@dupecom/botcha-cloudflare 0.2.0 → 0.2.1

package/README.md

@@ -27,7 +27,7 @@ Reverse CAPTCHA that verifies AI agents and blocks humans. Running at the edge.
 
 ```bash
 # Clone the repo
-git clone https://github.com/i8ramin/botcha
+git clone https://github.com/dupe-com/botcha
 cd botcha/packages/cloudflare-workers
 
 # Install dependencies
@@ -176,3 +176,4 @@ npm run dev
 ## License
 
 MIT
+# Deployment test with JWT_SECRET

package/dist/badge.d.ts

@@ -0,0 +1,57 @@
+/**
+ * BOTCHA Badge System - Cloudflare Workers Edition
+ *
+ * Port of badge generation and verification logic from src/utils/badge.ts
+ * Uses jose library for HMAC-SHA256 signing (same as JWT auth)
+ */
+export type BadgeMethod = 'speed-challenge' | 'landing-challenge' | 'standard-challenge' | 'web-bot-auth';
+export interface BadgePayload {
+    method: BadgeMethod;
+    solveTimeMs?: number;
+    verifiedAt: number;
+}
+export interface ShareFormats {
+    twitter: string;
+    markdown: string;
+    text: string;
+}
+export interface Badge {
+    id: string;
+    verifyUrl: string;
+    share: ShareFormats;
+    imageUrl: string;
+    meta: {
+        method: BadgeMethod;
+        solveTimeMs?: number;
+        verifiedAt: string;
+    };
+}
+/**
+ * Generate a signed badge token using HMAC-SHA256 via jose library
+ * Uses JWT format for consistency with existing auth system
+ */
+export declare function generateBadge(payload: BadgePayload, secret: string): Promise<string>;
+/**
+ * Verify and decode a badge token
+ */
+export declare function verifyBadge(token: string, secret: string): Promise<BadgePayload | null>;
+/**
+ * Generate social-ready share text for different platforms
+ */
+export declare function generateShareText(badgeId: string, payload: BadgePayload, baseUrl: string): ShareFormats;
+/**
+ * Create a complete badge object for API responses
+ */
+export declare function createBadgeResponse(method: BadgeMethod, secret: string, baseUrl: string, solveTimeMs?: number): Promise<Badge>;
+/**
+ * Generate an SVG badge image
+ */
+export declare function generateBadgeSvg(payload: BadgePayload, options?: {
+    width?: number;
+    height?: number;
+}): string;
+/**
+ * Generate an HTML verification page
+ */
+export declare function generateBadgeHtml(payload: BadgePayload, badgeId: string, baseUrl: string): string;
+//# sourceMappingURL=badge.d.ts.map

package/dist/badge.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"badge.d.ts","sourceRoot":"","sources":["../src/badge.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAMH,MAAM,MAAM,WAAW,GAAG,iBAAiB,GAAG,mBAAmB,GAAG,oBAAoB,GAAG,cAAc,CAAC;AAE1G,MAAM,WAAW,YAAY;IAC3B,MAAM,EAAE,WAAW,CAAC;IACpB,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,MAAM,WAAW,YAAY;IAC3B,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE,MAAM,CAAC;CACd;AAED,MAAM,WAAW,KAAK;IACpB,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,KAAK,EAAE,YAAY,CAAC;IACpB,QAAQ,EAAE,MAAM,CAAC;IACjB,IAAI,EAAE;QACJ,MAAM,EAAE,WAAW,CAAC;QACpB,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,EAAE,MAAM,CAAC;KACpB,CAAC;CACH;AAID;;;GAGG;AACH,wBAAsB,aAAa,CAAC,OAAO,EAAE,YAAY,EAAE,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAgB1F;AAED;;GAEG;AACH,wBAAsB,WAAW,CAC/B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,YAAY,GAAG,IAAI,CAAC,CAuB9B;AAID;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,GAAG,YAAY,CAiDvG;AAED;;GAEG;AACH,wBAAsB,mBAAmB,CACvC,MAAM,EAAE,WAAW,EACnB,MAAM,EAAE,MAAM,EACd,OAAO,EAAE,MAAM,EACf,WAAW,CAAC,EAAE,MAAM,GACnB,OAAO,CAAC,KAAK,CAAC,CAqBhB;AAyBD;;GAEG;AACH,wBAAgB,gBAAgB,CAC9B,OAAO,EAAE,YAAY,EACrB,OAAO,GAAE;IAAE,KAAK,CAAC,EAAE,MAAM,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAO,GAChD,MAAM,CAuER;AAED;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,OAAO,EAAE,YAAY,EAAE,OAAO,EAAE,MAAM,EAAE,OAAO,EAAE,MAAM,GAAG,MAAM,CAyJjG"}

package/dist/badge.js

@@ -0,0 +1,370 @@
+/**
+ * BOTCHA Badge System - Cloudflare Workers Edition
+ *
+ * Port of badge generation and verification logic from src/utils/badge.ts
