hmac-authentication

hmac-authentication npm

Signs and validates HTTP requests based on a shared-secret HMAC signature.

Installation

$ npm install hmac-authentication --save

Validating incoming requests

Assuming you're using Express, during initialization of your application, where config.headers is a list of headers factored into the signature and config.secretKey is the shared secret between your application and the service making the request:

var express = require('express');
var bodyParser = require('bodyParser');
var hmacAuthentication = require('hmac-authentication');

function doLaunch(config) {
  var middlewareOptions = {
    verify: hmacAuthentication.middlewareValidator(
      config.headers, config.secretKey)
  };
  var server = express();
  server.use(bodyParser.raw(middlewareOptions));

  // Continue server initialization...
}

If you're not using Express, you can use the function validateRequest(req, rawBody, headers, secretKey) directly, where rawBody has already been converted to a string.

Signing outgoing requests

Call requestSignature(request, rawBody, digestName, headers, secretKey) to sign a request before sending. rawBody and digestName must be strings.

Public domain

This project is in the worldwide public domain. As stated in CONTRIBUTING:

This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.

All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.