function hmac(key, data) { return crypto.HmacSHA256(data, key); }
function verifyRequest(req, res, next) { // Refer to https://developers.line.me/businessconnect/development-bot-server#signature_validation var channelSignature = req.get('X-LINE-ChannelSignature'); var sha256 = CryptoJS.HmacSHA256(JSON.stringify(req.body), config.channelSecret); var base64encoded = CryptoJS.enc.Base64.stringify(sha256); if (base64encoded === channelSignature) { next(); } else { res.status(470).end(); } }
function _validateToken(token) { const itemsToken = token.split('.'); const header = itemsToken[0]; const payload = itemsToken[1]; const signature = itemsToken[2]; const expectedSignature = crypto.HmacSHA256(header + '.' + payload, TOKEN_SECRET).toString(); if (signature === expectedSignature) { return token; } else { return ''; } }
function _generateToken(userId) { const header = JSON.stringify( { "alg": "HS256", "typ": "JWT" }); const payload = JSON.stringify( { "sub": userId }); const headerBase64 = Buffer.from(header).toString('base64').replace(/=/g, ''); const payloadBase64 = Buffer.from(payload).toString('base64').replace(/=/g, ''); const signature = crypto.HmacSHA256(headerBase64 + '.' + payloadBase64, TOKEN_SECRET); return headerBase64 + '.' + payloadBase64 + '.' + signature; }
handle(){ //Verify signature header exists var xHookSignatureHeader = this.request().get('X-Hook-Signature'); if (xHookSignatureHeader == null) return this.reply(403,{},"Unauthorized request"); //Verify webhook is listed internally mongodb.getConnection(); return AWMWebhook.findOne({resource_id: this.request().params.resourceId.toString()}).exec().then(function(webhook){ //Webhook was not found, deny request if (typeof webhook == "undefined" || webhook == null || webhook.length == 0) return this.reply(400, {},"Unknown webhook"); //Match encrypted request payload against header header, using secret from original webhook handshake var encryptedRequestBody = CryptoJS.HmacSHA256(JSON.stringify(this.request().body),webhook.secret).toString(); if (xHookSignatureHeader !== encryptedRequestBody) return this.reply(403,{},"Unauthorized request"); else { //At this point the request is fully validated and can be processed var eventsArray = this.request().body.events; AWMEvent.insertMany(eventsArray, function(error, docs) {}); this.socket.emit('events', this.request().body.events); return this.reply(200,{}); } }.bind(this)); }
/** * HMAC SHA256 of the policy / secret. * * @param {String} policy * @param {String} secret * @return {String} * @api private */ function signature(policy, secret) { if (!secret) throw new Error('secret required'); return crypto .HmacSHA256(policy, secret) .toString(crypto.enc.Hex); }
/** * Create signature key. * * @param {String} key * @param {String} date * @param {String} region * @param {String} service * @return {String} * @api private */ function getSignatureKey(key, date, region, service = 's3') { let _date = crypto.HmacSHA256(date, "AWS4" + key); let _region = crypto.HmacSHA256(region, _date); let _service = crypto.HmacSHA256(service, _region); let _signing = crypto.HmacSHA256("aws4_request", _service); return _signing; }
function hmac(key, data) { return crypto.HmacSHA256(data, key); }
function hmac(key, data) { return crypto.HmacSHA256(data, key); }
function hmac(key, data) { return crypto.HmacSHA256(data, key); }