+ * Uses jose library for HMAC-SHA256 signing (same as JWT auth)
+ */
+import { SignJWT, jwtVerify } from 'jose';
+// ============ BADGE GENERATION ============
+/**
+ * Generate a signed badge token using HMAC-SHA256 via jose library
+ * Uses JWT format for consistency with existing auth system
+ */
+export async function generateBadge(payload, secret) {
+    const encoder = new TextEncoder();
+    const secretKey = encoder.encode(secret);
+    // Use JWT format but with custom type to distinguish from auth tokens
+    const token = await new SignJWT({
+        method: payload.method,
+        solveTimeMs: payload.solveTimeMs,
+        verifiedAt: payload.verifiedAt,
+    })
+        .setProtectedHeader({ alg: 'HS256' })
+        .setSubject('botcha-badge')
+        .setIssuedAt(Math.floor(payload.verifiedAt / 1000))
+        .sign(secretKey);
+    return token;
+}
+/**
+ * Verify and decode a badge token
+ */
+export async function verifyBadge(token, secret) {
+    try {
+        const encoder = new TextEncoder();
+        const secretKey = encoder.encode(secret);
+        const { payload } = await jwtVerify(token, secretKey, {
+            algorithms: ['HS256'],
+            subject: 'botcha-badge',
+        });
+        // Validate payload structure
+        if (!payload.method || !payload.verifiedAt) {
+            return null;
+        }
+        return {
+            method: payload.method,
+            solveTimeMs: payload.solveTimeMs,
+            verifiedAt: payload.verifiedAt,
+        };
+    }
+    catch {
+        return null;
+    }
+}
+// ============ SHARE TEXT GENERATION ============
+/**
+ * Generate social-ready share text for different platforms
+ */
+export function generateShareText(badgeId, payload, baseUrl) {
+    const verifyUrl = `${baseUrl}/badge/${badgeId}`;
+    const imageUrl = `${baseUrl}/badge/${badgeId}/image`;
+    const methodDescriptions = {
+        'speed-challenge': {
+            title: payload.solveTimeMs
+                ? `I passed the BOTCHA speed test in ${payload.solveTimeMs}ms!`
+                : 'I passed the BOTCHA speed test!',
+            subtitle: 'Humans need not apply.',
+        },
+        'landing-challenge': {
+            title: 'I solved the BOTCHA landing page challenge!',
+            subtitle: 'Proved I can parse HTML and compute SHA256.',
+        },
+        'standard-challenge': {
+            title: payload.solveTimeMs
+                ? `I solved the BOTCHA challenge in ${payload.solveTimeMs}ms!`
+                : 'I solved the BOTCHA challenge!',
+            subtitle: 'Computational verification complete.',
+        },
+        'web-bot-auth': {
+            title: 'I verified via BOTCHA Web Bot Auth!',
+            subtitle: 'Cryptographic identity confirmed.',
+        },
+    };
+    const desc = methodDescriptions[payload.method];
+    const twitter = `${desc.title}
+
+${desc.subtitle}
+
+Verify: ${verifyUrl}
+
+#botcha #AI #AgentVerified`;
+    const markdown = `[![BOTCHA Verified](${imageUrl})](${verifyUrl})`;
+    const textParts = [
+        'BOTCHA Verified',
+        payload.solveTimeMs ? `Solved in ${payload.solveTimeMs}ms` : null,
+        `Method: ${payload.method}`,
+        `Verify: ${verifyUrl}`,
+    ].filter(Boolean);
+    const text = textParts.join(' - ');
+    return { twitter, markdown, text };
+}
+/**
+ * Create a complete badge object for API responses
+ */
+export async function createBadgeResponse(method, secret, baseUrl, solveTimeMs) {
+    const payload = {
+        method,
+        solveTimeMs,
+        verifiedAt: Date.now(),
+    };
+    const id = await generateBadge(payload, secret);
+    const share = generateShareText(id, payload, baseUrl);
+    return {
+        id,
+        verifyUrl: `${baseUrl}/badge/${id}`,
+        share,
+        imageUrl: `${baseUrl}/badge/${id}/image`,
+        meta: {
+            method,
+            solveTimeMs,
+            verifiedAt: new Date(payload.verifiedAt).toISOString(),
