ImageKit-flavoured HMAC URL signing.
Per ImageKit's docs:
HMAC-SHA1 over the canonical-string
<path-without-host><expiry-or-empty>where<path-without-host>is the request path-and-query excluding theik-sparameter and<expiry-or-empty>is the value of theik-tparameter (or empty when absent).Hex digest, lowercase.
Parameters: appended as
ik-s=<hex>and optionallyik-t=<unix-seconds>.
v0.1 ships HMAC-SHA1 (matching ImageKit's documented default).
Summary
Functions
Signs path_with_query (a request path, optionally with a query
string) using the first key in keys. Returns the path with
?ik-s=<hex> (or &ik-s=<hex> if a query is already present)
appended.
Verifies the signature on path_with_query.
Functions
Signs path_with_query (a request path, optionally with a query
string) using the first key in keys. Returns the path with
?ik-s=<hex> (or &ik-s=<hex> if a query is already present)
appended.
Options
:expires_at—DateTimeor unix-seconds. Adds anik-t=<unix>parameter; the verifier rejects after that time.
@spec verify(String.t(), [String.t(), ...], keyword()) :: :ok | {:error, Image.Plug.Error.t()}
Verifies the signature on path_with_query.
Returns :ok or an Image.Plug.Error with one of
:signature_required, :invalid_signature, :signature_expired.
Options
:required?— whentrue, missing?ik-s=produces:signature_required. Defaultfalse.:now— current unix-seconds for expiry comparison. Defaults toSystem.system_time(:second). Test-only override.