From b354d96163e2ba2103f7d8b101dae547eb4747fa Mon Sep 17 00:00:00 2001
From: Pawel Zelawski <pawel.zelawski@outlook.com>
Date: Mon, 14 Apr 2025 10:30:43 +0200
Subject: fix: Correct Bech32 address verification via dependency change

- Replaced faulty 'digibyte-message' dependency with 'bitcoinjs-message'.
- This resolves a critical bug where signatures from DigiByte Bech32 addresses (dgb1...) could not be verified due to issues in the old dependency chain.
- digiid-ts now correctly handles Legacy (D...), SegWit (S...), and Bech32 (dgb1...) address signature verification.
- Updated build configurations and addressed related linting issues revealed during testing.
---
 examples/generate-uri.ts            |  5 +++--
 examples/verify-callback-example.ts | 13 +++++++------
 examples/verify-callback.ts         | 12 +++++++++---
 3 files changed, 19 insertions(+), 11 deletions(-)

(limited to 'examples')

diff --git a/examples/generate-uri.ts b/examples/generate-uri.ts
index fbf4bb1..27d5401 100644
--- a/examples/generate-uri.ts
+++ b/examples/generate-uri.ts
@@ -10,7 +10,7 @@
 // Import directly from src for running locally before publishing
 // In a real project, you'd import from 'digiid-ts' after installing
 // Revert extension, ts-node should handle this when configured
-import { generateDigiIDUri, DigiIDError } from '../src/index'; 
+import { DigiIDError, generateDigiIDUri } from '../src/index';
 
 console.log('--- DigiID URI Generation Example ---');
 
@@ -26,6 +26,7 @@ try {
   console.log(`  Generated: ${secureUri}`);
   // Typically, you would now generate a QR code from secureUri
 } catch (error) {
+  // eslint-disable-next-line @typescript-eslint/no-explicit-any
   console.error('Error generating secure URI:', (error as Error).message);
 }
 
@@ -67,7 +68,7 @@ const invalidUrlOptions = {
 
 console.log('\nAttempting URI with Invalid URL (expecting error):');
 try {
-  generateDigiIDUri(invalidUrlOptions as any);
+  generateDigiIDUri(invalidUrlOptions);
 } catch (error) {
   if (error instanceof DigiIDError) {
     console.log(`  Caught expected DigiIDError: ${error.message}`);
diff --git a/examples/verify-callback-example.ts b/examples/verify-callback-example.ts
index c416d0a..a7334d4 100644
--- a/examples/verify-callback-example.ts
+++ b/examples/verify-callback-example.ts
@@ -3,7 +3,7 @@
 // Import directly from src for running locally before publishing
 // In a real project, you'd import from 'digiid-ts' after installing
 // Revert extension, ts-node should handle this when configured
-import { verifyDigiIDCallback, DigiIDCallbackData, DigiIDError } from '../src/index'; 
+import { DigiIDCallbackData, DigiIDError, verifyDigiIDCallback } from '../src/index';
 
 console.log('--- DigiID Callback Verification Example ---');
 
@@ -17,7 +17,8 @@ const EXPECTED_CALLBACK_URL = 'https://myapp.example.com/api/auth/digiid';
 const mockCallbackData: DigiIDCallbackData = {
   address: 'D7dVskXFpH8gTgZG9sN3d6dPUbJtZfJ2Vc', // A syntactically valid address
   // URI containing the expected callback and nonce
-  uri: `digiid://myapp.example.com/api/auth/digiid?x=${EXPECTED_NONCE}&u=0`, 
+  // eslint-disable-next-line no-unexpected-multiline // False positive likely due to template literal parsing?
+  uri: `digiid://myapp.example.com/api/auth/digiid?x=${EXPECTED_NONCE}&u=0`,
   // IMPORTANT: This is a placeholder signature! 
   // Real verification requires a valid signature generated by a wallet signing the URI.
   // This example will likely fail signature verification if run against the real library,
@@ -70,21 +71,21 @@ async function simulateVerification(data: DigiIDCallbackData, options: typeof ve
   // Example: Simulate a Nonce Mismatch
   console.log('\n--- Simulating Nonce Mismatch ---');
   await simulateVerification(
-    mockCallbackData, 
+    mockCallbackData,
     { ...verifyOptions, expectedNonce: 'DIFFERENT_NONCE' }
   );
 
   // Example: Simulate a URL Mismatch
   console.log('\n--- Simulating URL Mismatch ---');
   await simulateVerification(
-    mockCallbackData, 
+    mockCallbackData,
     { ...verifyOptions, expectedCallbackUrl: 'https://wrongsite.com/callback' }
   );
-  
+
   // Example: Simulate missing signature
   console.log('\n--- Simulating Missing Signature ---');
   await simulateVerification(
-    { ...mockCallbackData, signature: '' }, 
+    { ...mockCallbackData, signature: '' },
     verifyOptions
   );
 
diff --git a/examples/verify-callback.ts b/examples/verify-callback.ts
index a1df685..79edc65 100644
--- a/examples/verify-callback.ts
+++ b/examples/verify-callback.ts
@@ -5,8 +5,14 @@
  * The callback contains a signature that needs to be verified against the original challenge.
  */
 
-// Import directly from src for running locally before publishing
-// In a real project, you'd import from 'digiid-ts' after installing
-import { verifyDigiIDCallback, DigiIDError } from '../src/index';
+// This example assumes you have a basic Express.js server setup.
+// Run with: ts-node examples/verify-callback.ts
+
+// Import only what's needed
+
+// In-memory store for demo purposes. Replace with a database in production.
+// Store nonce => { expectedUrl: string, timestamp: number }
+const nonceStore = new Map<string, { expectedUrl: string; timestamp: number }>();
+const NONCE_EXPIRY_MS = 5 * 60 * 1000; // 5 minutes
 
 // ... existing code ... 
\ No newline at end of file
-- 
cgit v1.2.3