Last active
February 14, 2024 17:10
-
-
Save asoorm/637be0b463a7a313a1ea01de20ebf8c9 to your computer and use it in GitHub Desktop.
Postman pre-request script to sign http requests with a HMAC shared secret
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
/* CHANGE THIS STUFF */ | |
const KEY_ID = "61eaf3e25ebd3aa2f8d2958953bc5cc49e754195ac07e70c4f6d8fb6"; | |
const HMAC_SECRET = "NWU0MzQ0ZjZmY2JiNGU4N2I1NmEyZjJlYTRlOTE0YzI="; | |
const SIGN_REQUEST_TARGET = true; | |
const SIGN_REQUEST_DATE = true; | |
const HEADERS_TO_SIGN = ["x-test-1", "x-test-2"]; | |
const SIGNING_ALGORITHM = "hmac-sha512"; // supported algorithms: hmac-sha1, hmac-sha256, hmac-sha384, hmac-sha512 | |
/* DO NOT CHANGE BELOW THIS LINE */ | |
let signatureString = ""; | |
let headersString = ""; | |
let signingAlgorithm = SIGNING_ALGORITHM; | |
const dateHeader = new Date().toUTCString(); | |
pm.request.headers.add({ | |
key: "Date", | |
value: dateHeader, | |
}); | |
/* | |
BUILD HEADERS STRING | |
*/ | |
if (SIGN_REQUEST_TARGET) { | |
headersString += "(request-target) "; | |
} | |
if (SIGN_REQUEST_DATE) { | |
headersString += "date "; | |
} | |
HEADERS_TO_SIGN.forEach((header) => { | |
headersString += header.toLowerCase() + " "; | |
}); | |
headersString = headersString.trimRight(); | |
console.log("headersString", headersString); | |
/* | |
BUILD SIGNATURE STRING | |
*/ | |
if (SIGN_REQUEST_TARGET) { | |
signatureString += `(request-target): ${pm.request.method.toLowerCase()} ${pm.request.url.getPath()}\n`; | |
} | |
if (SIGN_REQUEST_DATE) { | |
signatureString += `date: ${dateHeader}\n`; | |
} | |
HEADERS_TO_SIGN.forEach((header) => signatureString += header + ": " + pm.request.headers.get(header) + "\n"); | |
signatureString = signatureString.trimRight(); | |
console.log("signatureString:", signatureString); | |
let signature = ""; | |
switch(signingAlgorithm) { | |
case "hmac-sha1": | |
signature = encodeURIComponent(CryptoJS.HmacSHA1(signatureString, HMAC_SECRET).toString(CryptoJS.enc.Base64)); | |
break; | |
case "hmac-sha256": | |
signature = encodeURIComponent(CryptoJS.HmacSHA256(signatureString, HMAC_SECRET).toString(CryptoJS.enc.Base64)); | |
break; | |
case "hmac-sha384": | |
signature = encodeURIComponent(CryptoJS.HmacSHA384(signatureString, HMAC_SECRET).toString(CryptoJS.enc.Base64)); | |
break; | |
case "hmac-sha512": | |
signature = encodeURIComponent(CryptoJS.HmacSHA512(signatureString, HMAC_SECRET).toString(CryptoJS.enc.Base64)); | |
break; | |
default: | |
console.log("signing algorithm unknown, defaulting to `hmac-sha1`"); | |
signature = encodeURIComponent(CryptoJS.HmacSHA1(signatureString, HMAC_SECRET).toString(CryptoJS.enc.Base64)); | |
signingAlgorithm = 'hmac-sha1'; | |
} | |
console.log("signature", signature); | |
pm.request.headers.add({ | |
key: "Authorization", | |
value: `Signature keyId="${KEY_ID}",algorithm="${signingAlgorithm}",headers="${headersString}",signature="${signature}"`, | |
}); |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment