No description or website provided.
JavaScript
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
test
.travis.yml
LICENSE
README.md
index.js
package.json
ttl.js

README.md

signed-http

Use joyent's http signature scheme for http auth.

travis

see http-signature and http-signature spec

Provides a http middleware and a few small helpers. signed-http will sign the hash of the body by default, for maximum security.

signed-http also, checks for replayed and out of date requests, (note: replay is possible after server restarts, if replayed request is recent)

I strongly recommend that all http routes are idempotent.

Example

create a server

var http = require('http')
var sr = require('signed-http')

//get a key pair
//this will block the process for a few seconds.
var pair = sr.loadOrGenerateSync ('/tmp/testkeys', {silent: false})

http.createServer(sr(
  function (req, res) {
    //this only gets called if the request was successfully signed.
    //it is still your job to decide whether that user may access that resource!
    res.end('ok')
  },
  {
    getPublicKey: function (id, cb) {
      //must provide a function to retrive a public key!
      cb(null, pair.public)
    },
    //demand that the date on the request is within
    //5 minutes of current time (joyent's recommendation, the default)
    maxSkew: 300*1000
  }
)).listen(8080)

Then, post a request to it. signed-http will set sensible defaults on the request for maximum security.

var pair = sr.loadOrGenerateSync ('/tmp/testkeys', {silent: false})

rs.request(pair,{
  url: 'http://localhost:8080/',
  body: new Buffer('hello there!')
}, function (err, res, body) {
  //received response...
  console.log(req.statusCode, body)
})

License

MIT