File tree Expand file tree Collapse file tree 1 file changed +49
-0
lines changed
packages/auth/src/lib/AuthManager/utils Expand file tree Collapse file tree 1 file changed +49
-0
lines changed Original file line number Diff line number Diff line change 1+ import { AuthSig , LitResourceAbilityRequest } from '@lit-protocol/types' ;
2+
3+ /**
4+ * Validates that the provided delegation auth sig hasn't expired and
5+ * references the expected session key URI.
6+ * Throws an error if validation fails.
7+ */
8+ export function validateDelegationAuthSig ( params : {
9+ delegationAuthSig : AuthSig ;
10+ requiredResources : LitResourceAbilityRequest [ ] ;
11+ sessionKeyUri : string ;
12+ } ) {
13+ const { delegationAuthSig, sessionKeyUri } = params ;
14+
15+ try {
16+ const siweMessage = delegationAuthSig . signedMessage ;
17+
18+ // Check expiration if it exists in the SIWE message
19+ const expirationMatch = siweMessage . match ( / ^ E x p i r a t i o n T i m e : ( .* ) $ / m) ;
20+ if ( expirationMatch ?. [ 1 ] ) {
21+ const expiration = new Date ( expirationMatch [ 1 ] . trim ( ) ) ;
22+ if ( Number . isNaN ( expiration . getTime ( ) ) ) {
23+ throw new Error (
24+ 'Delegation signature contains an invalid expiration timestamp'
25+ ) ;
26+ }
27+ if ( expiration . getTime ( ) <= Date . now ( ) ) {
28+ throw new Error (
29+ `Delegation signature has expired at ${ expiration . toISOString ( ) }
30+ ) ;
31+ }
32+ }
33+
34+ // Validate session key URI matches
35+ if ( ! siweMessage . includes ( sessionKeyUri ) ) {
36+ throw new Error (
37+ 'Session key URI in delegation signature does not match provided session key pair'
38+ ) ;
39+ }
40+
41+ // TODO: Add resource validation by parsing the RECAP URN when available.
42+ } catch ( error ) {
43+ throw new Error (
44+ `Invalid delegation signature: ${
45+ error instanceof Error ? error . message : 'Unknown error'
46+ } `
47+ ) ;
48+ }
49+ }
You can’t perform that action at this time.
0 commit comments