UNPKG

@agnostack/verifyd

Version:

Please contact agnoStack via info@agnostack.com for any questions

github.com/agnostack/verifyd

agnostack/verifyd

101 lines 5.97 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
"use strict"; var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } return new (P || (P = Promise))(function (resolve, reject) { function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } step((generator = generator.apply(thisArg, _arguments || [])).next()); }); }; var __rest = (this && this.__rest) || function (s, e) { var t = {}; for (var p in s) if (Object.prototype.hasOwnProperty.call(s, p) && e.indexOf(p) < 0) t[p] = s[p]; if (s != null && typeof Object.getOwnPropertySymbols === "function") for (var i = 0, p = Object.getOwnPropertySymbols(s); i < p.length; i++) { if (e.indexOf(p[i]) < 0 && Object.prototype.propertyIsEnumerable.call(s, p[i])) t[p[i]] = s[p[i]]; } return t; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.processVerificationResponse = exports.prepareVerificationRequest = exports.getVerificationKeysData = void 0; const errors_1 = require("./errors"); const request_1 = require("./request"); const display_1 = require("./display"); const WebCrypto_1 = require("./WebCrypto"); const getUnixString = () => { const currentDate = new Date(); const unixTimestamp = currentDate.getTime(); return Math.floor(unixTimestamp / 1000).toString(); }; const getVerificationKeysData = (publicKey_1, ...args_1) => __awaiter(void 0, [publicKey_1, ...args_1], void 0, function* (publicKey, { crypto: _crypto, util: _util } = {}) { if ((0, display_1.stringEmpty)(publicKey)) { return {}; } const webCrypto = new WebCrypto_1.WebCrypto({ crypto: _crypto, util: _util }); const _ephemeralStoreableKeyPair = yield webCrypto.getStorableKeyPair(yield webCrypto.generateKeyPair()); const _verificationKeyPair = yield webCrypto.getVerificationKeys({ publicKey, privateKey: _ephemeralStoreableKeyPair.privateKey, }); return { publicKey, ephemeral: _ephemeralStoreableKeyPair, verification: _verificationKeyPair, }; }); exports.getVerificationKeysData = getVerificationKeysData; // eslint-disable-next-line arrow-body-style const prepareVerificationRequest = ({ keysData: _keysData, disableRecryption: _disableRecryption, crypto: _crypto, util: _util } = {}) => { const webCrypto = new WebCrypto_1.WebCrypto({ crypto: _crypto, util: _util }); const disableRecryption = (0, display_1.isTrue)(_disableRecryption); return (requestPath_1, ...args_1) => __awaiter(void 0, [requestPath_1, ...args_1], void 0, function* (requestPath, _a = {}) { var { method: rawMethod, body: rawBody, headers: rawHeaders } = _a, requestOptions = __rest(_a, ["method", "body", "headers"]); let parsedBody = (0, display_1.safeParse)(rawBody); const method = (0, request_1.getRequestMethod)(parsedBody, rawMethod); if (disableRecryption || (0, display_1.stringEmpty)(_keysData === null || _keysData === void 0 ? void 0 : _keysData.publicKey)) { return [ requestPath, (0, request_1.prepareRequestOptions)(Object.assign({ method, body: parsedBody, headers: rawHeaders }, requestOptions), requestPath) ]; } const { verification: { derivedHMACKey, derivedSecretKey, } = {}, ephemeral: { publicKey: ephemeralPublicKey, } = {}, } = _keysData !== null && _keysData !== void 0 ? _keysData : {}; if (!derivedHMACKey || !ephemeralPublicKey) { return undefined; } if (parsedBody && derivedSecretKey) { parsedBody = yield webCrypto.encryptMessage(JSON.stringify(parsedBody), derivedSecretKey); } const timestamp = getUnixString(); const computedHMAC = yield webCrypto.generateHMAC((0, display_1.objectToSortedString)(Object.assign({ body: parsedBody, method, timestamp }, (0, request_1.normalizeURIParts)(requestPath))), derivedHMACKey); return [ requestPath, (0, request_1.prepareRequestOptions)(Object.assign({ method, body: parsedBody, headers: Object.assign({ 'X-Authorization': `HMAC-SHA256 ${computedHMAC}`, 'X-Authorization-Timestamp': timestamp, 'X-Ephemeral-Key': ephemeralPublicKey, 'X-Public-Key': _keysData.publicKey }, rawHeaders) }, requestOptions), requestPath), derivedSecretKey ]; }); }; exports.prepareVerificationRequest = prepareVerificationRequest; const processVerificationResponse = ({ keysData, disableRecryption: _disableRecryption, crypto: _crypto, util: _util } = {}) => { const webCrypto = new WebCrypto_1.WebCrypto({ crypto: _crypto, util: _util }); const disableRecryption = (0, display_1.isTrue)(_disableRecryption); return (encryptedResponse, _derivedSecretKey) => __awaiter(void 0, void 0, void 0, function* () { var _a; const derivedSecretKey = _derivedSecretKey !== null && _derivedSecretKey !== void 0 ? _derivedSecretKey : (_a = keysData.verification) === null || _a === void 0 ? void 0 : _a.derivedSecretKey; if (disableRecryption || !encryptedResponse || !derivedSecretKey) { return encryptedResponse; } try { const decryptedMessage = yield webCrypto.decryptMessage(encryptedResponse, derivedSecretKey); return (0, display_1.safeParse)(decryptedMessage); } catch (_b) { throw new errors_1.VerificationError('Error decrypting response', { code: 400 }); } }); }; exports.processVerificationResponse = processVerificationResponse; //# sourceMappingURL=verification.js.map