This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
var secret = SHIPFAST_HMAC_SECRET | |
var hmac | |
... | |
... | |
var obfuscatedSecretData = Buffer.from(secret, 'base64') | |
var shipFastAPIKeyData = new Buffer("QXBwcm9vdidzIHRvdGFsbHkgYXdlc29tZSEh") | |
for (var i = 0; i < Math.min(obfuscatedSecretData.length, shipFastAPIKeyData.length); i++) { | |
obfuscatedSecretData[i] ^= shipFastAPIKeyData[i] | |
} | |
var obfuscatedSecret = new Buffer(obfuscatedSecretData).toString('base64') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** The current demo stage */ | |
val currentDemoStage = DemoStage.HMAC_DYNAMIC_SECRET_PROTECTION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// The current demo stage | |
config.currentDemoStage = DEMO_STAGE.HMAC_DYNAMIC_SECRET_PROTECTION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Create middleware for checking the JWT | |
const checkJwt = jwt({ | |
// Dynamically provide a signing key based on the kid in the header and the singing keys provided by the JWKS endpoint | |
secret: jwksRsa.expressJwtSecret({ | |
cache: true, | |
rateLimit: true, | |
jwksRequestsPerMinute: 5, | |
jwksUri: "https://" + config.auth0Domain + "/.well-known/jwks.json" | |
}), |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
for (var lat = latStart; lat <= latEnd; lat += locStep) { | |
for (var lon = lonStart; lon <= lonEnd; lon += locStep) { | |
fetchNearestShipment(lat, lon) | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/** The current demo stage */ | |
val currentDemoStage = DemoStage.HMAC_STATIC_SECRET_PROTECTION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// The current demo stage | |
config.currentDemoStage = DEMO_STAGE.HMAC_STATIC_SECRET_PROTECTION |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// The ShipFast HMAC secret used to sign API requests | |
const SHIPFAST_HMAC_SECRET = '4ymoofRe0l87QbGoR0YH+/tqBN933nKAGxzvh5z2aXr5XlsYzlwQ6pVArGweqb7cN56khD/FvY0b6rWc4PFOPw==' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Retrieve the ShipFast HMAC used to sign the API request from the request header | |
var requestShipFastHMAC = req.get('SF-HMAC') |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
// Just use the static secret during HMAC verification for this demo stage | |
hmac = crypto.createHmac('sha256', Buffer.from(secret, 'base64')) | |
... | |
... | |
// Compute the request HMAC using the HMAC SHA-256 algorithm | |
hmac.update(req.protocol) | |
hmac.update(req.host) | |
hmac.update(req.originalUrl) | |
hmac.update(req.get('Authorization')) | |
var ourShipFastHMAC = hmac.digest('hex') |