vestauth 0.4.6 → 0.4.9

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "vestauth",
-  "version": "0.4.6",
+  "version": "0.4.9",
   "description": "auth for agents–from the creator of dotenvx",
   "keywords": [
     "vestauth"

package/src/cli/actions/primitives/verify.js

@@ -0,0 +1,26 @@
+const { logger } = require('./../../../shared/logger')
+
+const primitives = require('./../../../lib/primitives')
+
+async function verify (httpMethod, uri, signature, signatureInput, publicKey) {
+  logger.debug(`httpMethod: ${httpMethod}`)
+  logger.debug(`uri: ${uri}`)
+  logger.debug(`signature: ${signature}`)
+  logger.debug(`signatureInput: ${signatureInput}`)
+  logger.debug(`publicKey: ${publicKey}`)
+
+  const options = this.opts()
+  logger.debug(`options: ${JSON.stringify(options)}`)
+
+  const output = await primitives.verify(httpMethod, uri, signature, signatureInput, JSON.parse(publicKey))
+  // const output = await primitive.verifyWebBotAuth(httpMethod, uri, signature, signatureInput, JSON.parse(publicKey))
+
+  let space = 0
+  if (options.prettyPrint) {
+    space = 2
+  }
+
+  console.log(JSON.stringify(output, null, space))
+}
+
+module.exports = verify

package/src/cli/actions/provider/verify.js

@@ -2,18 +2,16 @@ const { logger } = require('./../../../shared/logger')
 
 const provider = require('./../../../lib/provider')
 
-async function verify (httpMethod, uri, signatureHeader, signatureInputHeader, publicKey) {
+async function verify (httpMethod, uri, signatureHeader, signatureInputHeader) {
   logger.debug(`httpMethod: ${httpMethod}`)
   logger.debug(`uri: ${uri}`)
   logger.debug(`signatureHeader: ${signatureHeader}`)
   logger.debug(`signatureInputHeader: ${signatureInputHeader}`)
-  logger.debug(`publicKey: ${publicKey}`)
 
   const options = this.opts()
   logger.debug(`options: ${JSON.stringify(options)}`)
 
-  const output = await provider.verify(httpMethod, uri, signatureHeader, signatureInputHeader, JSON.parse(publicKey))
-  // const output = await provider.verifyWebBotAuth(httpMethod, uri, signatureHeader, signatureInputHeader, JSON.parse(publicKey))
+  const output = await provider.verify(httpMethod, uri, signatureHeader, signatureInputHeader)
 
   let space = 0
   if (options.prettyPrint) {

package/src/cli/commands/primitives.js

@@ -27,4 +27,16 @@ primitives.command('headers')
   .option('-pp, --pretty-print', 'pretty print output')
   .action(headersAction)
 
+// vestauth primitives verify
+const verifyAction = require('./../actions/primitives/verify')
+primitives.command('verify')
+  .description('verify signed headers')
+  .argument('<httpMethod>', 'GET (default)')
+  .argument('<uri>', '')
+  .argument('<signature>', '')
+  .argument('<signatureInput>', '')
+  .argument('<publicKey>', 'public key (json string)')
+  .option('-pp, --pretty-print', 'pretty print output')
+  .action(verifyAction)
+
 module.exports = primitives

package/src/cli/commands/provider.js

@@ -12,9 +12,8 @@ provider.command('verify')
   .description('verify agent')
   .argument('<httpMethod>', 'GET (default)')
   .argument('<uri>', '')
-  .argument('<signatureHeader>', '')
-  .argument('<signatureInputHeader>', '')
-  .argument('<publicKey>', 'public key (json string)')
+  .argument('<signature>', '')
+  .argument('<signatureInput>', '')
   .option('-pp, --pretty-print', 'pretty print output')
   .action(verifyAction)
 

package/src/lib/api/{postAgentRegister.js → postRegister.js}

@@ -2,7 +2,7 @@ const { http } = require('../helpers/http')
 const buildApiError = require('../helpers/buildApiError')
 const agentHeaders = require('../helpers/agentHeaders')
 
