npm - @byearlybird/crypto - Versions diffs - 0.2.0 → 0.3.0 - Mend

@byearlybird/crypto 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.d.mts CHANGED Viewed

@@ -10,6 +10,15 @@ type AuthPayload = {
   timestamp: number;
   bodyHash?: string;
 };
+type ValidateSuccess = {
+  ok: true;
+  data: AuthPayload;
+};
+type ValidateFailure = {
+  ok: false;
+  message: string;
+};
+type ValidateResult = ValidateSuccess | ValidateFailure;
 declare function deriveVaultId(publicKeyB64: string): Promise<string>;
 declare function createAuthHeader(args: {
   vaultId: string;
@@ -18,10 +27,14 @@ declare function createAuthHeader(args: {
   serializedBody?: string;
   privateKey: CryptoKey;
 }): Promise<string>;
-declare function parseAuthHeader(header: string): AuthPayload & {
-  signature: string;
-};
-declare function verifyAuthHeader(header: string, publicKey: CryptoKey): Promise<boolean>;
+declare function validateAuthHeader(header: string, options: {
+  publicKey: CryptoKey;
+  vaultId: string;
+  method: string;
+  path: string;
+  ttl: number;
+  body?: string;
+}): Promise<ValidateResult>;
 //#endregion
 //#region src/encryption.d.ts
 declare function generateEncryptionKey(extractable?: boolean): Promise<crypto0.webcrypto.CryptoKey>;
@@ -44,4 +57,4 @@ declare function bytesToBase64(bytes: Uint8Array): string;
 declare function base64ToBytes(base64: string): Uint8Array;
 declare function hashString(value: string): Promise<string>;
 //#endregion
-export { AuthPayload, base64ToBytes, bytesToBase64, createAuthHeader, decrypt, deriveVaultId, encrypt, exportEncryptionKey, exportPrivateKey, exportPublicKey, generateEncryptionKey, generateSigningKeyPair, hashString, importEncryptionKey, importPrivateKey, importPublicKey, parseAuthHeader, sign, verify, verifyAuthHeader };
+export { type AuthPayload, type ValidateFailure, type ValidateResult, type ValidateSuccess, base64ToBytes, bytesToBase64, createAuthHeader, decrypt, deriveVaultId, encrypt, exportEncryptionKey, exportPrivateKey, exportPublicKey, generateEncryptionKey, generateSigningKeyPair, hashString, importEncryptionKey, importPrivateKey, importPublicKey, sign, validateAuthHeader, verify };

package/dist/index.mjs CHANGED Viewed

@@ -1,6 +1,6 @@
 //#region src/signing.ts
 async function generateSigningKeyPair(extractable = false) {
-	return crypto.subtle.generateKey("Ed25519", extractable, ["sign", "verify"]);
+	return await crypto.subtle.generateKey("Ed25519", extractable, ["sign", "verify"]);
 }
 async function exportPublicKey(key) {
 	const spki = await crypto.subtle.exportKey("spki", key);
@@ -54,6 +54,53 @@ async function createAuthHeader(args) {
 	const payload = await generateAuthPayload(payloadArgs);
 	return makeAuthHeader(payload, await sign(makeCanonicalString(payload), privateKey));
 }
+async function validateAuthHeader(header, options) {
+	let parsed;
+	try {
+		parsed = parseAuthHeader(header);
+	} catch {
+		return {
+			ok: false,
+			message: "Malformed auth header"
+		};
+	}
+	const { signature,...payload } = parsed;
+	if (parsed.vaultId !== options.vaultId) return {
+		ok: false,
+		message: "Vault id mismatch"
+	};
+	if (parsed.method !== options.method) return {
+		ok: false,
+		message: "Method mismatch"
+	};
+	if (parsed.pathWithQuery !== options.path) return {
+		ok: false,
+		message: "Path mismatch"
+	};
+	if (Math.abs(Date.now() - parsed.timestamp) > options.ttl) return {
+		ok: false,
+		message: "Expired"
+	};
+	if (parsed.bodyHash) {
+		if (!options.body) return {
+			ok: false,
+			message: "Body hash mismatch"
+		};
+		const serverHash = await hashString(options.body);
+		if (parsed.bodyHash !== serverHash) return {
+			ok: false,
+			message: "Body hash mismatch"
+		};
+	}
+	if (!await verify(makeCanonicalString(payload), signature, options.publicKey)) return {
+		ok: false,
+		message: "Invalid signature"
+	};
+	return {
+		ok: true,
+		data: payload
+	};
+}
 function parseAuthHeader(header) {
 	const spaceIdx = header.indexOf(" ");
 	if (spaceIdx === -1) throw new Error("Malformed auth header: missing scheme separator");
@@ -88,10 +135,6 @@ function parseAuthHeader(header) {
 	if (bh) result.bodyHash = bh;
 	return result;
 }
-async function verifyAuthHeader(header, publicKey) {
-	const { signature,...payload } = parseAuthHeader(header);
-	return verify(makeCanonicalString(payload), signature, publicKey);
-}
 async function generateAuthPayload(args) {
 	const { serializedBody,...rest } = args;
 	const nonce = crypto.randomUUID();
@@ -168,4 +211,4 @@ async function decrypt(encoded, key) {
 }
 //#endregion
-export { base64ToBytes, bytesToBase64, createAuthHeader, decrypt, deriveVaultId, encrypt, exportEncryptionKey, exportPrivateKey, exportPublicKey, generateEncryptionKey, generateSigningKeyPair, hashString, importEncryptionKey, importPrivateKey, importPublicKey, parseAuthHeader, sign, verify, verifyAuthHeader };
+export { base64ToBytes, bytesToBase64, createAuthHeader, decrypt, deriveVaultId, encrypt, exportEncryptionKey, exportPrivateKey, exportPublicKey, generateEncryptionKey, generateSigningKeyPair, hashString, importEncryptionKey, importPrivateKey, importPublicKey, sign, validateAuthHeader, verify };

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@byearlybird/crypto",
-	"version": "0.2.0",
+	"version": "0.3.0",
 	"description": "Lightweight E2EE toolkit for web apps - zero dependencies + vault key security",
 	"type": "module",
 	"license": "MIT",