| Age | Commit message (Collapse) | Author |
|---|
|
This fix the following error detected by gocheck,
public_mode_test.go:45:16: struct with 288 pointer bytes could be 264
|
|
If the footer is empty then the message will be unpacked with its own
public key, instead of sender public key.
|
|
Unpacking v4 public protocol on parent package seems wrong.
Only v4 package should know how to unpack it regarding the available
fields in the Message.
|
|
The paseto/v4 now can replace the previous paseto/v2 package.
|
|
This is to make user can increases or decreases the leeway during
Payload Validate.
|
|
|
|
|
|
This provides simple operation when working with Pack and Unpack.
|
|
By not using the same package name in example, we can see how the package
actually used in real code.
For instance, we can know that constant publicHeader should be exported
so it could be used by Unpack method.
|
|
Instead of fixed strings, predefined the error variables so the caller
can check the actual error.
|
|
The Pack method returns the signed [paseto.Message] as public token.
The token then verified and decoded into Message using the Unpack method.
|
|
Previously, we use time.Time to store the value for ExpiredAt, NotBefore,
and IssuedAt.
Even thought this is allowed (see RFC 7519 section 2, NumericDate) but
it is not a standard practices.
This changes them to store Unix epoch with int64.
|
|
The [v2/PublicToken] has been moved and renamed as [paseto.Message].
The Data field in the Message is removed since its duplicate with
[Payload.Data].
The [v2/JSONToken] has been moved and renamed as [paseto.Payload].
In the [Payload.Validate] method, we remove the validation for IssuedAt
field, since its usage is to store the time the token is created.
The Data field type in the Payload changes from string to any.
The [v2/JSONFooter] has been moved and renamed as [paseto.Footer].
The type of Data field in Footer changes from map[string]any to any.
The KID field in the Footer has been renamed to PeerID along with its
json identifer.
The [v2/Key] has been moved and renamed as [paseto.Peer].
|
|
paseto/v4 provides a simple, ready to use, opinionated
implementation of Platform-Agnostic SEcurity TOkens (PASETO) version 4
as defined in [paseto-v4].
The public protocol contains method to sign and verify the message
into/from paseto token.
[paseto-v4]: https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version4.md
|
|
paseto/v4 provides a simple, ready to use, opinionated
implementation of Platform-Agnostic SEcurity TOkens (PASETO) version 4
as defined in [paseto-v4].
[paseto-v4]: https://github.com/paseto-standard/paseto-spec/blob/master/docs/01-Protocol-Versions/Version4.md
|
|
There are new versions of paseto standard: version 3 and version 4.
To minimize conflicts in the future, we move the old implementation of
paseto v2 to sub directory "v2" with package name "pasetov2".
The paseto package now left with common functions, like creating
pre-authentication encoding (PAE).
|
|
With help of spdxconv tool [1], we able to bulk update all files license
and copyright format to comply with SPDX formats.
[1] https://kilabit.info/project/spdxconv/
|
|
Go 1.22 now support for-range on numeric value.
|
|
|
|
HTTP request now implicitly create request with context.
Any false positive related to not closing HTTP response body has been
annotated with "nolint:bodyclose".
In the example code, use consistent "// Output:" comment format, by
prefixing with single space.
Any comment on code now also prefixing with single space.
An error returned without variables now use [errors.New] instead of
[fmt.Errorf].
Any error returned using [fmt.Errorf] now wrapped using "%w" instead of
"%s".
Also, replace error checking using [errors.Is] or [errors.As], instead
of using equal/not-equal operator.
Any statement like "x = x OP y" now replaced with "x OP= y".
Also, swap statement is simplified using "x, y = y, x".
Any switch statement with single case now replaced with if-condition.
Any call to defer on function or program that call [os.Exit], now
replaced by calling the deferred function directly.
Any if-else condition now replaced with switch statement, if possible.
|
|
There are several reasons that why we move from github.com.
First, related to the name of package.
We accidentally name the package with "share" a common word in English
that does not reflect the content of repository.
By moving to other repository, we can rename it to better and unique
name, in this "pakakeh.go".
Pakakeh is Minang word for tools, and ".go" suffix indicate that the
repository related to Go programming language.
Second, supporting open source.
The new repository is hosted under sourcehut.org, the founder is known
to support open source, and all their services are licensed under AGPL,
unlike GitHub that are closed sources.
Third, regarding GitHub CoPilot.
The GitHub Terms of Service [1], allow any public content that are hosted
there granted them to parse the content.
On one side, GitHub helps and flourish the open source, but on another
side have an issues regarding scraping the copyleft license [2].
[1]: https://docs.github.com/en/site-policy/github-terms/github-terms-of-service#4-license-grant-to-us
[2]: https://githubcopilotinvestigation.com
|
|
|
|
The realignment reduce the cost of the following struct,
* JSONFooter: from 24 to 16 bytes (-8)
* Key: from 72 to 56 bytes (-16)
* keys: from 16 to 8 bytes (-8)
* struct in TestEncrypt: from 88 to 80 bytes (-8)
* structtest in TestSign: from 72 to 64 bytes (-8)
* PublicMode: from 80 to 64 bytes (-16)
* struct in TestPublicMode_UnpackHTTPRequest: from 56 to 48 bytes (-8)
* PublicToken: from 152 to 136 bytes (-16)
|
|
|
|
|
|
The le64() return the string representation of uint64 in little endian,
which is basically binary.Write with parameter output buffer,
LittleEndian, and input value.
|
|
Previously, the test.Assert and test.AssertBench functions has the
boolean parameter to print the stack trace of test in case its not equal.
Since this parameter is not mandatory and its usually always set to
"true", we remove them from function signature to simplify the call
to Assert and AssertBench.
|
|
|
|
This changes permit 5 seconds differents on IssuedAt and NotBefore
fields.
|
|
Remove unused constant "dateTimeLayout", check for error in call to
AddPeer method in test and example, and suppress govet warning on
le64().
|
|
Previously, UnpackHTTPRequest and Unpack methods return the data inside
the token and footer.
This changes, return the unpacked token as a whole, include the JSON
token, the data inside JSON token, and the JSON footer.
In this way, user can do additional process to the request token that
they receive, for example, to log the request.
|
|
If token generated and received under 1 second, the JSONToken.Validate()
method will return with error because the IssuedAt and NotBefore will
be equal with current time.
|
|
Without rounding it will marshal the time value into,
2020-09-15T11:55:50.847276+07:00
This changes, round current time values to second so we can get value
2020-09-15T11:55:50+07:00
|
|
The spec said that the input is 64bit unsigned integer, but the PHP
implementation does not match with the generated string.
Since the input "n" will not greater than 3 and it bitmasked with 255,
therefore the input should be byte instead of int64.
|
|
|
|
|
|
* The Issuer field must equal to peer.ID
* The Audience field must equal to our.ID,
* If peer.AllowedSubjects is not empty, the Subject value must be in
one of them,
* The current time must be after IssuedAt field,
* The current time must after NotBefore "nbf" field,
* The current time must before ExpiredAt field.
|
|
Package paseto provide the opionated implementation of
Platform-Agnostic SEcurity TOkens (PASETOs) as defined in draft of
RFC 01 [1].
This implementation only support PASETO Protocol v2.
This library focus on how to sign and verify data, everything else is
handled and filled automatically.
[1] https://github.com/paragonie/paseto/blob/master/docs/RFC/draft-paragon-paseto-rfc-01.txt
|
