Skip to content

Instantly share code, notes, and snippets.

@kschiu
Created November 1, 2019 22:19
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save kschiu/e12a3e6b7842ee676ca3f134a93b5953 to your computer and use it in GitHub Desktop.
Save kschiu/e12a3e6b7842ee676ca3f134a93b5953 to your computer and use it in GitHub Desktop.
Front Channel API Helpers
/**
* Validate that the request is from Front
*
* Concatenate the request body + timestamp, delimited with a colon.
* Take SHA256 HMAC and validate it's equal to the X-Front-Signature
* In the Request Header
*
* In production, we recommend loading Channel Type secret from a configuration file.
*
* @param {Request} req: Incoming request from Front.
* @param {string} channelTypeSecret: Secret Key of your Channel Type. Was given to you when your Channel Type was created.
* @returns {boolean} Boolean denoting whether or not request is from Front.
*/
function isRequestFromFront(req: Request, channelTypeSecret: string): boolean {
const timestamp = req.headers['x-front-request-timestamp'];
const rawBody = JSON.stringify(req.body);
const baseString = `${timestamp}:${rawBody}`;
const hmac = crypto.createHmac('sha256', channelTypeSecret)
.update(baseString)
.digest('base64');
return hmac === req.headers['x-front-signature'];
}
/**
* Creates a JSON web token
*
* jwt is your preferred JWT library found at https://jwt.io/
* In production, we recommend loading Channel Type ID and secret from a configuration file.
*
* @param {string} channelTypeId: ID of your Channel Type. Was given to you when your Channel Type was created.
* @param {string} channelTypeSecret: Secret Key of your Channel Type. Was given to you when your Channel Type was created.
* @param {number} channelId: Incoming request from Front.
* @returns {string} Signed JSON web token
*/
function buildToken(channelTypeId: string, channelTypeSecret: string, channelId: number) {
// Mark token to expire within 5 seconds for security (small usage window)
const exp = Math.floor(new Date().valueOf() / 1000) + 5;
// Can be any string, can be used by your system to identify tokens
const jsonWebTokenId = 'abc123';
const payload = {
iss: channelTypeId,
jti: jsonWebTokenId,
sub: channelId,
exp
};
return jwt.sign(payload, channelTypeSecret);
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment