aut #24

2022-11-08 13:46:56 +08:00
parent 8206819d76
commit 51a8531955
3 changed files with 95 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+/release
--- a/ismism.ts/src/aut.ts
+++ b/ismism.ts/src/aut.ts
@ -0,0 +1,59 @@
+import * as base64url from "https://deno.land/std@0.162.0/encoding/base64url.ts"
+
+const alg = {
+	name: "RSASSA-PKCS1-v1_5",
+	modulusLength: 2048,
+	publicExponent: new Uint8Array([1, 0, 1]),
+	hash: "SHA-256",
+}
+const key = await crypto.subtle.generateKey(alg, true, ["sign", "verify"])
+const jwk = {
+	private: await crypto.subtle.exportKey("jwk", key.privateKey),
+	public: await crypto.subtle.exportKey("jwk", key.publicKey)
+}
+const jwk_url = "./jwk"
+await Deno.writeTextFile(jwk_url, JSON.stringify(jwk))
+const jwk_r: typeof jwk = JSON.parse(await Deno.readTextFile(jwk_url))
+const key_r = {
+	private: await crypto.subtle.importKey("jwk", jwk_r.private, alg, false, ["sign"]),
+	public: await crypto.subtle.importKey("jwk", jwk_r.public, alg, false, ["verify"]),
+}
+console.log(jwk_r)
+
+function json_to_base64url(
+	json: Record<string, string | number | boolean>
+): string {
+	const s = JSON.stringify(json)
+	const a = base64url.encode(s)
+	const b = base64url.encode(new TextEncoder().encode(s))
+	console.log(`base64url-s:\n${s}`)
+	console.log(`base64url-a:\n${a}`)
+	console.log(`base64url-b:\n${b}`)
+	return b
+}
+
+async function jwt(
+): Promise<string> {
+	const payload = {
+		uid: 728,
+		name: "728",
+		role: "admin",
+		iat: Date.now()
+	}
+	const p = json_to_base64url(payload)
+	const d = new TextEncoder().encode(p)
+	const sign = await crypto.subtle.sign(
+		"RSASSA-PKCS1-v1_5", key_r.private,
+		d
+	)
+	const s = base64url.encode(sign)
+	const v = await crypto.subtle.verify(
+		"RSASSA-PKCS1-v1_5", key_r.public,
+		base64url.decode(s), d
+	)
+	console.log(`verified: ${v}`)
+	return `${p}.${s}`
+}
+
+const t = await jwt()
+console.log(`jwt: ${t}`)
--- a/nginx.conf
+++ b/nginx.conf
@ -0,0 +1,35 @@
+events {
+}
+
+http {
+    server_tokens off;
+    ssl_protocols TLSv1.2 TLSv1.3;
+
+    types {
+        text/html html;
+        text/css css;
+        application/javascript js;
+        image/webp webp;
+    }
+
+    server {
+        listen 80;
+        root dist;
+        gzip on;
+
+        location = / {
+            try_files /index.html =404;
+        }
+
+        # location / {
+        #     types {
+        #     }
+        #     default_type text/plain;
+        #     return 418 "teapot $realpath_root $document_root";
+        # }
+
+        # location /red/ {
+        #     return 404 "";
+        # }
+    }
+}