vestauth 0.4.6 → 0.4.8
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +1 -1
- package/src/cli/actions/primitives/verify.js +26 -0
- package/src/cli/actions/provider/verify.js +2 -4
- package/src/cli/commands/primitives.js +12 -0
- package/src/cli/commands/provider.js +2 -3
- package/src/lib/api/{postAgentRegister.js → postRegister.js} +2 -2
- package/src/lib/api/postVerify.js +45 -0
- package/src/lib/helpers/agentInit.js +2 -2
- package/src/lib/helpers/providerVerify.js +4 -31
- package/src/lib/helpers/verify.js +36 -0
- package/src/lib/helpers/{providerVerifyWebBotAuth.js → verifyWebBotAuth.js} +2 -2
- package/src/lib/primitives.js +5 -1
- package/src/lib/provider.js +1 -3
- package/src/lib/helpers/challenge.js +0 -7
- package/src/lib/helpers/providerChallenge.js +0 -7
- package/src/lib/helpers/sign.js +0 -14
package/package.json
CHANGED
|
@@ -0,0 +1,26 @@
|
|
|
1
|
+
const { logger } = require('./../../../shared/logger')
|
|
2
|
+
|
|
3
|
+
const primitives = require('./../../../lib/primitives')
|
|
4
|
+
|
|
5
|
+
async function verify (httpMethod, uri, signature, signatureInput, publicKey) {
|
|
6
|
+
logger.debug(`httpMethod: ${httpMethod}`)
|
|
7
|
+
logger.debug(`uri: ${uri}`)
|
|
8
|
+
logger.debug(`signature: ${signature}`)
|
|
9
|
+
logger.debug(`signatureInput: ${signatureInput}`)
|
|
10
|
+
logger.debug(`publicKey: ${publicKey}`)
|
|
11
|
+
|
|
12
|
+
const options = this.opts()
|
|
13
|
+
logger.debug(`options: ${JSON.stringify(options)}`)
|
|
14
|
+
|
|
15
|
+
const output = await primitives.verify(httpMethod, uri, signature, signatureInput, JSON.parse(publicKey))
|
|
16
|
+
// const output = await primitive.verifyWebBotAuth(httpMethod, uri, signature, signatureInput, JSON.parse(publicKey))
|
|
17
|
+
|
|
18
|
+
let space = 0
|
|
19
|
+
if (options.prettyPrint) {
|
|
20
|
+
space = 2
|
|
21
|
+
}
|
|
22
|
+
|
|
23
|
+
console.log(JSON.stringify(output, null, space))
|
|
24
|
+
}
|
|
25
|
+
|
|
26
|
+
module.exports = verify
|
|
@@ -2,18 +2,16 @@ const { logger } = require('./../../../shared/logger')
|
|
|
2
2
|
|
|
3
3
|
const provider = require('./../../../lib/provider')
|
|
4
4
|
|
|
5
|
-
async function verify (httpMethod, uri, signatureHeader, signatureInputHeader
|
|
5
|
+
async function verify (httpMethod, uri, signatureHeader, signatureInputHeader) {
|
|
6
6
|
logger.debug(`httpMethod: ${httpMethod}`)
|
|
7
7
|
logger.debug(`uri: ${uri}`)
|
|
8
8
|
logger.debug(`signatureHeader: ${signatureHeader}`)
|
|
9
9
|
logger.debug(`signatureInputHeader: ${signatureInputHeader}`)
|
|
10
|
-
logger.debug(`publicKey: ${publicKey}`)
|
|
11
10
|
|
|
12
11
|
const options = this.opts()
|
|
13
12
|
logger.debug(`options: ${JSON.stringify(options)}`)
|
|
14
13
|
|
|
15
|
-
const output = await provider.verify(httpMethod, uri, signatureHeader, signatureInputHeader
|
|
16
|
-
// const output = await provider.verifyWebBotAuth(httpMethod, uri, signatureHeader, signatureInputHeader, JSON.parse(publicKey))
