MIT licensed by Freckle
Maintained by [email protected]
This version can be pinned in stack with:aws-sns-verify-0.1.0.0@sha256:f1101539ee2a711f130e599f18c7934ef0c4270b7bd025401544dc42bfab28b4,4185

Module documentation for 0.1.0.0

aws-sns-verify

Consumers utilizing SNS need to do 3 tasks:

  1. Parse the message JSON
  2. Validate signed signatures
  3. Handle subscriptions

This library encapsulates those actions.

myEchoWebhook :: MonadHandler m => m ()
myEchoWebhook = do
  message <- verifySNSMessage =<< requireInsecureJsonBody
  logDebugN message

Sign For Test

Signatures for testing are produced with the self signed certificate in this repository.

cat unsigned.txt | openssl dgst -sha1 -sign tests/key.pem | openssl base64

The certificate was produced with

openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout tests/key.pem -out tests/cert.pem

Changes

Unreleased

v0.1.0.0

  • Replace memory with ram for crypton-1.1

  • Raise a slew of lower bounds, to accomplish the above

  • Drop support for GHCs lower than 9.4, to accomplish the above

  • Return more specific errors in URI validation

    Rather than respond BadUri for non-URI, unexpected scheme, or invalid domain name, we now have 3 distinct error constructors for each of those.

v0.0.0.3

  • Migrate to crypton-x509*
  • Remove CI for GHC’s 8.6 and 8.8

v0.0.0.2

  • Validate PEM has come from AWS before checking signature.

v0.0.0.1

  • Fix typo in subscribe signature

v0.0.0.0

  • Initial release.
  • Handle JSON parsing.
  • Handle validation of payload signatures via X509.
  • Handle response to subscription messages.