Update docs: Verifying in the Browser

[timkelty]

I'm trying to use this lib to verify a signature.

Following the "Verifying in the Browser" docs, I've found some issues:

• base64url dependency
  • The imported names don't match what base64url exports, at least with the current version
  • It appears this package comes with its own now, so it seems that should probably be used? import { base64 } from '@ltonetwork/http-message-signatures';
  • The signature for the verify function in the example is inaccurate (verifier should be 2nd argument)
  • The signature for the verifyHmac function in the example is inaccurate (signature: Uint8Array, not string)

I've tried to work through some of these things, and have TS happy, but still can't seem to get things verifying.

export async function verifyHmac(data: string, signature: Uint8Array, params: Parameters) {
	const keyData = new TextEncoder().encode('123456789');
	const algorithm = { name: 'HMAC', hash: 'SHA-256' };
	const key = await crypto.subtle.importKey('raw', keyData, algorithm, false, ['verify']);
	const encodedData = new TextEncoder().encode(data);
	const valid = await crypto.subtle.verify('HMAC', key, signature, encodedData);

	if (!valid) {
		throw new Error('Invalid signature');
	}

	return true;
}

export default {
	async fetch(request: Request, env: Env, ctx: ExecutionContext): Promise<Response> {
                try {
	                verify(request, verifyHmac);
                } catch(e: any) {
	                return new Response(e.message, {
		                status: 403,
	                });
                }
        }
}

[jasny]

Updated docs. All code examples need to be tested with the latest version.