Crate iron_hmac [−] [src]
Iron middleware for HMAC authentication
This package contains BeforeMiddleware
for authenticating HTTP requests and AfterMiddleware
for signing response. The HMAC stragegy is presently hardcoded as follows using an SHA-256 hash.
For requests, the expected hmac is
hmac(hmac(request.method) + hmac(request.path) + hmac(request.body))
The response is signed with an hmac generated with
hmac(response.body)
Middleware can be obtained with the following calls
use iron_hmac::Hmac256Authentication; let secret = "<your shared hmac secret here>"; let header_name = "x-my-hmac"; let (hmac_before, hmac_after) = Hmac256Authentication::middleware(secret, header_name);
The middleware is linked in the usual way.
Building
If you wish to use the openssl backed implementation, set default-features = false
in addition
to adding features = ["hmac-openssl"]
.
Structs
Hmac256Authentication |
Iron middleware for validation hmac headers on requests and signing responses. |
SecretKey |
Key used for HMAC computation |