hmac-scheme-plain
Advanced tools
Plain scheme plugin for axios-adapter-hmac. Follows the "plain" scheme spec from cmawhorter/hmmac.
This scheme requires two values in the schemeConfig object:
{
publicKey: "<publicKey>",
privateKey: "<privateKey>",
}
See the readme for axios-adapter-hmac for adapter-specific usage instructions.
This module is not inherently coupled to the axios adapter — its purpose is simply to transform a request-ish object.
To use this module outside of the axios request adapter, simply require it and pass options to the sign function:
const hmacSchemePlain = require("hmac-scheme-plain");
function hash(data) {
// generate a hash digest
}
function hmac(data) {
// generate an hmac digest
}
const signedHeaders = ["content-type", "date", "host"];
const schemeConfig = {
publicKey: "publicKey",
privateKey: "privateKey",
};
const request = {
method: "get",
url: "https://google.com",
headers: {
"content-type": "application/json",
date: "2017-10-11T20:00:00.000Z",
host: "google.com",
},
data: {
key: "value",
}
// ...other request keys
}
hmacSchemePlain.sign({ request, signedHeaders, schemeConfig, hash, hmac });
console.log(request)
/* {
method: "get",
url: "https://google.com",
headers: {
"content-type": "application/json",
date: "2017-10-11T20:00:00.000Z",
host: "google.com",
// new headers
"x-auth-signedheaders": "content-type;date;host",
authorization: "HMAC <publicKey>:<hash>",
},
data: {
key: "value",
}
...other request keys
} */
The request object is required to have the following properties:
method: string,
url: string,
headers: {
[string]: string
},
data?: {
[string]: string
},
The hash and hmac functions must generate digests as strings. An example using the crypto module:
const crypto = require("crypto");
function hash(data) {
return crypto
.generateHash("sha256")
.update(data)
.digest("hex");
}
signedHeaders must be an array, though it can be empty.
FAQs
Sign a request with an HMAC signature
The npm package hmac-scheme-plain receives a total of 0 weekly downloads. As such, hmac-scheme-plain popularity was classified as not popular.
We found that hmac-scheme-plain demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Four npm packages disguised as cryptographic tools steal developer credentials and send them to attacker-controlled Telegram infrastructure.
Security News
Ruby maintainers from Bundler and rbenv teams are building rv to bring Python uv's speed and unified tooling approach to Ruby development.
Security News
Following last week’s supply chain attack, Nx published findings on the GitHub Actions exploit and moved npm publishing to Trusted Publishers.