diff options
| author | Shulhan <ms@kilabit.info> | 2026-03-31 18:52:39 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2026-03-31 18:52:39 +0700 |
| commit | 5a1b6fd3753653b74577c7992b341a011a0ec416 (patch) | |
| tree | 2565bd236e0d191db3e9dc1f67e3db808b93f065 /lib/paseto/message.go | |
| parent | d7e1ab3ddd7515b2257fb990850e7e7b9157beaf (diff) | |
| download | pakakeh.go-5a1b6fd3753653b74577c7992b341a011a0ec416.tar.xz | |
lib/paseto: move [Message.Unpack] to [v4.UnpackPublicToken]
Unpacking v4 public protocol on parent package seems wrong.
Only v4 package should know how to unpack it regarding the available
fields in the Message.
Diffstat (limited to 'lib/paseto/message.go')
| -rw-r--r-- | lib/paseto/message.go | 51 |
1 files changed, 0 insertions, 51 deletions
diff --git a/lib/paseto/message.go b/lib/paseto/message.go index f4383df2..7e9767ad 100644 --- a/lib/paseto/message.go +++ b/lib/paseto/message.go @@ -4,22 +4,9 @@ package paseto import ( - "crypto/ed25519" - "encoding/base64" - "errors" - "fmt" - "strings" "time" ) -// List of error messages for [Message.Unpack]. -var ( - ErrTokenHeader = errors.New(`invalid token header`) - ErrTokenPayload = errors.New(`invalid token payload`) - ErrTokenFooter = errors.New(`invalid token footer`) - ErrTokenSize = errors.New(`invalid token payload size`) -) - // Message defines the payload be signed and verified by sender/receiver. type Message struct { // The following fields are filled after Unpack and MUST not be used @@ -53,41 +40,3 @@ func NewMessage(sender, receiver Peer, subject string) (msg *Message) { } return msg } - -// Unpack returns the decoded token into a [Message]. -func (msg *Message) Unpack(header, token string, implicit []byte) (err error) { - logp := `Unpack` - - // Step 3: verify the header and unpack the footer if it exists. - token, found := strings.CutPrefix(token, header) - if !found { - return fmt.Errorf(`%s: %w: want %s`, logp, ErrTokenHeader, header) - } - token, footerb64, found := strings.Cut(token, `.`) - if found { - msg.RawFooter, err = base64.RawURLEncoding.DecodeString(footerb64) - if err != nil { - return fmt.Errorf(`%s: %w: %w`, logp, ErrTokenFooter, err) - } - } - - // Step 4: Decodes the payload. - paysig, err := base64.RawURLEncoding.DecodeString(token) - if err != nil { - return fmt.Errorf(`%s: %w: %w`, logp, ErrTokenPayload, err) - } - lenpaysig := len(paysig) - if lenpaysig <= ed25519.SignatureSize { - return fmt.Errorf(`%s: %w %d`, logp, ErrTokenSize, lenpaysig) - } - msg.RawPayload = paysig[:lenpaysig-64] - msg.Sig = paysig[lenpaysig-64:] - - // Step 5: Generate PAE. - msg.PAE, err = PreAuthEncode([]byte(header), msg.RawPayload, msg.RawFooter, implicit) - if err != nil { - return fmt.Errorf(`%s: %w`, logp, err) - } - - return nil -} |