Giter Site home page Giter Site logo

http-request-signer's Introduction

Http Requests Signer

https://github.com/abankowski/http-request-signer/workflows/tests/badge.svg?branch=master

Available implementations for http4s and akka-http are published as separate jars. Both are cross compiled for Scala 2.12 and 2.13.

Current implementation is a draft. Currently only signature with RSA is provided with ease of extensibility.

Usage

Provide implicit ContextShift[IO] in the scope. For akka-http get also a Materializer.

Prepare a keypair for asymmetric cipher and initialise Rsa implementation that includes both signer and verifier.

val kp: AsymmetricCipherKeyPair = _
val rsa = Rsa(kp)

Once you have a cryptography setup you can instantiate and use the request signer:

val signer = new Http4sRequestSigner(rsa)

For convenience let’s keep it like this though it’s not really usefull in many cases as you might usually need to have a different private key for signing your requests and different public key for verification of external requests.

On the client side, once you have your request you can inject a signature by calling sign method:

// http4s
signer.sign(request: Request[IO]): IO[Request[IO]]

// akka-http
signer.sign(request: HttpRequest): IO[HttpRequest]

Signature is injected as a header to the resulting request object and should be transferred to the server. It's a proof that url, payload, body and few selected headers have not been changed. It might not work well with proxy (further enhancements are required).

On the server side, grab decoded request:

// http4s
signer.verify(request: Request[IO]): IO[SignatureVerificationResult] 

// akka-http
signer.verify(request: HttpRequest): IO[SignatureVerificationResult]

SignatureVerificationResult is defined as below:

sealed trait SignatureVerificationResult
case object SignatureValid extends SignatureVerificationResult
case object SignatureMissing extends SignatureVerificationResult
case object SignatureMalformed extends SignatureVerificationResult
case object SignatureInvalid extends SignatureVerificationResult

This method looks for the signature header and verifies it against the request object headers, method, uri and payload.

This project is licensed under the terms of the Apache 2.0 license http://www.apache.org/licenses/LICENSE-2.0_

http-request-signer's People

Contributors

abankowski avatar marcinwadon avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.