-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.js
More file actions
51 lines (39 loc) · 1.59 KB
/
Copy pathauth.js
File metadata and controls
51 lines (39 loc) · 1.59 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
const { createHmac } = require('crypto');
const PUBLIC_CREDENTIAL = 'public',
PRIVATE_CREDENTIAL = process.env.PRIVATE_CREDENTIAL || 'dummy';
module.exports = function(req, res, next) {
const requestSignature = req.headers['x-request-signature'];
if (!requestSignature) {
res.status(401).json({ error: "X-Request-Signature missing" });
return;
}
// Split the signature into its parts...
const [credentialId, timestamp, signature] = requestSignature.split(' ');
// Check the public credential matches...
if (credentialId !== PUBLIC_CREDENTIAL) {
res.status(401).json({ error: 'Invalid Credentials'});
return;
}
// Check the timestamp is recent...
const now = Date.now();
const requestTimestamp = parseInt(timestamp, 10) * 1000; // Convert timestamp to milliseconds...
// Check that the timestamp is within 5 minutes of now
if (Math.abs(now - requestTimestamp) > 300_000) {
res.status(401).json({ error: 'Invalid timestamp' });
return;
}
// Check the signature...
const hmac = createHmac('sha256', PRIVATE_CREDENTIAL);
hmac.write(timestamp);
if (req.method === 'POST') {
hmac.write(req.body.slice(0, 1024));
}
const correctSignature = hmac.digest().toString('hex');
const [_, givenSiganture] = signature.split(':');
if (givenSiganture !== correctSignature) {
res.status(401).json({error: 'Invalid signature'});
return;
}
// Authentication passed, move onto the next handler...
return next();
}