aboutsummaryrefslogtreecommitdiff
path: root/securecookie.go
Commit message (Collapse)AuthorAgeFilesLines
* [wip] first v2 cut.elithrar/v2Matt Silverlock2017-02-221-124/+110
| | | | | | | - Move to using crypto/nacl/secretbox for enc/dec - Restructure how options are handled - TODO: review serialization interface - TODO: refactor multicodec support for rotated keys
* [wip] Initial v2 cutMatt Silverlock2017-02-051-154/+89
|
* [feature] NopEncoder: accept/return []byte.Matt Silverlock2016-03-311-0/+25
| | | | - [docs] Update doc.go for golint.
* Reverts d8773d3 - backports len check for subtle.ConstantTimeCompare.Matt Silverlock2015-08-201-1/+3
|
* Added note re: using GenerateRandomKey() not persisting keys.Matt Silverlock2015-08-081-0/+4
|
* Improved warning around GenerateRandomKey.Matt Silverlock2015-08-081-0/+3
|
* Improved documentation for CodecsFromPairs.Matt Silverlock2015-08-061-1/+23
| | | | | | | - Partially addresses https://github.com/gorilla/sessions/issues/48 - Downstream store packages will need to perform the type assertion in their code - Elected to document this and fix stores rather than add a function to the public API.
* Move error type assertions to test file.Keunwoo Lee2015-07-271-6/+0
| | | | | Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059831
* Rename errorImpl -> cookieErrorKeunwoo Lee2015-07-271-27/+27
| | | | | Per elithrar comment on PR 28: https://github.com/gorilla/securecookie/pull/28#discussion_r35059597
* Make errors more distinguishableKeunwoo Lee2015-07-211-28/+146
| | | | | | | | | | | | | | | | | | | | | | | | | | Prior to this commit, this library raised errors either mostly using errors.New() or directly passing through error values from underlying libraries. This made it difficult for clients to respond correctly to the errors that were returned. This becomes particularly problematic when securecookie is used together with gorilla/sessions. From an operations standpoint, you often want to log different errors when the client simply provides an invalid auth cookie, versus an I/O error fetching data from the session store. The former probably indicates an expired timestamp or similar client error; the latter indicates a possible failure in a backend database. This commit introduces a public Error interface, which is now returned consistently on all errors, and can be used to distinguish between implementation errors (IsUsage() and IsInternal()) and failed validation of user input (IsDecode()). See also discussion on pull requests #9 and #24: https://github.com/gorilla/securecookie/pull/9 https://github.com/gorilla/securecookie/pull/24 Some interface comments on other API functions have been clarified and updated to harmonize with the new error interfaces.
* Merge branch 'json-encoder' of github.com:elithrar/securecookie into ↵Matt Silverlock2015-05-201-1/+1
|\ | | | | | | json-encoder
| * Added a JSON encoder/decoder to securecookie.Matt Silverlock2015-05-161-4/+53
| | | | | | | | | | | | | | A new "Encoder" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option.
* | Added a JSON encoder/decoder to securecookie.Matt Silverlock2015-05-201-6/+55
|/ | | | | | | | | A new "Serializer" interface with serialize/deserialize methods allows custom encoders to be specified. encoding/gob remains the default for compatibility/ease-of-use reasons, but the (often faster) encoding/json is now an option. Fixed typo - TestEncription => TestEncryption
* Revert "Improve Decode against timing attacks"Kamil Kisiel2015-03-271-27/+16
| | | | This reverts commit 1be1b717b743c89f2393561985403b51bc192255.
* Revert "Commenting retErr and setErr in Decode"Kamil Kisiel2015-03-271-5/+0
| | | | This reverts commit c7a729999d0c3e51964bd30c05547fac82f6527d.
* Revert "A few more comments on decoding."Kamil Kisiel2015-03-271-3/+0
| | | | This reverts commit a54a6f264e283c7afd37f9d7a772965e7a72408c.
* A few more comments on decoding.Kamil Kisiel2015-03-181-0/+3
|
* Merge pull request #16 from elithrar/patch-1Kamil Kisiel2015-03-181-1/+1
|\ | | | | Removed redundant calls to len()
| * Removed redundant calls to len()Matt Silverlock2015-03-181-1/+1
| | | | | | subtle.ConstantTimeCompare already undertakes a length check internally.
* | Commenting retErr and setErr in DecodeAbdülhamit Yilmaz2015-03-181-0/+5
| |
* | Improve Decode against timing attacksAbdülhamit Yilmaz2015-03-171-16/+27
| |
* | Omit unnecessary `else`sAbdülhamit Yilmaz2015-03-171-6/+6
|/ | | | See http://golang.org/doc/effective_go.html#else
* Fix broken error message on invalid MAC.Kamil Kisiel2015-02-031-1/+1
| | | | Fixes #13.
* say that we create a key of a certain length, not strengthDominik Honnef2014-11-201-3/+3
|
* Expose ErrMacInvalid; fixes gorilla/securecookie#6Mahmud Ridwan2014-04-091-1/+3
|
* Add travis.ymlKamil Kisiel2013-12-011-5/+8
|
* Better errors for {En,De}codeMulti.Kamil Kisiel2013-10-171-4/+12
|
* Fix description for EncodeJohn Downey2013-01-011-2/+2
|
* Use the same MultiError version from the App Engine SDK.moraes2012-10-131-6/+9
|
* Better errors for EncodeMulti and DecodeMulti. Closes #1.moraes2012-10-131-2/+29
|
* Initial files.moraes2012-10-031-0/+386
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 15:54:21 +0300