@devshub198211/devguard 2.0.2 → 2.0.3

package/dist/auth.d.cts

@@ -1,245 +0,0 @@
-interface JWTPayload {
-    sub?: string;
-    iss?: string;
-    aud?: string | string[];
-    exp?: number;
-    iat?: number;
-    nbf?: number;
-    jti?: string;
-    [key: string]: any;
-}
-interface VerifyResult {
-    valid: boolean;
-    payload?: JWTPayload;
-    error?: string;
-}
-interface JWKSKey {
-    kty: string;
-    kid?: string;
-    use?: string;
-    alg?: string;
-    n?: string;
-    e?: string;
-}
-declare function decodeJWT(token: string): {
-    header: any;
-    payload: JWTPayload;
-    sig: string;
-    signingInput: string;
-} | null;
-declare function signHMAC(payload: JWTPayload, secret: string, algorithm?: "HS256" | "HS512"): string;
-declare function verifyHMAC(token: string, secret: string, expectedAlg?: "HS256" | "HS512"): VerifyResult;
-declare function fetchJWKS(jwksUri: string): Promise<JWKSKey[]>;
-/** Expose cache management for long-running servers */
-declare const jwksCacheUtils: {
-    prune: () => number;
-    size: () => number;
-    destroy: () => void;
-};
-declare function verifyRS256(token: string, jwksUri: string): Promise<VerifyResult>;
-declare class RevocationList {
-    private revoked;
-    revoke(jti: string): void;
-    isRevoked(jti?: string): boolean;
-    revokedCount(): number;
-    prune(maxAgeMs?: number): number;
-    exportJSON(): string;
-    importJSON(json: string): void;
-}
-interface AnomalyReport {
-    score: number;
-    warnings: string[];
-    level: "safe" | "suspicious" | "dangerous";
-}
-declare function detectAnomalies(payload: JWTPayload, ctx?: {
-    expectedIss?: string;
-    expectedAud?: string;
-}): AnomalyReport;
-declare class JWTVerifier {
-    private opts;
-    private revocation;
-    constructor(opts: {
-        secret?: string;
-        jwksUri?: string;
-        expectedIss?: string;
-        expectedAud?: string;
-        expectedAlg?: "HS256" | "HS512";
-    });
-    verify(token: string): Promise<VerifyResult & {
-        anomalies?: AnomalyReport;
-    }>;
-    revoke(jti: string): void;
-    getRevocationList(): RevocationList;
-}
-
-/**
- * bot-fence v2.1 — Behavioral fingerprinting to distinguish humans from bots/AI agents.
- * Signals: UA analysis, header entropy, timing, mouse/keyboard patterns, TLS fingerprint.
- * Includes: rate-limit-per-IP, challenge system, whitelist/blacklist, IP normalization.
- * No external dependencies.
- */
-interface RequestFingerprint {
-    userAgent?: string;
-    ip?: string;
-    headers?: Record<string, string | string[] | undefined>;
-    timingMs?: number;
-    acceptLanguage?: string;
-    acceptEncoding?: string;
-    referer?: string;
-    origin?: string;
-    mouseEvents?: number;
-    keystrokeIntervals?: number[];
-    scrollEvents?: number;
-    touchEvents?: number;
-}
-interface BotScore {
-    score: number;
-    verdict: "human" | "likely_human" | "suspicious" | "bot";
-    signals: Array<{
-        signal: string;
-        weight: number;
-        matched: boolean;
-    }>;
-    recommendation: "allow" | "challenge" | "block";
-}
-declare function scoreRequest(fp: RequestFingerprint): BotScore;
-declare class IPRateLimiter {
-    private maxRequests;
-    private windowMs;
-    private blockDurationMs;
-    private windows;
-    private blocked;
-    private checkCount;
-    constructor(maxRequests?: number, windowMs?: number, blockDurationMs?: number);
-    check(ip: string): {
-        allowed: boolean;
-        remaining: number;
-        retryAfterMs?: number;
-    };
-    /** Prune stale windows and expired blocks to prevent memory growth */
-    prune(): void;
-}
-interface MiddlewareOptions {
-    blockThreshold?: number;
-    challengeThreshold?: number;
-    whitelist?: string[];
-    blacklist?: string[];
-    rateLimiter?: IPRateLimiter;
