Lets you easily sign data, using symmetric-key algorithm encryption. Allows you to validate signed data and identify possible validation errors. Uses sha/hmac for signature encryption. Comes with shortcut functions for signing (and validating) dictionaries.
Hosts, that communicate with each other, share the Secret Key, which is used to sign data (requests). Secret key is never sent around.
One of the cases is signing of HTTP requests. Each (HTTP) request is signed
on the sender side using the shared Secret Key and as an outcome produces the
triple (signature, auth_user, valid_until) which are used to sign
the requests.
signature(string): Signature generated.auth_user(string): User making the request. Can be anything.valid_until(floatorstring): Signature expiration time (Unix timestamp).
On the recipient side, (HTTP request) data is validated using the shared Secret Key. It's being checked whether signature is valid and not expired.
┌─────────────┐ Data ┌─────────────┐
│ Host 1 ├────────────────────────────>│ Host 2 │
│ ─────────── │ │ ─────────── │
│ secret key │ │ secret key │
│ 'my-secret' │<────────────────────────────┤ 'my-secret' │
└─────────────┘ Data └─────────────┘
- Sign URLs.
- Sign dictionaries.
- Validate signed dictionaries.
Need ska for other languages? Check the following affiliated projects:
- ska:
skaimplementation for Python. This was the first implementation from which current project originated. - skaphp:
skaimplementation for PHP (>= 7.2).
Generated signatures are intercompatible between Python, NodeJS and PHP implementations.
Latest stable version from NPM registry:
npm install skajsUsage example are present for both CommonJS and ESM.
node examples.jsnode examples.mjsSigning dictionaries and URLs is as simple as follows.
CommonJS
const { signatureToDict, signURL } = require("skajs");ESM
import { signatureToDict, signURL } from "skajs";Sample usage, sign a dictionary:
const signatureDict = signatureToDict("user", "your-secret_key");Sample output:
{
signature: 'sf40lBWO5CquFfHr6jSXxhl2oW0=',
auth_user: 'user',
valid_until: '1631827551.6',
extra: ''
}Adding of additional data to the signature works in the same way:
const signatureDict = signatureToDict(
"user",
"your-secret_key",
{
"email": "john.doe@mail.example.com",
"first_name": "John",
"last_name": "Doe",
}
);Sample output:
{
signature: 'B0sscS+xXWU+NR+9dBCoGFnDtlw=',
auth_user: 'user',
valid_until: '1631827551.6',
extra: 'email,first_name,last_name',
email: 'john.doe@mail.example.com',
first_name: 'John',
last_name: 'Doe',
}Sample usage, sign a URL:
const signedURL = signURL("user", "your-secret_key", "http://e.com/api/");Sample output:
'http://e.com/api/?valid_until=1378045287.0&auth_user=user&signature=YlZpLFsjUKBalL4x5trhkeEgqE8%3D'Options and defaults:
The signatureToDict function accepts an optional options argument.
Default value for the validUntil in the options is 10 minutes from now. If
you want it to be different, set validUntil in the options of
the signatureToDict function.
Default lifetime of a signature is 10 minutes (600 seconds). If you want it
to be different, set lifetime in the options of the signatureToDict
function.
Default name of the (GET) param holding the generated signature value
is signature. If you want it to be different,set the signatureParam
in the options of the signatureToDict function.
Default name of the (GET) param holding the authUser value is
auth_user. If you want it to be different, set authUserParam
in the options of the signatureToDict function.
Default name of the (GET) param holding the validUntil value is
valid_until. If you want it to be different, set the validUntilParam
in the options of the signatureToDict function.
Default name of the (GET) param holding the extra value is
extra. If you want it to be different, set the extraParam
in the options of the signatureToDict function.
Default hashing algorithm is SHA1. If you want it to be different, set the
signatureCls in the options of the signatureToDict function. Supported
classes are HMACSHA1Signature (alias of Signature), HMACSHA256Signature
and HMACSHA512Signature.
signedData = signatureToDict(
"user",
"your-secret_key",
{
email: "john.doe@mail.example.com",
first_name: "John",
last_name: "Doe",
},
{
authUserParam: "webshop_id",
}
);Sample output:
{
webshop_id: "user",
email: "john.doe@mail.example.com",
extra: "email,first_name,last_name",
first_name: "John",
last_name: "Doe",
signature: "nu0Un+05z/cNOFnLwQnigoW/KmA=",
valid_until: 1631799172.0
}Validating the signed request data is as simple as follows.
CommonJS
const { validateSignedRequestData } = require("skajs");ESM
import { validateSignedRequestData } from "skajs";Validating the signed request data. Note, that data value is expected to
be a dictionary; request.POST is given as an example.
validationResult = validateSignedRequestData(
request.POST, // Note, that ``request.POST`` is given as example.
"your-secret_key"
);In case of signed URLs, it could look as follows:
validationResult = validateSignedRequestData(
request.GET, // Note, that ``request.GET`` is given as example.
"your-secret_key"
);Options and defaults:
Similarly to signatureToDict function, the validateSignedRequestData
also accepts a number of optional arguments (which have been described above):
- signatureParam
- authUserParam
- validUntilParam
- extraParam
- signatureCls
With some customizations, it would look as follows:
validationResult = validateSignedRequestData(
request.GET,
"your-secret_key",
{
authUserParam: "webshop_id",
}
);Simply type:
npm testThe Prettier is used.
npx prettier --write .MIT
For any issues contact me at the e-mail given in the Author section.
Artur Barseghyan artur.barseghyan@gmail.com