From 8454f127f34b668c60fa107fa3d67b52d0fc51e2 Mon Sep 17 00:00:00 2001 From: sebdroid Date: Fri, 12 Jun 2026 14:14:10 +0100 Subject: [PATCH] docs: polish godoc for the module docs and pkg.go.dev --- cookiecrypt.go | 10 ++++++---- errors.go | 6 +++++- 2 files changed, 11 insertions(+), 5 deletions(-) diff --git a/cookiecrypt.go b/cookiecrypt.go index 971ce26..1c62e08 100644 --- a/cookiecrypt.go +++ b/cookiecrypt.go @@ -1,3 +1,5 @@ +// Package cookiecrypt provides Caddy HTTP middleware that encrypts cookies +// in transit. package cookiecrypt import ( @@ -24,13 +26,13 @@ type Cookiecrypt struct { // Prefix marks encrypted cookie names (default "cc_" when omitted) and is // a reserved namespace. Explicitly empty enables no-prefix mode: every // inbound cookie is presumed ciphertext, and bare cookies are dropped - // unless they match AllowInbound or AllowOutbound. + // unless they match allow_inbound or allow_outbound. Prefix *string `json:"prefix,omitempty"` // BlockUnencrypted drops bare (unencrypted) client cookies unless their - // name matches AllowInbound. + // name matches allow_inbound. BlockUnencrypted bool `json:"block_unencrypted,omitempty"` - // AllowInbound exempts bare client cookies from BlockUnencrypted - // (path.Match globs, "!" negates). Names matching AllowOutbound are + // AllowInbound exempts bare client cookies from block_unencrypted + // (path.Match globs, "!" negates). Names matching allow_outbound are // accepted automatically. AllowInbound []string `json:"allow_inbound,omitempty"` // AllowOutbound cookies are passed through verbatim on responses instead diff --git a/errors.go b/errors.go index 8ce055f..3dd1839 100644 --- a/errors.go +++ b/errors.go @@ -3,6 +3,10 @@ package cookiecrypt import "errors" var ( - ErrInvalidKey = errors.New("invalid key") + // ErrInvalidKey reports a configured key that is not 64 hex characters + // decoding to 32 bytes. + ErrInvalidKey = errors.New("invalid key") + // ErrInvalidCiphertext reports a cookie value that could not be + // authenticated and decrypted with any configured key. ErrInvalidCiphertext = errors.New("invalid ciphertext") )