From 8092ceaf10dd5951d0b5011fc8d5a05b49335a6e Mon Sep 17 00:00:00 2001
From: Pawel Zelawski <pawel.zelawski@outlook.com>
Date: Wed, 9 Apr 2025 19:12:23 +0200
Subject: feat: Implement DigiID URI generation and define core types

- Create initial source directory structure (src/).
- Define core interfaces (DigiIDUriOptions, DigiIDCallbackData, etc.) and DigiIDError class in src/types.ts.
- Set up main export file src/index.ts.
- Implement the generateDigiIDUri function in src/digiid.ts for creating DigiID authentication URIs according to the specification.
- Include helper function for generating secure nonces using Node crypto.
- Add TSDoc comments for clarity and maintainability.
---
 src/digiid.ts | 55 +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 55 insertions(+)
 create mode 100644 src/digiid.ts

(limited to 'src/digiid.ts')

diff --git a/src/digiid.ts b/src/digiid.ts
new file mode 100644
index 0000000..6322403
--- /dev/null
+++ b/src/digiid.ts
@@ -0,0 +1,55 @@
+import { randomBytes } from 'crypto';
+import { DigiIDUriOptions, DigiIDError } from './types';
+
+/**
+ * Generates a secure random nonce (hex string).
+ * @param length - The number of bytes to generate (default: 16, resulting in 32 hex chars).
+ * @returns A hex-encoded random string.
+ */
+function generateNonce(length = 16): string {
+  return randomBytes(length).toString('hex');
+}
+
+/**
+ * Generates a DigiID authentication URI.
+ *
+ * @param options - Options for URI generation, including the callback URL.
+ * @returns The generated DigiID URI string.
+ * @throws {DigiIDError} If the callback URL is invalid or missing.
+ */
+export function generateDigiIDUri(options: DigiIDUriOptions): string {
+  if (!options.callbackUrl) {
+    throw new DigiIDError('Callback URL is required.');
+  }
+
+  let parsedUrl: URL;
+  try {
+    parsedUrl = new URL(options.callbackUrl);
+  } catch (e) {
+    throw new DigiIDError(`Invalid callback URL: ${(e as Error).message}`);
+  }
+
+  // DigiID spec requires stripping the scheme (http/https)
+  const domainAndPath = parsedUrl.host + parsedUrl.pathname;
+
+  const nonce = options.nonce || generateNonce();
+  const unsecureFlag = options.unsecure ? '1' : '0'; // 1 for http, 0 for https
+
+  // Validate scheme based on unsecure flag
+  if (options.unsecure && parsedUrl.protocol !== 'http:') {
+    throw new DigiIDError('Unsecure flag is true, but callback URL does not use http protocol.');
+  }
+  if (!options.unsecure && parsedUrl.protocol !== 'https:') {
+    throw new DigiIDError('Callback URL must use https protocol unless unsecure flag is set to true.');
+  }
+
+  // Construct the URI
+  // Example: digiid://example.com/callback?x=nonce_value&u=0
+  const uri = `digiid://${domainAndPath}?x=${nonce}&u=${unsecureFlag}`;
+
+  // Clean up potential trailing slash in path if no query params exist (though DigiID always has params)
+  // This check might be redundant given DigiID structure, but good practice
+  // const cleanedUri = uri.endsWith('/') && parsedUrl.search === '' ? uri.slice(0, -1) : uri;
+
+  return uri;
+}
-- 
cgit v1.2.3