lets-sign-url
Advanced tools
A tiny NodeJS library using for signing the url and validating with HMAC algorithm.
A tiny NodeJS library using for signing the url and validating with HMAC algorithm.
Install with npm
npm install lets-sign-url
Create signature object using for sign and validate url.
import SignUrl from "lets-sign-url"
// Pass your options here.
const options: SignatureOptions = {
key: "your secret key"
};
const signer = SignUrl(options);
Possible options: View here
Sign the given URL.
| Parameter | Type | Description |
|---|---|---|
| url | string | The url to sign |
| options (optional) | SignOptions | The sign options |
const signedUrl = signer.sign(`http://localhost:8080/example`);
You can using it with express as middleware.
| Parameter | Type | Description |
|---|---|---|
| signer | SignUrl | The signature object |
| options (optional) | VerifierOptions | The verifier options |
import signed from "lets-sign-url/middleware/signed.middleware"
/* Your other code
...
*/
app.get("/example", signed(signer), (req, res, next) => {
// Your code here
});
| Parameter | Type | Description |
|---|---|---|
| url | string | The signed url to verify |
| options (optional) | VerifyOptions | The verify options |
try {
const url = `http://localhost:8080/example?expires=1692277975099&ip=&method=GET&r=KJ2Wxrgp9LCdmZxMIkv9UQ&sig=790c6a7fcccfdd9bb80c32bd3cd64c7965bbe8ed3fa377eacc7c1dea2517f6ce`;
signer.verify(url);
} catch (e) {
// Your code here.
}
If signature is not valid, the verify method throws SignatureError.
You can handle these errors yourself, using express error handler
import {SignatureError} from "lets-sign-url"
app.use((err, req, res, next) => {
if (err instanceof SignatureError) {
// Your code here
}
})
Or you can pass error handlers in verify middleware
import signed from "lets-sign-url/middleware/signed.middleware"
const signedMiddleware = signed(signer, {
blackholed: SignatureErrorHandler,
expired: SignatureErrorHandler,
mismatch: SignatureErrorHandler
});
import express, {Request, Response, NextFunction} from "express"
import SignUrl from "lets-sign-url"
import signed from "lets-sign-url/middleware/signed.middleware"
const app = express();
const signer = SignUrl({
key: "abc",
});
const signatureErrorHandler = (err: any, req: Request, res: Response, next: NextFunction) => {
return res.json({
data: {
status: "error",
msg: err.message,
code: err.status
}
});
}
const signedMiddleware = signed(signer, {
blackholed: SignatureErrorHandler,
expired: SignatureErrorHandler,
mismatch: SignatureErrorHandler
});
app.get("/", (req, res) => {
try {
const signedUrl = signer.sign('http://localhost:8080/example', {
method: "get"
});
res.send(`<a href="${signedUrl}">Signed URL</a>`);
} catch (e) {
console.log(e);
}
});
app.get("/example", signedMiddleware, (req: any, res: any, next: any) => {
res.send(req.query);
});
app.listen(8080, () => {
console.log("Server is running: http://localhost:8080");
});
FAQs
A tiny NodeJS library using for signing the url and validating with HMAC algorithm.
The npm package lets-sign-url receives a total of 0 weekly downloads. As such, lets-sign-url popularity was classified as not popular.
We found that lets-sign-url demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket Firewall Enterprise is now available with flexible deployment, configurable policies, and expanded language support.
Security News
Open source dashboard CNAPulse tracks CVE Numbering Authorities’ publishing activity, highlighting trends and transparency across the CVE ecosystem.
Product
Detect malware, unsafe data flows, and license issues in GitHub Actions with Socket’s new workflow scanning support.