refactor: use @copilot-extensions/preview-sdk

copilot-extensions · Aug 26, 2024 · 89233db · 89233db
1 parent b4e876f
commit 89233db
Showing 1 changed file with 8 additions and 38 deletions.
diff --git a/src/validate-signature.ts b/src/validate-signature.ts
@@ -1,7 +1,5 @@
 import express, { type Request, Response, NextFunction } from "express";
-import crypto from "crypto";
-
-const GITHUB_KEYS_URI = "https://api.github.com/meta/public_keys/copilot_api";
+import { verify } from "@copilot-extensions/preview-sdk";
 
 interface GitHubKeysPayload {
   public_keys: Array<{
@@ -21,7 +19,12 @@ export async function verifySignatureMiddleware(
       const signature = req.get("GitHub-Public-Key-Signature") as string;
       const keyID = req.get("GitHub-Public-Key-Identifier") as string;
       const tokenForUser = req.get("X-GitHub-Token") as string;
-      await verifySignature(req.body, signature, keyID, tokenForUser);
+      if (!verify(req.body, signature, keyID, { token: tokenForUser })) {
+        console.log("Signature verification failed");
+        return res.status(401).send("Unauthorized");
+      }
+
+      console.log("Signature verified");
 
       req.body = JSON.parse(req.body.toString("utf-8"));
       next();
@@ -30,37 +33,4 @@ export async function verifySignatureMiddleware(
       res.status(401).send("Unauthorized");
     }
   });
-}
-
-async function verifySignature(
-  payload: string,
-  signature: string,
-  keyID: string,
-  tokenForUser: string | null
-): Promise<void> {
-  if (typeof payload !== "string" || payload.length === 0) {
-    throw new Error("Invalid payload");
-  }
-  if (typeof signature !== "string" || signature.length === 0) {
-    throw new Error("Invalid signature");
-  }
-  if (typeof keyID !== "string" || keyID.length === 0) {
-    throw new Error("Invalid keyID");
-  }
-
-  const keys = (await fetch(GITHUB_KEYS_URI, {
-    method: "GET",
-    headers: {
-      Authorization: `Bearer ${tokenForUser}`,
-    },
-  }).then((res) => res.json())) as GitHubKeysPayload;
-  const publicKey = keys.public_keys.find((k) => k.key_identifier === keyID);
-  if (!publicKey) {
-    throw new Error("No public key found matching key identifier");
-  }
-
-  const verify = crypto.createVerify("SHA256").update(payload);
-  if (!verify.verify(publicKey.key, signature, "base64")) {
-    throw new Error("Signature does not match payload");
-  }
-}
+}