hackagotchi · Muirrum · Jul 13, 2020 · Jul 13, 2020 · Jul 13, 2020 · Jul 13, 2020
diff --git a/Cargo.toml b/Cargo.toml
@@ -14,3 +14,6 @@ bson = "1.0"
 serde = { version = "1.0", features = ["derive"]}
 uuid = { version = "0.8.1", features = ["v4", "serde"] }
 mongodb = "1.0"
+hmac = "0.8.1" 
+hcor = { git="https://github.com/hackagotchi/hcor" }
+sha2 = "0.9.1"
diff --git a/src/main.rs b/src/main.rs
@@ -3,6 +3,7 @@ use actix_web::{get, web, App, HttpRequest, HttpResponse, HttpServer};
 pub mod data;
 pub mod models;
 pub mod routes;
+pub mod middlewares;
 
 #[get("/user/{id}")]
 async fn get_user(_req: HttpRequest) -> HttpResponse {

diff --git a/src/middlewares.rs b/src/middlewares.rs
@@ -0,0 +1,40 @@
+use actix_web::HttpRequest;
+use actix_web::middleware::{Middleware, Started};
+use hcor::errors::ServiceError;
+use actix_web::Result;
+use std::env;
+
+use hmac::{Hmac, Mac, NewMac};
+use sha2::Sha256;
+
+
+
+pub struct VerifySignature;
+
+impl <S> Middleware<S> for VerifySignature {
+    fn start(&self, req: &mut HttpRequest<S>) -> Result<Started> {
+        use std::io::Read;
+
+        let r = req.clone();
+        let s = r.headers()
+            .get("X-Signature")
+            .ok_or(ServiceError::Unauthorized)?
+            .to_str()
+            .map_err(ServiceError::Unauthorized)?;
+
+        let (_, sig) = s.split_at(5);
+
+        let mut mac = Hmac::<Sha256>::new_varkey(String::as_bytes(env::var("SECERT_KEY").unwrap_or("changemepls")));
+
+
+
+        let mut body = String::new();
+        req.read_to_string(&mut body)
+            .map_err(ServiceError::InternalServerError)?;
+
+        mac.update(String::as_bytes(sig));
+
+        mac.verify(String::as_bytes(body));
+
+    }
+}