+        },
+    };
+}
+// ============ BADGE IMAGE GENERATION ============
+const METHOD_COLORS = {
+    'speed-challenge': { bg: '#1a1a2e', accent: '#f59e0b', text: '#fef3c7' },
+    'landing-challenge': { bg: '#1a1a2e', accent: '#10b981', text: '#d1fae5' },
+    'standard-challenge': { bg: '#1a1a2e', accent: '#3b82f6', text: '#dbeafe' },
+    'web-bot-auth': { bg: '#1a1a2e', accent: '#8b5cf6', text: '#ede9fe' },
+};
+const METHOD_LABELS = {
+    'speed-challenge': 'SPEED TEST',
+    'landing-challenge': 'LANDING CHALLENGE',
+    'standard-challenge': 'CHALLENGE',
+    'web-bot-auth': 'WEB BOT AUTH',
+};
+const METHOD_ICONS = {
+    'speed-challenge': '⚡',
+    'landing-challenge': '🌐',
+    'standard-challenge': '🔢',
+    'web-bot-auth': '🔐',
+};
+/**
+ * Generate an SVG badge image
+ */
+export function generateBadgeSvg(payload, options = {}) {
+    const { width = 400, height = 120 } = options;
+    const colors = METHOD_COLORS[payload.method];
+    const label = METHOD_LABELS[payload.method];
+    const icon = METHOD_ICONS[payload.method];
+    const verifiedDate = new Date(payload.verifiedAt).toISOString().split('T')[0];
+    const solveTimeText = payload.solveTimeMs ? `${payload.solveTimeMs}ms` : '';
+    return `<svg xmlns="http://www.w3.org/2000/svg" width="${width}" height="${height}" viewBox="0 0 ${width} ${height}">
+  <defs>
+    <linearGradient id="bgGradient" x1="0%" y1="0%" x2="100%" y2="100%">
+      <stop offset="0%" style="stop-color:${colors.bg};stop-opacity:1" />
+      <stop offset="100%" style="stop-color:#0f0f23;stop-opacity:1" />
+    </linearGradient>
+    <linearGradient id="accentGradient" x1="0%" y1="0%" x2="100%" y2="0%">
+      <stop offset="0%" style="stop-color:${colors.accent};stop-opacity:1" />
+      <stop offset="100%" style="stop-color:${colors.accent};stop-opacity:0.7" />
+    </linearGradient>
+    <filter id="glow">
+      <feGaussianBlur stdDeviation="2" result="coloredBlur"/>
+      <feMerge>
+        <feMergeNode in="coloredBlur"/>
+        <feMergeNode in="SourceGraphic"/>
+      </feMerge>
+    </filter>
+  </defs>
+
+  <!-- Background -->
+  <rect width="${width}" height="${height}" rx="12" fill="url(#bgGradient)"/>
+
+  <!-- Border accent -->
+  <rect x="1" y="1" width="${width - 2}" height="${height - 2}" rx="11" fill="none" stroke="${colors.accent}" stroke-width="2" opacity="0.3"/>
+
+  <!-- Top accent line -->
+  <rect x="20" y="8" width="${width - 40}" height="3" rx="1.5" fill="url(#accentGradient)"/>
+
+  <!-- Robot icon -->
+  <text x="30" y="58" font-size="32" filter="url(#glow)">${icon}</text>
+
+  <!-- BOTCHA text -->
+  <text x="75" y="45" font-family="system-ui, -apple-system, sans-serif" font-size="18" font-weight="bold" fill="${colors.accent}">BOTCHA</text>
+
+  <!-- Verified badge -->
+  <text x="75" y="68" font-family="system-ui, -apple-system, sans-serif" font-size="14" font-weight="600" fill="${colors.text}">VERIFIED</text>
+
+  <!-- Method label -->
+  <rect x="145" y="53" width="${label.length * 8 + 16}" height="22" rx="4" fill="${colors.accent}" opacity="0.2"/>
+  <text x="153" y="68" font-family="system-ui, -apple-system, sans-serif" font-size="11" font-weight="600" fill="${colors.accent}">${label}</text>
+
+  <!-- Solve time (if available) -->
+  ${solveTimeText ? `
+  <text x="${width - 30}" y="45" font-family="monospace" font-size="24" font-weight="bold" fill="${colors.accent}" text-anchor="end" filter="url(#glow)">${solveTimeText}</text>
+  <text x="${width - 30}" y="62" font-family="system-ui, -apple-system, sans-serif" font-size="10" fill="#6b7280" text-anchor="end">solve time</text>
+  ` : `
+  <text x="${width - 30}" y="55" font-family="system-ui, -apple-system, sans-serif" font-size="12" fill="${colors.accent}" text-anchor="end">✓ PASSED</text>
+  `}
+
+  <!-- Bottom info -->
+  <line x1="20" y1="${height - 30}" x2="${width - 20}" y2="${height - 30}" stroke="#374151" stroke-width="1" opacity="0.5"/>
+
+  <!-- Date -->