-    onBlock?: (fp: RequestFingerprint, score: BotScore) => void;
-}
-declare function createMiddleware(opts?: MiddlewareOptions): (req: any, res: any, next: any) => any;
-
-interface RPConfig {
-    rpId: string;
-    rpName: string;
-    origin: string;
-}
-interface RegistrationOptions {
-    challenge: string;
-    rp: {
-        id: string;
-        name: string;
-    };
-    user: {
-        id: string;
-        name: string;
-        displayName: string;
-    };
-    pubKeyCredParams: Array<{
-        type: "public-key";
-        alg: number;
-    }>;
-    timeout: number;
-    attestation: "none" | "direct";
-    authenticatorSelection?: {
-        userVerification?: "required" | "preferred" | "discouraged";
-        residentKey?: "required" | "preferred" | "discouraged";
-    };
-}
-interface AuthenticationOptions {
-    challenge: string;
-    rpId: string;
-    timeout: number;
-    userVerification: "required" | "preferred" | "discouraged";
-    allowCredentials?: Array<{
-        type: "public-key";
-        id: string;
-    }>;
-}
-interface StoredCredential {
-    credentialId: string;
-    publicKeyPem: string;
-    publicKeyAlg: number;
-    userId: string;
-    userHandle: string;
-    signCount: number;
-    createdAt: number;
-    lastUsedAt: number;
-    aaguid?: string;
-    transports?: string[];
-}
-interface VerificationResult {
-    verified: boolean;
-    credential?: StoredCredential;
-    error?: string;
-}
-declare class ChallengeStore {
-    private challenges;
-    create(ttlMs?: number): string;
-    consume(challenge: string): boolean;
-    private _prune;
-    /** Get the number of active challenges */
-    size(): number;
-}
-declare class CredentialStore {
-    private creds;
-    private byUser;
-    save(cred: StoredCredential): void;
-    get(credentialId: string): StoredCredential | undefined;
-    getByUser(userId: string): StoredCredential[];
-    update(credentialId: string, patch: Partial<StoredCredential>): void;
-    delete(credentialId: string): void;
-    exportJSON(): string;
-    importJSON(json: string): void;
-}
-declare function generateRegistrationOptions(opts: {
-    rpId: string;
-    rpName: string;
-    userId: string;
-    userName: string;
-    userDisplayName?: string;
-    challengeStore?: ChallengeStore;
-}): RegistrationOptions;
-declare function verifyRegistration(opts: {
-    response: {
-        clientDataJSON: string;
-        attestationObject: string;
-    };
-    expectedChallenge: string;
-    expectedOrigin: string;
-    expectedRpId: string;
-    userId: string;
-    challengeStore?: ChallengeStore;
-}): Promise<VerificationResult>;
-declare function generateAuthenticationOptions(opts: {
-    rpId: string;
-    challengeStore?: ChallengeStore;
-    allowCredentialIds?: string[];
-    userVerification?: "required" | "preferred" | "discouraged";
-}): AuthenticationOptions;
-declare function verifyAuthentication(opts: {
-    response: {
-        credentialId: string;
-        clientDataJSON: string;
-        authenticatorData: string;
-        signature: string;
-        userHandle?: string;
-    };
-    expectedChallenge: string;
-    expectedOrigin: string;
-    expectedRpId: string;
-    storedCredential: StoredCredential;
-    requireUserVerification?: boolean;
-}): Promise<VerificationResult>;
-
-export { type AnomalyReport, type AuthenticationOptions, type BotScore, ChallengeStore, CredentialStore, IPRateLimiter, type JWKSKey, type JWTPayload, JWTVerifier, type MiddlewareOptions, type RPConfig, type RegistrationOptions, type RequestFingerprint, RevocationList, type StoredCredential, type VerificationResult, type VerifyResult, createMiddleware, decodeJWT, detectAnomalies, fetchJWKS, generateAuthenticationOptions, generateRegistrationOptions, jwksCacheUtils, scoreRequest, signHMAC, verifyAuthentication, verifyHMAC, verifyRS256, verifyRegistration };