Merge pull request #5 from stevejhiggs/master

Anthony Bouch · Anthony Bouch · commit 60654f7b0ad6 · 2015-06-29T01:45:39.000+07:00
Add payloadFunc option. This allows easy validation of payloads
diff --git a/README.md b/README.md
@@ -20,6 +20,12 @@ The hapi-auth-signature scheme takes the following options.
           included when `isValid` is `true`, but there are cases when the application needs to know who tried to authenticate even when it fails
           (e.g. with authentication mode `'try'`).
 
+- `payloadFunc` - (optional) payload validation function with the signature `function(request, callback)` where:
+    - `request` - hapi request object.
+    - `callback` - a callback function with the signature `function(err, isValid)` where:
+        - `err` - an internal error.
+        - `isValid` - `true` if the payload is verified, otherwise `false`.
+
 The validation function shown below is based on an hmac strategy with a key identifier and secret key stored in a user record. [http-signature](https://github.com/joyent/node-http-signature) supports the following algorithms:
 
 * rsa-sha1
diff --git a/lib/index.js b/lib/index.js
@@ -46,23 +46,38 @@ internals.implementation = function (server, options) {
         credentials = credentials || null;
 
         if (err) {
-          return reply(err, null, { credentials: credentials, log: { tags: ['auth', 'signature'], data: err } });
+          return reply(err, null, {credentials: credentials, log: {tags: ['auth', 'signature'], data: err}});
         }
 
         if (!isValid) {
-          return reply(Boom.unauthorized('Bad signature', 'Signature'), null, { credentials: credentials });
+          return reply(Boom.unauthorized('Bad signature', 'Signature'), null, {credentials: credentials});
         }
 
         if (!credentials ||
             typeof credentials !== 'object') {
 
-          return reply(Boom.badImplementation('Bad credentials object received for Signature auth validation'), null, { log: { tags: ['auth', 'credentials'] } });
+          return reply(Boom.badImplementation('Bad credentials object received for Signature auth validation'), null, {log: {tags: ['auth', 'credentials']}});
         }
 
         // Authenticated
 
-        return reply.continue({ credentials: credentials });
+        return reply.continue({credentials: credentials});
       });
+    },
+    payload: function (request, reply) {
+      if (settings.payloadFunc) {
+        settings.payloadFunc(request, function (err, isValid) {
+          if (err) {
+            return reply(err, null, {log: {tags: ['auth', 'signature'], data: err}});
+          }
+
+          if (!isValid) {
+            return reply(Boom.unauthorized('Bad signature', 'Signature'), null, {});
+          }
+        });
+      }
+
+      reply.continue();
     }
   };
 
