Fastly VCL
If you use a Fastly VCL service, we provide a full example to help you with integration. You only need this VCL snippet to enable Lagom on your service (see below). We also provide this snippet as a Fastly Fiddle.
Feel free to contact us if you require assistance integrating with Fastly, we have lots of experience working with the platform.
declare local var.lgid STRING;
declare local var.lgts STRING;
declare local var.lgsig STRING;
declare local var.lguid STRING;
declare local var.lgamt STRING;
set var.lgid = querystring.get(req.url, "lgid");
set var.lgts = querystring.get(req.url, "lgts");
set var.lguid = querystring.get(req.url, "lguid");
set var.lgamt = querystring.get(req.url, "lgamt");
set var.lgsig = "0x"+ querystring.get(req.url, "lgsig");
# check timestamp, give 10s leeway
declare local var.lgtsWithClearance TIME;
set var.lgtsWithClearance = std.time(var.lgts, std.integer2time(-1));
set var.lgtsWithClearance = time.add(var.lgtsWithClearance, 10s);
if (time.is_after(now, var.lgtsWithClearance)) {
error 400 "This link has expired";
}
if (var.lgamt != "100") {
error 400 "This link is not valid";
}
# verify signature with pre-shared secret, also check path
declare local var.sigComputed STRING;
set var.sigComputed = digest.hmac_sha256(table.lookup(env, "LAGOM_SECRET"), var.lguid + var.lgid + var.lgts + req.url.path + var.lgamt);
# compare signatures
if (var.sigComputed != var.lgsig) {
error 400 "This link is not valid";
}
# we are ok !