@pedwise/next-firebase-auth-edge/src/auth/rotating-credential.ts

Next.js 13 Firebase Authentication for Edge and server runtimes. Dedicated for Next 13 server components. Compatible with Next.js middleware.

import { arrayBufferToBase64, stringToArrayBuffer } from "./jwt/utils";

export class RotatingCredential {
  private digestAlgorithm = "SHA-1";

  constructor(private keys: string[]) {}

  private getSignAlgorithm(length: number): HmacKeyAlgorithm {
    return {
      name: "HMAC",
      hash: {
        name: "SHA-1",
      },
      length,
    };
  }

  private async signKey(data: string, keyValue: string) {
    const keyBuffer = stringToArrayBuffer(keyValue);
    const dataBuffer = stringToArrayBuffer(data);
    const keyBitLength = keyBuffer.byteLength * 8;
    const digest = await crypto.subtle.digest(this.digestAlgorithm, dataBuffer);
    const key = await crypto.subtle.importKey(
      "raw",
      keyBuffer,
      this.getSignAlgorithm(keyBitLength),
      false,
      ["sign"]
    );

    const signed = await crypto.subtle.sign(
      this.getSignAlgorithm(keyBitLength),
      key,
      digest
    );

    return arrayBufferToBase64(signed);
  }

  public async sign(data: string) {
    return this.signKey(data, this.keys[0]);
  }

  public async verify(data: string, digest: string) {
    return (await this.index(data, digest)) > -1;
  }

  public async index(data: string, digest: string): Promise<number> {
    for (const key of this.keys) {
      const signedKey = await this.signKey(data, key);
      if (signedKey === digest) {
        return this.keys.findIndex((it) => it === key);
      }
    }

    return -1;
  }
}