This crate is used to create and verify HTTP Signatures, defined here. It has support for Hyper, Rocket, and Reqwest types. In the future, I might also support Iron middleware for verification.
Each example is hosted within it's own crate in the examples folder
The hyper examples are configured to talk to eachother by default. The server runs on port 3000, and the client POSTs on port 3000. They also use the Signature header to sign and verify the request.
The actix-web server and client examples listens and post to port 5000, and can be tested with the each other. They use the Signature header to sign and verify the request.
The rocket 3 server and the rocket 4 server listen on port 8000, and the reqwest client can be used to interact with it. These examples use the Authorization header to sign and verify the request.
Add this to your Cargo.toml
toml
[dependencies.http-signatures]
version = "0.6"
features = ["use_actix_web"]
Use it in your application like this. ```rust const PHRASE: &str = "Hewwo, Mr. Obama???";
pub struct Error(#[cause] http_signatures::Error);
impl ResponseError for Error {}
pub struct MyState {
arc: Arc
fn index((req, state): (HttpRequest
verified.map_err(|e| Error(e.into())).map(|_| {
HttpResponse::Ok()
.content_length(PHRASE.len() as u64)
.content_type("text/plain")
.force_close()
.body(format!("{}", PHRASE))
})
}
fn main() -> Result<(), Box
let state = MyState { arc: key_arc };
server::new(move || App::with_state(state.clone()).resource("/", |r| r.with(index)))
.bind("127.0.0.1:5000")
.expect("Can not bind to port 5000")
.run();
Ok(())
} ```
```rust let key_id = "some-username-or-something"; let json = r#"{"library":"actix-web"}"#;
let mut req = post("http://localhost:5000") .contentlength(json.len() as u64) .contenttype("application/json") .body(json)?;
req.withsignatureheader( keyid.toowned(), CreationKey::rsa(private_key, ShaSize::SHA256), )?;
actixweb::actix::run(move || { req.send().maperr(|| ()).map(|res| { println!("POST: {}", res.status()); actixweb::actix::System::current().stop(); }) }); ```
Add this to your Cargo.toml
toml
[dependencies.http-signatures]
version = "0.6"
features = ["use_hyper"]
Use it when building a request as follows. ```rust let client = Client::new();
let json = r#"{"library":"hyper"}"#; let mut req = Request::post("http://localhost:3000") .body(Body::from(json))?; req.headersmut().insert( CONTENTTYPE, HeaderValue::fromstr("application/json")?, ); req.headersmut().insert( CONTENTLENGTH, HeaderValue::fromstr(&format!("{}", json.len()))?, );
let keyid = "some-username-or-something"; // Add the HTTP Signature req.withsignatureheader( keyid.into(), CreationKey::rsa(private_key, ShaSize::SHA256), )?;
let post = client.request(req).and_then(|res| { println!("POST: {}", res.status());
res.into_body().concat2()
});
tokio::run(post.map(|| ()).maperr(|_| ())); ```
This is a very basic example server outline that should give you a general idea of how to set up a Hyper server that verifies HTTP Signatures. This is not meant to be code that actually works. ```rust const PHRASE: &str = "Hewwo, Mr. Obama???";
fn main() -> Result<(), Box
let service = move || {
let key = Arc::clone(&key_arc);
service_fn(move |req: Request<Body>| {
let verified = req.verify_signature_header(Input::from(&key));
verified
.into_future()
.map_err(|e| format!("{:?}", e))
.and_then(|_| {
println!("Succesfully verified request!");
Response::builder()
.header(CONTENT_LENGTH, PHRASE.len() as u64)
.body(Body::from(PHRASE))
.map_err(|e| format!("{:?}", e))
})
})
};
let addr = "127.0.0.1:3000".parse()?;
let server = Server::bind(&addr)
.serve(service)
.map_err(|e| eprintln!("server error: {}", e));
rt::run(server);
Ok(())
} ```
Add this to your Cargo.toml
toml
[dependencies.http-signatures]
version = "0.6"
default-features = false
features = ["use_reqwest"]
In your code, use it when building a request as follows.
```rust let key_id = "some-username-or-something".into();
let client = Client::new(); let mut req = client.get("http://localhost:8000").build()?;
req.withauthorizationheader(keyid, CreationKey::rsa(privatekey, ShaSize::SHA512))?;
let res = client.execute(req)?; ```
Add this to your Cargo.toml
toml
[dependencies.http-signatures]
version = "0.6"
default-features = false
features = ["use_rocket"]
Add this to your Cargo.toml
toml
[dependencies.http-signatures]
version = "0.6"
default-features = false
features = ["use_rocket4"]
In your code, use it in a route like so ```rust struct Verified;
impl<'a, 'r> FromRequest<'a, 'r> for Verified { type Error = ();
fn from_request(request: &'a Request<'r>) -> Outcome<Verified, ()> {
let res = request
.guard::<State<Vec<u8>>>()
.succeeded()
.ok_or(())
.and_then(|key| {
request
.verify_authorization_header(Input::from(&key))
.map_err(|e| println!("Error: {:?}", e))?;
Ok(Verified)
});
match res {
Ok(verified) => Success(verified),
Err(fail) => Failure((Status::Forbidden, fail)),
}
}
}
fn index(_verified: Verified) -> &'static str { "Successfully verified request" }
fn main() -> Result<(), Box
rocket::ignite()
.mount("/", routes![index])
.manage(key_vec)
.launch();
Ok(())
} ```
Please be aware that all code contributed to this project will be licensed under the GPL version 3.
HTTP Signatures is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.
HTTP Signatures is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. This file is part of HTTP Signatures
You should have received a copy of the GNU General Public License along with HTTP Signatures If not, see http://www.gnu.org/licenses/.