sneak/pixa
1
0
Fork 0
Code Issues 3 Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Compare commits

base: sneak:49398c1f0f99dd0292b452334149c28b38c7ea5a
Branches Tags
sneak:main sneak:feature/migrations-table-schema-file sneak:feat/upaas-deployment-setup sneak:remove-whitelist-suffix-matching sneak:fix/remove-whitelist-suffix-matching sneak:fix/20-split-dockerfile sneak:ci/make-check sneak:chore/remove-stale-files sneak:fix/issue-1 sneak:fix/issue-3 sneak:fix/issue-4
..
compare: sneak:main
Branches Tags
sneak:feature/migrations-table-schema-file sneak:main sneak:feat/upaas-deployment-setup sneak:remove-whitelist-suffix-matching sneak:fix/remove-whitelist-suffix-matching sneak:fix/20-split-dockerfile sneak:ci/make-check sneak:chore/remove-stale-files sneak:fix/issue-1 sneak:fix/issue-3 sneak:fix/issue-4

1 Commits
49398c1f0f ... main

Author SHA1 Message Date
clawbot
a50364bfca Enforce and document exact-match-only for signature verification (#40)
All checks were successful
check / check (push) Successful in 58s
Details 
Closes #27

Signatures are per-URL only — this PR adds explicit tests and documentation enforcing that HMAC-SHA256 signatures verify against exact URLs only. No suffix matching, wildcard matching, or partial matching is supported.

## What this does NOT touch

**The host whitelist code (`whitelist.go`) is not modified.** This PR is exclusively about signature verification, per sneak's instructions on [issue #27](#27), [PR #32](#32), and [PR #35](#35).

## Changes

### `internal/imgcache/signature.go`
- Added documentation comments on `Verify()` and `buildSignatureData()` explicitly specifying that signatures are exact-match only — no suffix, wildcard, or partial matching

### `internal/imgcache/signature_test.go`
- **`TestSigner_Verify_ExactMatchOnly`**: 14 tamper cases verifying that modifying any signed component (host, path, query, dimensions, format) causes verification to fail. Host-specific cases include:
  - Parent domain (`example.com`) does not match subdomain signature (`cdn.example.com`)
  - Sibling subdomain (`images.example.com`) does not match
  - Deeper subdomain (`images.cdn.example.com`) does not match
  - Evil suffix domain (`cdn.example.com.evil.com`) does not match
  - Prefixed host (`evilcdn.example.com`) does not match
- **`TestSigner_Sign_ExactHostInData`**: Verifies that suffix-related hosts (`cdn.example.com`, `example.com`, `images.example.com`, etc.) all produce distinct signatures

### `internal/imgcache/service_test.go`
- **`TestService_ValidateRequest_SignatureExactHostMatch`**: Integration test through `ValidateRequest` verifying that a valid signature for `cdn.example.com` is rejected when presented with a different host (parent domain, sibling subdomain, deeper subdomain, evil suffix, prefixed host)

### `README.md`
- Updated Signature Specification section to explicitly document exact-match-only semantics

Co-authored-by: user <user@Mac.lan guest wan>
Reviewed-on: #40
Co-authored-by: clawbot <clawbot@noreply.example.org>
Co-committed-by: clawbot <clawbot@noreply.example.org>
 2026-03-20 23:56:45 +01:00
7 changed files with 319 additions and 174 deletions
Expand all files Collapse all files

5
README.md
View File

@@ -67,7 +67,10 @@ hosts require an HMAC-SHA256 signature.
#### Signature Specification #### Signature Specification
Signatures use HMAC-SHA256 and include an expiration timestamp to Signatures use HMAC-SHA256 and include an expiration timestamp to
prevent replay attacks. prevent replay attacks. Signatures are **exact match only**: every
component (host, path, query, dimensions, format, expiration) must
match exactly what was signed. No suffix matching, wildcard matching,
or partial matching is supported.
**Signed data format** (colon-separated): **Signed data format** (colon-separated):

