From e2c82a73974d9fd62ae725bd0653da115d5ff75e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Mark=20Lis=C3=A9?= <mark@digitalspace.ca>
Date: Mon, 7 Oct 2024 16:29:30 -0700
Subject: [PATCH] Updte logic

---
 handlers/authorizer/index.js | 42 +++++++++++++++++++++++++++---------
 1 file changed, 32 insertions(+), 10 deletions(-)

diff --git a/handlers/authorizer/index.js b/handlers/authorizer/index.js
index 79cb9b2..786fdbb 100644
--- a/handlers/authorizer/index.js
+++ b/handlers/authorizer/index.js
@@ -4,6 +4,12 @@ const jwt = require('jsonwebtoken');
 const { DynamoDBClient } = require('@aws-sdk/client-dynamodb');
 const jwkToPem = require('jwk-to-pem');
 const crypto = require('crypto');
+const awsjwtverify = require('aws-jwt-verify');
+const verifier = CognitoJwtVerifier.create({
+  userPoolId: "",
+  tokenUse: "access",
+  clientId: process.env.COGNITO_APP_CLIENT_ID,
+});
 
 exports.handler = async function (event, context, callback) {
   console.log(event);
@@ -36,7 +42,7 @@ exports.handler = async function (event, context, callback) {
     const joinedArnPrefix = arnPrefix.slice(0, 5).join(':');
     const apiIDString = arnPrefix[5];
     const apiString = apiIDString.split('/')[0];
-    const fullAPIMethods = joinedArnPrefix + ':' +apiString + '/' + process.env.STAGE_NAME + '/*';
+    const fullAPIMethods = joinedArnPrefix + ':' + apiString + '/' + process.env.STAGE_NAME + '/*';
 
     return generatePolicy(claims.sid, 'Allow', fullAPIMethods);
 
@@ -127,7 +133,7 @@ function validateToken(token) {
   console.log(keys[keyIndex]);
   const publicKey = jwkToPem(keys[keyIndex]);
 
-  console.log(publicKey);
+
 
   // get the last two sections of the token,
   // message and signature (encoded in base64)
@@ -136,16 +142,32 @@ function validateToken(token) {
   // decode the signature
   const decodedSignature = Buffer.from(encodedSignature, 'base64');
 
-  console.log(decodedSignature);
-  // verify the signature
-  const verify = crypto.createVerify(alg);
-  verify.update(message);
-  verify.end();
-  if (!verify.verify(publicKey, decodedSignature)) {
-    console.log('Signature verification failed');
-    throw 'Signature verification failed';
+  console.log("publickey", publicKey);
+  console.log("message:", message);
+  console.log("decodedSignature", decodedSignature);
+  console.log("encodedSignature", encodedSignature);
+  console.log("alg:", alg);
+  console.log("verification creating:", crypto.getHashes());
+
+  for (let i = 0; i < crypto.getHashes().length; i++) {
+    try {
+      const verify = crypto.createVerify((crypto.getHashes())[i]);
+
+      verify.update(message);
+      verify.end();
+      // console.log(publicKey, encodedSignature)
+      if (!verify.verify(publicKey, encodedSignature)) {
+        // console.log('Signature verification failed');
+        throw 'Signature verification failed';
+      }
+      console.log("verify:", (crypto.getHashes())[i]);
+      break;
+    } catch (e) {
+      // console.log("e:", e);
+    }
   }
 
+
   console.log('Signature successfully verified');
 
   // since we passed the verification, we can now safely