diff options
| author | Shulhan <ms@kilabit.info> | 2026-03-30 15:27:13 +0700 |
|---|---|---|
| committer | Shulhan <ms@kilabit.info> | 2026-03-30 16:27:50 +0700 |
| commit | cf94a6045d5e06b53101dac4a36d7b26be163b0b (patch) | |
| tree | 88524beb5f8418da9b1d2698544788c946e3ee5d /lib/paseto/message.go | |
| parent | b0795552ad0b5f4e57553cc91c887ef32bfa5f70 (diff) | |
| download | pakakeh.go-cf94a6045d5e06b53101dac4a36d7b26be163b0b.tar.xz | |
lib/paseto: predefines errors variables
Instead of fixed strings, predefined the error variables so the caller
can check the actual error.
Diffstat (limited to 'lib/paseto/message.go')
| -rw-r--r-- | lib/paseto/message.go | 17 |
1 files changed, 12 insertions, 5 deletions
diff --git a/lib/paseto/message.go b/lib/paseto/message.go index e9dca297..ef84a84a 100644 --- a/lib/paseto/message.go +++ b/lib/paseto/message.go @@ -6,11 +6,19 @@ package paseto import ( "crypto/ed25519" "encoding/base64" + "errors" "fmt" "strings" "time" ) +// List of error messages for [Message.Unpack]. +var ( + ErrTokenHeader = errors.New(`invalid token header`) + ErrTokenFooter = errors.New(`invalid token footer`) + ErrTokenSize = errors.New(`invalid token payload size`) +) + // Message defines the payload be signed and verified by sender/receiver. type Message struct { // The following fields are filled after Unpack and MUST not be used @@ -52,13 +60,13 @@ func (msg *Message) Unpack(header, token string, implicit []byte) (err error) { // Step 3: verify the header and unpack the footer if it exists. token, found := strings.CutPrefix(token, header) if !found { - return fmt.Errorf(`%s: invalid header, want %s`, logp, header) + return fmt.Errorf(`%s: %w: want %s`, logp, ErrTokenHeader, header) } token, footerb64, found := strings.Cut(token, `.`) if found { msg.RawFooter, err = base64.RawURLEncoding.DecodeString(footerb64) if err != nil { - return fmt.Errorf(`%s: invalid footer: %w`, logp, err) + return fmt.Errorf(`%s: %w: %w`, logp, ErrTokenFooter, err) } } @@ -69,14 +77,13 @@ func (msg *Message) Unpack(header, token string, implicit []byte) (err error) { } lenpaysig := len(paysig) if lenpaysig <= ed25519.SignatureSize { - return fmt.Errorf(`%s: invalid payload size %d`, logp, lenpaysig) + return fmt.Errorf(`%s: %w %d`, logp, ErrTokenSize, lenpaysig) } msg.RawPayload = paysig[:lenpaysig-64] msg.Sig = paysig[lenpaysig-64:] // Step 5: Generate PAE. - msg.PAE, err = PreAuthEncode([]byte(header), msg.RawPayload, - msg.RawFooter, implicit) + msg.PAE, err = PreAuthEncode([]byte(header), msg.RawPayload, msg.RawFooter, implicit) if err != nil { return fmt.Errorf(`%s: %w`, logp, err) } |