From 53058c38a15f014e9fa50122deed69ebf91652a9 Mon Sep 17 00:00:00 2001
From: Marius Kleidl <marius@transloadit.com>
Date: Fri, 1 Mar 2024 11:39:04 +0100
Subject: [PATCH] Switch from SHA-1 to SHA-384 for signature

---
 transloadit.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/transloadit.go b/transloadit.go
index 89234b3..51f7a9c 100755
--- a/transloadit.go
+++ b/transloadit.go
@@ -5,6 +5,7 @@ import (
 	"context"
 	"crypto/hmac"
 	"crypto/sha1"
+	"crypto/sha512"
 	"encoding/hex"
 	"encoding/json"
 	"fmt"
@@ -104,14 +105,16 @@ func (client *Client) sign(params map[string]interface{}) (string, string, error
 	// Add a random nonce to make signatures unique and prevent error about
 	// signature reuse: https://github.com/transloadit/go-sdk/pull/35
 	params["nonce"] = client.random.Int()
-	b, err := json.Marshal(params)
+	contentToSign, err := json.Marshal(params)
 	if err != nil {
 		return "", "", fmt.Errorf("unable to create signature: %s", err)
 	}
 
-	hash := hmac.New(sha1.New, []byte(client.config.AuthSecret))
-	hash.Write(b)
-	return string(b), hex.EncodeToString(hash.Sum(nil)), nil
+	hash := hmac.New(sha512.New384, []byte(client.config.AuthSecret))
+	hash.Write(contentToSign)
+	signature := "sha384:" + hex.EncodeToString(hash.Sum(nil))
+
+	return string(contentToSign), signature, nil
 }
 
 func (client *Client) doRequest(req *http.Request, result interface{}) error {