vestauth 0.3.1 → 0.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/package.json +2 -1
  2. package/src/cli/actions/provider/verify.js +38 -0
  3. package/src/cli/commands/provider.js +12 -0
  4. package/src/lib/helpers/agentHeaders.js +6 -6
  5. package/src/lib/helpers/signatureParams.js +1 -1
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "vestauth",
3
- "version": "0.3.1",
3
+ "version": "0.3.2",
4
4
  "description": "auth for agents–from the creator of dotenvx",
5
5
  "keywords": [
6
6
  "vestauth"
@@ -43,6 +43,7 @@
43
43
  "commander": "^11.1.0",
44
44
  "eciesjs": "^0.4.16",
45
45
  "execa": "^5.1.1",
46
+ "http-message-sig": "^0.2.0",
46
47
  "undici": "7.11.0",
47
48
  "web-bot-auth": "^0.1.2"
48
49
  },
package/src/cli/actions/provider/verify.js ADDED
@@ -0,0 +1,38 @@
1
+ const { logger } = require('./../../../shared/logger')
2
+
3
+ const { verify } = require('web-bot-auth')
4
+ const { verifierFromJWK } = require('web-bot-auth/crypto')
5
+
6
+ async function _verify (httpMethod, uri, signatureHeader, signatureInputHeader, publicKey) {
7
+ logger.debug(`httpMethod: ${httpMethod}`)
8
+ logger.debug(`uri: ${uri}`)
9
+ logger.debug(`signatureHeader: ${signatureHeader}`)
10
+ logger.debug(`signatureInputHeader: ${signatureInputHeader}`)
11
+ logger.debug(`publicKey: ${publicKey}`)
12
+
13
+ const options = this.opts()
14
+ logger.debug(`options: ${JSON.stringify(options)}`)
15
+
16
+ const verifier = await verifierFromJWK(JSON.parse(publicKey))
17
+ const headers = {
18
+ Signature: signatureHeader,
19
+ 'Signature-Input': signatureInputHeader
20
+ }
21
+
22
+ const signedRequest = new Request(uri, { headers: headers })
23
+ const r = await verify(signedRequest, verifier)
24
+ console.log(r)
25
+
26
+ const output = {
27
+ implement: 'todo'
28
+ }
29
+
30
+ let space = 0
31
+ if (options.prettyPrint) {
32
+ space = 2
33
+ }
34
+
35
+ console.log(JSON.stringify(output, null, space))
36
+ }
37
+
38
+ module.exports = _verify
package/src/cli/commands/provider.js CHANGED
@@ -6,6 +6,18 @@ provider
6
6
  .description('🔌 provider')
7
7
  .allowUnknownOption()
8
8
 
9
+ // vestauth provider verify
10
+ const verifyAction = require('./../actions/provider/verify')
11
+ provider.command('verify')
12
+ .description('verify agent')
13
+ .argument('<httpMethod>', 'GET (default)')
14
+ .argument('<uri>', '')
15
+ .argument('<signatureHeader>', '')
16
+ .argument('<signatureInputHeader>', '')
17
+ .argument('<publicKey>', 'public key (json string)')
18
+ .option('-pp, --pretty-print', 'pretty print output')
19
+ .action(verifyAction)
20
+
9
21
  // vestauth provider challenge
10
22
  const challengeAction = require('./../actions/provider/challenge')
11
23
  provider.command('challenge')
package/src/lib/helpers/agentHeaders.js CHANGED
@@ -1,7 +1,7 @@
1
1
  const headers = require('./headers')
2
2
  const dotenvx = require('@dotenvx/dotenvx')
3
- // const { verify } = require('web-bot-auth')
4
- // const { verifierFromJWK } = require('web-bot-auth/crypto')
3
+ const { verify } = require('web-bot-auth')
4
+ const { verifierFromJWK } = require('web-bot-auth/crypto')
5
5
 
6
6
  async function agentHeaders (httpMethod, uri, tag = 'vestauth', nonce = null) {
7
7
  let publicKey = null
@@ -14,10 +14,10 @@ async function agentHeaders (httpMethod, uri, tag = 'vestauth', nonce = null) {
14
14
  const _headers = await headers(httpMethod, uri, privateKey, tag, nonce)
15
15
 
16
16
  // verification (temp testing)
17
- // const verifier = await verifierFromJWK(JSON.parse(publicKey))
18
- // const signedRequest = new Request(uri, { headers: _headers })
19
- // const r = await verify(signedRequest, verifier)
20
- // console.log(r)
17
+ const verifier = await verifierFromJWK(JSON.parse(publicKey))
18
+ const signedRequest = new Request(uri, { headers: _headers })
19
+ const r = await verify(signedRequest, verifier)
20
+ console.log(r)
21
21
 
22
22
  return _headers
23
23
  }
package/src/lib/helpers/signatureParams.js CHANGED
@@ -5,7 +5,7 @@ const epoch = require('./epoch')
5
5
  function signatureParams (kid, tag = 'vestauth', nonce = null) {
6
6
  const { created, expires } = epoch()
7
7
 
8
- if (!nonce) nonce = crypto.randomBytes(64).toString('base64')
8
+ if (!nonce) nonce = crypto.randomBytes(64).toString('base64url')
9
9
 
10
10
  return '("@authority");' +
11
11
  `created=${created};` +