feat: jwt sigs in w3id

coodos · coodos · commit 606b22da4d22 · 2025-04-19T02:17:14.000+05:30
diff --git a/infrastructure/w3id/src/index.ts b/infrastructure/w3id/src/index.ts
@@ -1,121 +1,140 @@
 import { IDLogManager } from "./logs/log-manager";
-import type { LogEvent, Signer } from "./logs/log.types";
+import type { LogEvent, Signer, JWTPayload, JWTHeader } from "./logs/log.types";
 import type { StorageSpec } from "./logs/storage/storage-spec";
 import { generateRandomAlphaNum } from "./utils/rand";
 import { v4 as uuidv4 } from "uuid";
 import { generateUuid } from "./utils/uuid";
+import { signJWT } from "./utils/jwt";
 
 export class W3ID {
-	constructor(
-		public id: string,
-		public logs?: IDLogManager,
-	) {}
+    constructor(
+        public id: string,
+        public logs?: IDLogManager,
+    ) {}
+
+    /**
+     * Signs a JWT with the W3ID's signer
+     * @param payload - The JWT payload
+     * @param header - Optional JWT header (defaults to using the signer's alg and W3ID's id as kid)
+     * @returns The signed JWT
+     */
+    public async signJWT(
+        payload: JWTPayload,
+        header?: JWTHeader,
+    ): Promise<string> {
+        if (!this.logs?.signer) {
+            throw new Error("W3ID must have a signer to sign JWTs");
+        }
+        return signJWT(this.logs.signer, payload, `${this.id}#0`, header);
+    }
 }
 
 export class W3IDBuilder {
-	private signer?: Signer;
-	private repository?: StorageSpec<LogEvent, LogEvent>;
-	private entropy?: string;
-	private namespace?: string;
-	private nextKeyHash?: string;
-	private global?: boolean = false;
+    private signer?: Signer;
+    private repository?: StorageSpec<LogEvent, LogEvent>;
+    private entropy?: string;
+    private namespace?: string;
+    private nextKeyHash?: string;
+    private global?: boolean = false;
 
-	/**
-	 * Specify entropy to create the identity with
-	 *
-	 * @param {string} str
-	 */
-	public withEntropy(str: string): W3IDBuilder {
-		this.entropy = str;
-		return this;
-	}
+    /**
+     * Specify entropy to create the identity with
+     *
+     * @param {string} str
+     */
+    public withEntropy(str: string): W3IDBuilder {
+        this.entropy = str;
+        return this;
+    }
 
-	/**
-	 * Specify namespace to use to generate the UUIDv5
-	 *
-	 * @param {string} uuid
-	 */
-	public withNamespace(uuid: string): W3IDBuilder {
-		this.namespace = uuid;
-		return this;
-	}
+    /**
+     * Specify namespace to use to generate the UUIDv5
+     *
+     * @param {string} uuid
+     */
+    public withNamespace(uuid: string): W3IDBuilder {
+        this.namespace = uuid;
+        return this;
+    }
 
-	/**
-	 * Specify whether to create a global identifier or a local identifer
-	 *
-	 * According to the project specification there are supposed to be 2 main types of
-	 * W3ID's ones which are tied to more permanent entities
-	 *
-	 * A global identifer is expected to live at the registry and starts with an \`@\`
-	 *
-	 * @param {boolean} isGlobal
-	 */
-	public withGlobal(isGlobal: boolean): W3IDBuilder {
-		this.global = isGlobal;
-		return this;
-	}
+    /**
+     * Specify whether to create a global identifier or a local identifer
+     *
+     * According to the project specification there are supposed to be 2 main types of
+     * W3ID's ones which are tied to more permanent entities
+     *
+     * A global identifer is expected to live at the registry and starts with an \`@\`
+     *
+     * @param {boolean} isGlobal
+     */
+    public withGlobal(isGlobal: boolean): W3IDBuilder {
+        this.global = isGlobal;
+        return this;
+    }
 
-	/**
-	 * Add a logs repository to the W3ID, a rotateble key attached W3ID would need a
-	 * repository in which the logs would be stored
-	 *
-	 * @param {StorageSpec<LogEvent, LogEvent>} storage
-	 */
-	public withRepository(storage: StorageSpec<LogEvent, LogEvent>): W3IDBuilder {
-		this.repository = storage;
-		return this;
-	}
+    /**
+     * Add a logs repository to the W3ID, a rotateble key attached W3ID would need a
+     * repository in which the logs would be stored
+     *
+     * @param {StorageSpec<LogEvent, LogEvent>} storage
+     */
+    public withRepository(
+        storage: StorageSpec<LogEvent, LogEvent>,
+    ): W3IDBuilder {
+        this.repository = storage;
+        return this;
+    }
 
-	/**
-	 * Attach a keypair to the W3ID, a key attached W3ID would also need a repository
-	 * to be added.
-	 *
-	 * @param {Signer} signer
-	 */
-	public withSigner(signer: Signer): W3IDBuilder {
-		this.signer = signer;
-		return this;
-	}
+    /**
+     * Attach a keypair to the W3ID, a key attached W3ID would also need a repository
+     * to be added.
+     *
+     * @param {Signer} signer
+     */
+    public withSigner(signer: Signer): W3IDBuilder {
+        this.signer = signer;
+        return this;
+    }
 
