index.html

<html>
  <head>
    <title>SAFE Web App Sample</title>
    <script src="./bower_components/jquery/dist/jquery.min.js"></script>
    <script src="./bower_components/tweetnacl/nacl-fast.min.js"></script>
    <script src="./bower_components/base64-js/base64js.min.js"></script>
    <script>
      var authToken;
      var symmKey;
      var symmNonce;
      var authorise = function() {
        var asymKeys = nacl.box.keyPair();
        var asymNonce = nacl.randomBytes(nacl.box.nonceLength);
        var authPayload = {
          app: {
            id: 'com.samp-company.web',
            name: 'Safe Web Sample',
            vendor: 'Sample-Company',
            version: '0.1'
          },
          publicKey: base64js.fromByteArray(asymKeys.publicKey),
          nonce: base64js.fromByteArray(asymNonce),
          permissions: []
        };

        $.ajax({
          method: 'POST',
          url: 'http://api.safenet/auth',
          headers: {
            'content-type': 'application/json'
          },
          data: JSON.stringify(authPayload)
        })
        .done(function(response) {
          var launcherPubKey = base64js.toByteArray(response.publicKey);
          authToken = response.token;
          var encryptedKey = base64js.toByteArray(response.encryptedKey);
          var key = nacl.box.open(encryptedKey, asymNonce, launcherPubKey, asymKeys.secretKey);
          symmKey = key.slice(0, nacl.secretbox.keyLength);
          symmNonce = key.slice(nacl.secretbox.keyLength);
          alert('Obtained Auth token');
        })
        .fail(function (res) {
          alert('Request Failed: \n status: ' + res.status + '\n Msg: ' + res.responseText);
        });
      };

      var getPublicId = function() {
        $.ajax({
          method: 'GET',
          url: 'http://api.safenet/dns',
          headers: {
            'Authorization': 'Bearer ' + authToken
          }
        })
        .done(function(response) {
          var encryptedData = base64js.toByteArray(response);
          var publicIds = base64js.fromByteArray(nacl.secretbox.open(encryptedData, symmNonce, symmKey));
          publicIds = JSON.parse(atob(publicIds));
          alert('ID :: ' + publicIds[0]);
        })
        .fail(function (res) {
          alert('Request Failed: \n status: ' + res.status + '\n Msg: ' + res.responseText);
        });
      };
    </script>
  </head>
  <body>
    <h3>
      Click on the buttons to invoke the API
    </h3>
    <div>
      <button onclick="authorise()">Authorise</button>
      <button onclick="getPublicId()">Get Public ID</button>
    </div>
</html>