@yourrentals/util-signature
v0.7.2
Published
A library that defines the base classes for signing and verifying webhook signatures.
Downloads
265
Keywords
Readme
@yourrentals/util-signature
A library that defines the base classes for signing and verifying webhook signatures.
The webhook signature is expected in this format:
t=${unixTimestampInMilliseconds}|v=1,alg=${hmac|rsa},sig=${signature}
Installation
yarn add @yourrentals/util-signature
Usage
import {WebhookSignatureVerifier, WebhookSignatureV1HmacPlugin} from '@yourrentals/util-signature';
const verifier = new WebhookSignatureVerifier([new WebhookSignatureV1HmacPlugin('secret')], 'x-signature');
const isValid = verifier.verifySignatureHeader(headers, rawBody)
Included algorithms
Included in this package are the following algorithms:
WebhookSignatureV1HmacPlugin
: Sign and Verify using RSA public/private key pair, using theRS256
algorithm.WebhookSignatureV1RsaVerifierPlugin
andWebhookSignatureV1RsaSignerPlugin
: Sign and Verify using a shared secret, using theHS256
algorithm.
Version 1 Signature
Version 1 signature payload is constructed as: ${unixTimestampInMilliseconds}.${rawBody}