Signed Fetch
A fetch wrapper that sends signed requests, according to the Signing HTTP Messages draft 08.
This has not been tested in production or with other servers yet. If you decide to try it and find any bugs please let me know.
import SignedFetch from 'signed-fetch';
import * as nodeFetch from 'node-fetch';
// You should make the public key available at this URL
const publicKeyId = 'http://my-site.example/@paul#main-key';
const privateKey = `-----BEGIN RSA PRIVATE KEY-----
${process.env.PRIVATE_KEY}
-----END RSA PRIVATE KEY-----`;
const fetch = new SignedFetch(
{
keyId: publicKeyId,
privateKey: privateKey
},
{
...nodeFetch,
fetch: nodeFetch.default
}
);
const res = await fetch('https://mastodon.social/user/gargron')Dependencies
signed-fetch
Signed Fetch
module.exports ⏏
Creates a fetch-like function that sends signed messages
new module.exports(keyOptions, fetchOptions, Request, Response, fetch)
Create a SignedFetch function
| Param | Type | Description |
|---|---|---|
| keyOptions | object |
Key options |
| keyOptions.keyId | string |
URI of the public key for verifying the signature |
| keyOptions.privateKey | string |
The private key to use to sign requests |
| fetchOptions | object |
Fetch implementation |
| Request | class |
Constructor for the fetch request object |
| Response | class |
Constructor for the fetch response object |
| fetch | function |
The actual fetch function to call |