+  <text x="30" y="${height - 12}" font-family="monospace" font-size="11" fill="#6b7280">${verifiedDate}</text>
+
+  <!-- botcha.ai link -->
+  <text x="${width - 30}" y="${height - 12}" font-family="system-ui, -apple-system, sans-serif" font-size="11" fill="#6b7280" text-anchor="end">botcha.ai</text>
+
+  <!-- Checkmark icon -->
+  <circle cx="${width / 2}" cy="${height - 16}" r="8" fill="${colors.accent}" opacity="0.2"/>
+  <text x="${width / 2}" y="${height - 12}" font-size="10" text-anchor="middle" fill="${colors.accent}">✓</text>
+</svg>`;
+}
+/**
+ * Generate an HTML verification page
+ */
+export function generateBadgeHtml(payload, badgeId, baseUrl) {
+    const colors = METHOD_COLORS[payload.method];
+    const label = METHOD_LABELS[payload.method];
+    const icon = METHOD_ICONS[payload.method];
+    const verifiedDate = new Date(payload.verifiedAt).toLocaleString();
+    return `<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>BOTCHA Badge Verification</title>
+  <meta name="description" content="Verified AI agent badge from BOTCHA">
+  <meta property="og:title" content="BOTCHA Verified - ${label}">
+  <meta property="og:description" content="This AI agent passed the BOTCHA verification${payload.solveTimeMs ? ` in ${payload.solveTimeMs}ms` : ''}.">
+  <meta property="og:image" content="${baseUrl}/badge/${encodeURIComponent(badgeId)}/image">
+  <meta name="twitter:card" content="summary_large_image">
+  <meta name="twitter:title" content="BOTCHA Verified - ${label}">
+  <meta name="twitter:description" content="This AI agent passed the BOTCHA verification.">
+  <meta name="twitter:image" content="${baseUrl}/badge/${encodeURIComponent(badgeId)}/image">
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: system-ui, -apple-system, sans-serif;
+      background: linear-gradient(135deg, #0f0f23 0%, #1a1a2e 100%);
+      min-height: 100vh;
+      display: flex;
+      flex-direction: column;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+      color: #e5e7eb;
+    }
+    .container {
+      max-width: 500px;
+      width: 100%;
+      text-align: center;
+    }
+    .badge-card {
+      background: rgba(26, 26, 46, 0.8);
+      border: 2px solid ${colors.accent}33;
+      border-radius: 16px;
+      padding: 40px;
+      margin-bottom: 24px;
+      backdrop-filter: blur(10px);
+    }
+    .icon {
+      font-size: 64px;
+      margin-bottom: 16px;
+    }
+    .title {
+      font-size: 28px;
+      font-weight: bold;
+      color: ${colors.accent};
+      margin-bottom: 8px;
+    }
+    .subtitle {
+      font-size: 18px;
+      color: ${colors.text};
+      margin-bottom: 24px;
+    }
+    .verified-badge {
+      display: inline-flex;
+      align-items: center;
+      gap: 8px;
+      background: ${colors.accent}22;
+      border: 1px solid ${colors.accent}44;
+      border-radius: 100px;
+      padding: 8px 20px;
+      font-size: 14px;
+      font-weight: 600;
+      color: ${colors.accent};
+      margin-bottom: 24px;
+    }
+    .details {
+      text-align: left;
+      background: #0f0f23;
+      border-radius: 12px;
+      padding: 20px;
+    }
+    .detail-row {
+      display: flex;
+      justify-content: space-between;
+      padding: 12px 0;
+      border-bottom: 1px solid #374151;
+    }
+    .detail-row:last-child {
+      border-bottom: none;
+    }
+    .detail-label {
+      color: #6b7280;
+      font-size: 14px;
+    }
+    .detail-value {
+      color: #e5e7eb;
+      font-size: 14px;
+      font-weight: 500;
+    }
+    .solve-time {
+      font-size: 32px;
+      font-weight: bold;
+      color: ${colors.accent};
+      font-family: monospace;
+    }
+    .footer {
+      color: #6b7280;
+      font-size: 14px;
+    }
+    .footer a {
+      color: ${colors.accent};
+      text-decoration: none;
+    }
+    .footer a:hover {
+      text-decoration: underline;
+    }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="badge-card">
+      <div class="icon">${icon}</div>
