Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/abiosoft/caddy-hmac

Caddy v2 hmac signature validation middleware
https://github.com/abiosoft/caddy-hmac

caddy caddy-module caddyserver hmac hmac-signature

Last synced: 30 days ago
JSON representation

Caddy v2 hmac signature validation middleware

Host: GitHub
URL: https://github.com/abiosoft/caddy-hmac
Owner: abiosoft
License: apache-2.0
Created: 2020-05-16T15:22:49.000Z (over 4 years ago)
Default Branch: master
Last Pushed: 2021-05-22T20:55:02.000Z (over 3 years ago)
Last Synced: 2024-08-01T13:32:45.721Z (3 months ago)
Topics: caddy, caddy-module, caddyserver, hmac, hmac-signature
Language: Go
Homepage:
Size: 71.3 KB
Stars: 8
Watchers: 2
Forks: 3
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![Go](https://github.com/abiosoft/caddy-hmac/workflows/Go/badge.svg)](https://github.com/abiosoft/caddy-hmac/actions)

# caddy-hmac

Caddy v2 hmac middleware

## Installation

```

xcaddy build v2.0.0 \

    --with github.com/abiosoft/caddy-hmac

```

## Usage

`hmac` computes the hash of the request body as a `{hmac.signature}` [placeholder](https://caddyserver.com/docs/caddyfile/concepts#placeholders) for other [matchers](https://caddyserver.com/docs/caddyfile/matchers) and [handlers](https://caddyserver.com/docs/caddyfile/directives).

### Caddyfile

```

hmac []  

```

* **name** - [optional] if set, names the signature and available as `{hmac.name.signature}`.

* **algorithm** - hash algorithm to use. Can be one of `sha1`, `sha256`, `md5`.

* **secret** - the hmac secret key.

#### Example

Run a [command](https://github.com/abiosoft/caddy-exec) after validating a Github webhook secured with a secret.

```

@github {

    path /webhook

    header_regexp X-Hub-Signature "[a-z0-9]+\=([a-z0-9]+)"

}

@hmac {

    expression {hmac.signature} == {http.regexp.1}

}

route @github {

    hmac sha1 {$GITHUB_WEBHOOK_SECRET}

    exec @hmac git pull origin master

}

```

### JSON

`hmac` can be part of any route as an handler

```jsonc

{

  ...

  "routes": [

    {

      "handle": [

        {

          // required to indicate the handler

          "handler": "hmac",

          // [optional] if set, names the sigurature to be referenced

          // as {hmac.name.signature}.

          "name": "",

          // the algorithm to use. can be sha1, sha256, md5

          "algorithm": "sha1",

          // hmac secret

          "secret": "some secrets"

        }

      ]

    },

    ...

  ]

  ...

}

```

## License

Apache 2