Added verify signature api service

src/lib/Login.svelte

@@ -2,7 +2,17 @@
   import Cookies from "js-cookie";
 
   async function login() {
-    const response = await fetch("/api/auth", { method: "POST" });
+    const response = await fetch("/api/auth", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+      },
+      body: JSON.stringify({
+        name: "Sam",
+        loggedIn: true,
+        roles: ["admin"],
+      }),
+    });
     if (!response.ok) {
       alert("Login failed");
     } else {

src/lib/Signer.svelte

@@ -68,63 +68,68 @@
         v: result.recid,
       });
 
-      // Display the signed JSON
-      status = JSON.stringify(messageToSign, null, 2);
-
-      // Verify the signature
-      const recoveredAddr = ethers.verifyMessage(jsonString, messageSignature);
-
-      // Check if the address associated with the signature is the same as the current PKP
-      const verified =
-        currentPKP.ethAddress.toLowerCase() === recoveredAddr.toLowerCase();
-
-      if (verified) {
-        status = "The signature is valid.";
-      } else {
-        status = "The signature is invalid.";
-      }
+      // verify();
     } catch (err) {
       console.error(err);
     }
   }
-
-  async function getJWT() {
-    var unifiedAccessControlConditions = [
-      {
-        conditionType: "evmBasic",
-        contractAddress: "",
-        standardContractType: "",
-        chain: "xdai",
-        method: "eth_getBalance",
-        parameters: [":userAddress", "latest"],
-        returnValueTest: {
-          comparator: ">=",
-          value: "10000000000000",
+  async function verify() {
+    const response = await fetch("/api/verify", {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
       },
-      },
-    ];
-
-    // Saving signing condition
-    await litNodeClient.saveSigningCondition({
-      unifiedAccessControlConditions,
-      sessionSigs,
-      resourceId: { test: "hello" },
-      chain: "litSessionSign",
+      body: JSON.stringify({
+        messageToSign,
+        messageSignature,
+        currentPKP,
+      }),
     });
-
-    // Retrieving a signature
-    let jwt = await litNodeClient.getSignedToken({
-      unifiedAccessControlConditions,
-      sessionSigs,
-      resourceId: { test: "hello" },
-    });
-
-    alert("JWT: " + jwt);
+    if (!response.ok) {
+      alert("verify failed");
+    } else {
+      let json = await response.json();
+      alert(json.verified ? "Signature valid" : "! Signature NOT valid !");
     }
+  }
+
+  // async function getJWT() {
+  //   var unifiedAccessControlConditions = [
+  //     {
+  //       conditionType: "evmBasic",
+  //       contractAddress: "",
+  //       standardContractType: "",
+  //       chain: "xdai",
+  //       method: "eth_getBalance",
+  //       parameters: [":userAddress", "latest"],
+  //       returnValueTest: {
+  //         comparator: ">=",
+  //         value: "10000000000000",
+  //       },
+  //     },
+  //   ];
+
+  //   // Saving signing condition
+  //   await litNodeClient.saveSigningCondition({
+  //     unifiedAccessControlConditions,
+  //     sessionSigs,
+  //     resourceId: { test: "hello" },
+  //     chain: "litSessionSign",
+  //   });
+
+  //   // Retrieving a signature
+  //   let jwt = await litNodeClient.getSignedToken({
+  //     unifiedAccessControlConditions,
+  //     sessionSigs,
+  //     resourceId: { test: "hello" },
+  //   });
+
+  //   alert("JWT: " + jwt);
+  // }
 </script>
 
 <button on:click={signMessageWithPKP}>Sign Message</button>
-<button on:click={getJWT}>Get JWT</button>
+<!-- <button on:click={getJWT}>Get JWT</button> -->
 
 {#if messageToSign}
   <pre>{JSON.stringify(messageToSign)}</pre>
@@ -140,4 +145,5 @@
     <h3>Signature</h3>
     <pre>{JSON.stringify(messageSignature)}</pre>
   </div>
+  <button on:click={verify}>Verify</button><br />
 {/if}

src/routes/api/auth/+server.ts

@@ -1,10 +1,11 @@
 import jwt from 'jsonwebtoken';
 import { error } from '@sveltejs/kit';
 
-const secretKey = 'mysecrettestkey';
+const secretKey = process.env.JWT_KEY;
 
-export async function POST() {
-  const token = jwt.sign({ name: 'Samuel', loggedIn: true, roles: ['admin'] }, secretKey);
+export async function POST({ request }) {
+  const user = await request.json();
+  const token = jwt.sign(user, secretKey);
   if (!token) {
     throw error(400, 'No token created.');
   }

src/routes/api/auth/session/+server.js

@@ -2,7 +2,7 @@
 import jwt from 'jsonwebtoken';
 import { error } from '@sveltejs/kit';
 
-const secretKey = 'mysecrettestkey';
+const secretKey = process.env.JWT_KEY;
 
 export async function GET({ request }) {
   const authHeader = request.headers.get('Authorization');

src/routes/api/login/+server.js

@@ -0,0 +1,13 @@
+import jwt from 'jsonwebtoken';
+import { error } from '@sveltejs/kit';
+
+const secretKey = process.env.JWT_KEY;
+
+export async function POST({ request }) {
+  const user = await request.json();
+  const token = jwt.sign(user, secretKey);
+  if (!token) {
+    throw error(400, 'No token created.');
+  }
+  return new Response(JSON.stringify({ token }), { status: 200 });
+}

src/routes/api/verify/+server.ts

@@ -0,0 +1,15 @@
+import { json } from '@sveltejs/kit';
+import { ethers } from 'ethers';
+
+export async function POST({ request }) {
+    const { messageToSign, messageSignature, currentPKP } = await request.json();
+
+    // Verify the signature
+    const jsonString = JSON.stringify(messageToSign);
+    const recoveredAddr = ethers.verifyMessage(jsonString, messageSignature);
+
+    // Check if the address associated with the signature is the same as the current PKP
+    const verified = currentPKP.ethAddress.toLowerCase() === recoveredAddr.toLowerCase();
+
+    return json({ verified }, { status: 200 });
+}