首頁 探索 說明
註冊 登入
david
/
urlooker
镜像来自 https://github.com/710leo/urlooker.git
1
0
複刻 0
檔案 問題管理 0 Wiki
目錄樹: fe42ad6cf6
分支列表 標籤列表
urlooker
/
vendor
/
github.com
/
gorilla
/
securecookie
/
doc.go

doc.go 2.1 KB
文件歷史 原始文件

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061 
  1. // Copyright 2012 The Gorilla Authors. All rights reserved.
    2. 

  2. // Use of this source code is governed by a BSD-style
    3. 

  3. // license that can be found in the LICENSE file.
    4. 

  4. 

  5. /*
    6. 

  6. Package securecookie encodes and decodes authenticated and optionally
    7. 

  7. encrypted cookie values.
    8. 

  8. 

  9. Secure cookies can't be forged, because their values are validated using HMAC.
    10. 

  10. When encrypted, the content is also inaccessible to malicious eyes.
    11. 

  11. 

  12. To use it, first create a new SecureCookie instance:
    13. 

  13. 

  14. 	var hashKey = []byte("very-secret")
    15. 

  15. 	var blockKey = []byte("a-lot-secret")
    16. 

  16. 	var s = securecookie.New(hashKey, blockKey)
    17. 

  17. 

  18. The hashKey is required, used to authenticate the cookie value using HMAC.
    19. 

  19. It is recommended to use a key with 32 or 64 bytes.
    20. 

  20. 

  21. The blockKey is optional, used to encrypt the cookie value -- set it to nil
    22. 

  22. to not use encryption. If set, the length must correspond to the block size
    23. 

  23. of the encryption algorithm. For AES, used by default, valid lengths are
    24. 

  24. 16, 24, or 32 bytes to select AES-128, AES-192, or AES-256.
    25. 

  25. 

  26. Strong keys can be created using the convenience function GenerateRandomKey().
    27. 

  27. 

  28. Once a SecureCookie instance is set, use it to encode a cookie value:
    29. 

  29. 

  30. 	func SetCookieHandler(w http.ResponseWriter, r *http.Request) {
    31. 

  31. 		value := map[string]string{
    32. 

  32. 			"foo": "bar",
    33. 

  33. 		}
    34. 

  34. 		if encoded, err := s.Encode("cookie-name", value); err == nil {
    35. 

  35. 			cookie := &http.Cookie{
    36. 

  36. 				Name:  "cookie-name",
    37. 

  37. 				Value: encoded,
    38. 

  38. 				Path:  "/",
    39. 

  39. 			}
    40. 

  40. 			http.SetCookie(w, cookie)
    41. 

  41. 		}
    42. 

  42. 	}
    43. 

  43. 

  44. Later, use the same SecureCookie instance to decode and validate a cookie
    45. 

  45. value:
    46. 

  46. 

  47. 	func ReadCookieHandler(w http.ResponseWriter, r *http.Request) {
    48. 

  48. 		if cookie, err := r.Cookie("cookie-name"); err == nil {
    49. 

  49. 			value := make(map[string]string)
    50. 

  50. 			if err = s2.Decode("cookie-name", cookie.Value, &value); err == nil {
    51. 

  51. 				fmt.Fprintf(w, "The value of foo is %q", value["foo"])
    52. 

  52. 			}
    53. 

  53. 		}
    54. 

  54. 	}
    55. 

  55. 

  56. We stored a map[string]string, but secure cookies can hold any value that
    57. 

  57. can be encoded using encoding/gob. To store custom types, they must be
    58. 

  58. registered first using gob.Register(). For basic types this is not needed;
    59. 

  59. it works out of the box.
    60. 

  60. */
    61. 

  61. package securecookie
    62.