How to use the @hapi/iron.hmacWithPassword function in @hapi/iron

To help you get started, we’ve selected a few @hapi/iron examples, based on popular ways it is used in public projects.

Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.

github hapijs / statehood / lib / index.js View on Github external
if (!sig) {
        throw Boom.badRequest('Missing signature');
    }

    const sigParts = sig.split('*');
    if (sigParts.length !== 2) {
        throw Boom.badRequest('Invalid signature format');
    }

    const hmacSalt = sigParts[0];
    const hmac = sigParts[1];

    const macOptions = Hoek.clone(definition.sign.integrity || Iron.defaults.integrity);
    macOptions.salt = hmacSalt;
    const mac = await Iron.hmacWithPassword(definition.sign.password, macOptions, [internals.macPrefix, name, unsigned].join('\n'));
    if (!Cryptiles.fixedTimeComparison(mac.digest, hmac)) {
        throw Boom.badRequest('Invalid hmac value');
    }

    return unsigned;
};
github hapijs / statehood / lib / index.js View on Github external
internals.sign = async function (name, value, options) {

    if (value === undefined ||
        !options) {

        return value;
    }

    const mac = await Iron.hmacWithPassword(options.password, options.integrity || Iron.defaults.integrity, [internals.macPrefix, name, value].join('\n'));
    const signed = value + '.' + mac.salt + '*' + mac.digest;
    return signed;
};

@hapi/iron

Encapsulated tokens (encrypted and mac'ed objects)

BSD-3-Clause
Latest version published 2 years ago

Package Health Score

77 / 100
Full package analysis