// SignedURL creates a signed URL using the given ConnectionData, where route
// is the url path relative to the BaseURL stored in the ConnectionData, query
// is the set of query string parameters, if any, and duration is the amount of
// time that the signed URL should remain valid for.
func (connectionData *ConnectionData) SignedURL(route string, query url.Values, duration time.Duration) (u *url.URL, err error) {
u, err = setURL(connectionData, route, query)
if err != nil {
return
}
credentials := &hawk.Credentials{
ID: connectionData.Credentials.ClientID,
Key: connectionData.Credentials.AccessToken,
Hash: sha256.New,
}
reqAuth, err := hawk.NewURLAuth(u.String(), credentials, duration)
if err != nil {
return
}
reqAuth.Ext, err = getExtHeader(connectionData.Credentials)
if err != nil {
return
}
bewitSignature := reqAuth.Bewit()
if query == nil {
query = url.Values{}
}
query.Set("bewit", bewitSignature)
u.RawQuery = query.Encode()
return
}
func Bewit(clientId string, accessToken string, uri string) (string, error) {
credentials := &hawk.Credentials{
ID: clientId,
Key: accessToken,
Hash: sha256.New,
}
auth, err := hawk.NewURLAuth(uri, credentials, BEWIT_EXPIRES)
if err != nil {
return "", err
}
bewit := auth.Bewit()
return fmt.Sprintf("%s?bewit=%s", uri, bewit), nil
}