Update docs: Verifying in the Browser

[timkelty]

I'm trying to use this lib to verify a signature.

Following the "Verifying in the Browser" docs, I've found some issues:

• base64url dependency
  • The imported names don't match what base64url exports, at least with the current version
  • It appears this package comes with its own now, so it seems that should probably be used? import { base64 } from '@ltonetwork/http-message-signatures';
  • The signature for the verify function in the example is inaccurate (verifier should be 2nd argument)
  • The signature for the verifyHmac function in the example is inaccurate (signature: Uint8Array, not string)

I've tried to work through some of these things, and have TS happy, but still can't seem to get things verifying.

export async function verifyHmac(data: string, signature: Uint8Array, params: Parameters) {
    const keyData = new TextEncoder().encode('123456789');
    const algorithm = { name: 'HMAC', hash: 'SHA-256' };
    const key = await crypto.subtle.importKey('raw', keyData, algorithm, false, ['verify']);
    const encodedData = new TextEncoder().encode(data);
    const valid = await crypto.subtle.verify('HMAC', key, signature, encodedData);

    if (!valid) {
        throw new Error('Invalid signature');
    }

    return true;
}

export default {
    async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
                try {
                    verify(request, verifyHmac);
                } catch(e: any) {
                    return new Response(e.message, {
                        status: 403,
                    });
                }
        }
}

[jasny]

Updated docs. All code examples need to be tested with the latest version.