-class PostAgentRegister {
+class PostRegister {
   constructor (hostname, publicJwk) {
     this.hostname = hostname || 'https://api.vestauth.com'
     this.publicJwk = publicJwk
@@ -34,4 +34,4 @@ class PostAgentRegister {
   }
 }
 
-module.exports = PostAgentRegister
+module.exports = PostRegister

package/src/lib/api/postVerify.js

@@ -0,0 +1,45 @@
+const { http } = require('../helpers/http')
+const buildApiError = require('../helpers/buildApiError')
+
+class PostVerify {
+  constructor (hostname, httpMethod, uri, signature, signatureInput) {
+    this.hostname = hostname || 'https://api.vestauth.com'
+    this.httpMethod = httpMethod
+    this.uri = uri
+    this.signature = signature
+    this.signatureInput = signatureInput
+  }
+
+  async run () {
+    const url = `${this.hostname}/verify`
+    const httpMethod = this.httpMethod
+    const uri = this.uri
+    const signature = this.signature
+    const signatureInput = this.signatureInput
+
+    const headers = {
+      'Content-Type': 'application/json'
+    }
+
+    const resp = await http(url, {
+      method: 'POST',
+      headers,
+      body: JSON.stringify({
+        http_method: httpMethod,
+        uri,
+        signature,
+        signature_input: signatureInput
+      })
+    })
+
+    if (resp.statusCode >= 400) {
+      const json = await resp.body.json()
+      throw buildApiError(resp.statusCode, json)
+    }
+
+    const json = await resp.body.json()
+    return json
+  }
+}
+
+module.exports = PostVerify

package/src/lib/helpers/agentInit.js

@@ -2,7 +2,7 @@ const dotenvx = require('@dotenvx/dotenvx')
 const identity = require('./identity')
 const keypair = require('./keypair')
 const touch = require('./touch')
-const PostAgentRegister = require('../api/postAgentRegister')
+const PostRegister = require('../api/postRegister')
 
 async function agentInit () {
   const envPath = '.env'
@@ -13,16 +13,16 @@ async function agentInit () {
 
   touch(envPath)
 
-  // place in .env file
   dotenvx.set('AGENT_PUBLIC_KEY', JSON.stringify(kp.publicKey), { path: envPath, plain: true, quiet: true })
   dotenvx.set('AGENT_PRIVATE_KEY', JSON.stringify(kp.privateKey), { path: envPath, plain: true, quiet: true })
 
-  // register agent with api
-  await new PostAgentRegister(null, kp.publicKey).run()
+  // register agent
+  const agent = await new PostRegister(null, kp.publicKey).run()
+  dotenvx.set('AGENT_ID', agent.uid, { path: envPath, plain: true, quiet: true })
 
   return {
     AGENT_PUBLIC_KEY: kp.publicKey,
-    AGENT_PRIVATE_KEY: kp.privateKey,
+    AGENT_ID: agent.uid,
     path: envPath
   }
 }

package/src/lib/helpers/providerVerify.js

@@ -1,36 +1,9 @@
-const crypto = require('crypto')
+const PostVerify = require('../api/postVerify')
 
-const parseSignatureInputHeader = require('./parseSignatureInputHeader')
-const stripDictionaryKey = require('./stripDictionaryKey')
-const authorityMessage = require('./authorityMessage')
-const edPublicKeyObject = require('./edPublicKeyObject')
+async function providerVerify (httpMethod, uri, signature, signatureInput) {
+  const output = await new PostVerify(null, httpMethod, uri, signature, signatureInput).run()
 
-function providerVerify (httpMethod, uri, signatureHeader, signatureInputHeader, publicKey) {
-  const { values } = parseSignatureInputHeader(signatureInputHeader)
-  const { expires } = values
-
-  // return early false, since expired
-  if (expires && expires < (Math.floor(Date.now() / 1000))) {
-    return {
-      success: false
-    }
-  }
-
-  const signatureParams = stripDictionaryKey(signatureInputHeader)
-  const signature = stripDictionaryKey(signatureHeader)
-  const message = authorityMessage(uri, signatureParams)
-  const publicKeyObject = edPublicKeyObject(publicKey)
-
-  const success = crypto.verify(
-    null,
-    Buffer.from(message, 'utf8'),
-    publicKeyObject,
-    Buffer.from(signature, 'base64')
-  )
-
-  return {
-    success
-  }
+  return output
 }
 
