forked from imgproxy/imgproxy
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathsignature.go
45 lines (37 loc) · 992 Bytes
/
signature.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
package security
import (
"crypto/hmac"
"crypto/sha256"
"encoding/base64"
"errors"
"github.com/imgproxy/imgproxy/v3/config"
)
var (
ErrInvalidSignature = errors.New("Invalid signature")
ErrInvalidSignatureEncoding = errors.New("Invalid signature encoding")
)
func VerifySignature(signature, path string) error {
if len(config.Keys) == 0 || len(config.Salts) == 0 {
return nil
}
messageMAC, err := base64.RawURLEncoding.DecodeString(signature)
if err != nil {
return ErrInvalidSignatureEncoding
}
for i := 0; i < len(config.Keys); i++ {
if hmac.Equal(messageMAC, signatureFor(path, config.Keys[i], config.Salts[i], config.SignatureSize)) {
return nil
}
}
return ErrInvalidSignature
}
func signatureFor(str string, key, salt []byte, signatureSize int) []byte {
mac := hmac.New(sha256.New, key)
mac.Write(salt)
mac.Write([]byte(str))
expectedMAC := mac.Sum(nil)
if signatureSize < 32 {
return expectedMAC[:signatureSize]
}
return expectedMAC
}