Update Lab11 to be more reflective of code

Issue #165 highlighted that the code block was using pseudo code
which made it relate less to the codebase than one might expect.

This change uses a code snippet from the sample file.  It also
adjusts some of the code / variabe names in an attempt to make
it more intuitive to users.

Signed-off-by: Richard Gee <[email protected]>

Author: rgee0

hmac-protected/hmac-protected/handler.py

@@ -18,13 +18,13 @@ def getHash(hash):
 
 def handle(req):
     # We receive the hashed message in form of a header
-    messageMAC = os.getenv("Http_Hmac")
+    receivedHMAC = os.getenv("Http_Hmac")
 
     # Read secret from inside the container
     with open("/var/openfaas/secrets/payload-secret","r") as secretContent:
-        payloadSecret = secretContent.read()
+        payloadKey = secretContent.read()
 
     # Function to validate the HMAC
-    if validateHMAC(req, payloadSecret, messageMAC):
+    if validateHMAC(req, payloadKey, receivedHMAC):
         return "Successfully validated: " + req
     return "HMAC validation failed."

lab11.md

@@ -34,7 +34,7 @@ This way we close our functions from being invoked with invalid or even dangerou
 
 ## Using HMAC
 
-We will use the `--sign` flag provided by faas-cli to send a header containing the hashed message created with the shared key which we send with the `--key` flag.
+We will use the `--sign` flag provided by faas-cli to include a header, which contains the hashed message created using the shared key which we provide with the `--key` flag.
 
 > Note: Both `--sign` and `--key` must be present.
 
@@ -172,9 +172,10 @@ Here we compare the generated and received hashes:
 
 ```python
 ...
-    if hmacDigest == cleanHash:
-        return True
-    return False
+    # Function to validate the HMAC
+    if validateHMAC(req, payloadKey, receivedHMAC):
+        return "Successfully validated: " + req
+    return "HMAC validation failed."
 ...
 ```