Skip to content

Feature/msg signing on refactor #8

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
adriantuk wants to merge 16 commits into
base: main
Choose a base branch
from
Open

Feature/msg signing on refactor #8

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
16 commits
Select commit Hold shift + click to select a range
cbbd04f
Initial working Node.js
KMilej Jan 16, 2026
5f64a83
Initial working Node.js
KMilej Jan 16, 2026
ef50f88
rename run_server.sh to run-server.sh
KMilej Jan 29, 2026
0d7e938
Add token check signature endpoint
adriantuk Feb 3, 2026
df9b137
Add token-check signature docs
adriantuk Feb 3, 2026
2e5773e
Document .env setup steps
adriantuk Feb 3, 2026
1b2824f
Ensure the install message signature takes precedence when both IPK a…
adriantuk Feb 3, 2026
75dd695
Review msg_signing_onRefactor
adriantuk Feb 4, 2026
55e1be5
comments
adriantuk Feb 4, 2026
35db6a1
commenting index.js for clarity, + there was a small bug with accepti…
adriantuk Feb 4, 2026
0dd835b
comments for the env properties
adriantuk Feb 4, 2026
b60752a
Add detailed env example comments
adriantuk Feb 5, 2026
775178a
Improve token binding comments
adriantuk Feb 5, 2026
f33239d
Add POST route for token signature verification
adriantuk Feb 9, 2026
3c4123a
Merge pull request #9 from approov/code/msg_signing_testing
adriantuk Feb 9, 2026
df60ce8
Make the expected signature type explicit.
adriantuk Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
53 changes: 53 additions & 0 deletions .env.example
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
# -----------------------------------------------------------------------------
# Approov Node.js Quickstart - Environment Configuration
#
# This file is a template for local development. Copy it to `.env` and replace
# the placeholder values with real secrets or environment-specific settings.
# The server loads `.env` on startup and uses these variables to configure:
# - which address/port to bind
# - how to verify Approov tokens
# - optional message signing validation
# - optional verbose HTTP logging for debugging
# -----------------------------------------------------------------------------

# HTTP port the backend listens on (internal server port)
HTTP_PORT=8111

# Approov shared secret (base64url). Required to verify Approov JWTs.
# Obtain with: `approov secret -get base64url`
APPROOV_BASE64URL_SECRET=approov_base64url_secret_here

# Optional: account-level message signing secret.
# Use ONE of the formats below. If you set more than one, the first non-empty
# value (in the order shown) is used.
APPROOV_ACCOUNT_MESSAGE_SIGNING_SECRET_BASE64URL=
APPROOV_ACCOUNT_MESSAGE_SIGNING_SECRET_BASE64=
APPROOV_ACCOUNT_MESSAGE_SIGNING_SECRET_RAW=

# Optional: expected account key id for message signing (mskid claim).
# If set, incoming requests must match this key id when using account signatures.
APPROOV_ACCOUNT_MESSAGE_SIGNING_KEY_ID=

# Signature mode toggle:
# - false (default): install signature only
# - true: account signature only (install signature disabled)
APPROOV_ENABLE_ACCOUNT_SIGNATURE=false

# Optional: allowed clock skew (seconds) when validating message signature
# created/expires parameters. Increase slightly if clients' clocks drift.
APPROOV_MESSAGE_SIGNING_TOLERANCE_SECONDS=60

# Verbose logging for Approov + message signing flow (true/false).
# Use `true` when debugging token/signature issues.
APPROOV_VERBOSE_LOGGING=true

# Log full HTTP request/response payloads (true/false).
# Use with caution: this can log sensitive data.
APPROOV_HTTP_LOGGING=false

# Address/hostname to bind the HTTP server to.
# Use 0.0.0.0 when running in Docker so the port is reachable externally.
SERVER_HOSTNAME=0.0.0.0

# Command that starts your server inside the container (Docker).
APP_START_CMD=npm start
5 changes: 5 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,7 @@
.env
node_modules/
!vendor/http-message-signatures/node_modules/
!vendor/http-message-signatures/node_modules/structured-headers/
!vendor/http-message-signatures/node_modules/structured-headers/**
.config/
.DS_Store
Loading