prologic-saltyim

Mirrors/prologic-saltyim

Fork 0

mirror of https://git.mills.io/saltyim/saltyim.git synced 2024-06-25 00:08:26 +00:00

Commit Graph

Author	SHA1	Message	Date
James Mills	ddd16c202f	Add blob service and support for signing and verifying HTTP requests (#178 ) Alternative to #177 The way this works is: Client: - Client creates a normal `net/http.Request{}` object using the `Request()` function in `utils.go`. The `http.Request{}` object is then signed using the Client's Ed25519 private key. - The HTTP Method and Path (_note this is important_) are hashed, as well as the request body (if any) using the FNV128a hashing algorithm. - This hash is then signed by the Client's's Ed25519 private key. - The resulting signature is then encoded to Base64 (_standard encoding_) and added to the HTTP headers as a `Signature:` header. - In addition the Client's Ed25519 public key is added to the HTTP headers as `Signer:` Server: - The server calculates the same FNV128a hash of the HTTP Request Method and Path and the body (if any) - The server decodes the HTTP header `Signature:` - The server then uses the Client's Ed25519 public key in the HTTP header `Signer:` to verify the signature of the `Signature:` HTTP header which gives us back the original FNV128a hash the Client calculated for the request. - The server then compares the Client's hash with the expected hash to see if they compare equally. Co-authored-by: James Mills <1290234+prologic@users.noreply.github.com> Co-authored-by: Jon Lundy <jon@xuu.cc> Reviewed-on: https://git.mills.io/saltyim/saltyim/pulls/178 Reviewed-by: xuu <xuu@noreply@mills.io>	2023-01-25 23:05:29 +00:00
James Mills	be4b4a5e9d	Add a basic structure for a go-app PWA + integrated Broker (#36 ) Co-authored-by: James Mills <prologic@shortcircuit.net.au> Co-authored-by: Jon Lundy <jon@xuu.cc> Reviewed-on: https://git.mills.io/prologic/saltyim/pulls/36	2022-03-21 22:27:35 +00:00

Author

SHA1

Message

Date

James Mills

ddd16c202f

Add blob service and support for signing and verifying HTTP requests (#178 )

Alternative to #177

The way this works is:

Client:

- Client creates a normal `net/http.Request{}` object using the `Request()` function in `utils.go`. The `http.Request{}` object is then signed using the Client's Ed25519 private key.
- The HTTP Method and Path (_note this is important_) are hashed, as well as the request body (if any) using the FNV128a hashing algorithm.
- This hash is then signed by the Client's's Ed25519 private key.
- The resulting signature is then encoded to Base64 (_standard encoding_) and added to the HTTP headers as a `Signature:` header.
- In addition the Client's Ed25519 public key is added to the HTTP headers as `Signer:`

Server:

- The server calculates the same FNV128a hash of the HTTP Request Method and Path and the body (if any)
- The server decodes the HTTP header `Signature:`
- The server then uses the Client's Ed25519 public key in the HTTP header `Signer:` to verify the signature of the `Signature:` HTTP header which gives us back the original FNV128a hash the Client calculated for the request.
- The server then compares the Client's hash with the expected hash to see if they compare equally.

Co-authored-by: James Mills <1290234+prologic@users.noreply.github.com>
Co-authored-by: Jon Lundy <jon@xuu.cc>
Reviewed-on: https://git.mills.io/saltyim/saltyim/pulls/178
Reviewed-by: xuu <xuu@noreply@mills.io>

2023-01-25 23:05:29 +00:00

James Mills

be4b4a5e9d

Add a basic structure for a go-app PWA + integrated Broker (#36 )

Co-authored-by: James Mills <prologic@shortcircuit.net.au>
Co-authored-by: Jon Lundy <jon@xuu.cc>
Reviewed-on: https://git.mills.io/prologic/saltyim/pulls/36

2022-03-21 22:27:35 +00:00

2 Commits