feat(lib): implement FW-N1~FW-N4 items and pane snapshot guidelines
This commit is contained in:
@@ -153,11 +153,13 @@ Every event payload must adhere to the following schema structure:
|
||||
|
||||
---
|
||||
|
||||
### 2.4 Integrity and Authentication Verification (Bearer Auth)
|
||||
### 2.4 Integrity and Authentication Verification (HMAC-SHA256 Signatures)
|
||||
To prevent unauthorized users from hijacking or spoofing events on public brokers:
|
||||
1. When a job is registered, a cryptographic token (`auth_token`) is generated (`secrets.token_urlsafe(32)`).
|
||||
2. The publisher reads this token from the local job file and injects it into `data.auth_token` for all outgoing messages.
|
||||
3. The subscriber (`job_subscriber.py`) reads the expected `auth_token` from the local registry and performs a plaintext bearer-token check on all received messages. Mismatched or missing tokens are discarded immediately.
|
||||
2. The publisher reads this token and signs the JSON payload. Specifically, the publisher calculates an HMAC-SHA256 signature using the `auth_token` as the secret key over the serialized payload (with the `hmac_sig` field excluded).
|
||||
3. The signature is attached as `data.hmac_sig` on the wire.
|
||||
4. The subscriber (`job_subscriber.py`) reads the expected `auth_token` from the local registry and verifies the HMAC signature. Any message with a missing, invalid, or mismatched signature is discarded immediately with an "HMAC verify failed" log.
|
||||
5. To prevent event drops, all publishers and subscribers must be updated simultaneously during deployment rollout, since the plaintext `auth_token` is never transmitted on the wire to prevent token interception.
|
||||
|
||||
---
|
||||
|
||||
|
||||
Reference in New Issue
Block a user