send and verify login challenge

2025-02-11 19:07:13 +01:00
parent e5ffbac3ea
commit 4deb25962e
9 changed files with 202 additions and 73 deletions
--- a/src/authentication.js
+++ b/src/authentication.js
@ -1,8 +1,49 @@
+const { subtle } = require('node:crypto').webcrypto;
+
 const sharedSecret = process.env.SHARED_SECRET;

 const authentication = {
    checkSharedSecret: (providedSecret) => {
        return sharedSecret === providedSecret;
+    },
+    verifySignature : async (msg, sig, publicKeys) => {
+        try {
+            for (const pemPubKey of publicKeys) {
+                try {
+                    const pubKey = await authentication.pemToKey(pemPubKey);
+                    const verified = await subtle.verify(
+                        'Ed25519',
+                        pubKey,
+                        sig,
+                        msg
+                    );
+                    if (verified) {
+                        console.log('Signature verified successfully with public key:', pemPubKey);
+                        return pemPubKey;
+                    }
+                } catch (err) {
+                    console.log('Failed to verify signature with public key:', pemPubKey, err);
+                }
+            }
+            return null;
+        } catch (err) {
+            console.error('Error verifying signature:', err);
+        }
+    },
+    pemToKey: async (pemKey) => {
+        const base64 = pemKey.replace(`-----BEGIN PUBLIC KEY-----`, '').replace(`-----END PUBLIC KEY-----`, '').trim();
+        const buffer = Buffer.from(base64, 'base64');
+        const uint8Array = new Uint8Array(buffer);
+        const publicKey = await subtle.importKey(
+            "spki",
+            uint8Array,
+            {
+                name: "Ed25519",
+            },
+            true,
+            ["verify"],
+        );
+        return publicKey;
    }
 };