add support for multiple signature keys (#209)

2026-04-25 04:46:24 +02:00 · 2020-02-01 22:03:59 -03:00 · 2020-02-01 22:03:59 -03:00 · ef09c1ba31
commit ef09c1ba31
parent 3bdd0fe8ed
3 changed files with 44 additions and 21 deletions
--- a/imageproxy_test.go
+++ b/imageproxy_test.go
@ -116,7 +116,13 @@ func TestCopyHeader(t *testing.T) {

 func TestAllowed(t *testing.T) {
 	allowHosts := []string{"good"}
-	key := []byte("c0ffee")
+	key := [][]byte{
+		[]byte("c0ffee"),
+	}
+	multipleKey := [][]byte{
+		[]byte("c0ffee"),
+		[]byte("beer"),
+	}

 	genRequest := func(headers map[string]string) *http.Request {
 		req := &http.Request{Header: make(http.Header)}
@ -132,7 +138,7 @@ func TestAllowed(t *testing.T) {
 		allowHosts []string
 		denyHosts  []string
 		referrers  []string
-		key        []byte
+		keys       [][]byte
 		request    *http.Request
 		allowed    bool
 	}{
@ -151,7 +157,10 @@ func TestAllowed(t *testing.T) {

 		// signature key
 		{"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, key, nil, true},
+		{"http://test/image", Options{Signature: "NDx5zZHx7QfE8E-ijowRreq6CJJBZjwiRfOVk_mkfQQ="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "c0ffee"
+		{"http://test/image", Options{Signature: "FWIawYV4SEyI4zKJMeGugM-eJM1eI_jXPEQ20ZgRe4A="}, nil, nil, nil, multipleKey, nil, true}, // signed with key "beer"
 		{"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, key, nil, false},
+		{"http://test/image", Options{Signature: "deadbeef"}, nil, nil, nil, multipleKey, nil, false},
 		{"http://test/image", emptyOptions, nil, nil, nil, key, nil, false},

 		// allowHosts and signature
@ -169,7 +178,7 @@ func TestAllowed(t *testing.T) {
 		p := NewProxy(nil, nil)
 		p.AllowHosts = tt.allowHosts
 		p.DenyHosts = tt.denyHosts
-		p.SignatureKey = tt.key
+		p.SignatureKeys = tt.keys
 		p.Referrers = tt.referrers

 		u, err := url.Parse(tt.url)