{"id":16834931,"url":"https://github.com/dchest/authcookie","last_synced_at":"2025-04-04T23:08:02.264Z","repository":{"id":57479496,"uuid":"1599124","full_name":"dchest/authcookie","owner":"dchest","description":"[DEPRECATED] Go package authcookie implements creation and verification of signed authentication cookies.","archived":false,"fork":false,"pushed_at":"2019-08-24T11:51:10.000Z","size":28,"stargazers_count":109,"open_issues_count":0,"forks_count":11,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-10-14T12:08:18.916Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/dchest.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-04-11T13:37:44.000Z","updated_at":"2024-02-10T09:50:34.000Z","dependencies_parsed_at":"2022-09-17T04:52:03.194Z","dependency_job_id":null,"html_url":"https://github.com/dchest/authcookie","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Fauthcookie","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Fauthcookie/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Fauthcookie/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/dchest%2Fauthcookie/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/dchest","download_url":"https://codeload.github.com/dchest/authcookie/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247261604,"owners_count":20910108,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-10-13T12:08:24.991Z","updated_at":"2025-04-04T23:08:02.246Z","avatar_url":"https://github.com/dchest.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"Package authcookie\n=====================\n\n\timport \"github.com/dchest/authcookie\"\n\nPackage authcookie implements creation and verification of signed\nauthentication cookies.\n\nCookie is a Base64 encoded (using URLEncoding, from RFC 4648) string, which\nconsists of concatenation of expiration time, login, and signature:\n\n\texpiration time || login || signature\n\nwhere expiration time is the number of seconds since Unix epoch UTC\nindicating when this cookie must expire (4 bytes, big-endian, uint32), login\nis a byte string of arbitrary length (at least 1 byte, not null-terminated),\nand signature is 32 bytes of HMAC-SHA256(expiration_time || login, k), where\nk = HMAC-SHA256(expiration_time || login, secret key).\n\nExample:\n\n\tsecret := []byte(\"my secret key\")\n\n\t// Generate cookie valid for 24 hours for user \"bender\"\n\tcookie := authcookie.NewSinceNow(\"bender\", 24 * time.Hour, secret)\n\n\t// cookie is now:\n\t// Tajh02JlbmRlcskYMxowgwPj5QZ94jaxhDoh3n0Yp4hgGtUpeO0YbMTY\n\t// send it to user's browser..\n\n\t// To authenticate a user later, receive cookie and:\n\tlogin := authcookie.Login(cookie, secret)\n\tif login != \"\" {\n\t\t// access for login granted\n\t} else {\n\t\t// access denied\n\t}\n\nNote that login and expiration time are not encrypted, they are only signed\nand Base64 encoded.\n\n\nVariables\n---------\n\n\tvar (\n\t    ErrMalformedCookie = errors.New(\"malformed cookie\")\n\t    ErrWrongSignature  = errors.New(\"wrong cookie signature\")\n\t)\n\n\n\tvar MinLength = base64.URLEncoding.EncodedLen(decodedMinLength)\n\nMinLength is the minimum allowed length of cookie string.\n\nIt is useful for avoiding DoS attacks with too long cookies: before passing\na cookie to Parse or Login functions, check that it has length less than the\n[maximum login length allowed in your application] + MinLength.\n\n\nFunctions\n---------\n\n### func Login\n\n\tfunc Login(cookie string, secret []byte) string\n\nLogin returns a valid login extracted from the given cookie and verified\nusing the given secret key.  If verification fails or the cookie expired,\nthe function returns an empty string.\n\n### func New\n\n\tfunc New(login string, expires time.Time, secret []byte) string\n\nNew returns a signed authentication cookie for the given login,\nexpiration time, and secret key.\nIf the login is empty, the function returns an empty string.\n\n### func NewNoPadding\n\n\tfunc NewNoPadding(login string, expires time.Time, secret []byte) string\n\nNewNoPadding is like New but returns cookie encoded without base64 padding characters.\n\n### func NewSinceNow\n\n\tfunc NewSinceNow(login string, dur time.Duration, secret []byte) string\n\nNewSinceNow returns a signed authetication cookie for the given login,\nduration time since current time, and secret key.\n\n### func Parse\n\n\tfunc Parse(cookie string, secret []byte) (login string, expires time.Time, err error)\n\nParse verifies the given cookie with the secret key and returns login and\nexpiration time extracted from the cookie. If the cookie fails verification\nor is not well-formed, the function returns an error.\n\nCallers must:\n\n1. Check for the returned error and deny access if it's present.\n\n2. Check the returned expiration time and deny access if it's in the past.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdchest%2Fauthcookie","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fdchest%2Fauthcookie","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fdchest%2Fauthcookie/lists"}