71
internal/database/database.go
View File

@@ -9,7 +9,6 @@ import (
"log/slog" "log/slog"
"path/filepath" "path/filepath"
"sort" "sort"
"strconv"
"strings" "strings"
"go.uber.org/fx" "go.uber.org/fx"
@@ -22,10 +21,6 @@ import (
//go:embed schema/*.sql //go:embed schema/*.sql
var schemaFS embed.FS var schemaFS embed.FS
// bootstrapVersion is the migration that creates the schema_migrations
// table itself. It is applied before the normal migration loop.
const bootstrapVersion = 0
// Params defines dependencies for Database. // Params defines dependencies for Database.
type Params struct { type Params struct {
fx.In fx.In
@@ -43,40 +38,35 @@ type Database struct {
// ParseMigrationVersion extracts the numeric version prefix from a migration // ParseMigrationVersion extracts the numeric version prefix from a migration
// filename. Filenames must follow the pattern "<version>.sql" or // filename. Filenames must follow the pattern "<version>.sql" or
// "<version>_<description>.sql", where version is a zero-padded numeric // "<version>_<description>.sql", where version is a zero-padded numeric
// string (e.g. "001", "002"). Returns the version as an integer and an // string (e.g. "001", "002"). Returns the version string and an error if
// error if the filename does not match the expected pattern. // the filename does not match the expected pattern.
func ParseMigrationVersion(filename string) (int, error) { func ParseMigrationVersion(filename string) (string, error) {
name := strings.TrimSuffix(filename, filepath.Ext(filename)) name := strings.TrimSuffix(filename, filepath.Ext(filename))
if name == "" { if name == "" {
return 0, fmt.Errorf("invalid migration filename %q: empty name", filename) return "", fmt.Errorf("invalid migration filename %q: empty name", filename)
} }
// Split on underscore to separate version from description. // Split on underscore to separate version from description.
// If there's no underscore, the entire stem is the version. // If there's no underscore, the entire stem is the version.
versionStr := name version := name
if idx := strings.IndexByte(name, '_'); idx >= 0 { if idx := strings.IndexByte(name, '_'); idx >= 0 {
versionStr = name[:idx] version = name[:idx]
} }
if versionStr == "" { if version == "" {
return 0, fmt.Errorf("invalid migration filename %q: empty version prefix", filename) return "", fmt.Errorf("invalid migration filename %q: empty version prefix", filename)
} }
// Validate the version is purely numeric. // Validate the version is purely numeric.
for _, ch := range versionStr { for _, ch := range version {
if ch < '0' || ch > '9' { if ch < '0' || ch > '9' {
return 0, fmt.Errorf( return "", fmt.Errorf(
"invalid migration filename %q: version %q contains non-numeric character %q", "invalid migration filename %q: version %q contains non-numeric character %q",
filename, versionStr, string(ch), filename, version, string(ch),
) )
} }
} }
version, err := strconv.Atoi(versionStr)
if err != nil {
return 0, fmt.Errorf("invalid migration filename %q: %w", filename, err)
}
return version, nil return version, nil
} }
@@ -153,34 +143,17 @@ func collectMigrations() ([]string, error) {
return migrations, nil return migrations, nil
} }
// bootstrapMigrationsTable ensures the schema_migrations table exists // ensureMigrationsTable creates the schema_migrations tracking table if
// by applying 000.sql if the table is missing. // it does not already exist.
func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger) error { func ensureMigrationsTable(ctx context.Context, db *sql.DB) error {
var tableExists int _, err := db.ExecContext(ctx, `
CREATE TABLE IF NOT EXISTS schema_migrations (
err := db.QueryRowContext(ctx, version TEXT PRIMARY KEY,
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'", applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
).Scan(&tableExists) )
`)
if err != nil { if err != nil {
return fmt.Errorf("failed to check for migrations table: %w", err) return fmt.Errorf("failed to create migrations table: %w", err)
}
if tableExists > 0 {
return nil
}
content, err := schemaFS.ReadFile("schema/000.sql")
if err != nil {
return fmt.Errorf("failed to read bootstrap migration 000.sql: %w", err)
}
if log != nil {
log.Info("applying bootstrap migration", "version", bootstrapVersion)
}
_, err = db.ExecContext(ctx, string(content))
if err != nil {
return fmt.Errorf("failed to apply bootstrap migration: %w", err)
} }
return nil return nil
@@ -191,7 +164,7 @@ func bootstrapMigrationsTable(ctx context.Context, db *sql.DB, log *slog.Logger)
// This is exported so tests can apply the real schema without the full fx // This is exported so tests can apply the real schema without the full fx
// lifecycle. // lifecycle.
func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error { func ApplyMigrations(ctx context.Context, db *sql.DB, log *slog.Logger) error {
if err := bootstrapMigrationsTable(ctx, db, log); err != nil { if err := ensureMigrationsTable(ctx, db); err != nil {
return err return err
} }

