MCPcopy Create free account
hub / github.com/sourcebot-dev/sourcebot / verifySignature

Function verifySignature

packages/shared/src/crypto.ts:79–102  ·  view source on GitHub ↗
(data: string, signature: string, publicKeyPath: string)

Source from the content-addressed store, hash-verified

77}
78
79export function verifySignature(data: string, signature: string, publicKeyPath: string): boolean {
80 try {
81 let publicKey = publicKeyCache.get(publicKeyPath);
82
83 if (!publicKey) {
84 if (!fs.existsSync(publicKeyPath)) {
85 throw new Error(`Public key file not found at: ${publicKeyPath}`);
86 }
87
88 publicKey = fs.readFileSync(publicKeyPath, 'utf8');
89 publicKeyCache.set(publicKeyPath, publicKey);
90 }
91
92 // Convert base64url signature to base64 if needed
93 const base64Signature = signature.replace(/-/g, '+').replace(/_/g, '/');
94 const paddedSignature = base64Signature + '='.repeat((4 - base64Signature.length % 4) % 4);
95 const signatureBuffer = Buffer.from(paddedSignature, 'base64');
96
97 return crypto.verify(null, Buffer.from(data, 'utf8'), publicKey, signatureBuffer);
98 } catch (error) {
99 console.error('Error verifying signature:', error);
100 return false;
101 }
102}
103
104export const getTokenFromConfig = async (token: Token): Promise<string> => {
105 if ('env' in token) {

Callers 1

Calls

no outgoing calls

Tested by

no test coverage detected