imago-request-tag

1.0.3 • Public • Published

Imago Request Tag

This is a very basic way to verify that requests are coming from an authorized source and an even more basic way to avoid replay attacks.

The sending side adds an HTTP header called X-Imago-Tag, which contains the current timestamp encrypted with a secret key.

The receiving side has the same pre-shared secret key, and it decrypts it and checks that the timestamp is valid and is not too much in the past.

On the sender side

 
const Tag = require('imago-request-tag');
 
const SHARED_SECRET_KEY = '2fa44f07d9f74d269b1dcfc8ba2a74e3';
 
// If using the request-promise-native package:
request({
    method: 'GET',
    uri: '/api/method',
    headers: {
        'X-Imago-Tag': Tag.create(SHARED_SECRET_KEY),
    },
});
 

On the receiver side

If the tag is incorrect, we will throw an exception:

 
const Tag = require('imago-request-tag');
 
const SHARED_SECRET_KEY = '2fa44f07d9f74d269b1dcfc8ba2a74e3';
 
app.get('/api/method', async (request, response) => {
    try {
        Tag.check(request, SHARED_SECRET_KEY);
 
        // the actual code here
    } catch (error) {
        response.status(200).send({ success: false });
    }
});

Readme

Keywords

none

Package Sidebar

Install

npm i imago-request-tag

Weekly Downloads

1

Version

1.0.3

License

Unlicense

Unpacked Size

5.29 kB

Total Files

4

Last publish

Collaborators

  • imago.ai