UNPKG

digiid-ts

Version:

A modern TypeScript implementation of the DigiID authentication protocol.

pzelawski.com

pawelzelawski/digiid-ts

4 lines (3 loc) 2.9 kB
1
2
3
4
(function(i,u){typeof exports=="object"&&typeof module<"u"?u(exports,require("crypto"),require("bitcoinjs-message")):typeof define=="function"&&define.amd?define(["exports","crypto","bitcoinjs-message"],u):(i=typeof globalThis<"u"?globalThis:i||self,u(i.DigiIDTs={},i.crypto,i.bitcoinjsMessage))})(this,function(i,u,U){"use strict";function y(e){const r=Object.create(null,{[Symbol.toStringTag]:{value:"Module"}});if(e){for(const n in e)if(n!=="default"){const a=Object.getOwnPropertyDescriptor(e,n);Object.defineProperty(r,n,a.get?a:{enumerable:!0,get:()=>e[n]})}}return r.default=e,Object.freeze(r)}const D=y(U);class t extends Error{constructor(r){super(r),this.name="DigiIDError"}}async function p(e,r,n){const a=`DigiByte Signed Message: `;try{return!!D.verify(e,r,n,a,!0)}catch(s){const o=s instanceof Error?s.message:String(s);throw new t(`Signature verification failed: ${o}`)}}function I(e=16){return u.randomBytes(e).toString("hex")}function k(e){if(!e.callbackUrl)throw new t("Callback URL is required.");let r;try{r=new URL(e.callbackUrl)}catch(l){throw new t(`Invalid callback URL: ${l.message}`)}const n=r.host+r.pathname,a=e.nonce||I(),s=e.unsecure?"1":"0";if(e.unsecure&&r.protocol!=="http:")throw new t("Unsecure flag is true, but callback URL does not use http protocol.");if(!e.unsecure&&r.protocol!=="https:")throw new t("Callback URL must use https protocol unless unsecure flag is set to true.");return`digiid://${n}?x=${a}&u=${s}`}async function v(e,r){const{address:n,uri:a,signature:s}=e,{expectedCallbackUrl:o,expectedNonce:l}=r;if(!n||!a||!s)throw new t("Missing required callback data: address, uri, or signature.");let d;try{const c=a.replace(/^digiid:/,"http:");d=new URL(c)}catch(c){throw new t(`Invalid URI received in callback: ${c.message}`)}const g=d.searchParams.get("x"),h=d.searchParams.get("u"),w=d.host+d.pathname;if(g===null||h===null)throw new t("URI missing nonce (x) or unsecure (u) parameter.");let f;try{f=typeof o=="string"?new URL(o):o}catch(c){throw new t(`Invalid expectedCallbackUrl provided: ${c.message}`)}const m=f.host+f.pathname;if(w!==m)throw new t(`Callback URL mismatch: URI contained "${w}", expected "${m}"`);const b=f.protocol;if(h==="1"&&b!=="http:")throw new t("URI indicates unsecure (u=1), but expectedCallbackUrl is not http.");if(h==="0"&&b!=="https:")throw new t("URI indicates secure (u=0), but expectedCallbackUrl is not https.");if(l&&g!==l)throw new t(`Nonce mismatch: URI contained "${g}", expected "${l}". Possible replay attack.`);try{if(!await p(a,n,s))throw new t("Invalid signature.")}catch(c){throw c instanceof t?c:new t(`Unexpected error during signature verification: ${c.message}`)}return{isValid:!0,address:n,nonce:g}}i.DigiIDError=t,i._internalVerifySignature=p,i.generateDigiIDUri=k,i.verifyDigiIDCallback=v,Object.defineProperty(i,Symbol.toStringTag,{value:"Module"})}); //# sourceMappingURL=digiid-ts.umd.js.map