Imago Request Tag

This is a very basic way to verify that requests are coming from an authorized source and an even more basic way to avoid replay attacks.

The sending side adds an HTTP header called X-Imago-Tag, which contains the current timestamp encrypted with a secret key.

The receiving side has the same pre-shared secret key, and it decrypts it and checks that the timestamp is valid and is not too much in the past.

On the sender side

 
const Tag = require('imago-request-tag');
 
const SHARED_SECRET_KEY = '2fa44f07d9f74d269b1dcfc8ba2a74e3';
 
// If using the request-promise-native package:
request({
    method: 'GET',
    uri: '/api/method',
    headers: {
        'X-Imago-Tag': Tag.create(SHARED_SECRET_KEY),
    },
});

On the receiver side

If the tag is incorrect, we will throw an exception:

 
const Tag = require('imago-request-tag');
 
const SHARED_SECRET_KEY = '2fa44f07d9f74d269b1dcfc8ba2a74e3';
 
app.get('/api/method', async (request, response) => {
    try {
        Tag.check(request, SHARED_SECRET_KEY);
 
        // the actual code here
    } catch (error) {
        response.status(200).send({ success: false });
    }
});

imago-request-tag

Imago Request Tag

On the sender side

On the receiver side

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

Weekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

imago-request-tag

Imago Request Tag

On the sender side

On the receiver side

Readme

Keywords

Package Sidebar

Install

Repository

Homepage

DownloadsWeekly Downloads

Version

License

Unpacked Size

Total Files

Last publish

Collaborators

Weekly Downloads