How to use the hawk.crypto function in hawk

To help you get started, we’ve selected a few hawk examples, based on popular ways it is used in public projects.

github taskcluster / taskcluster / libraries / api / src / middleware / auth.js View on Github external
port = req.headers['x-forwarded-proto'] === 'https' ? 443 : port;
    }

    // Send input to signatureValidator (auth server or local validator)
    let result = await Promise.resolve(signatureValidator({
      method: req.method.toLowerCase(),
      resource: req.originalUrl,
      host: host.name,
      port: parseInt(port, 10),
      authorization: req.headers.authorization,
      sourceIp: req.ip,
    }));

    // Validate request hash if one is provided
    if (typeof result.hash === 'string' && result.scheme === 'hawk') {
      const hash = hawk.crypto.calculatePayloadHash(
        Buffer.from(req.text, 'utf-8'),
        'sha256',
        req.headers['content-type']
      );
      if (!crypto.timingSafeEqual(Buffer.from(result.hash), Buffer.from(hash))) {
        // create a fake auth-failed result with the failed hash
        result = {
          status: 'auth-failed',
          message:
            'Invalid payload hash: {{hash}}\n' +
            'Computed payload hash: {{computedHash}}\n' +
            'This happens when your request carries a signed hash of the ' +
            'payload and the hash doesn\'t match the hash we\'ve computed ' +
            'on the server-side.',
          computedHash: hash,
        };
github hapijs / hapi / lib / auth / hawk.js View on Github external
internals.Scheme.prototype.responseHeader = function (request, response, callback) {

    callback = Utils.nextTick(callback);

    var payloadHash = Hawk.crypto.initializePayloadHash(request.auth.credentials.algorithm, response.headers['content-type']);

    response._header('trailer', 'server-authorization');
    response._header('transfer-encoding', 'chunked');

    response.on('peek', function (chunk) {

        payloadHash.update(chunk);
    });

    response.once('finish', function () {

        var header = Hawk.server.header(request.auth.credentials, request.auth.artifacts, { hash: Hawk.crypto.finalizePayloadHash(payloadHash) });
        if (header) {
            request.raw.res.addTrailers({ 'server-authorization': header });
        }
    });
github hapijs / hapi / lib / auth / hawk.js View on Github external
response.once('finish', function () {

        var header = Hawk.server.header(request.auth.credentials, request.auth.artifacts, { hash: Hawk.crypto.finalizePayloadHash(payloadHash) });
        if (header) {
            request.raw.res.addTrailers({ 'server-authorization': header });
        }
    });

hawk

HTTP Hawk Authentication Scheme

BSD-3-Clause
Latest version published 5 months ago

Package Health Score

87 / 100
Full package analysis

Similar packages