c98a4df78b
New features since API rework: - handling request-target aliases is now suppported - request-target aliases can be lazily evaluated - signature metadata like date is now checked - signatures missing mandatory headers are rejected due to being insecure - creation of signatures missing mandatory headers will raise an error
1.1 KiB
1.1 KiB
HttpSignatures
Elixir library for manipulating and validating HTTP signatures.
Installation
This package is a fork of Pleroma’s http_signatures and not on hexpm.
To use the package add the git repo to your list of dependencies in mix.exs:
def deps do
[
{:http_signatures,
git: "https://thisrepo.example/http_signature.git",
tag: "v1.1.0"}
]
end
You will need to write an adapter module that compiles with the
HTTPSignatures.Adapter behaviour. This is used to fetch the public
keys when verifying signatures. The adapter is configured like so:
config :http_signatures, adapter: YourAdapter
Documentation
To get API docs, search for docstring in lib/http_signatures.
Config Optioons
config :http_signatures,
adapter: YourAdapter, # see above
max_sig_age: 7200, # maximum age in seconds before a signature will be forcibly rejected
max_clock_skew: 2400 # maximum offset in seconds for accepting future creation dates