MCPcopy
hub / github.com/tinode/chat / checkAPIKey

Function checkAPIKey

server/api_key.go:46–74  ·  view source on GitHub ↗

Client signature validation key: client's secret key Returns application id, key type.

(apikey string)

Source from the content-addressed store, hash-verified

44//
45// Returns application id, key type.
46func checkAPIKey(apikey string) (isValid, isRoot bool) {
47 if declen := base64.URLEncoding.DecodedLen(len(apikey)); declen != apikeyLength {
48 return
49 }
50
51 data, err := base64.URLEncoding.DecodeString(apikey)
52 if err != nil {
53 logs.Warn.Println("failed to decode.base64 appid ", err)
54 return
55 }
56 if data[0] != 1 {
57 logs.Warn.Println("unknown appid signature algorithm ", data[0])
58 return
59 }
60
61 hasher := hmac.New(md5.New, globals.apiKeySalt)
62 hasher.Write(data[:apikeyVersion+apikeyAppID+apikeySequence+apikeyWho])
63 check := hasher.Sum(nil)
64 if !bytes.Equal(data[apikeyVersion+apikeyAppID+apikeySequence+apikeyWho:], check) {
65 logs.Warn.Println("invalid apikey signature")
66 return
67 }
68
69 isRoot = (data[apikeyVersion+apikeyAppID+apikeySequence] == 1)
70
71 isValid = true
72
73 return
74}

Callers 4

serveWebSocketFunction · 0.85
serveLongPollFunction · 0.85
largeFileServeHTTPFunction · 0.85
largeFileReceiveHTTPFunction · 0.85

Calls 2

PrintlnMethod · 0.80
WriteMethod · 0.80

Tested by

no test coverage detected

Used in the wild real call sites across dependent graphs

searching dependent graphs…