Seal-Middleware: secure your api endpoint by limiting access over period of time.

in #utopian-io6 years ago (edited)

Screen Shot 2018-03-28 at 10.19.56.png

Components

Seal-Middleware is a javascript library to generate and validate token, the token will be valid based on the specified time period in miliseconds.

Benefits

To explain this, I will give an example below :

In this case, I implemented seal-middleware, for seal validation that client sent to Fire service built using ExpressJS. I have an endpoint like

https://api.com/data/:seal

And user request to url

https://api.com/data/jhkdjf7898

The task of seal-middleware is to validate whether the token seal above is valid. The token will be valid for a few miliseconds only, depending on the configuration of the developer, if the token is invalid, the request also becomes invalid.

How to Use

Instalation

npm install seal-middleware

Generate Seal

import SealMiddleware from 'seal-middleware'

//token only valid for 1 minue / 60ms, since created
const sealmiddleware = new SealMiddleware('your key', 60000)
const seal = sealmiddleware..generateSeal()

Seal validation

import SealMiddleware from 'seal-middleware'

//token only valid for 1 minue / 60ms, since created
const sealmanager = new SealMiddleware('your key', 60000)

const seal = 'dsjfsd6877234'

//check is seal valid 
// is valid will return boolean
const { is_valid } = seal.validate(seal) 

Token Formula

Generator

First we need how much miliseconds token will still valid. And app key, booth is required parameters to use Seal-Middleware.

if(typeof window == 'undefined') {
      return Buffer.from(this.key + String(Date.now())).toString('base64')
    } else {
      return (btoa(this.key + String(Date.now()))).replace(/=/g, '')
    }

There a to conditions for generate seal, ie for client side and server side. But they all have the same formula, that is, the timestamp is now + app key, then encode to bash64 and be url friendly.

Validator

First we have to get the timestamp stored in the token. I a way decode base64 of seal token, and then remove app key. Then check whether the current timestamp reductions and the token timestamp are greater than the tolerance limit. if smaller then valid, otherwise not.

validate(seal){
    const diff = Date.now() - this.getTimestampSeal(seal)
    if(isNaN(diff) || diff >= this.expired)
      return { is_valid: false }
    else
      return { is_valid: true }
  }

For more info about that code, please check Seal-Middleware Github repo via the link bellow.

Links



Posted on Utopian.io - Rewarding Open Source Contributors

Sort:  

Thank you for the contribution. It has been approved.

You can contact us on Discord.
[utopian-moderator]

thank you for approve this project

Hey @yussan I am @utopian-io. I have just upvoted you!

Achievements

  • You have less than 500 followers. Just gave you a gift to help you succeed!
  • This is your first accepted contribution here in Utopian. Welcome!

Community-Driven Witness!

I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!

mooncryption-utopian-witness-gif

Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x

Coin Marketplace

STEEM 0.18
TRX 0.13
JST 0.029
BTC 58271.24
ETH 3134.28
USDT 1.00
SBD 2.22