MIT licensed by Freckle
This version can be pinned in stack with:aws-sns-verify-0.1.0.0@sha256:f1101539ee2a711f130e599f18c7934ef0c4270b7bd025401544dc42bfab28b4,4185
Module documentation for 0.1.0.0
Depends on 12 packages
(full list with versions):
aeson,
base,
bytestring,
crypton-x509,
crypton-x509-validation,
errors,
http-conduit,
network-uri,
pem,
ram,
regex-tdfa,
text aws-sns-verify
Consumers utilizing SNS need to do 3 tasks:
- Parse the message JSON
- Validate signed signatures
- Handle subscriptions
This library encapsulates those actions.
myEchoWebhook :: MonadHandler m => m ()
myEchoWebhook = do
message <- verifySNSMessage =<< requireInsecureJsonBody
logDebugN message
Sign For Test
Signatures for testing are produced with the self signed certificate in this
repository.
cat unsigned.txt | openssl dgst -sha1 -sign tests/key.pem | openssl base64
The certificate was produced with
openssl req -newkey rsa:2048 -new -nodes -x509 -days 3650 -keyout tests/key.pem -out tests/cert.pem
-
Replace memory with ram for crypton-1.1
-
Raise a slew of lower bounds, to accomplish the above
-
Drop support for GHCs lower than 9.4, to accomplish the above
-
Return more specific errors in URI validation
Rather than respond BadUri for non-URI, unexpected scheme, or invalid domain
name, we now have 3 distinct error constructors for each of those.
- Migrate to
crypton-x509*
- Remove CI for GHC’s 8.6 and 8.8
- Validate PEM has come from AWS before checking signature.
- Fix typo in subscribe signature
- Initial release.
- Handle JSON parsing.
- Handle validation of payload signatures via X509.
- Handle response to subscription messages.