@cooper667/sns-validator
Advanced tools
A standalone validator for inbound SNS HTTP messages. No dependency on the AWS SDK for JavaScript.
The Amazon SNS Message Validator for Node.js library allows you to validate that incoming HTTP(S) POST messages are valid Amazon SNS notifications. This library is standalone and does not depend on the AWS SDK for JavaScript.
The npm module's name is sns-validator. Install with npm or yarn:
npm i sns-validator
or
yarn add sns-validator
To validate a message, you can instantiate a MessageValidator object and pass
an SNS message and a callback to its validate method. The message should be
the result of calling JSON.parse on the body of the HTTP(S) message sent by
SNS to your endpoint. The callback should take two arguments, the first being
an error and the second being the successfully validated SNS message.
The message validator checks the SigningCertURL, SignatureVersion, and
Signature to make sure they are valid and consistent with the message data.
const MessageValidator = require('sns-validator'),
validator = new MessageValidator();
validator.validate(message).then(message => {
// message has been validated and its signature checked.
}).catch(err => {
// Your message could not be validated.
});
The SNS Message Validator relies on the Node crypto module and is only designed to work on a server, not in a browser. The validation performed is only necessary when subscribing HTTP(S)
Amazon Simple Notification Service (Amazon SNS) is a fast, fully-managed, push messaging service. Amazon SNS can deliver messages to email, mobile devices (i.e., SMS; iOS, Android and FireOS push notifications), Amazon SQS queues,and — of course — HTTP/HTTPS endpoints.
With Amazon SNS, you can setup topics to publish custom messages to subscribed endpoints. However, SNS messages are used by many of the other AWS services to communicate information asynchronously about your AWS resources. Some examples include:
Though you can certainly subscribe your email address to receive SNS messages from service events like these, your inbox would fill up rather quickly. There is great power, however, in being able to subscribe an HTTP/HTTPS endpoint to receive the messages. This allows you to program webhooks for your applications to easily respond to various events.
In order to handle a SubscriptionConfirmation message, you must use the
SubscribeURL value in the incoming message:
const https = require('https'),
MessageValidator = require('sns-validator'),
validator = new MessageValidator();
validator.validate(message).then(message => {
if (message['Type'] === 'SubscriptionConfirmation') {
https.get(message['SubscribeURL'], function (res) {
// You have confirmed your endpoint subscription
});
}
}).catch(err => {
console.error(err);
});
If an incoming message includes multibyte characters and its encoding is utf8,
set the encoding to validator.
const MessageValidator = require('sns-validator'),
validator = new MessageValidator();
validator.encoding = 'utf8';
To receive a notification, use the same code as the preceding example, but
check for the Notification message type.
if (message['Type'] === 'Notification') {
// Do whatever you want with the message body and data.
console.log(`${message['MessageId']}: ${message['Message']}`);
}
The message body will be a string, and will hold whatever data was published to the SNS topic.
Unsubscribing looks the same as subscribing, except the message type will be
UnsubscribeConfirmation.
if (message['Type'] === 'UnsubscribeConfirmation') {
// Unsubscribed in error? You can resubscribe by visiting the endpoint
// provided as the message's SubscribeURL field.
https.get(message['SubscribeURL'], (res) => {
// You have re-subscribed your endpoint.
});
}
FAQs
A standalone validator for inbound SNS HTTP messages. No dependency on the AWS SDK for JavaScript.
The npm package @cooper667/sns-validator receives a total of 0 weekly downloads. As such, @cooper667/sns-validator popularity was classified as not popular.
We found that @cooper667/sns-validator demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
/Research
Malicious npm package impersonates Nodemailer and drains wallets by hijacking crypto transactions across multiple blockchains.
Security News
This episode explores the hard problem of reachability analysis, from static analysis limits to handling dynamic languages and massive dependency trees.
Security News
/Research
Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.