@bitkipi/sig-tools
    TypeScript icon, indicating that this package has built-in type declarations

    1.0.0 • Public • Published

    Sig tools

    A tiny library to create and verify signature hashes.

    Very useful to secure webhooks endpoints.

    Inspired by GitHub's Webhook implementation, the library lets you:

    • create a hash signature of each request payload (using a HMAC hex digest) to be sent via HTTP header
    • verify the validity of a signature

    Install

    $ npm install --save @bitkipi/sig-tools

    Usage

    import { createSignature, isSignatureValid } from '@bitkipi/sig-tools'
    
    const SECRET = 'MY SECRET KEY'
    
    // create signature and send it via http header
    
    const reqPayload = JSON.stringify({
      val: 123,
      val1: 123456
    })
    
    const signature = createSignature({
      algorithm: 'sha256',
      secret: SECRET,
      data: reqPayload
    })
    
    try {
      await axios.post('http://localhost:5000/my-webhook-endpoint', reqPayload, {
        headers: {
          'x-sig-256': signature,
          'content-type': 'application/json'
        }
      })
    } catch (err) {
      console.log(err.response.data)
    }
    
    // verify signature (Express example)
    
    const valid = isSignatureValid({
      algorithm: 'sha256',
      secret: SECRET,
      data: req.rawBody,
      signature: req.headers['x-sig-256']
    })

    Tests

    $ npm run test

    MIT License

    Install

    npm i @bitkipi/sig-tools

    DownloadsWeekly Downloads

    8

    Version

    1.0.0

    License

    MIT

    Unpacked Size

    5.51 kB

    Total Files

    10

    Last publish

    Collaborators

    • vesparny