Big update!Introducing GitHub Bot Commands. Learn more
Socket
Log inBook a demo

http-signature

Package Overview
Dependencies
3
Maintainers
12
Versions
27
Issues
File Explorer

Advanced tools

http-signature

Reference implementation of Joyent's HTTP Signature scheme.

    1.3.6latest

Version published
Maintainers
12
Weekly downloads
21,004,649
decreased by-12.03%

Weekly downloads

Changelog

Source

1.3.6

  • Update jsprim due to vulnerability in json-schema (#123)

Readme

Source

node-http-signature

node-http-signature is a node.js library that has client and server components for Joyent's HTTP Signature Scheme.

Usage

Note the example below signs a request with the same key/cert used to start an HTTP server. This is almost certainly not what you actually want, but is just used to illustrate the API calls; you will need to provide your own key management in addition to this library.

Client

var fs = require('fs'); var https = require('https'); var httpSignature = require('http-signature'); var key = fs.readFileSync('./key.pem', 'ascii'); var options = { host: 'localhost', port: 8443, path: '/', method: 'GET', headers: {} }; // Adds a 'Date' header in, signs it, and adds the // 'Authorization' header in. var req = https.request(options, function(res) { console.log(res.statusCode); }); httpSignature.sign(req, { key: key, keyId: './cert.pem', keyPassphrase: 'secret' // (optional) }); req.end();

Server

var fs = require('fs'); var https = require('https'); var httpSignature = require('http-signature'); var options = { key: fs.readFileSync('./key.pem'), cert: fs.readFileSync('./cert.pem') }; https.createServer(options, function (req, res) { var rc = 200; var parsed = httpSignature.parseRequest(req); var pub = fs.readFileSync(parsed.keyId, 'ascii'); if (!httpSignature.verifySignature(parsed, pub)) rc = 401; res.writeHead(rc); res.end(); }).listen(8443);

Installation

npm install http-signature

License

MIT.

Bugs

See https://github.com/joyent/node-http-signature/issues.

Keywords

FAQs

What is http-signature?

Reference implementation of Joyent's HTTP Signature scheme.

Is http-signature popular?

The npm package http-signature receives a total of 16,941,790 weekly downloads. As such, http-signature popularity was classified as popular.

Is http-signature well maintained?

We found that http-signature demonstrated a not healthy version release cadence and project activity because the last version was released a year ago.It has 12 open source maintainers collaborating on the project.

Last updated on 17 Nov 2021

Did you know?

Socket installs a Github app to automatically flag issues on every pull request and report the health of your dependencies. Find out what is inside your node modules and prevent malicious activity before you update the dependencies.

Install Socket
Socket

Product

Subscribe to our newsletter

Get open source security insights delivered straight into your inbox. Be the first to learn about new features and product updates.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc