Use signature field for verification
Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
This commit is contained in:
parent
a130bdc125
commit
ee32424f8c
4 changed files with 297 additions and 372 deletions
|
@ -12,7 +12,6 @@ tls = ["rocket/tls"]
|
|||
|
||||
[dependencies]
|
||||
rocket = "0.4"
|
||||
rocket_contrib = { version = "0.4", default-features = false, features = ["json"] }
|
||||
serde = { version = "1.0", features = ["derive"] }
|
||||
serde_json = "1.0"
|
||||
serde_yaml = "0.8"
|
||||
|
@ -22,3 +21,6 @@ anyhow = "1.0"
|
|||
log = "0.4"
|
||||
env_logger = "0.8"
|
||||
nom = "6"
|
||||
hmac = "0.10"
|
||||
sha2 = "0.9"
|
||||
hex = "0.4"
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue