paranoik

Check integrity of each request using a custom HTTP header checksum (X-Checksum).

The hash is formed by [request url, request method, request data, request user-agent, secret key] in a MD5 hash function.

Installation

npm install paranoik

Backend Usage

const express = require('express');
const paranoik = require('paranoik');

const app = express();

app.use(paranoik('YOUR_SECRET'));

Express Configuration

const options = {
    secret: YOUR_SECRET,
    whitelist: [
        '/login',
        '/recovery'
    ]
};

app.use(paranoik(options));

Frontend usage

import paranoik from 'paranoik';

axios.interceptors.request.use( async (config) => {
    config.headers.XChecksum = await paranoik.checksum('YOUR_SECRET');
    return config;
  }, function (error) {
    return Promise.reject(error);
  });

License

MIT