1
0
mirror of https://github.com/imgproxy/imgproxy.git synced 2024-11-29 08:22:11 +02:00
imgproxy/examples/signature.js
Niklas Mollenhauer 524434b63f
Drop dependency + use built-in base64url (#1156)
* Drop dependency + use built-in `base64url`

[`create-hmac`](https://github.com/browserify/createHmac) is meant for compat between node and browser compat and was last updated in 2018.

Computing the HMAC signature on the client (browser) does not make any sense in 99% of the use-cases, as the secrets would be needed on the client side.
This means that we can drop browser support and just use the native node module, which is also exported by the `create-hmac` when running on node.

`Buffer.toString()` also accepts "base64url" as an encoding, so we can drop the `urlSafeBase64` in favor of that.

* Use encoder from hmac instance
2023-05-24 19:30:00 +06:00

21 lines
618 B
JavaScript

import { createHmac } from 'node:crypto';
const KEY = '943b421c9eb07c830af81030552c86009268de4e532ba2ee2eab8247c6da0881'
const SALT = '520f986b998545b4785e0defbc4f3c1203f22de2374a3d53cb7a7fe9fea309c5'
const hexDecode = (hex) => Buffer.from(hex, 'hex')
const sign = (salt, target, secret) => {
const hmac = createHmac('sha256', hexDecode(secret))
hmac.update(hexDecode(salt))
hmac.update(target)
return hmac.digest('base64url')
}
const path = "/rs:fit:300:300/plain/http://img.example.com/pretty/image.jpg"
const signature = sign(SALT, path, KEY)
const result = `/${signature}${path}`
console.log(result)