From 1f3be9985959469f4bdc05eedb19bbc6ff5c3961 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hitalo=20de=20Jesus=20do=20Ros=C3=A1rio=20Souza?=
 <63821277+enghitalo@users.noreply.github.com>
Date: Sun, 24 Jul 2022 04:27:21 -0300
Subject: [PATCH] crypto: add an example of how to verify jwt tokens (#15198)

---
 vlib/crypto/README.md | 27 +++++++++++++++++++--------
 1 file changed, 19 insertions(+), 8 deletions(-)

diff --git a/vlib/crypto/README.md b/vlib/crypto/README.md
index 34125116e..d3cfe479a 100644
--- a/vlib/crypto/README.md
+++ b/vlib/crypto/README.md
@@ -51,6 +51,7 @@ import crypto.hmac
 import crypto.sha256
 import encoding.base64
 import json
+import time
 
 struct JwtHeader {
 	alg string
@@ -64,20 +65,30 @@ struct JwtPayload {
 }
 
 fn main() {
-	token := make_token()
-	println(token)
-}
-
-fn make_token() string {
+	sw := time.new_stopwatch()
 	secret := 'your-256-bit-secret'
+	token := make_token(secret)
+	ok := auth_verify(secret, token)
+	dt := sw.elapsed().microseconds()
+	println('token: $token')
+	println('auth_verify(secret, token): $ok')
+	println('Elapsed time: $dt uS')
+}
 
+fn make_token(secret string) string {
 	header := base64.url_encode(json.encode(JwtHeader{'HS256', 'JWT'}).bytes())
 	payload := base64.url_encode(json.encode(JwtPayload{'1234567890', 'John Doe', 1516239022}).bytes())
 	signature := base64.url_encode(hmac.new(secret.bytes(), '${header}.$payload'.bytes(),
-		sha256.sum, sha256.block_size).bytestr().bytes())
-
+		sha256.sum, sha256.block_size))
 	jwt := '${header}.${payload}.$signature'
-
 	return jwt
 }
+
+fn auth_verify(secret string, token string) bool {
+	token_split := token.split('.')
+	signature_mirror := hmac.new(secret.bytes(), '${token_split[0]}.${token_split[1]}'.bytes(),
+		sha256.sum, sha256.block_size)
+	signature_from_token := base64.url_decode(token_split[2])
+	return hmac.equal(signature_from_token, signature_mirror)
+}
 ```
-- 
2.30.2