fixed readme

deatil · deatil · commit 9ac5c6891a8e · 2025-02-24T12:23:06.000+08:00
diff --git a/README.md b/README.md
@@ -1,13 +1,29 @@
 ## Zig-jwt 
 
-A JWT library for zig.
+A JWT (JSON Web Token) library for zig.
 
 
 ### Env
 
  - Zig >= 0.14.0-dev.2851+b074fb7dd
 
 
+### What the heck is a JWT?
+
+JWT.io has [a great introduction](https://jwt.io/introduction) to JSON Web Tokens.
+
+In short, it's a signed JSON object that does something useful (for example, authentication).  It's commonly used for `Bearer` tokens in Oauth 2.  A token is made of three parts, separated by `.`'s.  The first two parts are JSON objects, that have been [base64url](https://datatracker.ietf.org/doc/html/rfc4648) encoded.  The last part is the signature, encoded the same way.
+
+The first part is called the header.  It contains the necessary information for verifying the last part, the signature.  For example, which encryption method was used for signing and what key was used.
+
+The part in the middle is the interesting bit.  It's called the Claims and contains the actual stuff you care about.  Refer to [RFC 7519](https://datatracker.ietf.org/doc/html/rfc7519) for information about reserved keys and the proper way to add your own.
+
+
+### What's in the box?
+
+This library supports the parsing and verification as well as the generation and signing of JWTs.  Current supported signing algorithms are HMAC SHA, RSA, RSA-PSS, and ECDSA, though hooks are present for adding your own.
+
+
 ### Adding zig-jwt as a dependency
 
 Add the dependency to your project:
@@ -102,6 +118,45 @@ The JWT library have signing methods:
  - `none`: jwt.SigningMethodNone
 
 
+### Sign PublicKey
+
+RSA PublicKey:
+~~~zig
+const secret_key = jwt.crypto_rsa.SecretKey;
+const public_key = jwt.crypto_rsa.PublicKey;
+
+// rsa no generate
+~~~
+
+ECDSA PublicKey:
+~~~zig
+const ecdsa = std.crypto.sign.ecdsa;
+
+const p256_secret_key = ecdsa.EcdsaP256Sha256.SecretKey;
+const p256_public_key = ecdsa.EcdsaP256Sha256.PublicKey;
+
+const p384_secret_key = ecdsa.EcdsaP384Sha384.SecretKey;
+const p384_public_key = ecdsa.EcdsaP384Sha384.PublicKey;
+
+// generate p256 public key
+const p256_kp = ecdsa.EcdsaP256Sha256.KeyPair.generate();
+
+// generate p384 public key
+const p384_kp = ecdsa.EcdsaP384Sha384.KeyPair.generate();
+~~~
+
+EdDSA PublicKey:
+~~~zig
+const Ed25519 = std.crypto.sign.Ed25519;
+
+const secret_key = Ed25519.SecretKey;
+const public_key = Ed25519.PublicKey;
+
+// generate public key
+const kp = Ed25519.KeyPair.generate();
+~~~
+
+
 ### LICENSE
 
 *  The library LICENSE is `Apache2`, using the library need keep the LICENSE.
diff --git a/build.zig.zon b/build.zig.zon
@@ -1,11 +1,12 @@
 .{
     .name = "zig-jwt",
-    .description = "A JWT library for zig.",
-    .version = "1.0.7",
+    .description = "A JWT (JSON Web Token) library for zig.",
+    .version = "1.0.8",
     .paths = .{
         "build.zig",
         "build.zig.zon",
         "LICENSE",
+        "README.md",
         "src",
     },
 }
diff --git a/src/jwt.zig b/src/jwt.zig
@@ -56,27 +56,27 @@ pub fn JWT(comptime Signer: type, comptime SecretKeyType: type, comptime PublicK
             };
         }
 
-        pub fn sign(self: Self, claims: anytype, key: SecretKeyType) ![]const u8 {
+        pub fn sign(self: Self, claims: anytype, secret_key: SecretKeyType) ![]const u8 {
             var t = token.Token.init(self.alloc);
             try t.setHeader(.{
                 .typ = "JWT",
                 .alg = self.signer.alg(),
             });
             try t.setClaims(claims);
 
-            const signed = try t.signingString();
+            const signing_string = try t.signingString();
             defer t.deinit();
 
-            const signed_string = try self.signer.sign(signed, key);
-            t.withSignature(signed_string);
+            const signature = try self.signer.sign(signing_string, secret_key);
+            t.withSignature(signature);
 
-            defer self.alloc.free(signed_string);
+            defer self.alloc.free(signature);
 
-            const sig = try t.signedString();
-            return sig;
+            const signed_token = try t.signedString();
+            return signed_token;
         }
 
-        pub fn parse(self: Self, token_string: []const u8, key: PublicKeyType) !token.Token {
+        pub fn parse(self: Self, token_string: []const u8, public_key: PublicKeyType) !token.Token {
             var t = token.Token.init(self.alloc);
             try t.parse(token_string);
 
@@ -88,15 +88,15 @@ pub fn JWT(comptime Signer: type, comptime SecretKeyType: type, comptime PublicK
                 return Error.JWTAlgoInvalid;
             }
 
-            const token_sign = t.getSignature();
+            const signature = t.getSignature();
     
-            const signed = try self.alloc.alloc(u8, token_sign.len);
-            @memcpy(signed[0..], token_sign[0..]);
+            const token_sign = try self.alloc.alloc(u8, signature.len);
+            @memcpy(token_sign[0..], signature[0..]);
 
-            defer self.alloc.free(signed);
+            defer self.alloc.free(token_sign);
 
-            const msg = try t.signingString();
-            if (!self.signer.verify(msg, signed, key)) {
+            const signing_string = try t.signingString();
+            if (!self.signer.verify(signing_string, token_sign, public_key)) {
                 return Error.JWTVerifyFail;
             }
 
