-
Notifications
You must be signed in to change notification settings - Fork 19
/
Copy pathverify-signature.ts
41 lines (32 loc) · 1.17 KB
/
verify-signature.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
import * as jose from "jose";
import { createDebug } from "../debug";
const debug = createDebug("verify-signature");
/**
* Verify the Webhook payload signature from provided JWKS string.
* JWKS can be cached to avoid unnecessary calls.
*/
export const verifySignatureWithJwks = async (jwks: string, signature: string, rawBody: string) => {
const [header, , jwsSignature] = signature.split(".");
const jws: jose.FlattenedJWSInput = {
protected: header,
payload: rawBody,
signature: jwsSignature,
};
let localJwks: jose.FlattenedVerifyGetKey;
try {
const parsedJWKS = JSON.parse(jwks);
localJwks = jose.createLocalJWKSet(parsedJWKS) as jose.FlattenedVerifyGetKey;
} catch {
debug("Could not create local JWKSSet from given data: %s", jwks);
throw new Error("JWKS verification failed - could not parse given JWKS");
}
try {
await jose.flattenedVerify(jws, localJwks);
debug("JWKS verified");
} catch {
debug("JWKS verification failed");
throw new Error("JWKS verification failed");
}
};
export const getJwksUrlFromSaleorApiUrl = (saleorApiUrl: string): string =>
`${new URL(saleorApiUrl).origin}/.well-known/jwks.json`;