Commit 564d743
committed
feat: validate inbound JWS + update deps and
Node.js 24.15.0
Leverage @mojaloop/sdk-standard-components Jws.validator to
verify
fspiop-signature headers on inbound
transactionRequests/authorizations.
Gated by JWS_VALIDATE (default false). Keys loaded from
JWS_VERIFICATION_KEYS_DIRECTORY with hot-reload via fs.watch.
Added HapiRawPayload plugin and stream payload config for
body parsing.
Bad signatures return FSPIOP error 3105 / HTTP 400.
Update Node.js to 24.15.0 (Docker 24.14.1-alpine3.23). Add
sdk-standard-components 19.18.8. Bump deps: hapi 21.4.8,
central-services-shared 18.35.7, sinon 21.1.2, ncu 21.0.2.
Add protobufjs overrides (7.5.5/8.0.1), convict 6.2.5, lodash
4.18.1,
axios 1.15.0, and other transitive vulnerability overrides.
0 vulnerabilities. Add JWS unit tests for coverage.
Ref: mojaloop/project#44391 parent 4788f8c commit 564d743
9 files changed
Lines changed: 1543 additions & 583 deletions
File tree
- config
- src
- lib
- test/unit
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | | - | |
| 1 | + | |
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
1 | 1 | | |
2 | | - | |
| 2 | + | |
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
| |||
| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
26 | 26 | | |
27 | 27 | | |
28 | 28 | | |
| 29 | + | |
| 30 | + | |
| 31 | + | |
| 32 | + | |
| 33 | + | |
| 34 | + | |
| 35 | + | |
29 | 36 | | |
30 | 37 | | |
31 | 38 | | |
| |||
0 commit comments