Use signature field for verification

Instead of looking for a "secret" field hmac is used. Therefore the
raw payload is hashed with all secrets consecutively in order to
validate its content. If the content is certified the established
behaviour is pursued..
This commit is contained in:
finga 2021-03-28 03:50:52 +02:00
parent a130bdc125
commit ee32424f8c
4 changed files with 297 additions and 372 deletions

View file

@ -12,7 +12,6 @@ tls = ["rocket/tls"]
[dependencies]
rocket = "0.4"
rocket_contrib = { version = "0.4", default-features = false, features = ["json"] }
serde = { version = "1.0", features = ["derive"] }
serde_json = "1.0"
serde_yaml = "0.8"
@ -22,3 +21,6 @@ anyhow = "1.0"
log = "0.4"
env_logger = "0.8"
nom = "6"
hmac = "0.10"
sha2 = "0.9"
hex = "0.4"