@peac/http-signatures 0.12.4 → 0.12.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +61 -3
- package/package.json +11 -6
package/README.md
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
# @peac/http-signatures
|
|
2
2
|
|
|
3
|
-
RFC 9421 HTTP Message Signatures parsing and verification
|
|
3
|
+
RFC 9421 HTTP Message Signatures parsing and verification. Runtime-neutral with no DOM dependencies.
|
|
4
4
|
|
|
5
5
|
## Installation
|
|
6
6
|
|
|
@@ -8,9 +8,67 @@ RFC 9421 HTTP Message Signatures parsing and verification
|
|
|
8
8
|
pnpm add @peac/http-signatures
|
|
9
9
|
```
|
|
10
10
|
|
|
11
|
-
##
|
|
11
|
+
## What It Does
|
|
12
12
|
|
|
13
|
-
|
|
13
|
+
`@peac/http-signatures` implements the RFC 9421 HTTP Message Signatures standard for parsing structured signature headers, building canonical signature base strings, and verifying Ed25519 signatures. It is runtime-neutral and works in Node.js, Deno, and browser environments with WebCrypto support.
|
|
14
|
+
|
|
15
|
+
## How Do I Use It?
|
|
16
|
+
|
|
17
|
+
### Parse and verify an HTTP signature
|
|
18
|
+
|
|
19
|
+
```typescript
|
|
20
|
+
import { parseSignature, verifySignature, createWebCryptoVerifier } from '@peac/http-signatures';
|
|
21
|
+
|
|
22
|
+
const parsed = parseSignature(signatureHeader, signatureInputHeader);
|
|
23
|
+
|
|
24
|
+
const result = await verifySignature({
|
|
25
|
+
signature: parsed,
|
|
26
|
+
request: { method: 'GET', url: '/resource', headers },
|
|
27
|
+
verifier: createWebCryptoVerifier(publicKey),
|
|
28
|
+
});
|
|
29
|
+
|
|
30
|
+
console.log(result.verified); // true or false
|
|
31
|
+
```
|
|
32
|
+
|
|
33
|
+
### Parse signature input parameters
|
|
34
|
+
|
|
35
|
+
```typescript
|
|
36
|
+
import { parseSignatureInput } from '@peac/http-signatures';
|
|
37
|
+
|
|
38
|
+
const params = parseSignatureInput(
|
|
39
|
+
'sig1=("@method" "@target-uri" "content-type");created=1704067200;keyid="my-key"'
|
|
40
|
+
);
|
|
41
|
+
console.log(params.sig1.keyid); // 'my-key'
|
|
42
|
+
console.log(params.sig1.created); // 1704067200
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
### Build a signature base for signing
|
|
46
|
+
|
|
47
|
+
```typescript
|
|
48
|
+
import { buildSignatureBase, signatureBaseToBytes } from '@peac/http-signatures';
|
|
49
|
+
|
|
50
|
+
const base = buildSignatureBase({
|
|
51
|
+
components: ['@method', '@target-uri', 'content-type'],
|
|
52
|
+
request: { method: 'POST', url: '/api', headers },
|
|
53
|
+
params: { created: Math.floor(Date.now() / 1000), keyid: 'my-key' },
|
|
54
|
+
});
|
|
55
|
+
|
|
56
|
+
const bytes = signatureBaseToBytes(base);
|
|
57
|
+
```
|
|
58
|
+
|
|
59
|
+
## Integrates With
|
|
60
|
+
|
|
61
|
+
- `@peac/jwks-cache`: JWKS-based key resolution for signature verification
|
|
62
|
+
- `@peac/server` (Layer 5): Verification server uses HTTP signatures for request authentication
|
|
63
|
+
- `@peac/middleware-express`: Express middleware for signature verification
|
|
64
|
+
|
|
65
|
+
## For Agent Developers
|
|
66
|
+
|
|
67
|
+
If you are building an AI agent or MCP server that needs evidence receipts:
|
|
68
|
+
|
|
69
|
+
- Start with [`@peac/mcp-server`](https://www.npmjs.com/package/@peac/mcp-server) for a ready-to-use MCP tool server
|
|
70
|
+
- Use `@peac/protocol` for programmatic receipt issuance and verification
|
|
71
|
+
- See the [llms.txt](https://github.com/peacprotocol/peac/blob/main/llms.txt) for a concise overview
|
|
14
72
|
|
|
15
73
|
## License
|
|
16
74
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@peac/http-signatures",
|
|
3
|
-
"version": "0.12.
|
|
3
|
+
"version": "0.12.6",
|
|
4
4
|
"description": "RFC 9421 HTTP Message Signatures parsing and verification",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"main": "dist/index.cjs",
|
|
@@ -18,18 +18,23 @@
|
|
|
18
18
|
"dist"
|
|
19
19
|
],
|
|
20
20
|
"keywords": [
|
|
21
|
-
"
|
|
22
|
-
"
|
|
21
|
+
"peac",
|
|
22
|
+
"peacprotocol",
|
|
23
|
+
"interaction-records",
|
|
24
|
+
"signed-records",
|
|
25
|
+
"receipts",
|
|
26
|
+
"originary",
|
|
27
|
+
"http-signatures",
|
|
23
28
|
"rfc9421",
|
|
24
|
-
"
|
|
25
|
-
"
|
|
29
|
+
"message-signatures",
|
|
30
|
+
"ed25519"
|
|
26
31
|
],
|
|
27
32
|
"author": "PEAC Protocol Contributors",
|
|
28
33
|
"license": "Apache-2.0",
|
|
29
34
|
"bugs": {
|
|
30
35
|
"url": "https://github.com/peacprotocol/peac/issues"
|
|
31
36
|
},
|
|
32
|
-
"homepage": "https://
|
|
37
|
+
"homepage": "https://github.com/peacprotocol/peac#readme",
|
|
33
38
|
"repository": {
|
|
34
39
|
"type": "git",
|
|
35
40
|
"url": "git+https://github.com/peacprotocol/peac.git",
|