# ManifoldcoSignature
Verify signed HTTP requests from Manifold.
## Installation
If [available in Hex](https://hex.pm/docs/publish), the package can be installed
by adding `manifoldco_signature` to your list of dependencies in `mix.exs`:
```elixir
def deps do
[
# Required for the `manifoldco_signature` dependency.
{:enacl, github: "jlouis/enacl", ref: "c8403ab198b80863479c2ab5a9ccd0a8d73a57c4"}
{:manifoldco_signature, "~> 0.0.1"}
]
end
```
Note that this library uses a specific version of the
[enacl](https://github.com/jlouis/enacl) library. This is due to broken build requirements
when trying to compile the `libsodium` bindings.
Oh, and you'll need `libsodium` to be installed on the host machine. If you're on mac you
can do so via:
```
brew install libsodium
```
## Documentation
Documentation can be generated with [ExDoc](https://github.com/elixir-lang/ex_doc)
and published on [HexDocs](https://hexdocs.pm). Once published, the docs can
be found at [https://hexdocs.pm/manifoldco_signature](https://hexdocs.pm/manifoldco_signature).
## Using with Plug
This library does not include `Plug` as a dependency but instead takes the raw request arguments
so that you can use your framework of choise. Since `Plug` is popular below is a plug that
works with this library:
```elixir
defmodule ManifoldAuthorization do
@moduledoc """
Plug that authenicates requests from the Manifold.co service.
"""
alias ManifoldcoSignature
require Logger
@behaviour Plug
#
# Callbacks
#
def init(_opts) do
[]
end
def call(conn, _opts) do
conn = Plug.Conn.fetch_query_params(conn)
method = conn.method
request_path = conn.request_path
query_string = conn.query_string
headers = conn.req_headers
with {:ok, body, conn} <- Plug.Conn.read_body(conn),
:ok <- ManifoldcoSignature.verify(method, request_path, query_string, headers, body),
# We must parse the body here because `Plug.Conn.read_body/1` can only be called once.
# Once called the body is no longer available.
{:ok, body_params} <- Poison.decode(body) do
Map.put(conn, :body_params, body_params)
else
{:error, reason} ->
Logger.info(fn ->
"Manifold authentication failed: #{inspect(reason)}"
end)
conn
|> Plug.Conn.send_resp(:unauthorized, "")
|> Plug.Conn.halt()
end
end
end
```
## Credit
This package was built by
[![timber.io](http://res.cloudinary.com/timber/image/upload/v1490197244/pricing/logo-purple.png)](http://timber.io/)
A Manifold logging provider.