ring-webhook.core
hmac-fnclj
(hmac-fn algo secret)jws-producerclj
(jws-producer ->json-bytes algo secret)Given a fn able to convert clj-data to JSON bytes,
an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array
or String whose length should be at least 256,384,512 / 8),
returns a fn taking arbitrary <claims> (a map), converting them
to proper JWT format, signing them, and returning the JWS data +
the full :token in the metadata.
Given a fn able to convert clj-data to JSON bytes, an HMAC algorithm (:hs256,384,512), and a <secret> (a byte-array or String whose length should be at least 256,384,512 / 8), returns a fn taking arbitrary <claims> (a map), converting them to proper JWT format, signing them, and returning the JWS data + the full `:token` in the metadata.
jws-readerclj
(jws-reader <-json-bytes)Given a fn able to convert JSON bytes to clj-data, returns
a function which 'reads' a JWS token (String) as a clj-map.
The full :token is preserved in the metadata, alongside a
:verify predicate, able to check the signature (given a secret).
Given a fn able to convert JSON bytes to clj-data, returns a function which 'reads' a JWS token (String) as a clj-map. The full `:token` is preserved in the metadata, alongside a `:verify` predicate, able to check the signature (given a secret).
wrap-raw-bodyclj
(wrap-raw-body uri-pred)Given a uri (per ring :uri key) predicate (e.g. a set),
returns middleware which conditionally enhances the request
with a new key (:body-raw). Useful for webhook endpoints that
need to sign/verify the payload in order to verify its authenticity.
Must be called fairly early in the middleware chain (if not first).
Given a uri (per ring `:uri` key) predicate (e.g. a set), returns middleware which conditionally enhances the request with a new key (:body-raw). Useful for webhook endpoints that need to sign/verify the payload in order to verify its authenticity. Must be called fairly early in the middleware chain (if not first).
wrap-with-signature-verificationclj
(wrap-with-signature-verification
{:keys [mac-algo hex-format sig-key secret sig-fn eq-fn]
:or
{sig-fn identity eq-fn = mac-algo "HmacSHA256" hex-format (HexFormat/of)}})Given at least a :secret (bytes/String) & sig-key (header to look for the provided signature),
returns middleware that will perform payload signature verification before calling the handler.
Must be called after wrap-raw-body, in order to get access to the :body-raw key.
Options may include:
- :mac-algo - the Mac algorithm to use (defaults to 'HmacSHA256')
- :secret - a string or byte-array/sequence to use as the SecretKeySpec when signing (mandatory)
- :sig-key - the request header name where the provided signature will be located (mandatory)
- :sig-fn - a 1-arg fn transforming the provided signature (defaults to
identity) - :eq-fn - a 2-arg fn to compare the provided VS calculated signatures (defaults to
=) - :hex-format - a
HexFormatinstance (defaults to(HexFormat/of))
Given at least a `:secret` (bytes/String) & `sig-key` (header to look for the provided signature), returns middleware that will perform payload signature verification before calling the handler. Must be called after `wrap-raw-body`, in order to get access to the `:body-raw` key. Options may include: - :mac-algo - the Mac algorithm to use (defaults to 'HmacSHA256') - :secret - a string or byte-array/sequence to use as the SecretKeySpec when signing (mandatory) - :sig-key - the request header name where the provided signature will be located (mandatory) - :sig-fn - a 1-arg fn transforming the provided signature (defaults to `identity`) - :eq-fn - a 2-arg fn to compare the provided VS calculated signatures (defaults to `=`) - :hex-format - a `HexFormat` instance (defaults to `(HexFormat/of)`)
wrong-signature-respclj
cljdoc is a website building & hosting documentation for Clojure/Script libraries
× close