UNPKG

api-signature

Version:

Express/Restify middleware to authenticate HTTP requests based on api key and signature

github.com/zeroant-inc/api-signature

zeroant-inc/api-signature

33 lines (28 loc) 979 B
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
/** * @author Michael Piper <hello@zeroant.co> * MIT Licensed */ const algorithmFactory = require('./algorithm'); /** * @module verify */ module.exports = { /** * @function * @public * @description Verify the signature * @param {Object} signatureParams The signature's parameters * @param {string|Buffer|TypedArray|DataView} secret The secret key * @return {Boolean} True if the signature is ok, false otherwise */ verifySignature(signatureParams, secret) { const hmac = algorithmFactory.create(signatureParams.algorithm, secret); hmac.update(signatureParams.signingString); /* Use double hmac to protect against timing attacks */ let h1 = algorithmFactory.create(signatureParams.algorithm, secret); h1 = h1.update(hmac.digest()).digest(); let h2 = algorithmFactory.create(signatureParams.algorithm, secret); h2 = h2.update(Buffer.from(signatureParams.signature, 'base64')).digest(); return h1.equals(h2); } };