pasty

package module

v1.0.1 Latest Latest Go to latest Published: Apr 6, 2024 License: MIT Imports: 4 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/tsawler/pasty

Links

Open Source Insights

README ¶

Pasty

Pasty is a wrapper which makes working with PASETO tokens as simple as possible. PASETO (Platform-Agnostic SEcurity TOkens) is a specification for secure stateless tokens.

Unlike JSON Web Tokens (JWT), which gives developers more than enough rope with which to hang themselves, PASETO only allows secure operations. JWT gives you "algorithm agility", while Paseto gives you "versioned protocols." It's unlikely that you'll be able to use Paseto insecurely.

This module uses go-paseto to generate and validate tokens.

PASETOs are NOT reusable tokens

PASETOs are not designed to be reusable tokens.

PASETOs should only be used once since they have no built-in mechanism for preventing replay attacks. If an attacker is able to get a hold of a valid PASETO and can use it to make valid requests multiple times then you aren’t using PASETOs correctly.

Installation

Install it in the usual way:

go get -u github.com/tsawler/pasty

Usage

To use this module, import it, and then generate a new Pasty type by calling the New function with the four required parameters:

// the four parameters are token type (public or local), issuer, audience, and identifier.
p, err := pasty.New("public", "issuer.com", "audience.com", "some-id")
if err != nil {
    log.Println(err)
    os.Exit(0)
}

When the above code runs, you have a variable named p of type *pasty.Pasty. With that variable, you can then generate and validate tokens:

// add some additional claims to the token we're generating.
claims := make(map[string]any)
claims["user-id"] = 1
claims["subject"] = "10"

// generate the token, and add footer data if you want to.
t, err := p.GenerateToken(time.Now().Add(1*time.Hour), claims, "some footer data")
if err != nil {
    log.Println(err)
    os.Exit(0)
}

// validate the token:
valid, err := p.ValidatePublicToken(t)
if err != nil {
    log.Println(err)
}

// This will output: "token is valid: true"
fmt.Println("token is valid:", valid)

The full program:

package main

import (
	"fmt"
	"github.com/tsawler/pasty"
	"log"
	"os"
	"time"
)

func main() {
	// the four parameters are token type (public or local), issuer, audience, and identifier.
	p, err := pasty.New("public", "issuer.com", "audience.com", "some-id")
	if err != nil {
		log.Println(err)
		os.Exit(0)
	}

	// add some additional claims to the token we're generating.
	claims := make(map[string]any)
	claims["user-id"] = 1
	claims["subject"] = "10"

	// generate the token, and add footer data if you want to.
	t, err := p.GenerateToken(time.Now().Add(1*time.Hour), claims, "some footer data")
	if err != nil {
		log.Println(err)
		os.Exit(0)
	}

	// validate the token:
	valid, err := p.ValidatePublicToken(t)
	if err != nil {
		log.Println(err)
	}

	// This will output: "token is valid: true"
	fmt.Println("token is valid:", valid)
}

Documentation ¶

Index ¶

type Options
type Pasty
- func New(purpose, issuer, audience, identifier string) (*Pasty, error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Options ¶

type Options struct {
	PublicKey  paseto.V4AsymmetricPublicKey // The (shareable) public key used for public tokens.
	SecretKey  paseto.V4AsymmetricSecretKey // the (secret) private key used for public tokens.
	LocalKey   paseto.V4SymmetricKey        // The key used for local tokens.
	Purpose    string                       // Must be either local or public.
	Issuer     string                       // Who issued this token (i.e. example.com).
	Audience   string                       // Who is the token issued for (i.e. example.com).
	Identifier string                       // A private identifier for this token.
}

Options holds the options for our Pasty type.

type Pasty ¶

type Pasty struct {
	Options Options
}

Pasty is the main type for this module. Create a variable of this type by calling the New function.

func New ¶

func New(purpose, issuer, audience, identifier string) (*Pasty, error)

New creates a new instance of the Pasty type.

func (*Pasty) GenerateToken ¶

func (p *Pasty) GenerateToken(expires time.Time, claims map[string]any, footer string) (string, error)

GenerateToken will create and send back a token, with claims. If the receiver's Purpose parameter is public, it will create a token signed with the paseto.V4AsymmetricSecretKey stored in the receiver as SecretKey. If it is local, it will return a token encrypted with the paseto.V4SymmetricKey stored in the receiver as LocalKey.

func (*Pasty) ValidateLocalToken ¶

func (p *Pasty) ValidateLocalToken(tkn string) (bool, error)

ValidateLocalToken validates token with the purpose local. It will also check issuer, audience and identifier (if supplied),

func (*Pasty) ValidatePublicToken ¶

func (p *Pasty) ValidatePublicToken(tkn string) (bool, error)

ValidatePublicToken validates a token signed with a secret key. It will also check issuer, audience and identifier (if supplied),

Source Files ¶

View all Source files

pasty.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL