@e280/authlocal
Version:
User-sovereign login system for everybody
50 lines • 1.81 kB
JavaScript
import { signClaim } from "../claim/sign.js";
import { verifyClaim } from "../claim/verify.js";
import { tokentime } from "../token/tokentime.js";
import { getAppOriginFromProofToken, verifyProof } from "./proof.js";
export class Login {
session;
proof;
proofAppOrigin;
static async verify({ session, appOrigins }) {
const { proofToken } = session;
const proof = await verifyProof({ proofToken, appOrigins });
const proofAppOrigin = getAppOriginFromProofToken(proofToken);
return new this(session, proof, proofAppOrigin);
}
constructor(session, proof, proofAppOrigin) {
this.session = session;
this.proof = proof;
this.proofAppOrigin = proofAppOrigin;
}
get nametag() { return this.proof.nametag; }
get sessionId() { return this.proof.sessionId; }
get proofToken() { return this.session.proofToken; }
get expiresAt() {
const expiresAt = tokentime.readExpiresAt(this.proofToken);
if (expiresAt === undefined)
throw new Error("misconfigured proof token will never expire");
return expiresAt;
}
isExpired(time = Date.now()) {
return tokentime.isExpired(this.proofToken, time);
}
async signClaim(options) {
const claimToken = await signClaim({
...options,
session: this.session,
appOrigin: this.proofAppOrigin,
});
// self-verify, helping to catch errors earlier
await verifyClaim({
claimToken,
atTime: options.atTime,
appOrigins: [this.proofAppOrigin],
allowedAudiences: options.audience
? [options.audience]
: undefined,
});
return claimToken;
}
}
//# sourceMappingURL=login.js.map