|
|
14
|
+
const output = await provider.verify(httpMethod, uri, signatureHeader, signatureInputHeader)
|
|
17
15
|
|
|
18
16
|
let space = 0
|
|
19
17
|
if (options.prettyPrint) {
|
|
@@ -27,4 +27,16 @@ primitives.command('headers')
|
|
|
27
27
|
.option('-pp, --pretty-print', 'pretty print output')
|
|
28
28
|
.action(headersAction)
|
|
29
29
|
|
|
30
|
+
// vestauth primitives verify
|
|
31
|
+
const verifyAction = require('./../actions/primitives/verify')
|
|
32
|
+
primitives.command('verify')
|
|
33
|
+
.description('verify signed headers')
|
|
34
|
+
.argument('<httpMethod>', 'GET (default)')
|
|
35
|
+
.argument('<uri>', '')
|
|
36
|
+
.argument('<signature>', '')
|
|
37
|
+
.argument('<signatureInput>', '')
|
|
38
|
+
.argument('<publicKey>', 'public key (json string)')
|
|
39
|
+
.option('-pp, --pretty-print', 'pretty print output')
|
|
40
|
+
.action(verifyAction)
|
|
41
|
+
|
|
30
42
|
module.exports = primitives
|
|
@@ -12,9 +12,8 @@ provider.command('verify')
|
|
|
12
12
|
.description('verify agent')
|
|
13
13
|
.argument('<httpMethod>', 'GET (default)')
|
|
14
14
|
.argument('<uri>', '')
|
|
15
|
-
.argument('<
|
|
16
|
-
.argument('<
|
|
17
|
-
.argument('<publicKey>', 'public key (json string)')
|
|
15
|
+
.argument('<signature>', '')
|
|
16
|
+
.argument('<signatureInput>', '')
|
|
18
17
|
.option('-pp, --pretty-print', 'pretty print output')
|
|
19
18
|
.action(verifyAction)
|
|
20
19
|
|
|
@@ -2,7 +2,7 @@ const { http } = require('../helpers/http')
|
|
|
2
2
|
const buildApiError = require('../helpers/buildApiError')
|
|
3
3
|
const agentHeaders = require('../helpers/agentHeaders')
|
|
4
4
|
|
|
5
|
-
class
|
|
5
|
+
class PostRegister {
|
|
6
6
|
constructor (hostname, publicJwk) {
|
|
7
7
|
this.hostname = hostname || 'https://api.vestauth.com'
|
|
8
8
|
this.publicJwk = publicJwk
|
|
@@ -34,4 +34,4 @@ class PostAgentRegister {
|
|
|
34
34
|
}
|
|
35
35
|
}
|
|
36
36
|
|
|
37
|
-
module.exports =
|
|
37
|
+
module.exports = PostRegister
|
|
@@ -0,0 +1,45 @@
|
|
|
1
|
+
const { http } = require('../helpers/http')
|
|
2
|
+
const buildApiError = require('../helpers/buildApiError')
|
|
3
|
+
|
|
4
|
+
class PostVerify {
|
|
5
|
+
constructor (hostname, httpMethod, uri, signature, signatureInput) {
|
|
6
|
+
this.hostname = hostname || 'https://api.vestauth.com'
|
|
7
|
+
this.httpMethod = httpMethod
|
|
8
|
+
this.uri = uri
|
|
9
|
+
this.signature = signature
|
|
10
|
+
this.signatureInput = signatureInput
|
|
11
|
+
}
|
|
12
|
+
|
|
13
|
+
async run () {
|
|
14
|
+
const url = `${this.hostname}/verify`
|
|
15
|
+
const httpMethod = this.httpMethod
|
|
16
|
+
const uri = this.uri
|
|
17
|
+
const signature = this.signature
|
|
18
|
+
const signatureInput = this.signatureInput
|
|
19
|
+
|
|
20
|
+
const headers = {
|
|
21
|
+
'Content-Type': 'application/json'
|
|
22
|
+
}
|
|
23
|
+
|
|
24
|
+
const resp = await http(url, {
|
|
25
|
+
method: 'POST',
|
|
26
|
+
headers,
|
|
27
|
+
