express-hash v1.0.1

express-hash

Tiny tool to check the authenticity of request in client server communication that can be used as a middleware in server side and simple function at client side

How to Use

Tool contains two parts

Client

Generate the hash at client side by leveraging the 'sign' option.

Server

 Verify the authenticity of the request by making use of the server side 'verify' option

Please note the server will expect the generated hash in the request header by the key 'signature'

defaults.json

You can provide the necessary details in a json format as below. In the absence of those details defaults values will be assumed

Sample json

 {
    "hashKey":"cf4252f9bc4753c7f798c0a9973b6e70",
    "limit": 60,
    "algorithm":"md5",
    "data":{
        "query":{},
        "body":{}
    },
    "method":"GET"
}

Sample hash generation

const exphash= require('express-hash');
const defaults= require('./defaults.json');

const msg= exphash.sign(defaults);
console.log('Generated hash ',msg);

Result
Generated hash  B516D37C0F1C4C74C48BF44056381DD8A3956C3764A5D3692772076CEE5800C097FFD1991DBE606E999F7BEFEE0BF42EC292D7A595F5CDFDF30F2704CBE9BC0F

Actions at server side

The verify function is a middleware and you can pass the configurations in the same structure as used in client side(Please use the same hashKey at both sides)

It will verify the authenticity of the request.

You can check the authenticity with the request time as well(can be configuired under limit section. Defaults to 60 seconds)

If the request looks fine it will pass to next section