Backend security
More advanced backend security could also be achieved with
access_token from hivesigner. You can make sure only user you want can access certain content, this way you don't have to add your own security layer just utilize what Hivesigner already provides you.Below simple code makes sure that
access_token is indeed signed by user. And checks to makes sure keys matches perfectly.1
const message = JSON.stringify({
2
signed_message: signedMessage,
3
authors: tokenObj.authors,
4
timestamp: tokenObj.timestamp,
5
})
6
let hash = cryptoUtils.sha256(message)
7
...
8
account[type].key_auths.forEach((key: string[]) => {
9
if (
10
!validSignature
11
&& PublicKey.fromString(key[0]).verify(hash, Signature.fromString(signature))
12
) {
13
validSignature = true;
14
}
15
});
Copied!
This combined with Imagehoster verification is perfect combination of security you can get in your app to serve user specific pages like drafts, bookmarks, images, etc.
Last modified 1yr ago