signing header + payload, improved tests

package.json

@@ -41,7 +41,6 @@
     "@typescript-eslint/parser": "^6.19.1",
     "babel-jest": "^29.4.1",
     "dotenv-cli": "^7.3.0",
-    "elliptic": "^6.5.4",
     "eslint": "~8.56.0",
     "eslint-config-prettier": "^9.0.0",
     "eslint-plugin-import": "2.27.5",
@@ -91,8 +90,6 @@
     "class-validator": "^0.14.1",
     "clsx": "^1.2.1",
     "date-fns": "^3.3.1",
-    "ethereumjs-util": "^7.1.5",
-    "ethers": "^6.11.1",
     "handlebars": "^4.7.8",
     "jose": "^5.2.1",
     "lodash": "^4.17.21",

packages/signature/jest.config.ts

@@ -5,17 +5,13 @@ const config: Config = {
   moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx'],
   preset: '../../jest.preset.js',
   testEnvironment: 'node',
-  transformIgnorePatterns: [
-    'node_modules/(?!(viem)/)' // Transpile code in the viem package
-  ],
   transform: {
     '^.+\\.[tj]sx?$': [
       'ts-jest',
       {
         tsconfig: '<rootDir>/tsconfig.spec.json'
       }
-    ],
-    '^.+\\.js$': 'babel-jest' // Add this line if you want to transform JS files with Babel
+    ]
   }
 }
 

packages/signature/src/lib/__test__/unit/decode.spec.ts

@@ -0,0 +1,30 @@
+import { base64url } from 'jose'
+import { decode } from '../../decode'
+import { DECODED_TOKEN, HEADER_PART, SIGNATURE_PART, SIGNED_TOKEN } from './mock'
+
+describe('decode', () => {
+  it('decodes a request successfully', async () => {
+    const jwt = decode(SIGNED_TOKEN)
+    expect(jwt).toEqual(DECODED_TOKEN)
+  })
+  it('throws an error if token is malformed', async () => {
+    expect(() => decode('invalid')).toThrow()
+  })
+  it('throws an error if token is formed well with unmeaningful data', async () => {
+    expect(() => decode('invalid.invalid.invalid')).toThrow()
+  })
+  it('throws an error if payload is invalid with a valid signature', async () => {
+    const token = `${HEADER_PART}.${'invalid'}.${SIGNATURE_PART}`
+    expect(() => decode(token)).toThrow()
+    const encodedPayload = base64url.encode(
+      JSON.stringify({ requestHash: 'hashedRequest', iat: '1728917', exp: '1728917' })
+    )
+    const token2 = `${HEADER_PART}.${encodedPayload}.${SIGNATURE_PART}`
+    expect(() => decode(token2)).toThrow()
+  })
+  it('throws an error if header is invalid', async () => {
+    const encodedHeader = base64url.encode(JSON.stringify({ alg: 'invalid', kid: 'invalid' }))
+    const token = `${encodedHeader}.${'invalid'}.${SIGNATURE_PART}`
+    expect(() => decode(token)).toThrow()
+  })
+})

packages/signature/src/lib/__test__/unit/eoa-keys.spec.ts

@@ -0,0 +1,38 @@
+import { generatePrivateKey, privateKeyToAccount } from 'viem/accounts'
+import { sign } from '../../sign'
+import { Alg, SignatureInput, VerificationInput } from '../../types'
+import { verify } from '../../verify'
+import { DECODED_TOKEN, EXP, IAT, KID, REQUEST } from './mock'
+
+describe('flow with viem keypairs', () => {
+  it('should sign and verify a request successfully', async () => {
+    const viemPkAlg = Alg.ES256K
+    const pk = generatePrivateKey()
+    const { publicKey: viemPk } = privateKeyToAccount(pk)
+    const expected = {
+      header: {
+        ...DECODED_TOKEN.header,
+        alg: viemPkAlg
+      },
+      payload: DECODED_TOKEN.payload,
+      signature: expect.any(String)
+    }
+    const signingInput: SignatureInput = {
+      request: REQUEST,
+      privateKey: pk,
+      algorithm: viemPkAlg,
+      kid: KID,
+      iat: IAT,
+      exp: EXP
+    }
+    const jwt = await sign(signingInput)
+    const verificationInput: VerificationInput = {
+      request: REQUEST,
+      rawToken: jwt,
+      publicKey: viemPk,
+      algorithm: viemPkAlg
+    }
+    const verifiedJwt = await verify(verificationInput)
+    expect(verifiedJwt).toEqual(expected)
+  })
+})