software-station/frontend/src/lib/verifier.ts

import type { VerificationResult } from './types';

export async function loadVerifier() {
	if (typeof window === 'undefined') return null;
	if ((window as any).verifySHA256) return (window as any).verifySHA256;

	// Dynamically load wasm_exec.js if Go is not defined
	if (!(window as any).Go) {
		await new Promise<void>((resolve, reject) => {
			const script = document.createElement('script');
			script.src = '/verifier/wasm_exec.js';
			script.integrity = 'sha384-PWCs+V4BDf9yY1yjkD/p+9xNEs4iEbuvq+HezAOJiY3XL5GI6VyJXMsvnjiwNbce';
			script.crossOrigin = 'anonymous';
			script.onload = () => resolve();
			script.onerror = () => reject(new Error('Failed to load WASM executor script'));
			document.head.appendChild(script);
		});
	}

	const go = new (window as any).Go();
	const result = await WebAssembly.instantiateStreaming(
		fetch('/verifier/verifier.wasm', {
			integrity: 'sha384-fDQVhNAuumlwh5lh1AT6LiSLer1EQYa1G8TEJLCZvKXeUxYi2gn3QoI5YdNFtKW0',
			crossOrigin: 'anonymous'
		}),
		go.importObject
	);
	go.run(result.instance);
	return (window as any).verifySHA256;
}

export async function verifyAsset(
	data: ArrayBuffer,
	expectedHash: string
): Promise<VerificationResult> {
	const verify = await loadVerifier();
	if (!verify) {
		return {
			valid: false,
			steps: [],
			error: 'WASM verifier not available',
		};
	}

	return verify(new Uint8Array(data), expectedHash);
}