0.1.2 • Published 6 years ago
node-api-security v0.1.2
node-api-security
This module provides an additional security layer over Node REST communications.
A client (website, app, etc.) signs each request using a generated signature, and adds the signature to the request headers. The backend verifies the signature using similar process, and allows or denies the request.
The signature is calculated based on following request parts:
- HTTP method name, i.e.
GET,POST, etc. - Request params: url query, body
- Request timestamp
- Nonce: random integer, generated on the client side. API ensures nonce is not re-used. All repeated requests to the API will always fail, due to a repeated nonce. This is to protect from DoS attacks. Note: nonce is not working at the moment..