signed-req

Sign and Encodes/Decodes HTTP requests.

npm install signed-req
4 downloads in the last week
16 downloads in the last month

Sign and encodes or decodes HTTP requests for Node.js

Its a general purpose sign request manager. Encodes and decodes communications using a private key (a secret) between peers.

Instalation npm intall signed-req

Usage:

Encoding

Encodes outgoing data with SignedRequest.encodeAndSign():

var SignedRequest = require('signed-req');
var request = require('request');

var dataToSend = {
    user: {
        name: "foo",
        email: "foo@example.com"
    }
};

var encoded = SignedRequest.encodeAndSign(dataToSend, "mysecret");

request.post("http://api.example.com/user", {form: {encodedData: encoded}}, function (err, res) {
    if (err) throw err;

    if (res.body.status) {
        console.log("User has been created :)");
    } else {
        console.error("User has not been created :(");
    }

});

Decoding

And in the other side we can decode that incomming data with SignedRequest.decodeAndParse():

var SignedRequest = require('signed-req');

app.post('/user', function (req, res) {
    //Assuming encodedData is an existing post param:
    var decoded = SignedRequest.decodeAndParse(req.body.encodedData, "mysecret");

    if (decoded) {
        createUser(decoded.user.name, decoded.user.email);//for example.
        res.send("I trust in you. I can validate the incoming data and its integrity is assured");
    } else {
        res.send(403, "You have no access. Your request is not valid");
    }

});

An alternative decoding request can be made through SignedRequest.signedDecodeAndParse() middleware.

var SignedRequest = require('signed-req');

app.post('/user', SignedRequest.signedDecodeAndParse("request", "mysecret"), function (req, res) {

    //for example.
    createUser(
        body.decodedSignedRequest.user.name,
        body.decodedSignedRequest.user.email
    );
});

Where "request" is the name of param we expect contains signed request.
If middleware cant decode info inside the param, will have no access to app.post('/user')

npm loves you