1.7.0 • Published 7 years ago
hmac-rest v1.7.0
#hmac-rest http://github.com/adityamedhe/hmac-rest
Purpose
Compatible with ExpressJS.
This package allows you to build REST endpoints using HMAC authentication, using a traditional username password user store.
Required HTTP Headers
hmacdate
: should be a date string in ISO formatauthentication
: should be a string of the format: hmac (space) (username) : (sha256 HMAC hash). For example: "hmac adimedhe:9283ur9283ur01983ur018u".
How to compute hash?
Compute a SHA256 HMAC Hash using any popular crypto library (Google CryptoJS recommended).
- The string input for the hash should be:
HTTP Method + Request URL (after host) +
hmacdate
header value. - The hash secret should be the user password, as stored in user store.
API
###Creating object:
var HmacRest = require('hmac-rest');
###Using as an ExpressJS middleware:
app.use(new HmacRest (verify_function, error_json))
verify_function
is a function supplied by user which receives two parameters:(username, done)
.username
is the ID of the user whose authentication is to be done.done
is a function callback with the parameters(err, secret)
which has to be invoked by(verify_function)
, passing in the secret of the user, as retrieved from user store.
error_json
is the JSON object to be sent as response, along with a HTTP 401 / 400 Header, when authentication fails / authentication information is missing.