-
Notifications
You must be signed in to change notification settings - Fork 4
Expand file tree
/
Copy pathindex.js
More file actions
57 lines (45 loc) · 1.42 KB
/
index.js
File metadata and controls
57 lines (45 loc) · 1.42 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
const { v4: uuidv4 } = require("uuid");
const express = require("express");
const jwt = require("jsonwebtoken");
const rippleKP = require("ripple-keypairs");
const app = express();
const port = 3000;
const jwtSecret = "some very secret value";
// Serve public folder
app.use(express.static("public"));
// API - Generate a nonce for the message to be signed
app.get("/nonce", (req, res) => {
const nonce = uuidv4();
const { pbk } = req.query;
const token = jwt.sign({ nonce, public_key: pbk }, jwtSecret, {
expiresIn: "60s",
});
res.json(token);
});
// API - Verify the token
app.post("/verify", async (req, res) => {
const authHeader = req.headers["authorization"];
const tempToken = authHeader && authHeader.split(" ")[1];
if (tempToken === null) {
return res.sendStatus(403);
}
const { public_key, address } = await jwt.verify(tempToken, jwtSecret);
const { signature } = req.query;
// Verify the signature, tempToken and public_key match
const tempTokenHex = (Buffer.from(tempToken, 'utf8')).toString('hex')
const isVerified = rippleKP.verify(
tempTokenHex,
signature,
public_key,
);
if (isVerified) {
const token = jwt.sign({ verifiedAddress: address }, jwtSecret, { expiresIn: "1d" });
res.json({ token });
} else {
res.sendStatus(403);
}
});
// Make the app listen to the port 3000
app.listen(port, () => {
console.log(`Example app listening on port ${port}`);
});