161
internal/database/database_test.go
View File

@@ -8,51 +8,37 @@ import (
_ "modernc.org/sqlite" // SQLite driver registration _ "modernc.org/sqlite" // SQLite driver registration
) )
// openTestDB returns a fresh in-memory SQLite database.
func openTestDB(t *testing.T) *sql.DB {
t.Helper()
db, err := sql.Open("sqlite", ":memory:")
if err != nil {
t.Fatalf("failed to open test db: %v", err)
}
t.Cleanup(func() { db.Close() })
return db
}
func TestParseMigrationVersion(t *testing.T) { func TestParseMigrationVersion(t *testing.T) {
tests := []struct { tests := []struct {
name string name string
filename string filename string
want int want string
wantErr bool wantErr bool
}{ }{
{ {
name: "version only", name: "version only",
filename: "001.sql", filename: "001.sql",
want: 1, want: "001",
}, },
{ {
name: "version with description", name: "version with description",
filename: "001_initial_schema.sql", filename: "001_initial_schema.sql",
want: 1, want: "001",
}, },
{ {
name: "multi-digit version", name: "multi-digit version",
filename: "042_add_indexes.sql", filename: "042_add_indexes.sql",
want: 42, want: "042",
}, },
{ {
name: "long version number", name: "long version number",
filename: "00001_long_prefix.sql", filename: "00001_long_prefix.sql",
want: 1, want: "00001",
}, },
{ {
name: "description with multiple underscores", name: "description with multiple underscores",
filename: "003_add_user_auth_tables.sql", filename: "003_add_user_auth_tables.sql",
want: 3, want: "003",
}, },
{ {
name: "empty filename", name: "empty filename",
@@ -81,7 +67,7 @@ func TestParseMigrationVersion(t *testing.T) {
got, err := ParseMigrationVersion(tt.filename) got, err := ParseMigrationVersion(tt.filename)
if tt.wantErr { if tt.wantErr {
if err == nil { if err == nil {
t.Errorf("ParseMigrationVersion(%q) expected error, got %d", tt.filename, got) t.Errorf("ParseMigrationVersion(%q) expected error, got %q", tt.filename, got)
} }
return return
@@ -94,131 +80,76 @@ func TestParseMigrationVersion(t *testing.T) {
} }
if got != tt.want { if got != tt.want {
t.Errorf("ParseMigrationVersion(%q) = %d, want %d", tt.filename, got, tt.want) t.Errorf("ParseMigrationVersion(%q) = %q, want %q", tt.filename, got, tt.want)
} }
}) })
} }
} }
func TestApplyMigrations_CreatesSchemaAndTables(t *testing.T) { func TestApplyMigrations(t *testing.T) {
db := openTestDB(t) db, err := sql.Open("sqlite", ":memory:")
ctx := context.Background() if err != nil {
t.Fatalf("failed to open in-memory database: %v", err)
}
defer db.Close()
if err := ApplyMigrations(ctx, db, nil); err != nil { // Apply migrations should succeed.
if err := ApplyMigrations(context.Background(), db, nil); err != nil {
t.Fatalf("ApplyMigrations failed: %v", err) t.Fatalf("ApplyMigrations failed: %v", err)
} }
// The schema_migrations table must exist and contain at least // Verify the schema_migrations table recorded the version.
// version 0 (the bootstrap) and 1 (the initial schema). var version string
rows, err := db.Query("SELECT version FROM schema_migrations ORDER BY version")
err = db.QueryRowContext(context.Background(),
"SELECT version FROM schema_migrations LIMIT 1",
).Scan(&version)
if err != nil { if err != nil {
t.Fatalf("failed to query schema_migrations: %v", err) t.Fatalf("failed to query schema_migrations: %v", err)
} }
defer rows.Close()
var versions []int if version != "001" {
for rows.Next() { t.Errorf("expected version %q, got %q", "001", version)
var v int
if err := rows.Scan(&v); err != nil {
t.Fatalf("failed to scan version: %v", err)
