aboutsummaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* [wip] first v2 cut.elithrar/v2Matt Silverlock2017-02-223-124/+175
| | | | | | | - Move to using crypto/nacl/secretbox for enc/dec - Restructure how options are handled - TODO: review serialization interface - TODO: refactor multicodec support for rotated keys
* [wip] Initial v2 cutMatt Silverlock2017-02-053-154/+182
|
* Merge branch 'master' of github.com:gorilla/securecookieMatt Silverlock2016-04-222-1/+26
|\
| * [feature] NopEncoder: accept/return []byte.Matt Silverlock2016-04-222-1/+26
| |\ | | | | | | [feature] NopEncoder: accept/return []byte.
| | * [feature] NopEncoder: accept/return []byte.Matt Silverlock2016-03-312-1/+26
| |/ | | | | | | - [docs] Update doc.go for golint.
* / [ci] .travis.yml go vet fix.Matt Silverlock2016-04-221-4/+3
|/
* Merge pull request #37 from gorilla/ci/travis-go-1.6Matt Silverlock2016-02-271-5/+16
|\ | | | | [ci] Update .travis.yml to build Go 1.6
| * Update .travis.yml to build Go 1.6Matt Silverlock2016-02-271-5/+16
|/
* Merge pull request #33 from elithrar/subtle-len-backportMatt Silverlock2015-08-201-1/+3
|\ | | | | Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.
| * Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.Matt Silverlock2015-08-201-1/+3
|/
* Update .travis.ymlKamil Kisiel2015-08-201-3/+4
|
* Added fuzz testing facilities.Kamil Kisiel2015-08-182-0/+72
|
* Merge pull request #30 from elithrar/gen-key-docKamil Kisiel2015-08-081-0/+7
|\ | | | | Improved documentation for GenerateRandomKey
| * Added note re: using GenerateRandomKey() not persisting keys.Matt Silverlock2015-08-081-0/+4
| |
| * Improved warning around GenerateRandomKey.Matt Silverlock2015-08-081-0/+3
|/
* add test for nil hash keyKamil Kisiel2015-08-061-0/+12
|
* Merge pull request #29 from elithrar/codec-maxage-fixKamil Kisiel2015-08-061-1/+23
|\ | | | | Improved documentation for CodecsFromPairs.
| * Improved documentation for CodecsFromPairs.Matt Silverlock2015-08-061-1/+23
|/ | | | | | | - Partially addresses https://github.com/gorilla/sessions/issues/48 - Downstream store packages will need to perform the type assertion in their code - Elected to document this and fix stores rather than add a function to the public API.
* Merge pull request #27 from s7v7nislands/fix_readmeMatt Silverlock2015-08-061-1/+1
|\ | | | | Update block key lengths in README
| * fix readmes7v7nislands2015-07-171-1/+1
| |
* | Merge pull request #28 from keunwoo/keunwoo-errors-alt-20150720Kamil Kisiel2015-07-282-31/+184
|\ \ | |/ |/| Make errors more distinguishable
| * Move error type assertions to test file.Keunwoo Lee2015-07-272-6/+4
| | | | | | | | | | Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059831
| * Rename errorImpl -> cookieErrorKeunwoo Lee2015-07-271-27/+27
| | | | | | | | | | Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059597
| * Make errors more distinguishableKeunwoo Lee2015-07-212-31/+186
|/ | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit, this library raised errors either mostly using errors.New() or directly passing through error values from underlying libraries. This made it difficult for clients to respond correctly to the errors that were returned. This becomes particularly problematic when securecookie is used together with gorilla/sessions. From an operations standpoint, you often want to log different errors when the client simply provides an invalid auth cookie, versus an I/O error fetching data from the session store. The former probably indicates an expired timestamp or similar client error; the latter indicates a possible failure in a backend database. This commit introduces a public Error interface, which is now returned consistently on all errors, and can be used to distinguish between implementation errors (IsUsage() and IsInternal()) and failed validation of user input (IsDecode()). See also discussion on pull requests #9 and #24: https://github.com/gorilla/securecookie/pull/9 https://github.com/gorilla/securecookie/pull/24 Some interface comments on other API functions have been clarified and updated to harmonize with the new error interfaces.
