1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
import { msSecond } from "https://esm.town/v/stevekrouse/msSecond";
import { atob } from "https://esm.town/v/stevekrouse/atob";
import { importKey } from "https://esm.town/v/stevekrouse/importKey";
import { getPublicKey } from "https://esm.town/v/stevekrouse/getPublicKey";
export async function verifyAPIAuth({ signature, ...signed }) {
let { handle, t } = signed;
let publicKey = await getPublicKey(handle);
if (publicKey.message === "Not found")
return { error: `No public key found at: @${handle}.publicKey` };
let verified = await crypto.subtle.verify(
{
name: "ECDSA",
hash: { name: "SHA-384" },
},
await importKey(publicKey, "publicKey"),
await atob(signature),
new TextEncoder().encode(JSON.stringify(signed)),
);
if (verified) {
if (Date.now() - t > 20 * msSecond) {
return { error: "Request too old" };
}
else {
return { handle };
}
}
else {
return { error: "Signature did not verify" };
}
}
👆 This is a val. Vals are TypeScript snippets of code, written in the browser and run on our servers. Create scheduled functions, email yourself, and persist small pieces of data — all from the browser.