iph-secure-payload-server
v1.0.1
Published
AES-256-GCM encrypted request & response middleware for Express
Downloads
287
Maintainers
prashant-srivastav-iphtechReadme
iph-secure-payload-server
AES-256-GCM encrypted request & response middleware for Express.js.
Install
npm install iph-secure-payload-serverFeatures
- AES-256-GCM encryption
- Request decryption
- Response encryption
- HMAC SHA256 signature validation
- Skip routes
- Dynamic secret resolver
- TypeScript support
Usage
Basic
import express from "express";
import { securePayload } from "iph-secure-payload-server";
const app = express();
app.use(express.json());
app.use(
securePayload({
secretKey: "super-secret-key",
}),
);
app.get("/api/user", (req, res) => {
res.json({
success: true,
user: {
id: 1,
name: "John",
},
});
});
app.listen(3000);Skip Paths
app.use(
securePayload({
secretKey: "super-secret-key",
skipPaths: [
"/api/auth/login",
"/api/auth/register",
],
}),
);Dynamic Secret
app.use(
securePayload({
secretResolver(req) {
return req.headers["x-secret"] as string;
},
}),
);Client Request Format
{
"data": "encrypted-data",
"timestamp": "174000000",
"nonce": "uuid"
}Header:
x-signature: hmac-signatureResponse Format
{
"data": "encrypted-data",
"timestamp": "174000000",
"nonce": "uuid"
}Manual Encryption
import {
encryptPayload,
decryptPayload,
} from "iph-secure-payload-server";
const encrypted = encryptPayload(
{ hello: "world" },
"secret",
);
const decrypted = decryptPayload(
encrypted,
"secret",
);License
MIT