* Merge pull request #26 from Annonomus-Penguin/patch-1Kamil Kisiel2015-07-171-1/+1
|\ | | | | Fixed broken link in README
| * Fixed broken link in READMEAnnonomus-Penguin2015-07-171-1/+1
|/
* Merge pull request #23 from elithrar/readme-updatesKamil Kisiel2015-07-051-1/+74
|\ | | | | Fleshed out the README based on doc.go.
| * Fleshed out the README based on doc.go.Matt Silverlock2015-07-051-1/+74
|/ | | | | | - Added mention of the LICENSE. - Used GFM code blocks for the examples. - Added mention of the JSON encoder.
* Merge pull request #22 from cyx/use-reflect-deepequalKamil Kisiel2015-06-061-14/+2
|\ | | | | Use reflect.DeepEqual instead
| * Use reflect.DeepEqual insteadCyril David2015-05-251-14/+2
| | | | | | | | | | Unless there's something I'm missing, probably better to delegate this check to the reflect package.
* | Merge pull request #21 from elithrar/json-encoderKamil Kisiel2015-06-062-10/+82
|\ \ | |/ |/| Added support for encoding/json
| * Merge branch 'json-encoder' of github.com:elithrar/securecookie into ↵Matt Silverlock2015-05-201-1/+1
| |\ | | | | | | | | | json-encoder
| | * Fixed typo - TestEncription => TestEncryptionMatt Silverlock2015-05-161-1/+1
| | |
| | * Added a JSON encoder/decoder to securecookie.Matt Silverlock2015-05-162-7/+79
| |/ |/| | | | | | | | | | | A new "Encoder" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option.
* | Merge pull request #19 from dchest/testinvalidKamil Kisiel2015-03-271-0/+22
|\ \ | | | | | | Add test for decoding some invalid cookies.
| | * Added a JSON encoder/decoder to securecookie.Matt Silverlock2015-05-202-10/+82
| |/ | | | | | | | | | | | | | | | | A new "Serializer" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option. Fixed typo - TestEncription => TestEncryption
| * Add test for decoding some invalid cookies.Dmitry Chestnykh2015-03-271-0/+22
|/
* Revert "Improve Decode against timing attacks"Kamil Kisiel2015-03-271-27/+16
| | | | This reverts commit 1be1b717b743c89f2393561985403b51bc192255.
* Revert "Commenting retErr and setErr in Decode"Kamil Kisiel2015-03-271-5/+0
| | | | This reverts commit c7a729999d0c3e51964bd30c05547fac82f6527d.
* Revert "A few more comments on decoding."Kamil Kisiel2015-03-271-3/+0
| | | | This reverts commit a54a6f264e283c7afd37f9d7a772965e7a72408c.
* A few more comments on decoding.Kamil Kisiel2015-03-181-0/+3
|
* Merge pull request #16 from elithrar/patch-1Kamil Kisiel2015-03-181-1/+1
|\ | | | | Removed redundant calls to len()
| * Removed redundant calls to len()Matt Silverlock2015-03-181-1/+1
| | | | | | subtle.ConstantTimeCompare already undertakes a length check internally.
* | Merge pull request #15 from abduelhamit/masterKamil Kisiel2015-03-182-22/+48
|\ \ | |/ |/| Improve Decode against timing attacks
| * Commenting retErr and setErr in DecodeAbdülhamit Yilmaz2015-03-181-0/+5
| |
| * Improve Decode against timing attacksAbdülhamit Yilmaz2015-03-171-16/+27
| |
| * Add TestMissingKeyAbdülhamit Yilmaz2015-03-171-0/+10
| |
| * Omit unnecessary `else`sAbdülhamit Yilmaz2015-03-171-6/+6
|/ | | | See http://golang.org/doc/effective_go.html#else
* Fix broken error message on invalid MAC.Kamil Kisiel2015-02-031-1/+1
| | | | Fixes #13.
* Merge pull request #11 from dominikh/masterKamil Kisiel2014-11-201-3/+3
|\ | | | | say that we create a key of a certain length, not strength
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 11:01:01 +0300