token.go raw

   1  package auth
   2  
   3  import "net/http"
   4  
   5  // Token is the pair accessKey + secretKey.
   6  // This type is public because it's an internal package.
   7  type Token struct {
   8  	AccessKey string
   9  	SecretKey string
  10  }
  11  
  12  // XAuthTokenHeader is Scaleway standard auth header
  13  const XAuthTokenHeader = "X-Auth-Token" // #nosec G101
  14  
  15  // NewToken create a token authentication from an
  16  // access key and a secret key
  17  func NewToken(accessKey, secretKey string) *Token {
  18  	return &Token{AccessKey: accessKey, SecretKey: secretKey}
  19  }
  20  
  21  // Headers returns headers that must be add to the http request
  22  func (t *Token) Headers() http.Header {
  23  	headers := http.Header{}
  24  	headers.Set(XAuthTokenHeader, t.SecretKey)
  25  	return headers
  26  }
  27  
  28  func AnonymizeTokenHeaders(headers http.Header) http.Header {
  29  	key := headers.Get(XAuthTokenHeader)
  30  	if key != "" {
  31  		headers.Set(XAuthTokenHeader, HideSecretKey(key))
  32  	}
  33  	return headers
  34  }
  35  
  36  // AnonymizedHeaders returns an anonymized version of Headers()
  37  // This method could be use for logging purpose.
  38  func (t *Token) AnonymizedHeaders() http.Header {
  39  	return AnonymizeTokenHeaders(t.Headers())
  40  }
  41  
  42  func HideSecretKey(k string) string {
  43  	switch {
  44  	case len(k) == 0:
  45  		return ""
  46  	case len(k) > 8:
  47  		return k[0:8] + "-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  48  	default:
  49  		return "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
  50  	}
  51  }
  52