ExAwsSnsVerifier.Plug (ex_aws_sns_verifier v0.2.0)

Copy Markdown View Source

Plug integration for verifying AWS SNS HTTPS message authenticity in Plug and Phoenix pipelines.

Reads the raw request body, runs it through ExAwsSnsVerifier.verify/2, and assigns the result to conn.assigns.sns_verification.

Usage

plug ExAwsSnsVerifier.Plug,
     allowed_topic_arns: ["arn:aws:sns:us-east-1:123456789012:MyTopic"]

On success ({:ok, payload}), the connection passes through. On failure ({:error, reason}), the connection is halted with 403 Forbidden.

Options

Accepts the same options as ExAwsSnsVerifier.new/1:

  • :allowed_topic_arns — list of allowed TopicArn values (required)
  • :allowed_regions — list of AWS regions for SigningCertURL validation
  • :timestamp_window_seconds — replay protection window (default: 3600)
  • :http_client — custom HTTP client module
  • :cert_cache — custom cert cache module

Body reader

The :body_reader option allows overriding how the raw body is read from the connection. Default: {Plug.Conn, :read_body, []}.

plug ExAwsSnsVerifier.Plug,
     allowed_topic_arns: ["..."],
     body_reader: {MyApp, :read_body, []}

Summary

Types

t()

Types

t()

@type t() :: %ExAwsSnsVerifier.Plug{
  body_reader: {module(), atom(), list()},
  verifier: ExAwsSnsVerifier.t()
}