body: JSON.stringify({
|
|
28
|
+
http_method: httpMethod,
|
|
29
|
+
uri,
|
|
30
|
+
signature,
|
|
31
|
+
signature_input: signatureInput
|
|
32
|
+
})
|
|
33
|
+
})
|
|
34
|
+
|
|
35
|
+
if (resp.statusCode >= 400) {
|
|
36
|
+
const json = await resp.body.json()
|
|
37
|
+
throw buildApiError(resp.statusCode, json)
|
|
38
|
+
}
|
|
39
|
+
|
|
40
|
+
const json = await resp.body.json()
|
|
41
|
+
return json
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
module.exports = PostVerify
|
|
@@ -2,7 +2,7 @@ const dotenvx = require('@dotenvx/dotenvx')
|
|
|
2
2
|
const identity = require('./identity')
|
|
3
3
|
const keypair = require('./keypair')
|
|
4
4
|
const touch = require('./touch')
|
|
5
|
-
const
|
|
5
|
+
const PostRegister = require('../api/postRegister')
|
|
6
6
|
|
|
7
7
|
async function agentInit () {
|
|
8
8
|
const envPath = '.env'
|
|
@@ -18,7 +18,7 @@ async function agentInit () {
|
|
|
18
18
|
dotenvx.set('AGENT_PRIVATE_KEY', JSON.stringify(kp.privateKey), { path: envPath, plain: true, quiet: true })
|
|
19
19
|
|
|
20
20
|
// register agent with api
|
|
21
|
-
await new
|
|
21
|
+
await new PostRegister(null, kp.publicKey).run()
|
|
22
22
|
|
|
23
23
|
return {
|
|
24
24
|
AGENT_PUBLIC_KEY: kp.publicKey,
|
|
@@ -1,36 +1,9 @@
|
|
|
1
|
-
const
|
|
1
|
+
const PostVerify = require('../api/postVerify')
|
|
2
2
|
|
|
3
|
-
|
|
4
|
-
const
|
|
5
|
-
const authorityMessage = require('./authorityMessage')
|
|
6
|
-
const edPublicKeyObject = require('./edPublicKeyObject')
|
|
3
|
+
async function providerVerify (httpMethod, uri, signature, signatureInput) {
|
|
4
|
+
const output = await new PostVerify(null, httpMethod, uri, signature, signatureInput).run()
|
|
7
5
|
|
|
8
|
-
|
|
9
|
-
const { values } = parseSignatureInputHeader(signatureInputHeader)
|
|
10
|
-
const { expires } = values
|
|
11
|
-
|
|
12
|
-
// return early false, since expired
|
|
13
|
-
if (expires && expires < (Math.floor(Date.now() / 1000))) {
|
|
14
|
-
return {
|
|
15
|
-
success: false
|
|
16
|
-
}
|
|
17
|
-
}
|
|
18
|
-
|
|
19
|
-
const signatureParams = stripDictionaryKey(signatureInputHeader)
|
|
20
|
-
const signature = stripDictionaryKey(signatureHeader)
|
|
21
|
-
const message = authorityMessage(uri, signatureParams)
|
|
22
|
-
const publicKeyObject = edPublicKeyObject(publicKey)
|
|
23
|
-
|
|
24
|
-
const success = crypto.verify(
|
|
25
|
-
null,
|
|
26
|
-
Buffer.from(message, 'utf8'),
|
|
27
|
-
publicKeyObject,
|
|
28
|
-
Buffer.from(signature, 'base64')
|
|
29
|
-
)
|
|
30
|
-
|
|
31
|
-
return {
|
|
32
|
-
success
|
|
33
|
-
}
|
|
6
|
+
return output
|
|
34
7
|
}
|
|
35
8
|
|
|
36
9
|
module.exports = providerVerify
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
const crypto = require('crypto')
|
|
2
|
+
|
|
3
|
+
const parseSignatureInputHeader = require('./parseSignatureInputHeader')
|
|
4
|
+
const stripDictionaryKey = require('./stripDictionaryKey')
|
|
5
|
+
const authorityMessage = require('./authorityMessage')
