koa-instance-digest

koa-instance-digest

A middleware to handle verification of HTTP digest headers as described in RFC-3230 "Instance Digests in HTTP".

Note that, as per the RFC, this module provides:

• Digest coverage for entire instances communicated via HTTP.
• Support for multiple digest algorithms.
• Negotiation of the use of digests.

However, it does NOT provide:

• header integrity
• authentication
• privacy
• authorization

Status

Installation

Install the package via yarn:

❯ yarn add koa-instance-digest

or via npm:

❯ npm install koa-instance-digest --save

Available algorithms

The following algorithms are available: md5, sha, sha-256, sha-512.

Configuration

The middleware can be configured with the following parameters:

• algorithms: List of supported algorithms (all by default).
• required: Whether to set a digest header as mandatory (false by default).

You can change the defaults by doing:

middleware({
  algorithms: ['sha-256'],
  required: true
});

Usage

const { middleware } = require('koa-instance-digest');
const Koa = require('koa');

const app = new Koa();

app.post('/', middleware(), async ctx => {
  // Your code here ...
});

app.listen(3000);

Request

The Digest header can be provided as follows:

'Digest: <algorithm>=<value>'

Response

If the header is missing the following header will be added to the response:

'Want-Digest: <list-of-accepted-algorithms>'

Tests

❯ yarn test

Release

❯ npm version [<new version> | major | minor | patch] -m "Release %s"