# HMACAuth
Intended to be compatible with the ruby version at http://www.github.com/zvkemp/hmac_auth.
Note:
If used to verify POST requests, the included `HMACAuthEx.Plug` must be used before `Plug.Parsers` (it requires
access to the raw request body, which is removed by json parsing et al).
## Installation
If [available in Hex](https://hex.pm/docs/publish), the package can be installed as:
1. Add `hmac_auth_ex` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[{:hmac_auth_ex, "~> 0.3.0"}]
end
```
2. Add the required config in `config/{env}.exs`:
```elixir
config :hmac_auth_ex, keys: %{key => value}
```
3. Ensure `hmac_auth_ex` is started before your application:
```elixir
def application do
[applications: [:hmac_auth_ex]]
end
```
4. (Optional) If using the plug, add this to your endpoint (usually before the router):
```elixir
plug HMACAuthEx.Plug
```
This will add an `hmac_verified: boolean` key to `conn.private`. A basic authentication function might look like this:
```elixir
defp authenticate(conn, _) do
cond do
Mix.env == :dev -> conn # to skip verification in the dev environment
conn.private.hmac_verified -> conn
true ->
conn
|> put_status(:unauthorized)
|> json(%{error: :signature})
|> halt
end
end
```