UNPKG

@usemona/attest-backend-sdk

Version:

Mona Attest Backend SDK - Secure server-side verification for cryptographic attestations and digital signatures. Provides robust signature validation, user verification, and enterprise-grade security for Node.js applications.

github.com/mona/attest-backend-sdk

mona/attest-backend-sdk

79 lines (78 loc) 2.65 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
/** * SERVER-SIDE SIGNATURE DECODER * ============================ * * Utilities for decoding base64 attestation signatures on the server side. * Use this in your backend to decode signatures received from the Mona Attest SDK. */ export interface DecodedSignature { sessionId: string; credentialId: string; authenticatorData: Uint8Array; clientDataJSON: Uint8Array; signature: Uint8Array; userHandle: Uint8Array | null; type: string; } /** * Decode a base64 attestation signature from the Mona Attest SDK * * @param signatureBase64 - The base64 encoded signature from the SDK * @returns Decoded signature data ready for WebAuthn verification */ export declare function decodeAttestationSignature(signatureBase64: string): DecodedSignature; /** * Convert decoded signature to WebAuthn assertion response format * * @param decoded - Decoded signature from decodeAttestationSignature * @returns WebAuthn assertion response object for verification */ export declare function toWebAuthnAssertionResponse(decoded: DecodedSignature): { id: string; rawId: string; response: { authenticatorData: Uint8Array<ArrayBufferLike>; clientDataJSON: Uint8Array<ArrayBufferLike>; signature: Uint8Array<ArrayBufferLike>; userHandle: Uint8Array<ArrayBufferLike> | null; }; type: string; }; /** * Example usage for Express.js backend: * * ```javascript * const { decodeAttestationSignature, toWebAuthnAssertionResponse } = require('@attesttool/sdk/server'); * * app.post('/api/payments/execute-with-attestation', (req, res) => { * const signatureBase64 = req.headers['x-attestation-signature']; * const { sessionId, paymentData } = req.body; * * try { * // Decode the signature * const decoded = decodeAttestationSignature(signatureBase64); * * // Verify with Mona Attest backend * const webauthnResponse = toWebAuthnAssertionResponse(decoded); * const verificationResult = await fetch('https://api.attest.ng/api/passkey/complete-attest', { * method: 'POST', * headers: { 'Content-Type': 'application/json' }, * body: JSON.stringify({ * sessionId: decoded.sessionId, * assertionResponse: webauthnResponse * }) * }); * * if (verificationResult.verified) { * // Process the payment * await processPayment(paymentData); * res.json({ success: true }); * } else { * res.status(400).json({ error: 'Signature verification failed' }); * } * } catch (error) { * res.status(400).json({ error: error.message }); * } * }); * ``` */