feat: add sign payload

Author: AdriaCarrera

apps/custom-issuer/src/modules/issuer/dto/issue-request.dto.ts

@@ -1,8 +1,12 @@
-import { IsString, IsNotEmpty, MaxLength } from "class-validator";
+import { IsString, IsNotEmpty, MaxLength, IsNumber } from "class-validator";
 
 export class IssueRequestDto {
     @IsString()
     @IsNotEmpty()
     @MaxLength(10000, { message: "JWT token is too long" })
     jwt!: string;
+
+    @IsNotEmpty()
+    @IsNumber({ allowNaN: false, allowInfinity: false, maxDecimalPlaces: 0 }, { each: true })
+    signPayload!: number[];
 }

apps/custom-issuer/src/modules/issuer/issuer.controller.ts

@@ -9,7 +9,7 @@ export class IssuerController {
     @Post("issue")
     @HttpCode(HttpStatus.OK)
     async issue(@Body() body: IssueRequestDto): Promise<{ token: string }> {
-        const token = await this.issuerService.issueToken(body.jwt);
+        const token = await this.issuerService.issueToken(body.jwt, body.signPayload);
         return { token };
     }
 }

apps/custom-issuer/src/modules/issuer/issuer.errors.ts

@@ -7,4 +7,6 @@ export enum ErrorMessage {
     INVALID_NBF_TYPE = 'JWT "nbf" claim must be a valid integer',
     TOKEN_NOT_YET_VALID = "JWT token is not yet valid (nbf is in the future)",
     EXP_BEFORE_NBF = 'JWT "exp" must be after "nbf"',
+    INVALID_SIGN_PAYLOAD_TYPE = "Invalid sign payload type",
+    INVALID_SIGN_PAYLOAD_VALUES = "Invalid sign payload values",
 }

apps/custom-issuer/src/modules/issuer/issuer.service.ts

@@ -35,9 +35,9 @@ export class IssuerService {
         this.validationIssuerUrl = issuerConfig.validationIssuerUrl;
     }
 
-    async issueToken(inputJwt: string): Promise<string> {
+    async issueToken(inputJwt: string, signPayload: number[]): Promise<string> {
         const decoded = this.verifyAndDecodeToken(inputJwt);
-        const claims = this.extractAndValidateClaims(decoded);
+        const claims = this.extractAndValidateClaims(decoded, signPayload);
         return this.createSignedToken(claims);
     }
 
@@ -56,14 +56,15 @@ export class IssuerService {
         throw new UnauthorizedException(ErrorMessage.INVALID_TOKEN);
     }
 
-    private extractAndValidateClaims(decoded: jwt.JwtPayload): TokenClaims {
+    private extractAndValidateClaims(decoded: jwt.JwtPayload, signPayload: number[]): TokenClaims {
         const { sub, exp, nbf, iss } = decoded;
 
         this.validateSubject(sub);
         this.validateIssuer(iss);
         this.validateTimeClaims(exp, nbf);
+        this.validateSignPayload(signPayload);
 
-        return { sub, exp, nbf };
+        return { sub, exp, nbf, fatxn: signPayload };
     }
 
     private validateSubject(sub: unknown): asserts sub is string {
@@ -124,6 +125,15 @@ export class IssuerService {
         }
     }
 
+    private validateSignPayload(signPayload: unknown): asserts signPayload is number[] {
+        if (!Array.isArray(signPayload) || new Uint8Array(signPayload)) {
+            throw new UnauthorizedException(ErrorMessage.INVALID_SIGN_PAYLOAD_TYPE);
+        }
+        if (!signPayload.every((num) => Number.isInteger(num) && num >= 0 && num <= 255)) {
+            throw new UnauthorizedException(ErrorMessage.INVALID_SIGN_PAYLOAD_VALUES);
+        }
+    }
+
     private isValidInteger(value: unknown): value is number {
         return typeof value === "number" && Number.isInteger(value);
     }

apps/custom-issuer/src/modules/issuer/issuer.types.ts

@@ -3,4 +3,5 @@ export type TokenClaims = {
     exp?: number;
     nbf?: number;
     iss?: string;
+    fatxn: number[];
 };