github.com/aavshr/aws-sdk-go@v1.41.3/service/cloudfront/sign/sign_cookie_example_test.go (about) 1 package sign 2 3 import ( 4 "fmt" 5 "io" 6 "net/http" 7 "time" 8 9 "github.com/aavshr/aws-sdk-go/awstesting/mock" 10 ) 11 12 func examplePEMReader() io.Reader { 13 reader, err := generatePEM(randReader, nil) 14 if err != nil { 15 panic(fmt.Sprintf("Unexpected pem generation err %v", err)) 16 } 17 18 return reader 19 } 20 21 func ExampleCookieSigner_Sign() { 22 // Load your private key so it can be used by the CookieSigner 23 // To load private key from file use `sign.LoadPEMPrivKeyFile`. 24 privKey := mock.RSAPrivateKey 25 26 cookieSigner := NewCookieSigner("keyID", privKey) 27 28 // Use the signer to sign the URL 29 cookies, err := cookieSigner.Sign("http://example.com/somepath/*", testSignTime.Add(30*time.Minute)) 30 if err != nil { 31 fmt.Println("failed to sign cookies with policy,", err) 32 return 33 } 34 35 printExampleCookies(cookies) 36 // Output: 37 // Cookies: 38 // CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL2V4YW1wbGUuY29tL3NvbWVwYXRoLyoiLCJDb25kaXRpb24iOnsiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTU4MDB9fX1dfQ__, , , false 39 // CloudFront-Signature: Gx67J8t1VanOFWN84BQlpN064aGCicJv916esnPr9Rdb2RKEzl7VoDOsh9Uez7SY5blWATkN5F3xNicTpOupdN-ywrTf5zCTLz5RmvLrIyEDS3Y1knTGoWvp6nnIb9FOuI1rSyBaJ8VKuNVQGmvqzXGXsnipgSBPjpkL6Ja3dBXeKIbUeaLKQBZrtMWv9nS5VyG4nOP-CRcTgQ5DA3-h~WP2ZzhONb6yoYXeOSvBu8HBl0IZI27InLpxiKlkWUchNncnkZ32Md0CwLLrA4wxFl0fYsxxg6Us2XBYRGmudugJHgkkopem9Cc4eOiDGMABcJGAuZprVXT0WuOBYJngTA__, , , false 40 // CloudFront-Key-Pair-Id: keyID, , , false 41 } 42 43 func ExampleCookieSigner_SignWithPolicy() { 44 // Sign cookie to be valid for 30 minutes from now, expires one hour 45 // from now, and restricted to the 192.0.2.0/24 IP address range. 46 // http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/private-content-setting-signed-cookie-custom-policy.html 47 p := &Policy{ 48 // Only a single policy statement can be used with CloudFront 49 // cookie signatures. 50 Statements: []Statement{{ 51 // Read the provided documentation on how to set this correctly, 52 // you'll probably want to use wildcards 53 Resource: "http://sub.cloudfront.com", 54 Condition: Condition{ 55 // Optional IP source address range 56 IPAddress: &IPAddress{SourceIP: "192.0.2.0/24"}, 57 // Optional date URL is not valid until 58 DateGreaterThan: &AWSEpochTime{testSignTime.Add(30 * time.Minute)}, 59 // Required date the URL will expire after 60 DateLessThan: &AWSEpochTime{testSignTime.Add(1 * time.Hour)}, 61 }, 62 }, 63 }, 64 } 65 66 // Load your private key so it can be used by the CookieSigner 67 // To load private key from file use `sign.LoadPEMPrivKeyFile`. 68 privKey := mock.RSAPrivateKey 69 70 // Key ID that represents the key pair associated with the private key 71 keyID := "privateKeyID" 72 73 // Set credentials to the CookieSigner. 