pyropy · gavinharris-dev · Nov 24, 2021 · Nov 24, 2021 · Nov 24, 2021 · Nov 24, 2021
diff --git a/dist/01d712ed3b6fe8f23933.module.wasm b/dist/01d712ed3b6fe8f23933.module.wasm
diff --git a/dist/228.browser.js b/dist/228.browser.js
diff --git a/dist/351.browser.js b/dist/351.browser.js
diff --git a/dist/405.browser.js b/dist/405.browser.js
diff --git a/dist/603.browser.js b/dist/603.browser.js
diff --git a/dist/66.browser.js b/dist/66.browser.js
diff --git a/dist/891.browser.js b/dist/891.browser.js
diff --git a/dist/997.browser.js b/dist/997.browser.js
diff --git a/dist/browser.js b/dist/browser.js
diff --git a/dist/browser.js.LICENSE.txt b/dist/browser.js.LICENSE.txt
@@ -0,0 +1,10 @@
+/*!
+ * The buffer module from node.js, for the browser.
+ *
+ * @author   Feross Aboukhadijeh <https://feross.org>
+ * @license  MIT
+ */
+
+/*! https://mths.be/base64 v1.0.0 by @mathias | MIT license */
+
+/*! ieee754. BSD-3-Clause License. Feross Aboukhadijeh <https://feross.org/opensource> */
diff --git a/dist/ef0ca63316357c3c262f.module.wasm b/dist/ef0ca63316357c3c262f.module.wasm
diff --git a/dist/node.js b/dist/node.js
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,12 +1,13 @@
 {
   "name": "web3-cardano-token",
-  "version": "0.0.11",
+  "version": "0.0.12",
   "private": false,
   "description": "Web3 Token is a new way to authenticate users in hybrid dApps using signed messages.",
   "author": "pyropy",
   "scripts": {
     "build": "webpack --mode=production --progress"
   },
+  "types": "src/lib.d.ts",
   "module": "src/lib.js",
   "main": "dist/web3-cardano-token.js",
   "dependencies": {

diff --git a/src/lib.d.ts b/src/lib.d.ts
@@ -1,20 +1,32 @@
-type Signer = (msg: string) => PromiseLike<string>
+type Signer = (msg: string) => PromiseLike<string>;
 
 export function sign(
-    signer: Signer,
-    expires_in?: string | number,
-    body?: Object): PromiseLike<string>
+  signer: Signer,
+  expires_in?: string | number,
+  body?: Object
+): PromiseLike<string>;
 
-export function verify(
-    token: string
-): {
-    address: string,
-    body: Object
-}
+export function verify(token: string): {
+  address: string;
+  body: Object;
+};
 
 declare const Web3Token: {
-    sign: typeof sign,
-    verify: typeof verify
-}
+  sign: typeof sign;
+  verify: typeof verify;
+};
+
+export default Web3Token;
 
-export default Web3Token
+declare module "web3-cardano-token/dist/browser" {
+  export const Web3Token: {
+    sign: typeof sign;
+    verify: typeof verify;
+  };
+}
+declare module "web3-cardano-token/dist/node" {
+  export const Web3Token: {
+    sign: typeof sign;
+    verify: typeof verify;
+  };
+}
diff --git a/src/lib/verify.js b/src/lib/verify.js
@@ -1,8 +1,12 @@
 import Base64 from "base-64";
 import parseAsHeaders from "parse-headers";
 import { Buffer } from "buffer";
-import Loader from "./loader";
-
+import Loader from "./loader.js";
+/**
+ *
+ * @param {string} token Signed Web3 Token
+ * @returns {boolean}
+ */
 export const verify = async (token) => {
   if (!token || !token.length) {
     throw new Error("Token required.");
@@ -43,6 +47,13 @@ export const verify = async (token) => {
   const address = Loader.Cardano.Address.from_bytes(
     headermap.header(Loader.Message.Label.new_text("address")).as_bytes()
   );
+
+  const publicKey = Loader.Cardano.PublicKey.from_bytes(headermap.key_id());
+
+  if (!verifyAddress(address, publicKey)) {
+    throw new Error("Address verification failed");
+  }
+
   const parsed_body = parseAsHeaders(body);
 
   if (
@@ -52,5 +63,47 @@ export const verify = async (token) => {
     throw new Error("Token expired");
   }
 
