Use signature field for verification

Instead of looking for a "secret" field hmac is used. Therefore the raw payload is hashed with all secrets consecutively in order to validate its content. If the content is certified the established behaviour is pursued..
2021-03-28 03:50:52 +02:00 · 2021-03-28 03:50:52 +02:00 · ee32424f8c
commit ee32424f8c
parent a130bdc125
4 changed files with 297 additions and 372 deletions
--- a/Cargo.toml
+++ b/Cargo.toml
@ -12,7 +12,6 @@ tls = ["rocket/tls"]

 [dependencies]
 rocket = "0.4"
-rocket_contrib = { version = "0.4", default-features = false, features = ["json"] }
 serde = { version = "1.0", features = ["derive"] }
 serde_json = "1.0"
 serde_yaml = "0.8"
@ -22,3 +21,6 @@ anyhow = "1.0"
 log = "0.4"
 env_logger = "0.8"
 nom = "6"
+hmac = "0.10"
+sha2 = "0.9"
+hex = "0.4"