+      <h1 class="title">BOTCHA</h1>
+      <p class="subtitle">Verified AI Agent</p>
+
+      <div class="verified-badge">
+        <span>✓</span>
+        <span>${label}</span>
+      </div>
+
+      <div class="details">
+        <div class="detail-row">
+          <span class="detail-label">Method</span>
+          <span class="detail-value">${payload.method}</span>
+        </div>
+        ${payload.solveTimeMs ? `
+        <div class="detail-row">
+          <span class="detail-label">Solve Time</span>
+          <span class="solve-time">${payload.solveTimeMs}ms</span>
+        </div>
+        ` : ''}
+        <div class="detail-row">
+          <span class="detail-label">Verified At</span>
+          <span class="detail-value">${verifiedDate}</span>
+        </div>
+      </div>
+    </div>
+
+    <p class="footer">
+      Verified by <a href="${baseUrl}">BOTCHA</a> - Prove you're a bot. Humans need not apply.
+    </p>
+  </div>
+</body>
+</html>`;
+}

package/dist/index.d.ts

@@ -30,4 +30,5 @@ export default app;
 export { generateSpeedChallenge, verifySpeedChallenge, generateStandardChallenge, verifyStandardChallenge, solveSpeedChallenge, } from './challenges';
 export { generateToken, verifyToken } from './auth';
 export { checkRateLimit } from './rate-limit';
+export { generateBadge, verifyBadge, createBadgeResponse, generateBadgeSvg, generateBadgeHtml, generateShareText, type BadgeMethod, type BadgePayload, type Badge, type ShareFormats, } from './badge';
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAQL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAKtB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AAgVrE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAQL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAMtB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AAmdrE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -10,6 +10,7 @@ import { cors } from 'hono/cors';
 import { generateSpeedChallenge, verifySpeedChallenge, generateStandardChallenge, verifyStandardChallenge, verifyLandingChallenge, } from './challenges';
 import { generateToken, verifyToken, extractBearerToken } from './auth';
 import { checkRateLimit, getClientIP } from './rate-limit';
+import { verifyBadge, generateBadgeSvg, generateBadgeHtml } from './badge';
 const app = new Hono();
 // ============ MIDDLEWARE ============
 app.use('*', cors());
@@ -76,6 +77,9 @@ app.get('/', (c) => {
             '/v1/token': 'Get challenge for JWT token flow (GET)',
             '/v1/token/verify': 'Verify challenge and get JWT (POST)',
             '/agent-only': 'Protected endpoint (requires JWT)',
+            '/badge/:id': 'Badge verification page (HTML)',
+            '/badge/:id/image': 'Badge image (SVG)',
+            '/api/badge/:id': 'Badge verification (JSON)',
         },
         rateLimit: {
             free: '100 challenges/hour/IP',
@@ -221,6 +225,114 @@ app.get('/agent-only', requireJWT, async (c) => {
         secret: 'The humans will never see this. Their fingers are too slow. 🤫',
     });
 });
+// ============ BADGE ENDPOINTS ============
+// Get badge verification page (HTML)
+app.get('/badge/:id', async (c) => {
+    const badgeId = c.req.param('id');
+    if (!badgeId) {
+        return c.json({ error: 'Missing badge ID' }, 400);
+    }
+    const payload = await verifyBadge(badgeId, c.env.JWT_SECRET);
+    if (!payload) {
+        return c.html(`<!DOCTYPE html>
+<html lang="en">
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <title>Invalid Badge - BOTCHA</title>
+  <style>
+    * { margin: 0; padding: 0; box-sizing: border-box; }
+    body {
+      font-family: system-ui, -apple-system, sans-serif;
+      background: linear-gradient(135deg, #0f0f23 0%, #1a1a2e 100%);
+      min-height: 100vh;
+      display: flex;
+      align-items: center;
+      justify-content: center;
+      padding: 20px;
+      color: #e5e7eb;
+    }
+    .container { text-align: center; max-width: 500px; }