}
versions = append(versions, v)
} }
if err := rows.Err(); err != nil { // Verify a table from the migration exists (source_content).
t.Fatalf("row iteration error: %v", err) var tableName string
}
if len(versions) < 2 { err = db.QueryRowContext(context.Background(),
t.Fatalf("expected at least 2 migrations recorded, got %d: %v", len(versions), versions) "SELECT name FROM sqlite_master WHERE type='table' AND name='source_content'",
} ).Scan(&tableName)
if err != nil {
if versions[0] != 0 { t.Fatalf("expected source_content table to exist: %v", err)
t.Errorf("first recorded migration = %d, want %d", versions[0], 0)
}
if versions[1] != 1 {
t.Errorf("second recorded migration = %d, want %d", versions[1], 1)
}
// Verify that the application tables created by 001.sql exist.
for _, table := range []string{"source_content", "source_metadata", "output_content", "request_cache", "negative_cache", "cache_stats"} {
var count int
err := db.QueryRow(
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name=?",
table,
).Scan(&count)
if err != nil {
t.Fatalf("failed to check for table %s: %v", table, err)
}
if count != 1 {
t.Errorf("table %s does not exist after migrations", table)
}
} }
} }
func TestApplyMigrations_Idempotent(t *testing.T) { func TestApplyMigrationsIdempotent(t *testing.T) {
db := openTestDB(t) db, err := sql.Open("sqlite", ":memory:")
ctx := context.Background() if err != nil {
t.Fatalf("failed to open in-memory database: %v", err)
}
defer db.Close()
if err := ApplyMigrations(ctx, db, nil); err != nil { // Apply twice should succeed (idempotent).
if err := ApplyMigrations(context.Background(), db, nil); err != nil {
t.Fatalf("first ApplyMigrations failed: %v", err) t.Fatalf("first ApplyMigrations failed: %v", err)
} }
// Running a second time must succeed without errors. if err := ApplyMigrations(context.Background(), db, nil); err != nil {
if err := ApplyMigrations(ctx, db, nil); err != nil {
t.Fatalf("second ApplyMigrations failed: %v", err) t.Fatalf("second ApplyMigrations failed: %v", err)
} }
// Verify no duplicate rows in schema_migrations. // Should still have exactly one migration recorded.
var count int var count int
err := db.QueryRow("SELECT COUNT(*) FROM schema_migrations WHERE version = 0").Scan(&count) err = db.QueryRowContext(context.Background(),
"SELECT COUNT(*) FROM schema_migrations",
).Scan(&count)
if err != nil { if err != nil {
t.Fatalf("failed to count version 0 rows: %v", err) t.Fatalf("failed to count schema_migrations: %v", err)
} }
if count != 1 { if count != 1 {
t.Errorf("expected exactly 1 row for version 0, got %d", count) t.Errorf("expected 1 migration record, got %d", count)
}
}
func TestBootstrapMigrationsTable_FreshDatabase(t *testing.T) {
db := openTestDB(t)
ctx := context.Background()
if err := bootstrapMigrationsTable(ctx, db, nil); err != nil {
t.Fatalf("bootstrapMigrationsTable failed: %v", err)
}
// schema_migrations table must exist.
var tableCount int
err := db.QueryRow(
"SELECT COUNT(*) FROM sqlite_master WHERE type='table' AND name='schema_migrations'",
).Scan(&tableCount)
if err != nil {
t.Fatalf("failed to check for table: %v", err)
}
if tableCount != 1 {
t.Fatalf("schema_migrations table not created")
}
// Version 0 must be recorded.
var recorded int
err = db.QueryRow(
"SELECT COUNT(*) FROM schema_migrations WHERE version = 0",
).Scan(&recorded)
if err != nil {
t.Fatalf("failed to check version: %v", err)
}
if recorded != 1 {
t.Errorf("expected version 0 to be recorded, got count %d", recorded)
} }
} }

