#gotham #aws #amazon #signing-key #signature-verification

gotham_middleware_aws_sig_verify

Gotham middleware for AWS SigV4 verification

2 unstable releases

0.2.0 May 26, 2020
0.1.0 Mar 24, 2020

#9 in #gotham

Apache-2.0

15KB
236 lines

Gotham middleware for AWS SigV4 verification

Crate: gotham_middleware_aws_sig_verify

The gotham_middleware_aws_sig_verify crate integrates AWS SigV4 verification (from aws_sig_verify) into the Gotham web framework.

Assuming you have a function get_signing_key that can return signing keys given AWS access keys (and optionally tokens), integration would be done similarly to:

use gotham;
use gotham::pipeline::new_pipeline;
use gotham::pipeline::single::single_pipeline;
use gotham::router::builder::{build_router, DefineSingleRoute, DrawRoutes};
use gotham::router::Router;
use gotham::state::State;
use gotham_middleware_aws_sig_verify::{AWSSigV4Verifier, SigningKeyKind, SignatureError};
use http::status::StatusCode;
use hyper::{Body, Response};

const SERVICE: &str = "myservice";
const REGION: &str = "local";

fn router() -> Router {
    let verifier = AWSSigV4Verifier::new(get_signing_key, SERVICE, REGION);
    let (chain, pipelines) = single_pipeline(new_pipeline().add(verifier).build());
    build_router(chain, pipelines, |route| {
        route.get("/").to(my_handler);
    })
}

fn my_handler(state: State) -> (State, Response<Body>) {
    let response: Response<Body> = Response::builder()
        .header("Content-Type", "text/plain; charset=utf-8")
        .status(StatusCode::OK)
        .body(Body::from("OK"))
        .unwrap();

    (state, response)
}

fn get_signing_key(
    kind: SigningKeyKind,
    access_key_id: &str,
    session_token: Option<&str>,
    req_date_opt: Option<&str>,
    region_opt: Option<&str>,
    service_opt: Option<&str>
) -> Result<Vec<u8>, SignatureError> {
    ...
}

pub fn main() {
    gotham::start("127.0.0.1:8080", router())
}

Dependencies

~28MB
~601K SLoC