| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
- Partially addresses https://github.com/gorilla/sessions/issues/48
- Downstream store packages will need to perform the type assertion in their code
- Elected to document this and fix stores rather than add a function to the
public API.
|
|
|
|
|
| |
Per elithrar comment on PR 28:
https://github.com/gorilla/securecookie/pull/28#discussion_r35059831
|
|
|
|
|
| |
Per elithrar comment on PR 28:
https://github.com/gorilla/securecookie/pull/28#discussion_r35059597
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Prior to this commit, this library raised errors either mostly using
errors.New() or directly passing through error values from underlying
libraries. This made it difficult for clients to respond correctly to
the errors that were returned.
This becomes particularly problematic when securecookie is used together
with gorilla/sessions. From an operations standpoint, you often want to
log different errors when the client simply provides an invalid auth
cookie, versus an I/O error fetching data from the session store. The
former probably indicates an expired timestamp or similar client error;
the latter indicates a possible failure in a backend database.
This commit introduces a public Error interface, which is now returned
consistently on all errors, and can be used to distinguish between
implementation errors (IsUsage() and IsInternal()) and failed validation
of user input (IsDecode()).
See also discussion on pull requests #9 and #24:
https://github.com/gorilla/securecookie/pull/9
https://github.com/gorilla/securecookie/pull/24
Some interface comments on other API functions have been clarified and
updated to harmonize with the new error interfaces.
|
|\
| |
| |
| | |
json-encoder
|
| |
| |
| |
| |
| |
| |
| | |
A new "Encoder" interface with serialize/deserialize methods allows
custom encoders to be specified. encoding/gob remains the default for
compatibility/ease-of-use reasons, but the (often faster) encoding/json
is now an option.
|
|/
|
|
|
|
|
|
|
| |
A new "Serializer" interface with serialize/deserialize methods allows
custom encoders to be specified. encoding/gob remains the default for
compatibility/ease-of-use reasons, but the (often faster) encoding/json
is now an option.
Fixed typo - TestEncription => TestEncryption
|
|
|
|
| |
This reverts commit 1be1b717b743c89f2393561985403b51bc192255.
|
|
|
|
| |
This reverts commit c7a729999d0c3e51964bd30c05547fac82f6527d.
|
|
|
|
| |
This reverts commit a54a6f264e283c7afd37f9d7a772965e7a72408c.
|
| |
|
|\
| |
| | |
Removed redundant calls to len()
|
| |
| |
| | |
subtle.ConstantTimeCompare already undertakes a length check internally.
|
| | |
|
| | |
|
|/
|
|
| |
See http://golang.org/doc/effective_go.html#else
|
|
|
|
| |
Fixes #13.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|