diff --git a/docs/writing-a-profile.md b/docs/writing-a-profile.md index 7f2496de..dc206f94 100644 --- a/docs/writing-a-profile.md +++ b/docs/writing-a-profile.md @@ -71,6 +71,7 @@ If you pass this profile into `hafas-client`, the `parseLine` method will overri - **Copy the authentication** and other meta fields, namely `ver`, `ext`, `client` and `lang`. - You can find these fields in the root of each request JSON. Check [a VBB request](https://gist.github.com/derhuerst/5fa86ed5aec63645e5ae37e23e555886#file-1-http-L13-L22) and the corresponding [the VBB profile](https://github.com/derhuerst/hafas-client/blob/6e61097687a37b60d53e767f2711466b80c5142c/p/vbb/index.js#L22-L29) for an example. - Add a function `transformReqBody(body)` to your profile, which assigns them to `body`. + - Some profiles have a `checksum` parameter (like [here](https://gist.github.com/derhuerst/2a735268bd82a0a6779633f15dceba33#file-journey-details-1-http-L1)) or two `mic` & `mac` parameters (like [here](https://gist.github.com/derhuerst/5fa86ed5aec63645e5ae37e23e555886#file-1-http-L1)). If you see one of them in your requests, jump to [*Appendix A: checksum, mic, mac*](#appendix-a-checksum-mic-mac). Unfortunately, this is necessary to get the profile working. If you want, you can now **verify that the profile works**; I've prepared [a script](https://runkit.com/derhuerst/hafas-client-profile-example) for that. Alternatively, [submit Pull Request](https://help.github.com/articles/creating-a-pull-request-from-a-fork/) and I will help you out with testing and improvements. @@ -87,3 +88,23 @@ We consider these improvements to be *optional*: - `Berlin Jungfernheide Bhf` -> `Berlin Jungfernheide`. With local context, it's obvious that *Jungfernheide* is a train station. - **Check if the endpoint has non-obvious limitations** and let use know about these. Examples: - Some endpoints have a time limit, after which they won't return more departures, but silently discard them. + +--- + +## Appendix A: `checksum`, `mic`, `mac` + +As far as I know, there are three different types of authentication used among HAFAS deployments. + +### unprotected endpoints + +You can just query these if you send a formally correct request. + +### endpoints using the `checksum` query parameter + +`checksum` is a [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code): `hafas-client` will compute it by [hashing](https://en.wikipedia.org/wiki/Hash_function) the request body and a *salt* (which means secret). **This secret can be read from the config file inside the app bundle.** There is no guide for this yet, so please open an issue instead. + +### endpoints using the `mic` & `mac` query parameters + +`mic` is a [message integrity code](https://en.wikipedia.org/wiki/Message_authentication_code), the [hash](https://en.wikipedia.org/wiki/Hash_function) of the request body. + +`mac` is a [message authentication code](https://en.wikipedia.org/wiki/Message_authentication_code), the hash of `mic` and a *salt* (which means secret). **This secret can be read from the config file inside the app bundle.** There is no guide for this yet, so please open an issue instead.