Skip to content

pocketbitcoin/sig-tools

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

src

src

 
 

.editorconfig

.editorconfig

 
 

.gitignore

.gitignore

 
 

.prettierrc

.prettierrc

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

package-lock.json

package-lock.json

 
 

package.json

package.json

 
 

tsconfig.json

tsconfig.json

 
 

Repository files navigation

Sig tools

A tiny library to create and verify signature hashes.

Very useful to secure webhooks endpoints.

Inspired by GitHub's Webhook implementation, the library lets you:

  • create a hash signature of each request payload (using a HMAC hex digest) to be sent via HTTP header
  • verify the validity of a signature

Install

$ npm install --save @pocketbitcoin/sig-tools

Usage

import { createSignature, isSignatureValid } from '@pocketbitcoin/sig-tools'

const SECRET = 'MY SECRET KEY'

// create signature and send it via http header

const reqPayload = JSON.stringify({
  val: 123,
  val1: 123456
})

const signature = createSignature({
  algorithm: 'sha256',
  secret: SECRET,
  data: reqPayload
})

try {
  await axios.post('http://localhost:5000/my-webhook-endpoint', reqPayload, {
    headers: {
      'x-sig-256': signature,
      'content-type': 'application/json'
    }
  })
} catch (err) {
  console.log(err.response.data)
}

// verify signature (Express example)

const valid = isSignatureValid({
  algorithm: 'sha256',
  secret: SECRET,
  data: req.rawBody,
  signature: req.headers['x-sig-256']
})

Tests

$ npm run test

MIT License

About

A tiny library to create and verify signature hashes.

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

2 tags

Languages