mirror of
https://gitlab.com/soapbox-pub/ditto.git
synced 2025-12-06 11:29:46 +00:00
30 lines
1 KiB
TypeScript
30 lines
1 KiB
TypeScript
import { bech32 } from '@scure/base';
|
|
import { generateSecretKey } from 'nostr-tools';
|
|
|
|
/**
|
|
* Generate an auth token for the API.
|
|
*
|
|
* Returns a bech32 encoded API token and the SHA-256 hash of the bytes.
|
|
* The token should be presented to the user, but only the hash should be stored in the database.
|
|
*/
|
|
export async function generateToken(sk = generateSecretKey()): Promise<{ token: `token1${string}`; hash: Uint8Array }> {
|
|
const words = bech32.toWords(sk);
|
|
const token = bech32.encode('token', words);
|
|
|
|
const buffer = await crypto.subtle.digest('SHA-256', sk);
|
|
const hash = new Uint8Array(buffer);
|
|
|
|
return { token, hash };
|
|
}
|
|
|
|
/**
|
|
* Get the SHA-256 hash of an API token.
|
|
* First decodes from bech32 then hashes the bytes.
|
|
* Used to identify the user in the database by the hash of their token.
|
|
*/
|
|
export async function getTokenHash(token: `token1${string}`): Promise<Uint8Array> {
|
|
const { bytes: sk } = bech32.decodeToBytes(token);
|
|
const buffer = await crypto.subtle.digest('SHA-256', sk);
|
|
|
|
return new Uint8Array(buffer);
|
|
}
|