Skip to content

Commit

Permalink
feat: sign request
Browse files Browse the repository at this point in the history
  • Loading branch information
brokeyourbike committed Sep 5, 2024
1 parent eab83b7 commit 9ed48d5
Show file tree
Hide file tree
Showing 5 changed files with 40 additions and 13 deletions.
5 changes: 4 additions & 1 deletion client.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ type client struct {
logger *logrus.Logger
baseURL string
token string
secret string
}

// ClientOption is a function that configures a Client.
Expand All @@ -46,10 +47,11 @@ func WithLogger(l *logrus.Logger) ClientOption {
}
}

func NewClient(baseURL, token string, options ...ClientOption) *client {
func NewClient(baseURL, token, secret string, options ...ClientOption) *client {
c := &client{
baseURL: strings.TrimSuffix(baseURL, "/"),
token: token,
secret: secret,
}

c.httpClient = http.DefaultClient
Expand Down Expand Up @@ -89,6 +91,7 @@ func (c *client) newRequest(ctx context.Context, method, url string, body interf
}

req.Header.Set("X-AUTH-CLIENT", c.token)
req.Header.Set("X-HMAC-SIGNATURE", SignPayload(c.secret, string(b)))
return NewRequest(req), nil
}

Expand Down
10 changes: 5 additions & 5 deletions session_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@ func TestCreateSession(t *testing.T) {
logger, hook := logrustest.NewNullLogger()
logger.SetLevel(logrus.DebugLevel)

client := veriff.NewClient("https://a.b", "token", veriff.WithHTTPClient(mockHttpClient), veriff.WithLogger(logger))
client := veriff.NewClient("https://a.b", "token", "secret", veriff.WithHTTPClient(mockHttpClient), veriff.WithLogger(logger))

resp := &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader(veriffCreateSessionSuccess))}
mockHttpClient.On("Do", mock.AnythingOfType("*http.Request")).Return(resp, nil).Once()
Expand All @@ -48,7 +48,7 @@ func TestCreateSession(t *testing.T) {

func TestCreateSession_RequestErr(t *testing.T) {
mockHttpClient := veriff.NewMockHttpClient(t)
client := veriff.NewClient("https://a.b", "token", veriff.WithHTTPClient(mockHttpClient))
client := veriff.NewClient("https://a.b", "token", "secret", veriff.WithHTTPClient(mockHttpClient))

_, err := client.CreateSession(nil, veriff.CreateSessionPayload{}) //lint:ignore SA1012 testing failure
require.Error(t, err)
Expand All @@ -57,7 +57,7 @@ func TestCreateSession_RequestErr(t *testing.T) {

func TestSessionDecision(t *testing.T) {
mockHttpClient := veriff.NewMockHttpClient(t)
client := veriff.NewClient("https://a.b", "token", veriff.WithHTTPClient(mockHttpClient))
client := veriff.NewClient("https://a.b", "token", "secret", veriff.WithHTTPClient(mockHttpClient))

resp := &http.Response{StatusCode: http.StatusOK, Body: io.NopCloser(bytes.NewReader(decisionMsg))}
mockHttpClient.On("Do", mock.AnythingOfType("*http.Request")).Return(resp, nil).Once()
Expand All @@ -69,7 +69,7 @@ func TestSessionDecision(t *testing.T) {

func TestSessionDecision_RequestErr(t *testing.T) {
mockHttpClient := veriff.NewMockHttpClient(t)
client := veriff.NewClient("https://a.b", "token", veriff.WithHTTPClient(mockHttpClient))
client := veriff.NewClient("https://a.b", "token", "secret", veriff.WithHTTPClient(mockHttpClient))

_, err := client.SessionDecision(nil, "") //lint:ignore SA1012 testing failure
require.Error(t, err)
Expand All @@ -78,7 +78,7 @@ func TestSessionDecision_RequestErr(t *testing.T) {

func TestSessionMedia_RequestErr(t *testing.T) {
mockHttpClient := veriff.NewMockHttpClient(t)
client := veriff.NewClient("https://a.b", "token", veriff.WithHTTPClient(mockHttpClient))
client := veriff.NewClient("https://a.b", "token", "secret", veriff.WithHTTPClient(mockHttpClient))

_, err := client.SessionMedia(nil, "") //lint:ignore SA1012 testing failure
require.Error(t, err)
Expand Down
13 changes: 13 additions & 0 deletions signer.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,13 @@
package veriff

import (
"crypto/hmac"
"crypto/sha256"
"fmt"
)

func SignPayload(secret, payload string) string {
digest := hmac.New(sha256.New, []byte(secret))
digest.Write([]byte(payload))
return fmt.Sprintf("%x", digest.Sum(nil))
}
15 changes: 15 additions & 0 deletions signer_test.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
package veriff_test

import (
"testing"

"github.com/brokeyourbike/veriff-api-client-go"
"github.com/stretchr/testify/assert"
)

func TestSignPayload(t *testing.T) {
signed1 := veriff.SignPayload("secret", "")
signed2 := veriff.SignPayload("secret", string([]byte{}))

assert.Equal(t, signed1, signed2)
}
10 changes: 3 additions & 7 deletions webhook/verifier.go
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ package webhook

import (
"context"
"crypto/hmac"
"crypto/sha256"
"fmt"

"github.com/brokeyourbike/veriff-api-client-go"
)

type Verifier interface {
Expand All @@ -21,11 +21,7 @@ func NewVerifier(secrets []string) *verifier {

func (v *verifier) Verify(ctx context.Context, message, signature string) error {
for _, secret := range v.secrets {
digest := hmac.New(sha256.New, []byte(secret))
digest.Write([]byte(message))
computed := fmt.Sprintf("%x", digest.Sum(nil))

if computed == signature {
if veriff.SignPayload(secret, message) == signature {
return nil
}
}
Expand Down

0 comments on commit 9ed48d5

Please sign in to comment.