-	/**
-	 * Specify the SHA256 hash of the next key which will sign the next log entry after
-	 * rotation of keys
-	 *
-	 * @param {string} hash
-	 */
-	public withNextKeyHash(hash: string): W3IDBuilder {
-		this.nextKeyHash = hash;
-		return this;
-	}
+    /**
+     * Specify the SHA256 hash of the next key which will sign the next log entry after
+     * rotation of keys
+     *
+     * @param {string} hash
+     */
+    public withNextKeyHash(hash: string): W3IDBuilder {
+        this.nextKeyHash = hash;
+        return this;
+    }
 
-	/**
-	 * Build the W3ID with provided builder options
-	 *
-	 * @returns Promise<W3ID>
-	 */
-	public async build(): Promise<W3ID> {
-		this.entropy = this.entropy ?? generateRandomAlphaNum();
-		this.namespace = this.namespace ?? uuidv4();
-		const id = `${
-			this.global ? "@" : ""
-		}${generateUuid(this.entropy, this.namespace)}`;
-		if (!this.signer) {
-			return new W3ID(id);
-		}
-		if (!this.repository)
-			throw new Error(
-				"Repository is required, pass with `withRepository` method",
-			);
+    /**
+     * Build the W3ID with provided builder options
+     *
+     * @returns Promise<W3ID>
+     */
+    public async build(): Promise<W3ID> {
+        this.entropy = this.entropy ?? generateRandomAlphaNum();
+        this.namespace = this.namespace ?? uuidv4();
+        const id = `${
+            this.global ? "@" : ""
+        }${generateUuid(this.entropy, this.namespace)}`;
+        if (!this.signer) {
+            return new W3ID(id);
+        }
+        if (!this.repository)
+            throw new Error(
+                "Repository is required, pass with `withRepository` method",
+            );
 
-		if (!this.nextKeyHash)
-			throw new Error(
-				"NextKeyHash is required pass with `withNextKeyHash` method",
-			);
-		const logs = new IDLogManager(this.repository, this.signer);
-		await logs.createLogEvent({
-			id,
-			nextKeyHashes: [this.nextKeyHash],
-		});
-		return new W3ID(id, logs);
-	}
+        if (!this.nextKeyHash)
+            throw new Error(
+                "NextKeyHash is required pass with `withNextKeyHash` method",
+            );
+        const logs = new IDLogManager(this.repository, this.signer);
+        await logs.createLogEvent({
+            id,
+            nextKeyHashes: [this.nextKeyHash],
+        });
+        return new W3ID(id, logs);
+    }
 }
diff --git a/infrastructure/w3id/src/logs/log.types.ts b/infrastructure/w3id/src/logs/log.types.ts
@@ -1,43 +1,61 @@
 export type LogEvent = {
-	id: string;
-	versionId: string;
-	versionTime: Date;
-	updateKeys: string[];
-	nextKeyHashes: string[];
-	method: `w3id:v${string}`;
-	proof?: string;
+    id: string;
+    versionId: string;
+    versionTime: Date;
+    updateKeys: string[];
+    nextKeyHashes: string[];
+    method: `w3id:v${string}`;
+    proof?: string;
 };
 
 export type VerifierCallback = (
-	message: string,
-	signature: string,
-	pubKey: string,
+    message: string,
+    signature: string,
+    pubKey: string,
 ) => Promise<boolean>;
 
+export type JWTHeader = {
+    alg: string;
+    typ: "JWT";
+    kid?: string;
+};
+
+export type JWTPayload = {
+    [key: string]: any;
+    iat?: number;
+    exp?: number;
+    nbf?: number;
+    iss?: string;
+    sub?: string;
+    aud?: string;
+    jti?: string;
+};
+
 export type Signer = {
-	sign: (message: string) => Promise<string> | string;
-	pubKey: string;
+    sign: (message: string) => Promise<string> | string;
+    pubKey: string;
+    alg: string;
 };
 
 export type RotationLogOptions = {
-	nextKeyHashes: string[];
-	nextKeySigner: Signer;
+    nextKeyHashes: string[];
+    nextKeySigner: Signer;
 };
 
 export type GenesisLogOptions = {
-	nextKeyHashes: string[];
-	id: string;
+    nextKeyHashes: string[];
+    id: string;
 };
 
 export function isGenesisOptions(
-	options: CreateLogEventOptions,
+    options: CreateLogEventOptions,
 ): options is GenesisLogOptions {
-	return "id" in options;
+    return "id" in options;
 }
 export function isRotationOptions(
-	options: CreateLogEventOptions,
+    options: CreateLogEventOptions,
 ): options is RotationLogOptions {
-	return "nextKeySigner" in options;
+    return "nextKeySigner" in options;
 }
 
 export type CreateLogEventOptions = GenesisLogOptions | RotationLogOptions;
diff --git a/infrastructure/w3id/tests/utils/crypto.ts b/infrastructure/w3id/tests/utils/crypto.ts
@@ -27,6 +27,7 @@ export const verifierCallback: VerifierCallback = async (
 export function createSigner(keyPair: nacl.SignKeyPair): Signer {
     const publicKey = uint8ArrayToHex(keyPair.publicKey);
     const signer: Signer = {
+        alg: "ed25519",
         pubKey: publicKey,
         sign: (str: string) => {
             const buffer = stringToUint8Array(str);
diff --git a/infrastructure/w3id/tests/w3id.test.ts b/infrastructure/w3id/tests/w3id.test.ts
