https://github.com/tsawler/signer

A simple package to sign and verify URLs
https://github.com/tsawler/signer

go golang security

Last synced: 5 months ago
JSON representation

A simple package to sign and verify URLs

Host: GitHub
URL: https://github.com/tsawler/signer
Owner: tsawler
License: mit
Created: 2022-05-19T10:46:28.000Z (about 4 years ago)
Default Branch: main
Last Pushed: 2024-06-26T13:32:09.000Z (about 2 years ago)
Last Synced: 2024-06-26T16:34:45.428Z (about 2 years ago)
Topics: go, golang, security
Language: Go
Homepage:
Size: 35.2 KB
Stars: 13
Watchers: 1
Forks: 2
Open Issues: 0
Metadata Files:
- Readme: readme.md
- License: license.md

Awesome Lists containing this project

README

          [![Go Report Card](https://goreportcard.com/badge/github.com/tsawler/signer)](https://goreportcard.com/report/github.com/tsawler/signer)

[![Version](https://img.shields.io/badge/goversion-1.18.x-blue.svg)](https://golang.org)



[![License](http://img.shields.io/badge/license-mit-blue.svg?style=flat-square)](https://raw.githubusercontent.com/tsawler/goblender/master/LICENSE)

![Tests](https://github.com/tsawler/signer/actions/workflows/tests.yml/badge.svg)

[![Go Coverage](https://github.com/tsawler/signer/wiki/coverage.svg)](https://raw.githack.com/wiki/tsawler/signer/coverage.html)

# Signer

Signer is a simple package that makes signing URLs painless. It uses

[github.com/tsawler/itsdangerous](https://github.com/tsawler/itsdangerous) to sign URLs.

This is useful for things like sending an email with a link that can be verified, and which is

tamper-proof.

## Installation

`go get github.com/tsawler/signer@latest`

## Usage

```golang

package main

import (

	"fmt"

	"github.com/tsawler/signer"

)

const secret = "somelongsecuresecret"

func main() {

	// Create a variable of type Signature, and pass it a secret, <= 64 characters.

	sign := signer.Signature{Secret: secret}

	// Call the SignURL to get a signed version. Note that only the part after 

	// https://somesite.com or http://somesite.com is actually signed, but you 

	// must pass the full url. This way, we can use the package in development 

	// without worrying about the domain name of a particular site.

	signed, _ := sign.SignURL("https://example.com/test?id=1")

	fmt.Println("Signed url:", signed)

	

	// Output is something like:

	// https://example.com/test?id=1&hash=.3w4TgJ.pAJWBPAO5k1cimZJ-nrRKnlvosOY1Krrp3ALf1rOAds

	

	// Verify that a signed URL is valid, and was  issued by this application. Here, 

	// valid is true if the URL has a valid signature, and false if it is not.

	valid, _ := sign.VerifyURL(signed)

	fmt.Println("Valid url:", valid)

	// You can also check for expiry. Here, the signed url expires after 30 minutes.

	expired := sign.Expired(signed, 30)

	fmt.Println("Expired:", expired)

	// You can also check for expiry in seconds. Here, the signed url expires after 30 seconds.

	expired = sign.ExpiredSeconds(signed, 30)

	fmt.Println("Expired:", expired)

}

```

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Awesome

https://github.com/tsawler/signer

Awesome Lists containing this project

README