feat(helper): add library for AccessRole with SignedPolicy #1

Merged
genofire merged 1 commits from feat/signing into main 2023-03-12 19:59:01 +01:00
4 changed files with 124 additions and 0 deletions

1
go.mod
View File

@ -11,6 +11,7 @@ require (
github.com/prometheus/client_golang v1.14.0 github.com/prometheus/client_golang v1.14.0
github.com/prometheus/common v0.40.0 // indirect github.com/prometheus/common v0.40.0 // indirect
github.com/prometheus/procfs v0.9.0 // indirect github.com/prometheus/procfs v0.9.0 // indirect
github.com/stretchr/testify v1.8.2 // indirect
go.uber.org/atomic v1.10.0 // indirect go.uber.org/atomic v1.10.0 // indirect
go.uber.org/multierr v1.9.0 // indirect go.uber.org/multierr v1.9.0 // indirect
go.uber.org/zap v1.24.0 go.uber.org/zap v1.24.0

3
go.sum
View File

@ -468,6 +468,7 @@ github.com/streadway/handy v0.0.0-20190108123426-d5acb3125c2a/go.mod h1:qNTQ5P5J
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw= github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
github.com/stretchr/objx v0.5.0/go.mod h1:Yh+to48EsGEfYuaHDzXPcE3xhTkx73EhmCGUpEOglKo=
github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs= github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4= github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
@ -476,6 +477,8 @@ github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5Cc
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU= github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
github.com/stretchr/testify v1.8.2 h1:+h33VjcLVPDHtOdpUCuF+7gSuG3yGIftsP1YvFihtJ8=
github.com/stretchr/testify v1.8.2/go.mod h1:w2LPCIKwWwSfY2zedu0+kehJoqGctiVI29o6fzry7u4=
github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U= github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA= github.com/urfave/cli v1.20.0/go.mod h1:70zkFmudgCuE/ngEzBv17Jvp/497gISqfk5gWijbERA=
github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0= github.com/urfave/cli v1.22.1/go.mod h1:Gos4lmkARVdJ6EkW0WaNv/tZAAMe9V7XWyB60NtXRu0=

63
helper/policy.go Normal file
View File

@ -0,0 +1,63 @@
package helper
import (
"crypto/hmac"
"crypto/sha1"
"encoding/base64"
"encoding/json"
"net/url"
)
type Policy struct {
URLExpire int `json:"url_expire"`
URLActivate int `json:"url_activate,omitempty"`
StreamExpire int `json:"stream_expire,omitempty"`
AllowIP string `json:"allow_ip,omitempty"`
}
func (p Policy) Encode() (string, error) {
str, err := json.Marshal(p)
if err != nil {
return "", err
}
return base64.RawStdEncoding.EncodeToString(str), nil
}
func SignEncodedPolicy(u *url.URL, secretKey string) string {
hasher := hmac.New(sha1.New, []byte(secretKey))
hasher.Write([]byte(u.String()))
return base64.RawURLEncoding.EncodeToString(hasher.Sum(nil))
}
func (p Policy) SignWithQuery(u *url.URL, secretKey, encodeQuery string) (string, error) {
encode, err := p.Encode()
if err != nil {
return "", nil
}
query := u.Query()
query.Add(encodeQuery, encode)
u.RawQuery = query.Encode()
return SignEncodedPolicy(u, secretKey), nil
}
func (p Policy) Sign(u *url.URL, secretKey string) (string, error) {
return p.SignWithQuery(u, secretKey, "policy")
}
func (p Policy) SignURLWithQuery(u *url.URL, secretKey, encodeQuery, signatureQuery string) error {
encode, err := p.Encode()
if err != nil {
return err
}
query := u.Query()
query.Add(encodeQuery, encode)
u.RawQuery = query.Encode()
signature := SignEncodedPolicy(u, secretKey)
query.Add(signatureQuery, signature)
u.RawQuery = query.Encode()
return nil
}
func (p Policy) SignURL(u *url.URL, secretKey string) error {
return p.SignURLWithQuery(u, secretKey, "policy", "signature")
}

57
helper/policy_test.go Normal file
View File

@ -0,0 +1,57 @@
// https://airensoft.gitbook.io/ovenmediaengine/access-control/signedpolicy
package helper
import (
"net/url"
"testing"
"github.com/stretchr/testify/assert"
)
const (
examplePolicyEncode = "eyJ1cmxfZXhwaXJlIjoxMzk5NzIxNTgxfQ"
exampleSecretKey = "1kU^b6"
exampleURL = "ws://192.168.0.100:3333/app/stream"
exampleSignature = "dvVdBpoxAeCPl94Kt5RoiqLI0YE"
exampleURLWithSignatureAndPolicy = "ws://192.168.0.100/app/stream?policy=eyJ1cmxfZXhwaXJlIjoxMzk5NzIxNTgxfQ&signature=dvVdBpoxAeCPl94Kt5RoiqLI0YE"
)
var (
examplePolicy = Policy{
URLExpire: 1399721581,
}
)
func TestPolicyEncode(t *testing.T) {
assert := assert.New(t)
encode, err := examplePolicy.Encode()
assert.NoError(err)
assert.Equal(examplePolicyEncode, encode)
}
func TestPolicySign(t *testing.T) {
assert := assert.New(t)
u, err := url.Parse(exampleURL)
assert.NoError(err)
sign, err := examplePolicy.Sign(u, exampleSecretKey)
assert.NoError(err)
assert.Equal(exampleSignature, sign)
}
func TestPolicySignURL(t *testing.T) {
assert := assert.New(t)
u, err := url.Parse(exampleURL)
assert.NoError(err)
err = examplePolicy.SignURL(u, exampleSecretKey)
assert.NoError(err)
// drop port -> is not part of example
u.Host = u.Hostname()
assert.Equal(exampleURLWithSignatureAndPolicy, u.String())
}