-  return { address: address.to_bech32(), body: parsed_body };
+  return {
+    address: address.to_bech32(),
+    network: address.network_id(),
+    body: parsed_body,
+  };
+};
+
+const verifyAddress = (checkAddress, publicKey) => {
+  console.log("publicKey", publicKey.hash());
+  // if (this.headers.address.to_bech32() !== checkAddress.to_bech32()) {
+  //   console.log("FASLE1");
+  //   return false;
+  // }
+  // check if BaseAddress
+  try {
+    const baseAddress = Loader.Cardano.BaseAddress.from_address(checkAddress);
+    //reconstruct address
+    const paymentKeyHash = publicKey.hash();
+    const stakeKeyHash = baseAddress.stake_cred().to_keyhash();
+    const reconstructedAddress = Loader.Cardano.BaseAddress.new(
+      checkAddress.network_id(),
+      Loader.Cardano.StakeCredential.from_keyhash(paymentKeyHash),
+      Loader.Cardano.StakeCredential.from_keyhash(stakeKeyHash)
+    );
+
+    return (
+      checkAddress.to_bech32() === reconstructedAddress.to_address().to_bech32()
+    );
+  } catch (e) {
+    console.error(e);
+  }
+
+  try {
+    const stakeKeyHash = address.hash();
+    const reconstructedAddress = RewardAddress.new(
+      checkAddress.network_id(),
+      StakeCredential.from_keyhash(stakeKeyHash)
+    );
+    return (
+      checkAddress.to_bech32() === reconstructedAddress.to_address().to_bech32()
+    );
+  } catch (e) {}
+  return false;
 };
diff --git a/test.mjs b/test.mjs
@@ -0,0 +1,8 @@
+import { verify } from "./src/lib/verify.js";
+
+(async () => {
+  const token =
+    "eyJzaWduYXR1cmUiOiI4NDU4NjlhMzAxMjcwNDU4MjA2ZjkzODllNDUzNGUxZjUyMzQ2MzBhYTRiYTlkODZkNTQ0MmVlYjQzNmQ3MDY2ODkyZjA2OGViZTYyYmQwNmJmNjc2MTY0NjQ3MjY1NzM3MzU4MzkwMDg5NDAwMDIzZTIyZWNlYTJjYTEyMjgzYmM0YzY1Yjc4NzIzOTA1YmUzMzA2ZDE3MTZlMDM5MWZkNmM3YmJmOTNjMjIwMGRhMTEyNjMzNGZjZGQ0Njk5YzZhMTI3ZjhlZmMzMmM5OTk0NDBhYTVhNzVhMTY2Njg2MTczNjg2NTY0ZjQ1ODQwNTc2NTYyMzMyZDU0NmY2YjY1NmUyZDU2NjU3MjczNjk2ZjZlM2EyMDMxMGE0NTc4NzA2OTcyNjUyZDQ0NjE3NDY1M2EyMDU0Njg3NTJjMjAzMjM1MjA0ZTZmNzYyMDMyMzAzMjMxMjAzMDMzM2EzNTMzM2EzMzM2MjA0NzRkNTQ1ODQwYjI5YTA5NDY0OTY3MDVjMzY2NDQyNjRiODk1NzRhNTRkYjY1MTM0OGJmNzI4M2IwMjFmMmE5MTQxYmFjYzJiOGE2ZjQ4MmQ1OTQxYWE4N2Y5M2IxODk4ZTAxZDQwZTUxYmM5ODAwY2QzYTExY2E1OWQ1ZTYwNzg4ZjdhOGY0MDQiLCJib2R5IjoiV2ViMy1Ub2tlbi1WZXJzaW9uOiAxXG5FeHBpcmUtRGF0ZTogVGh1LCAyNSBOb3YgMjAyMSAwMzo1MzozNiBHTVQifQ==";
+
+  console.log(await verify(token));
+})();