Move to @cloudflare/privacypass-ts for token verification

[thibmeu]

Authorization header are even more complex than what's currently being handled by the codebase
We should consider moving to cloudflare/privacypass-ts for token validation. The library allows to parse an RFC 9110 header, and extract only PrivateToken ones.

For the verification case, we could use

import { AuthorizationHeader, publicVerif, TOKEN_TYPES } from '@cloudflare/privacypass-ts'
const { BlindRSAMode, Origin } = publicVerif;

// some code
// we assume we have
// * `request: Request` - client request with a PrivateToken in Authorization header
// * `issuerPublicKey: CryptoKey` - public key of teh issuer

const authorizationHeader = response.headers.get('Authorization')
if (!authorizationHeader) {
  throw new Error('no authorization')
}

const authorizations = AuthorizationHeader.deserialize(TOKEN_TYPES.BLIND_RSA, authorizationHeader)

const origin = new Origin(BlindRSAMode.PSS, [env.ORIGIN_NAME])

for (const authorization of authorizations) {
  if (await origin.verify(authorization.token, issuerPublicKey)) {
    return new Response('you\'re in')
  }
}
return new Response('Not allowed', {status: 401})

I have not tested that code yet, it's based on code for AuthorizationHeader and the Origin section of the examplehttps://github.com/cloudflare/privacypass-ts/blob/main/examples/pub_verif.example.ts#L53.

[thibmeu]

This is what thibmeu/pepe-debug uses for instance https://github.com/thibmeu/pepe-debug/blob/main/src/client/index.ts#L258-L305