 module.exports = providerVerify

package/src/lib/helpers/verify.js

@@ -0,0 +1,36 @@
+const crypto = require('crypto')
+
+const parseSignatureInputHeader = require('./parseSignatureInputHeader')
+const stripDictionaryKey = require('./stripDictionaryKey')
+const authorityMessage = require('./authorityMessage')
+const edPublicKeyObject = require('./edPublicKeyObject')
+
+function verify (httpMethod, uri, signatureHeader, signatureInputHeader, publicKey) {
+  const { values } = parseSignatureInputHeader(signatureInputHeader)
+  const { expires } = values
+
+  // return early false, since expired
+  if (expires && expires < (Math.floor(Date.now() / 1000))) {
+    return {
+      success: false
+    }
+  }
+
+  const signatureParams = stripDictionaryKey(signatureInputHeader)
+  const signature = stripDictionaryKey(signatureHeader)
+  const message = authorityMessage(uri, signatureParams)
+  const publicKeyObject = edPublicKeyObject(publicKey)
+
+  const success = crypto.verify(
+    null,
+    Buffer.from(message, 'utf8'),
+    publicKeyObject,
+    Buffer.from(signature, 'base64')
+  )
+
+  return {
+    success
+  }
+}
+
+module.exports = verify

package/src/lib/helpers/{providerVerifyWebBotAuth.js → verifyWebBotAuth.js}

@@ -1,7 +1,7 @@
 const { verify } = require('web-bot-auth')
 const { verifierFromJWK } = require('web-bot-auth/crypto')
 
-async function providerVerifyWebBotAuth (httpMetod, uri, signatureHeader, signatureInputHeader, publicKey) {
+async function verifyWebBotAuth (httpMetod, uri, signatureHeader, signatureInputHeader, publicKey) {
   let success = false
 
   const verifier = await verifierFromJWK(publicKey)
@@ -22,4 +22,4 @@ async function providerVerifyWebBotAuth (httpMetod, uri, signatureHeader, signat
   }
 }
 
-module.exports = providerVerifyWebBotAuth
+module.exports = verifyWebBotAuth

package/src/lib/primitives.js

@@ -1,7 +1,11 @@
 const keypair = require('./helpers/keypair')
 const headers = require('./helpers/headers')
+const verify = require('./helpers/verify')
+const verifyWebBotAuth = require('./helpers/verifyWebBotAuth')
 
 module.exports = {
   keypair,
-  headers
+  headers,
+  verify,
+  verifyWebBotAuth
 }

package/src/lib/provider.js

@@ -1,7 +1,5 @@
 const providerVerify = require('./helpers/providerVerify')
-const providerVerifyWebBotAuth = require('./helpers/providerVerifyWebBotAuth')
 
 module.exports = {
-  verify: providerVerify,
-  verifyWebBotAuth: providerVerifyWebBotAuth
+  verify: providerVerify
 }

package/src/lib/helpers/challenge.js

@@ -1,7 +0,0 @@
-const crypto = require('crypto')
-
-function challenge () {
-  return crypto.randomBytes(32).toString('base64url')
-}
-
-module.exports = challenge

package/src/lib/helpers/providerChallenge.js

@@ -1,7 +0,0 @@
-// const challenge = require('./challenge')
-
-async function providerChallenge (website) {
-  console.log('implement provider challenge')
-}
-
-module.exports = providerChallenge

package/src/lib/helpers/sign.js

@@ -1,14 +0,0 @@
-const secp = require('@noble/secp256k1')
-const hash = require('./hash')
-const stripFormatting = require('./stripFormatting')
-
-async function sign (challenge, privateKeyHexPossiblyFormatted) {
-  const privateKeyHex = stripFormatting(privateKeyHexPossiblyFormatted)
-  const hashChallenge = hash(challenge)
-  const privateKeyBytes = Buffer.from(privateKeyHex, 'hex')
-  const signature = await secp.sign(hashChallenge, privateKeyBytes)
-
-  return Buffer.from(signature).toString('base64url') // base64 returned
-}
-
-module.exports = sign