|
|
6
|
+
const edPublicKeyObject = require('./edPublicKeyObject')
|
|
7
|
+
|
|
8
|
+
function verify (httpMethod, uri, signatureHeader, signatureInputHeader, publicKey) {
|
|
9
|
+
const { values } = parseSignatureInputHeader(signatureInputHeader)
|
|
10
|
+
const { expires } = values
|
|
11
|
+
|
|
12
|
+
// return early false, since expired
|
|
13
|
+
if (expires && expires < (Math.floor(Date.now() / 1000))) {
|
|
14
|
+
return {
|
|
15
|
+
success: false
|
|
16
|
+
}
|
|
17
|
+
}
|
|
18
|
+
|
|
19
|
+
const signatureParams = stripDictionaryKey(signatureInputHeader)
|
|
20
|
+
const signature = stripDictionaryKey(signatureHeader)
|
|
21
|
+
const message = authorityMessage(uri, signatureParams)
|
|
22
|
+
const publicKeyObject = edPublicKeyObject(publicKey)
|
|
23
|
+
|
|
24
|
+
const success = crypto.verify(
|
|
25
|
+
null,
|
|
26
|
+
Buffer.from(message, 'utf8'),
|
|
27
|
+
publicKeyObject,
|
|
28
|
+
Buffer.from(signature, 'base64')
|
|
29
|
+
)
|
|
30
|
+
|
|
31
|
+
return {
|
|
32
|
+
success
|
|
33
|
+
}
|
|
34
|
+
}
|
|
35
|
+
|
|
36
|
+
module.exports = verify
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
const { verify } = require('web-bot-auth')
|
|
2
2
|
const { verifierFromJWK } = require('web-bot-auth/crypto')
|
|
3
3
|
|
|
4
|
-
async function
|
|
4
|
+
async function verifyWebBotAuth (httpMetod, uri, signatureHeader, signatureInputHeader, publicKey) {
|
|
5
5
|
let success = false
|
|
6
6
|
|
|
7
7
|
const verifier = await verifierFromJWK(publicKey)
|
|
@@ -22,4 +22,4 @@ async function providerVerifyWebBotAuth (httpMetod, uri, signatureHeader, signat
|
|
|
22
22
|
}
|
|
23
23
|
}
|
|
24
24
|
|
|
25
|
-
module.exports =
|
|
25
|
+
module.exports = verifyWebBotAuth
|
package/src/lib/primitives.js
CHANGED
|
@@ -1,7 +1,11 @@
|
|
|
1
1
|
const keypair = require('./helpers/keypair')
|
|
2
2
|
const headers = require('./helpers/headers')
|
|
3
|
+
const verify = require('./helpers/verify')
|
|
4
|
+
const verifyWebBotAuth = require('./helpers/verifyWebBotAuth')
|
|
3
5
|
|
|
4
6
|
module.exports = {
|
|
5
7
|
keypair,
|
|
6
|
-
headers
|
|
8
|
+
headers,
|
|
9
|
+
verify,
|
|
10
|
+
verifyWebBotAuth
|
|
7
11
|
}
|
package/src/lib/provider.js
CHANGED
package/src/lib/helpers/sign.js
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
const secp = require('@noble/secp256k1')
|
|
2
|
-
const hash = require('./hash')
|
|
3
|
-
const stripFormatting = require('./stripFormatting')
|
|
4
|
-
|
|
5
|
-
async function sign (challenge, privateKeyHexPossiblyFormatted) {
|
|
6
|
-
const privateKeyHex = stripFormatting(privateKeyHexPossiblyFormatted)
|
|
7
|
-
const hashChallenge = hash(challenge)
|
|
8
|
-
const privateKeyBytes = Buffer.from(privateKeyHex, 'hex')
|
|
9
|
-
const signature = await secp.sign(hashChallenge, privateKeyBytes)
|
|
10
|
-
|
|
11
|
-
return Buffer.from(signature).toString('base64url') // base64 returned
|
|
12
|
-
}
|
|
13
|
-
|
|
14
|
-
module.exports = sign
|