Package Exports
- express-hash
- express-hash/index.js
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (express-hash) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
express-hash
Tiny tool to check the authenticity of request in client server communication that can be used as a middleware in server side and simple function at client side
How to Use
Tool contains two parts
Client
Generate the hash at client side by leveraging the 'sign' option.Server
Verify the authenticity of the request by making use of the server side 'verify' optionPlease note the server will expect the generated hash in the request header by the key 'signature'
defaults.json
You can provide the necessary details in a json format as below. In the absence of those details defaults values will be assumed
Sample json
{
"hashKey":"cf4252f9bc4753c7f798c0a9973b6e70",
"limit": 60,
"algorithm":"md5",
"data":{
"query":{},
"body":{}
},
"method":"GET"
}Sample hash generation
const exphash= require('express-hash');
const defaults= require('./defaults.json');
const msg= exphash.sign(defaults);
console.log('Generated hash ',msg);
Result
Generated hash B516D37C0F1C4C74C48BF44056381DD8A3956C3764A5D3692772076CEE5800C097FFD1991DBE606E999F7BEFEE0BF42EC292D7A595F5CDFDF30F2704CBE9BC0FActions at server side
The verify function is a middleware and you can pass the configurations in the same structure as used in client side(Please use the same hashKey at both sides)
It will verify the authenticity of the request.
You can check the authenticity with the request time as well(can be configuired under limit section. Defaults to 60 seconds)
If the request looks fine it will pass to next section