Base64, Hash & HMAC Encryptor - New plugin from Zeroqode

@levon Its worth pointing out that this shouldn’t be used with a server secret, as it’d get exposed to users via the browser.

2 Likes

@miguel

but

@mishav is right, we wouldn’t recommend to use this for API tokens as it indeed can be exposed in the browser (although it’s very difficult to find)

1 Like

Hi @levon

I need HMAC-MD5 encryptor.

Will you add this feature in future times? Or am I the one who can’t see it?

Thanks

Unfortunately this is not supported right now, and might be a long time before we implement it due to a large backlog of things in progress
sorry about that

Thank you

@eren You may find this useful:

1 Like

@eren, if you need to run something server side, without user interation, you could try webtask.io combined with an API setup in Bubble. This is some code I’ve used in the past to pass details to webtask.io to create the encryption and then pass back to Bubble for use. Depending on your needs it may need slight modifications.

/**
* @param context {WebtaskContext}
*/
module.exports = function(context, req, res) {
  var crypto = require('crypto');
  var secret = context.data.secret;
  var timestamp = context.data.timestamp;
  var requestPath = context.data.requestPath;
  var method = context.data.method;
  
  var what = timestamp + method + requestPath;
  var key = Buffer(secret, 'base64');
  var hmac = crypto.createHmac('sha256', key);
  var message = hmac.update(what).digest('base64');
  var getMessageObj = {
    // having to combine the timestamp and message. I'm using regex find/replace in Bubble to split these into the two fields
    "result": message
  };
  
  
  res.writeHead(200, {'Content-Type' : 'application/json'});
  switch(req.method){
    case 'GET':
      res.end(JSON.stringify(getMessageObj));
      break;
      case 'POST':
        res.end(JSON.stringify(postMessageObj));
      break;
  }
  res.end(message);
};

Here’s an example for MD5.

/**
 * @param context {WebtaskContext}
 */
module.exports = function(context, req, res) {
    var crypto = require('crypto');

    var nonce = Math.floor(new Date().getTime() / 1000);
    var key = context.data.key;
    var secret = context.data.secret;
    var api_method = context.data.apimethod;
    var uri = 'https://www.cryptopia.co.nz/api/' + api_method;
    var currency = context.data.currency;
    //Post Paramaters
    var postParams = {
        "Currency": currency,
    };
    // MD5 Post Paramaters
    var md5 = crypto.createHash('md5').update(JSON.stringify(postParams)).digest();
    //Base64 encode MD5 Post Parameters
    var requestContentBase64String = md5.toString('base64');

    var signature = key + "POST" + encodeURIComponent(uri).toLowerCase() + nonce + requestContentBase64String;
    var hmacsignature = crypto.createHmac('sha256', new Buffer(secret, "base64")).update(signature).digest().toString('base64');
    var amx = "amx " + key + ":" + hmacsignature + ":" + nonce;

    var postMessageObj = {
        "result": amx
    };

    res.writeHead(200, {
        'Content-Type': 'application/json'
    });
    res.end(JSON.stringify(postMessageObj));
};
4 Likes

Thanks a lot @gaurav @Kfawcett

Is there any documentation or videos to show us how to use this plugin? I have subscribed already since i don’t know what to do. Once I can resolve my issue of trying to get wizIQ API to run inside of Bubble. If you know how I can do this then please inform me

Thanks in advance

here is a demo page that you can use as an example:
https://bubble.io/page?type=page&name=hash_hmac_encryptor&id=plugindemo&tab=tabs-1

Can this plugin work with API connector to encrypt key value.
This is what they need:
“jsSHA Javascript library, but any SHA library will work as long as it support SHA-1, HMAC and BASE64 encoded output”

Hello, @sat_miha, thanks for reaching out.

Can you please provide more details on the feature you’re asking about? The detailed description of it will help us to investigate, if the Base64, Hash & HMAC Encryptor plugin can have such functionality.

Regards,
Zeroqode Team

I’m trying to connect dux-soup through API, they ask to encrypt key every time query is sending.
Standart Api connecter doesn’t allow me to do it, so I’m searching for sollutions.

@sat_miha, thanks for the clarification :pray:

The Base64, Hash & HMAC Encryptor plugin can encrypt your API call value:
Design part:
https://prnt.sc/skfbz6
https://prnt.sc/skfc5y
https://prnt.sc/skfcj7
Workflow part:
https://prnt.sc/skfdts
https://prnt.sc/skfegi
https://prnt.sc/skffew
Test preview:
https://prnt.sc/skfh2m
https://plugindemo.bubbleapps.io/version-test/testch?debug_mode=true
But the value can’t be decrypted back (it is not possible to get back the original token).

You can try out other plugin - Encode/Decode/
Encrypt/Decrypt:

Hope this info will be helpful to you.
Regards,
Zeroqode Team

Okay, I did it, but how make an api call with it?
@ZeroqodeSupport

As I understand plugin set’s encrypted value in the state page, but how to send it in the api connector?
@ZeroqodeSupport

@sat_miha,

I suppose you can indicate the encrypted state value into your API call (where it is requesting for the value https://prnt.sc/sl5mut). It is barely possible that such a trick will work, I’m not sure that the plugin can be used for such purposes.

Anyway, you might find useful these Manuals:
https://manual.bubble.io/using-the-bubble-api
https://manual.bubble.io/building-plugins/adding-api-connections

Hope this will help :pray:
Regards,
Zeroqode Team

Hi @ZeroqodeSupport

I am trying your demo page to generate hash value but it didn’t generated the value as shown in example below;

If I copy and paste the value given in the image (53784Shopping_cart_id_3024.5056), I am supposed to get the value of 74422328b44d30bf150fffbae89bbb42b885f9ac0960e2a3ddccc0cf9aa48e39

But if I use your demo page and paste this value (53784Shopping_cart_id_3024.5056), I got the hash value of 4d96b2bd2fa35128cc6f36cfb405777dd2dd6b429c539502a04470064d1f0b64

Can you help me check where it went wrong?

@ZeroqodeSupport forget about it, I got it now. The documentation is wrong at the Key part where it is missing “-”

Hello, @faisalkarimstubapp!
Thanks for reaching out and please accept our apologies for the late reply. :pray:

Can you please tell us if you have found a drawback on our demo page? Because there is no documentation for this plugin yet.

We have checked the Base64, Hash & HAMAC Encryptor plugin demo page and it appears to work properly. Checked and verified with online encryptor. :slightly_smiling_face:

Regards,
Zeroqode Support Team