing, managing, and complying with licenses across a range of supported languages and ecosystems.
Product
We're excited to introduce Socket Optimize, a powerful CLI command to secure open source dependencies with tested, optimized package overrides.