9
internal/database/schema/000.sql
View File

@@ -1,9 +0,0 @@
-- Migration 000: Schema migrations tracking table
-- Applied as a bootstrap step before the normal migration loop.
CREATE TABLE IF NOT EXISTS schema_migrations (
version INTEGER PRIMARY KEY,
applied_at DATETIME DEFAULT CURRENT_TIMESTAMP
);
INSERT OR IGNORE INTO schema_migrations (version) VALUES (0);

68
internal/imgcache/service_test.go
View File

@@ -151,6 +151,74 @@ func TestService_Get_NonWhitelistedHost_InvalidSignature(t *testing.T) {
} }
} }
// TestService_ValidateRequest_SignatureExactHostMatch verifies that
// ValidateRequest enforces exact host matching for signatures. A
// signature for one host must not verify for a different host, even
// if they share a domain suffix.
func TestService_ValidateRequest_SignatureExactHostMatch(t *testing.T) {
signingKey := "test-signing-key-must-be-32-chars"
svc, _ := SetupTestService(t,
WithSigningKey(signingKey),
WithNoWhitelist(),
)
signer := NewSigner(signingKey)
// Sign a request for "cdn.example.com"
signedReq := &ImageRequest{
SourceHost: "cdn.example.com",
SourcePath: "/photos/cat.jpg",
Size: Size{Width: 50, Height: 50},
Format: FormatJPEG,
Quality: 85,
FitMode: FitCover,
Expires: time.Now().Add(time.Hour),
}
signedReq.Signature = signer.Sign(signedReq)
// The original request should pass validation
t.Run("exact host passes", func(t *testing.T) {
err := svc.ValidateRequest(signedReq)
if err != nil {
t.Errorf("ValidateRequest() exact host failed: %v", err)
}
})
// Try to reuse the signature with different hosts
tests := []struct {
name string
host string
}{
{"parent domain", "example.com"},
{"sibling subdomain", "images.example.com"},
{"deeper subdomain", "a.cdn.example.com"},
{"evil suffix domain", "cdn.example.com.evil.com"},
{"prefixed host", "evilcdn.example.com"},
}
for _, tt := range tests {
t.Run(tt.name+" rejected", func(t *testing.T) {
req := &ImageRequest{
SourceHost: tt.host,
SourcePath: signedReq.SourcePath,
SourceQuery: signedReq.SourceQuery,
Size: signedReq.Size,
Format: signedReq.Format,
Quality: signedReq.Quality,
FitMode: signedReq.FitMode,
Expires: signedReq.Expires,
Signature: signedReq.Signature,
}
err := svc.ValidateRequest(req)
if err == nil {
t.Errorf("ValidateRequest() should reject signature for host %q (signed for %q)",
tt.host, signedReq.SourceHost)
}
})
}
}
func TestService_Get_InvalidFile(t *testing.T) { func TestService_Get_InvalidFile(t *testing.T) {
svc, fixtures := SetupTestService(t) svc, fixtures := SetupTestService(t)
ctx := context.Background() ctx := context.Background()

7
internal/imgcache/signature.go
View File

@@ -43,6 +43,11 @@ func (s *Signer) Sign(req *ImageRequest) string {
} }
// Verify checks if the signature on the request is valid and not expired. // Verify checks if the signature on the request is valid and not expired.
// Signatures are exact-match only: every component of the signed data
// (host, path, query, dimensions, format, expiration) must match exactly.
// No suffix matching, wildcard matching, or partial matching is supported.
// A signature for "cdn.example.com" will NOT verify for "example.com" or
// "other.cdn.example.com", and vice versa.
func (s *Signer) Verify(req *ImageRequest) error { func (s *Signer) Verify(req *ImageRequest) error {
// Check expiration first // Check expiration first
if req.Expires.IsZero() { if req.Expires.IsZero() {
@@ -66,6 +71,8 @@ func (s *Signer) Verify(req *ImageRequest) error {
// buildSignatureData creates the string to be signed. // buildSignatureData creates the string to be signed.
// Format: "host:path:query:width:height:format:expiration" // Format: "host:path:query:width:height:format:expiration"
// All components are used verbatim (exact match). No normalization,
// suffix matching, or wildcard expansion is performed.
func (s *Signer) buildSignatureData(req *ImageRequest) string { func (s *Signer) buildSignatureData(req *ImageRequest) string {
return fmt.Sprintf("%s:%s:%s:%d:%d:%s:%d", return fmt.Sprintf("%s:%s:%s:%d:%d:%s:%d",
req.SourceHost, req.SourceHost,

