crypto: add an example of how to verify jwt tokens (#15198)

vlib/crypto/README.md

@@ -51,6 +51,7 @@ import crypto.hmac
 import crypto.sha256
 import encoding.base64
 import json
+import time
 
 struct JwtHeader {
 	alg string
@@ -64,20 +65,30 @@ struct JwtPayload {
 }
 
 fn main() {
-	token := make_token()
+	sw := time.new_stopwatch()
-	println(token)
+	secret := 'your-256-bit-secret'
+	token := make_token(secret)
+	ok := auth_verify(secret, token)
+	dt := sw.elapsed().microseconds()
+	println('token: $token')
+	println('auth_verify(secret, token): $ok')
+	println('Elapsed time: $dt uS')
 }
 
-fn make_token() string {
+fn make_token(secret string) string {
-	secret := 'your-256-bit-secret'
-
 	header := base64.url_encode(json.encode(JwtHeader{'HS256', 'JWT'}).bytes())
 	payload := base64.url_encode(json.encode(JwtPayload{'1234567890', 'John Doe', 1516239022}).bytes())
 	signature := base64.url_encode(hmac.new(secret.bytes(), '${header}.$payload'.bytes(),
-		sha256.sum, sha256.block_size).bytestr().bytes())
+		sha256.sum, sha256.block_size))
-
 	jwt := '${header}.${payload}.$signature'
-
 	return jwt
 }
+
+fn auth_verify(secret string, token string) bool {
+	token_split := token.split('.')
+	signature_mirror := hmac.new(secret.bytes(), '${token_split[0]}.${token_split[1]}'.bytes(),
+		sha256.sum, sha256.block_size)
+	signature_from_token := base64.url_decode(token_split[2])
+	return hmac.equal(signature_from_token, signature_mirror)
+}
 ```