UNPKG

sinch-request

Version:

Library for signing and verifying Sinch API http REST-requests for client (web/node) or backend.

92 lines (73 loc) 3.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
var assert = require('assert-plus'); var createHmac = require('create-hmac'); var createHash = require('create-hash'); var headerMap = require('./header-map'); //Return raw digest / signature for a request given a secret var calcDigest = function(request, secret) { var dataToAnalyze = request.data || request.body; if(dataToAnalyze) { var jsonData = (typeof dataToAnalyze !== 'string' ? JSON.stringify(dataToAnalyze) : dataToAnalyze); headerMap.setHeader('content-length', Buffer.byteLength(jsonData)); headerMap.setHeader('content-md5', createHash('md5').update(jsonData).digest('base64')); } var stringToSign = ''+ request.method+'\n'+ (headerMap.getHeader('content-md5') || '')+'\n'+ headerMap.getHeader('content-type')+'\n'+ 'x-timestamp:'+headerMap.getHeader('x-timestamp')+'\n'+ request.path; headerMap.removeHeader('content-md5'); //Calculate signature var hmac = createHmac('SHA256', new Buffer(secret, 'base64')); hmac.update(stringToSign); var signature = hmac.digest('base64'); return signature; } //Signed request (app secret OR instance secret) (INTERNAL) var sign = function(type, options, credentials) { options.path = options.path || (options.url && options.url.match(/^https?:\/\/[^\/]+([^#]*)/)[1]) || (options.uri && options.uri.match(/^https?:\/\/[^\/]+([^#]*)/)[1]) assert.string(type, 'type'); assert.object(options, 'options'); assert.object(credentials, 'credentials'); assert.string(options.method, 'options.method must be any of POST/PUT/GET/DELETE/PATCH'); assert.string(options.path, 'options.path'); assert.string(credentials.key, 'credentials.key'); assert.string(credentials.secret, 'credentials.secret'); if(typeof options.headers === 'undefined') { options.headers = {}; } headerMap.headers = options.headers; if (!headerMap.getHeader('x-timestamp')) headerMap.setHeader('x-timestamp', (new Date()).toISOString()); if (!headerMap.getHeader('content-type')) headerMap.setHeader('content-type', 'application/json; charset=UTF-8'); var signature = calcDigest(options, credentials.secret); //Set the signature headerMap.setHeader('authorization', type + credentials.key+':'+signature); } applicationSignedRequest = function(options, credentials) { return sign('application ', options, credentials); } instanceSignedRequest = function(options, credentials) { return sign('instance ', options, credentials); } //Will verify either Instance or Application signed request verifySignature = function(request, credentials) { var verifyReq = { method: request.method, path: request.path || request.url, headers: { 'x-timestamp': request.headers['x-timestamp'], 'content-type': request.headers['content-type'], }, data: request.data || request.body, } applicationSignedRequest(verifyReq, credentials); return request.headers.authorization === verifyReq.headers.authorization; } module.exports = { applicationSignedRequest: applicationSignedRequest, instanceSignedRequest: instanceSignedRequest, signedRequest: sign, verifySignature: verifySignature, }