Verify signed HTTP requests from Manifold
Code of Conduct | Contribution Guidelines
import "github.com/manifoldco/go-signature"signature includes middleware that conforms to the http.Handler interface, wrapping another http.Handler. If the request is invalid, the middleware will respond directly, instead of calling your handler.
Using the included middleware:
verifier, _ := signature.NewVerifier(signature.ManifoldKey)
http.Handle("/v1", verifier.WrapFunc(func (rw http.ResponseWriter, r *http.Request) {
// your code goes here.
}))Verifying a request manually:
body, err := ioutil.ReadAll(req.Body)
buf := bytes.NewBuffer(body)
verifier, err := signature.NewVerifier(signature.ManifoldKey)
if err := verifier.Verify(req, buf); err != nil {
// return an error...
}
// continue using the request and bodyManual verification may be useful if you are not using a standard net/http setup.