Func: Make time validation always and finish documentation

Juanadelacuesta · Juanadelacuesta · commit add499ed44a7 · 2019-01-22T10:55:21.000+01:00
diff --git a/signature/signature.go b/signature/signature.go
@@ -1,5 +1,27 @@
 package signature
 
+/*
+Package signature implements signature verification for MessageBird webhooks.
+
+To use define a new validator using your MessageBird Signing key.  You can use the
+ValidRequest method, just pass the request as a parameter:
+
+    validator := signature.NewValidator("your signing key")
+    if err := validator.ValidRequest(r); err != nil {
+        // handle error
+    }
+
+Or use the handler as a middleware for your server:
+
+	http.Handle("/path", validator.Validate(YourHandler))
+
+It will reject the requests that contain invalid signatures.
+The validator uses a 5ms seconds window to accept requests as valid, to change
+this value, set the ValidityWindow to the disired duration.
+Take into account that the validity window works around the current time:
+	[now - ValidityWindow/2, now + ValidityWindow/2]
+*/
+
 import (
 	"bytes"
 	"crypto/hmac"
@@ -18,10 +40,10 @@ const (
 	sHeader  = "MessageBird-Signature"
 )
 
-// Window of acceptance for a request, if the time stamp is within this time, it will evaluated as valid
+// ValidityWindow defines the time window in which to validate a request.
 var ValidityWindow = 5 * time.Second
 
-// StringToTime converts from Unicod Epoch enconded timestamps to time.Time Go objects
+// StringToTime converts from Unicod Epoch enconded timestamps to time.Time Go objects.
 func stringToTime(s string) (time.Time, error) {
 	sec, err := strconv.ParseInt(s, 10, 64)
 	if err != nil {
@@ -31,7 +53,7 @@ func stringToTime(s string) (time.Time, error) {
 }
 
 // HMACSHA256 generates HMACS enconded hashes using the provided Key and SHA256
-// encoding for the message
+// encoding for the message.
 func hMACSHA256(message, key []byte) ([]byte, error) {
 	mac := hmac.New(sha256.New, []byte(key))
 	if _, err := mac.Write(message); err != nil {
@@ -40,17 +62,15 @@ func hMACSHA256(message, key []byte) ([]byte, error) {
 	return mac.Sum(nil), nil
 }
 
-// Validator type represents a MessageBird signature validator
+// Validator type represents a MessageBird signature validator.
 type Validator struct {
-	SigningKey string         // Signing Key provided by MessageBird
-	Period     *time.Duration // Period for a message to be accepted as real, set no nil to bypass the time validator
-} // Five seconds by default
+	SigningKey string // Signing Key provided by MessageBird.
+}
 
-// NewValidator returns a signature validator object
+// NewValidator returns a signature validator object.
 func NewValidator(signingKey string) *Validator {
 	return &Validator{
 		SigningKey: signingKey,
-		Period:     &ValidityWindow,
 	}
 }
 
@@ -61,12 +81,8 @@ func (v *Validator) validTimestamp(ts string) bool {
 	if err != nil {
 		return false
 	}
-	if v.Period == nil {
-		return true
-	}
-
-	diff := time.Now().Add(*v.Period / 2).Sub(t)
-	return diff < *v.Period && diff > 0
+	diff := time.Now().Add(ValidityWindow / 2).Sub(t)
+	return diff < ValidityWindow && diff > 0
 }
 
 // calculateSignature calculates the MessageBird-Signature using HMAC_SHA_256
@@ -100,7 +116,7 @@ func (v *Validator) validSignature(ts, rqp string, b []byte, rs string) bool {
 }
 
 // ValidRequest is a method that takes care of the signature validation of
-// incoming requests
+// incoming requests.
 // To use just pass the request:
 // signature.Validate(request)
 func (v *Validator) ValidRequest(r *http.Request) error {
diff --git a/signature/signature_test.go b/signature/signature_test.go
@@ -75,7 +75,6 @@ func TestCalculateSignature(t *testing.T) {
 	}
 	for _, tt := range cases {
 		v := NewValidator(tt.sKey)
-		v.Period = nil
 		s, err := v.calculateSignature(tt.ts, tt.qp, []byte(tt.b))
 		if err != nil {
 			t.Errorf("Error calculating signature: %s, expected: %s", s, tt.es)
@@ -88,56 +87,42 @@ func TestCalculateSignature(t *testing.T) {
 	}
 }
 func TestValidTimestamp(t *testing.T) {
-	var p time.Duration = time.Second * 2
 	now := time.Now()
 	nowts := fmt.Sprintf("%d", now.Unix())
 	var cases = []struct {
 		name string
 		ts   string
-		p    *time.Duration
 		e    bool
 	}{
 		{
 			name: "Succesful",
 			ts:   nowts,
-			p:    nil,
 			e:    true,
 		},
 		{
 			name: "Empty time stamp",
 			ts:   "",
-			p:    nil,
 			e:    false,
 		},
 		{
 			name: "Invalid time stamp",
 			ts:   "wrongTs",
-			p:    nil,
 			e:    false,
 		},
-		{
-			name: "Succesful with time check",
-			ts:   nowts,
-			p:    &p,
-			e:    true,
-		},
 		{
 			name: "Time stamp 24 hours in the futute",
 			ts:   fmt.Sprintf("%d", now.AddDate(0, 0, 1).Unix()),
-			p:    &p,
 			e:    false,
 		},
 		{
 			name: "Time stamp 24 hours in the past",
 			ts:   fmt.Sprintf("%d", now.AddDate(0, 0, -1).Unix()),
-			p:    &p,
 			e:    false,
 		},
 	}
 
 	for _, tt := range cases {
 		v := NewValidator(testKey)
-		v.Period = tt.p
 		r := v.validTimestamp(tt.ts)
 		if r != tt.e {
 			t.Errorf("Unexpected error validating ts: %s, test case: %s", tt.ts, tt.name)
@@ -182,7 +167,7 @@ func TestValidSignature(t *testing.T) {
 
 	for _, tt := range cases {
 		v := NewValidator(testKey)
-		v.Period = nil
+		ValidityWindow = time.Hour * 100000
 		r := v.validSignature(tt.ts, tt.qp, []byte(tt.b), tt.s)
 		if r != tt.e {
 			t.Errorf("Unexpected error validating signature: %s, test case: %s", tt.s, tt.name)
@@ -257,7 +242,8 @@ func TestValidate(t *testing.T) {
 
 	for _, tt := range cases {
 		v := NewValidator(tt.k)
-		v.Period = nil
+		testTime, _ := stringToTime(testTs)
+		ValidityWindow = time.Now().Add(time.Second*1).Sub(testTime) * 2
 		ts := httptest.NewServer(v.Validate(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 			w.WriteHeader(http.StatusOK)
 		})))
