Seal-Middleware: secure your api endpoint by limiting access over period of time.
Components
Seal-Middleware is a javascript library to generate and validate token, the token will be valid based on the specified time period in miliseconds.
Benefits
To explain this, I will give an example below :
In this case, I implemented seal-middleware, for seal validation that client sent to Fire service built using ExpressJS. I have an endpoint like
https://api.com/data/:seal
And user request to url
https://api.com/data/jhkdjf7898
The task of seal-middleware is to validate whether the token seal above is valid. The token will be valid for a few miliseconds only, depending on the configuration of the developer, if the token is invalid, the request also becomes invalid.
How to Use
Instalation
npm install seal-middleware
Generate Seal
import SealMiddleware from 'seal-middleware'
//token only valid for 1 minue / 60ms, since created
const sealmiddleware = new SealMiddleware('your key', 60000)
const seal = sealmiddleware..generateSeal()
Seal validation
import SealMiddleware from 'seal-middleware'
//token only valid for 1 minue / 60ms, since created
const sealmanager = new SealMiddleware('your key', 60000)
const seal = 'dsjfsd6877234'
//check is seal valid
// is valid will return boolean
const { is_valid } = seal.validate(seal)
Token Formula
Generator
First we need how much miliseconds token will still valid. And app key, booth is required parameters to use Seal-Middleware.
if(typeof window == 'undefined') {
return Buffer.from(this.key + String(Date.now())).toString('base64')
} else {
return (btoa(this.key + String(Date.now()))).replace(/=/g, '')
}
There a to conditions for generate seal, ie for client side and server side. But they all have the same formula, that is, the timestamp is now + app key, then encode to bash64 and be url friendly.
Validator
First we have to get the timestamp stored in the token. I a way decode base64 of seal token, and then remove app key. Then check whether the current timestamp reductions and the token timestamp are greater than the tolerance limit. if smaller then valid, otherwise not.
validate(seal){
const diff = Date.now() - this.getTimestampSeal(seal)
if(isNaN(diff) || diff >= this.expired)
return { is_valid: false }
else
return { is_valid: true }
}
For more info about that code, please check Seal-Middleware Github repo via the link bellow.
Links
- NPM : https://www.npmjs.com/package/seal-middleware
- Test via web : https://npm.runkit.com/seal-middleware
- Github : https://github.com/yussan/seal-middleware
Posted on Utopian.io - Rewarding Open Source Contributors
Thank you for the contribution. It has been approved.
You can contact us on Discord.
[utopian-moderator]
thank you for approve this project
Hey @yussan I am @utopian-io. I have just upvoted you!
Achievements
Community-Driven Witness!
I am the first and only Steem Community-Driven Witness. Participate on Discord. Lets GROW TOGETHER!
Up-vote this comment to grow my power and help Open Source contributions like this one. Want to chat? Join me on Discord https://discord.gg/Pc8HG9x
Congratulations @yussan!
Your post was mentioned in the Steemit Hit Parade for newcomers in the following category:
I also upvoted your post to increase its reward
If you like my work to promote newcomers and give them more visibility on Steemit, feel free to vote for my witness! You can do it here or use SteemConnect