74 cookieSigner := NewCookieSigner(keyID, privKey) 75 76 // Avoid adding an Expire or MaxAge. See provided AWS Documentation for 77 // more info. 78 cookies, err := cookieSigner.SignWithPolicy(p) 79 if err != nil { 80 fmt.Println("failed to sign cookies with policy,", err) 81 return 82 } 83 84 printExampleCookies(cookies) 85 // Output: 86 // Cookies: 87 // CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cDovL3N1Yi5jbG91ZGZyb250LmNvbSIsIkNvbmRpdGlvbiI6eyJJcEFkZHJlc3MiOnsiQVdTOlNvdXJjZUlwIjoiMTkyLjAuMi4wLzI0In0sIkRhdGVHcmVhdGVyVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfSwiRGF0ZUxlc3NUaGFuIjp7IkFXUzpFcG9jaFRpbWUiOjEyNTc4OTc2MDB9fX1dfQ__, , , false 88 // CloudFront-Signature: Ixn4bF1LLrLcB8XG-t5bZbIB0vfwSF2s4gkef~PcNBdx73MVvZD3v8DZ5GzcqNrybMiqdYJY5KqK6vTsf5JXDgwFFz-h98wdsbV-izcuonPdzMHp4Ay4qyXM6Ed5jB9dUWYGwMkA6rsWXpftfX8xmk4tG1LwFuJV6nAsx4cfpuKwo4vU2Hyr2-fkA7MZG8AHkpDdVUnjm1q-Re9HdG0nCq-2lnBAdOchBpJt37narOj-Zg6cbx~6rzQLVQd8XIv-Bn7VTc1tkBAJVtGOHb0q~PLzSRmtNGYTnpL0z~gp3tq8lhZc2HuvJW5-tZaYP9yufeIzk5bqsT6DT4iDuclKKw__, , , false 89 // CloudFront-Key-Pair-Id: privateKeyID, , , false 90 } 91 92 func ExampleCookieOptions() { 93 privKey := mock.RSAPrivateKey 94 95 // Create the CookieSigner with options set. These options can be set 96 // directly with cookieSigner.Opts. These values can be overridden on 97 // individual Sign and SignWithProfile calls. 98 cookieSigner := NewCookieSigner("keyID", privKey, func(o *CookieOptions) { 99 //provide an optional struct fields to specify other options 100 o.Path = "/" 101 102 // http://docs.aws.amazon.com/AmazonCloudFront/latest/DeveloperGuide/CNAMEs.html 103 o.Domain = ".cNameAssociatedWithMyDistribution.com" 104 105 // Make sure your app/site can handle https payloads, otherwise 106 // set this to false. 107 o.Secure = true 108 }) 109 110 // Use the signer to sign the URL 111 cookies, err := cookieSigner.Sign("http*://*", testSignTime.Add(30*time.Minute), func(o *CookieOptions) { 112 o.Path = "/mypath/" 113 }) 114 if err != nil { 115 fmt.Println("failed to sign cookies with policy,", err) 116 return 117 } 118 119 printExampleCookies(cookies) 120 // Output: 121 // Cookies: 122 // CloudFront-Policy: eyJTdGF0ZW1lbnQiOlt7IlJlc291cmNlIjoiaHR0cCo6Ly8qIiwiQ29uZGl0aW9uIjp7IkRhdGVMZXNzVGhhbiI6eyJBV1M6RXBvY2hUaW1lIjoxMjU3ODk1ODAwfX19XX0_, /mypath/, .cNameAssociatedWithMyDistribution.com, true 123 // CloudFront-Signature: DBXEcU6NoyAelecgEcr6mE1IHCqqlHdGwAC2X1dYn0QOLZ8Ar~oehlMub~hEh~UEMijR15ii-yUYf-3ML0b1SwWkh4rTa-SFURWDVuu~vW3cQzRZ4wQrgDR3DGJINrtGtEsDSzA6zdwtZsfvc1W9IRPn9rnVmwDdUurSrcp9M7CdcjkEw9Au~gULX7aUuW87DI5GI7jLo6emmBB1p4V~xAv8rDqOyxdhBzWKDTvl6ErIXnzHitgMclNZrkn-m27BhTQsJOs2R~gT2VrQw-IWX6NMD8r0TDH4DE2HQ8N7jZ0nf8gezbyFk-OhD1P9FUNb1PlwcZWfXtfgHQmM-BmrSQ__, /mypath/, .cNameAssociatedWithMyDistribution.com, true 124 // CloudFront-Key-Pair-Id: keyID, /mypath/, .cNameAssociatedWithMyDistribution.com, true 125 } 126 127 func printExampleCookies(cookies []*http.Cookie) { 128 fmt.Println("Cookies:") 129 for _, c := range cookies { 130 fmt.Printf("%s: %s, %s, %s, %t\n", c.Name, c.Value, c.Path, c.Domain, c.Secure) 131 } 132 }