Verify Signature

[tripott]

hyper Queue allows you to create a target webhook endpoint to receive jobs, in order to secure that endpoint to only receive jobs from hyper, you can implement a secret, this secret using sha256 to encode a nounce timestamp and a signature of the job payload. We created a function on hyper_connect to make it easier to implement your own middleware to validate these incoming jobs in a secure way.

• Create and export create_hyper_verify fn
• Types
• Document within readme
• Example within readme

JS hyper-connect SDK version: https://github.com/hyper63/hyper/blob/main/packages/connect/deno/utils/hyper-verify.ts

/**
 * Verify a job received from a hyper queue.
 * See https://docs.hyper.io/post-a-jobtask#sz-verifying-jobs-from-hyper-queue
 *
 * @param {string} secret - the secret you provided when creating the queue.
 * your hyper queue adds a signature to all job requests, using this secret.
 * @param {string} ttl - the maximum age of a job, in the case of your worker having a constraint
 * where it should only process jobs if the job was sent within the last 5 minutes
 * @returns - a function that, given the X-HYPER-SIGNATURE and job payload,
 * will verify the signature and payload and return a hyper OK response
 */

export function createHyperVerify(secret: string, ttl?: string) {
  return function (signature: string, payload: unknown): Result {
    return of({ input: { signature, payload }, secret, ttl })
      .map(splitHyperSignature)
      .chain(createHmacSignature)
      .chain(compareSignatures)
      .chain(verifyTimeGap(ttl as string))
      .either(identity, handleSuccess);
  };
}