Backend security

More advanced backend security could also be achieved with access_token from hivesigner. You can make sure only user you want can access certain content, this way you don't have to add your own security layer just utilize what Hivesigner already provides you.

Below simple code makes sure that access_token is indeed signed by user. And checks to makes sure keys matches perfectly.

    const message = JSON.stringify({
                signed_message: signedMessage,
                authors: tokenObj.authors,
                timestamp: tokenObj.timestamp,
        })
    let hash = cryptoUtils.sha256(message)
    ...
    account[type].key_auths.forEach((key: string[]) => {
        if (
           !validSignature
           && PublicKey.fromString(key[0]).verify(hash, Signature.fromString(signature))
        ) {
              validSignature = true;
          }
    });

This combined with Imagehoster verification is perfect combination of security you can get in your app to serve user specific pages like drafts, bookmarks, images, etc.

Last updated