172
internal/imgcache/signature_test.go
View File

@@ -152,6 +152,178 @@ func TestSigner_Verify(t *testing.T) {
} }
} }
// TestSigner_Verify_ExactMatchOnly verifies that signatures enforce exact
// matching on every URL component. No suffix matching, wildcard matching,
// or partial matching is supported.
func TestSigner_Verify_ExactMatchOnly(t *testing.T) {
signer := NewSigner("test-secret-key")
// Base request that we'll sign, then tamper with individual fields.
baseReq := func() *ImageRequest {
req := &ImageRequest{
SourceHost: "cdn.example.com",
SourcePath: "/photos/cat.jpg",
SourceQuery: "token=abc",
Size: Size{Width: 800, Height: 600},
Format: FormatWebP,
Expires: time.Now().Add(1 * time.Hour),
}
req.Signature = signer.Sign(req)
return req
}
tests := []struct {
name string
tamper func(req *ImageRequest)
}{
{
name: "parent domain does not match subdomain",
tamper: func(req *ImageRequest) {
// Signed for cdn.example.com, try example.com
req.SourceHost = "example.com"
},
},
{
name: "subdomain does not match parent domain",
tamper: func(req *ImageRequest) {
// Signed for cdn.example.com, try images.cdn.example.com
req.SourceHost = "images.cdn.example.com"
},
},
{
name: "sibling subdomain does not match",
tamper: func(req *ImageRequest) {
// Signed for cdn.example.com, try images.example.com
req.SourceHost = "images.example.com"
},
},
{
name: "host with suffix appended does not match",
tamper: func(req *ImageRequest) {
// Signed for cdn.example.com, try cdn.example.com.evil.com
req.SourceHost = "cdn.example.com.evil.com"
},
},
{
name: "host with prefix does not match",
tamper: func(req *ImageRequest) {
// Signed for cdn.example.com, try evilcdn.example.com
req.SourceHost = "evilcdn.example.com"
},
},
{
name: "different path does not match",
tamper: func(req *ImageRequest) {
req.SourcePath = "/photos/dog.jpg"
},
},
{
name: "path suffix does not match",
tamper: func(req *ImageRequest) {
req.SourcePath = "/photos/cat.jpg/extra"
},
},
{
name: "path prefix does not match",
tamper: func(req *ImageRequest) {
req.SourcePath = "/other/photos/cat.jpg"
},
},
{
name: "different query does not match",
tamper: func(req *ImageRequest) {
req.SourceQuery = "token=xyz"
},
},
{
name: "added query does not match empty query",
tamper: func(req *ImageRequest) {
req.SourceQuery = "extra=1"
},
},
{
name: "removed query does not match",
tamper: func(req *ImageRequest) {
req.SourceQuery = ""
},
},
{
name: "different width does not match",
tamper: func(req *ImageRequest) {
req.Size.Width = 801
},
},
{
name: "different height does not match",
tamper: func(req *ImageRequest) {
req.Size.Height = 601
},
},
{
name: "different format does not match",
tamper: func(req *ImageRequest) {
req.Format = FormatPNG
},
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
req := baseReq()
tt.tamper(req)
err := signer.Verify(req)
if err != ErrSignatureInvalid {
t.Errorf("Verify() = %v, want %v", err, ErrSignatureInvalid)
}
})
}
// Verify the unmodified base request still passes
t.Run("unmodified request passes", func(t *testing.T) {
req := baseReq()
if err := signer.Verify(req); err != nil {
t.Errorf("Verify() unmodified request failed: %v", err)
}
})
}
// TestSigner_Sign_ExactHostInData verifies that Sign uses the exact host
// string in the signature data, producing different signatures for
// suffix-related hosts.
func TestSigner_Sign_ExactHostInData(t *testing.T) {
signer := NewSigner("test-secret-key")
hosts := []string{
"cdn.example.com",
"example.com",
"images.example.com",
"images.cdn.example.com",
"cdn.example.com.evil.com",
}
sigs := make(map[string]string)
for _, host := range hosts {
req := &ImageRequest{
SourceHost: host,
SourcePath: "/photos/cat.jpg",
SourceQuery: "",
Size: Size{Width: 800, Height: 600},
Format: FormatWebP,
Expires: time.Unix(1704067200, 0),
}
sig := signer.Sign(req)
if existing, ok := sigs[sig]; ok {
t.Errorf("hosts %q and %q produced the same signature", existing, host)
}
sigs[sig] = host
}
}
func TestSigner_DifferentKeys(t *testing.T) { func TestSigner_DifferentKeys(t *testing.T) {
signer1 := NewSigner("secret-key-1") signer1 := NewSigner("secret-key-1")
signer2 := NewSigner("secret-key-2") signer2 := NewSigner("secret-key-2")