security

package

v0.3.0 Latest Latest Go to latest Published: Jan 13, 2026 License: MIT Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/bargom/codeai

Links

Open Source Insights

Documentation ¶

Overview ¶

Package security provides cryptographic utilities for webhook signing and verification.

Index ¶

Constants
func AddSignatureHeaders(headers http.Header, secret string, payload []byte)
func AddSignatureToMap(headers map[string]string, secret string, payload []byte)
func ExtractSignature(headers http.Header) (string, bool)
func GenerateSecret(length int) (string, error)
func SignPayload(secret string, payload []byte) string
func SignPayloadWithTimestamp(secret string, timestamp int64, payload []byte) string
func VerifySignature(secret string, payload []byte, signature string) bool
func VerifySignatureWithTimestamp(secret string, timestamp int64, payload []byte, signature string) bool
type Signer
- func NewSigner(secret string) *Signer

Constants ¶

View Source

const (
	// SignatureHeader is the HTTP header name for the webhook signature.
	SignatureHeader = "X-Webhook-Signature"

	// SignatureAlgorithmHeader is the HTTP header name for the signature algorithm.
	SignatureAlgorithmHeader = "X-Webhook-Signature-Algorithm"

	// TimestampHeader is the HTTP header name for the webhook timestamp.
	TimestampHeader = "X-Webhook-Timestamp"

	// DefaultAlgorithm is the default HMAC algorithm used for signing.
	DefaultAlgorithm = "sha256"
)

Variables ¶

This section is empty.

Functions ¶

func AddSignatureHeaders ¶

func AddSignatureHeaders(headers http.Header, secret string, payload []byte)

AddSignatureHeaders adds signature headers to an HTTP request.

func AddSignatureToMap ¶

func AddSignatureToMap(headers map[string]string, secret string, payload []byte)

AddSignatureToMap adds signature to a map of headers.

func ExtractSignature ¶

func ExtractSignature(headers http.Header) (string, bool)

ExtractSignature extracts the signature from HTTP headers. Supports various common header formats.

func GenerateSecret ¶

func GenerateSecret(length int) (string, error)

GenerateSecret generates a cryptographically secure secret for webhook signing. The secret will be a hex-encoded string of the specified length in bytes.

func SignPayload ¶

func SignPayload(secret string, payload []byte) string

SignPayload generates an HMAC-SHA256 signature for the given payload.

func SignPayloadWithTimestamp ¶

func SignPayloadWithTimestamp(secret string, timestamp int64, payload []byte) string

SignPayloadWithTimestamp generates a signature including a timestamp for replay protection.

func VerifySignature ¶

func VerifySignature(secret string, payload []byte, signature string) bool

VerifySignature verifies that the provided signature matches the expected signature. Uses constant-time comparison to prevent timing attacks.

func VerifySignatureWithTimestamp ¶

func VerifySignatureWithTimestamp(secret string, timestamp int64, payload []byte, signature string) bool

VerifySignatureWithTimestamp verifies a signature that includes a timestamp.

Types ¶

type Signer ¶

type Signer struct {
	// contains filtered or unexported fields
}

Signer wraps a secret and provides convenient signing methods.

func NewSigner ¶

func NewSigner(secret string) *Signer

NewSigner creates a new Signer with the given secret.

func (*Signer) AddHeaders ¶

func (s *Signer) AddHeaders(headers http.Header, payload []byte)

AddHeaders adds signature headers to a request.

func (*Signer) Sign ¶

func (s *Signer) Sign(payload []byte) string

Sign signs the given payload.

func (*Signer) Verify ¶

func (s *Signer) Verify(payload []byte, signature string) bool

Verify verifies the given payload against a signature.

Source Files ¶

View all Source files

signature.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL