34 lines
937 B
TypeScript
34 lines
937 B
TypeScript
|
import * as jose from "jose";
|
||
|
|
|
||
|
|
import { createDebug } from "./debug";
|
||
|
|
import { getJwksUrl } from "./urls";
|
||
|
|
|
||
|
|
const debug = createDebug("verify-signature");
|
||
|
|
|
||
|
|
/**
|
||
|
|
* Verify payload signature with public key of given `domain`
|
||
|
|
* https://docs.saleor.io/docs/3.x/developer/extending/apps/asynchronous-webhooks#payload-signature
|
||
|
|
*/
|
||
|
|
export const verifySignature = async (domain: string, signature: string, rawBody: string) => {
|
||
|
|
const [header, , jwsSignature] = signature.split(".");
|
||
|
|
const jws: jose.FlattenedJWSInput = {
|
||
|
|
protected: header,
|
||
|
|
payload: rawBody,
|
||
|
|
signature: jwsSignature,
|
||
|
|
};
|
||
|
|
|
||
|
|
const remoteJwks = jose.createRemoteJWKSet(
|
||
|
|
new URL(getJwksUrl(domain))
|
||
|
|
) as jose.FlattenedVerifyGetKey;
|
||
|
|
|
||
|
|
debug("Created remote JWKS");
|
||
|
|
|
||
|
|
try {
|
||
|
|
await jose.flattenedVerify(jws, remoteJwks);
|
||
|
|
debug("JWKS verified");
|
||
|
|
} catch {
|
||
|
|
debug("JWKS verification failed");
|
||
|
|
throw new Error("JWKS verification failed");
|
||
|
|
}
|
||
|
|
};
|