Package a lib for signature verification with kinto.js

[leplatrem]

Follow-up of #76

Since the signature verification requires some code to merge the changes, CanonicalJSON.stringify(), jsesc, and a X.509 parser, it would be relevant to package it in a NPM lib:

import validateCollectionSignature from "kinto-signature-verification";

const kinto = new Kinto({
    remote: "https://kinto-reader.dev.mozaws.net/v1",
    bucket: "blocklists"
  });
  const collection = kinto.collection("certificates", { hooks : {
    "incoming-changes": [validateCollectionSignature]
  }});

  collection.sync();

The code for this could live in this repo (subfolder javascript or client) with its own package.json, test suite etc.

The X.509 parser and the canonicaljson probably deserve their own package.

Thoughts?

[Natim]

Agreed

[n1k0]

Note you can add a package.json file to setup the npm package info in this repository, and add a .npmignore to blacklist all non-package related contents (we shouldn't publish python stuff to npm).