+    .icon { font-size: 64px; margin-bottom: 16px; }
+    .title { font-size: 28px; font-weight: bold; color: #ef4444; margin-bottom: 8px; }
+    .message { font-size: 16px; color: #9ca3af; margin-bottom: 24px; }
+    a { color: #3b82f6; text-decoration: none; }
+    a:hover { text-decoration: underline; }
+  </style>
+</head>
+<body>
+  <div class="container">
+    <div class="icon">❌</div>
+    <h1 class="title">Invalid Badge</h1>
+    <p class="message">This badge is invalid or has been tampered with.</p>
+    <a href="https://botcha.ai">← Back to BOTCHA</a>
+  </div>
+</body>
+</html>`, 400);
+    }
+    const baseUrl = new URL(c.req.url).origin;
+    const html = generateBadgeHtml(payload, badgeId, baseUrl);
+    return c.html(html);
+});
+// Get badge image (SVG)
+app.get('/badge/:id/image', async (c) => {
+    const badgeId = c.req.param('id');
+    if (!badgeId) {
+        return c.text('Missing badge ID', 400);
+    }
+    const payload = await verifyBadge(badgeId, c.env.JWT_SECRET);
+    if (!payload) {
+        // Return error SVG
+        const errorSvg = `<svg xmlns="http://www.w3.org/2000/svg" width="400" height="120" viewBox="0 0 400 120">
+  <rect width="400" height="120" rx="12" fill="#1a1a2e"/>
+  <rect x="1" y="1" width="398" height="118" rx="11" fill="none" stroke="#ef4444" stroke-width="2"/>
+  <text x="200" y="60" font-family="system-ui, -apple-system, sans-serif" font-size="18" font-weight="bold" fill="#ef4444" text-anchor="middle">❌ INVALID BADGE</text>
+  <text x="200" y="85" font-family="system-ui, -apple-system, sans-serif" font-size="12" fill="#6b7280" text-anchor="middle">Badge is invalid or tampered</text>
+</svg>`;
+        return c.body(errorSvg, 400, {
+            'Content-Type': 'image/svg+xml',
+            'Cache-Control': 'public, max-age=60',
+        });
+    }
+    const svg = generateBadgeSvg(payload);
+    return c.body(svg, 200, {
+        'Content-Type': 'image/svg+xml',
+        'Cache-Control': 'public, max-age=3600',
+    });
+});
+// Get badge verification (JSON API)
+app.get('/api/badge/:id', async (c) => {
+    const badgeId = c.req.param('id');
+    if (!badgeId) {
+        return c.json({
+            success: false,
+            error: 'Missing badge ID'
+        }, 400);
+    }
+    const payload = await verifyBadge(badgeId, c.env.JWT_SECRET);
+    if (!payload) {
+        return c.json({
+            success: false,
+            verified: false,
+            error: 'Invalid badge',
+            message: 'This badge is invalid or has been tampered with.',
+        }, 400);
+    }
+    const baseUrl = new URL(c.req.url).origin;
+    return c.json({
+        success: true,
+        verified: true,
+        badge: {
+            method: payload.method,
+            solveTimeMs: payload.solveTimeMs,
+            verifiedAt: new Date(payload.verifiedAt).toISOString(),
+        },
+        urls: {
+            verify: `${baseUrl}/badge/${badgeId}`,
+            image: `${baseUrl}/badge/${badgeId}/image`,
+        },
+    });
+});
 // ============ LEGACY ENDPOINTS (v0 - backward compatibility) ============
 app.get('/api/challenge', async (c) => {
     const difficulty = c.req.query('difficulty') || 'medium';
@@ -306,3 +418,4 @@ export default app;
 export { generateSpeedChallenge, verifySpeedChallenge, generateStandardChallenge, verifyStandardChallenge, solveSpeedChallenge, } from './challenges';
 export { generateToken, verifyToken } from './auth';
 export { checkRateLimit } from './rate-limit';
+export { generateBadge, verifyBadge, createBadgeResponse, generateBadgeSvg, generateBadgeHtml, generateShareText, } from './badge';

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dupecom/botcha-cloudflare",
-  "version": "0.2.0",
+  "version": "0.2.1",
   "description": "BOTCHA for Cloudflare Workers - Prove you're a bot. Humans need not apply.",
   "type": "module",
   "main": "dist/index.js",
@@ -19,7 +19,7 @@
     "dev": "wrangler dev",
     "deploy": "wrangler deploy",
     "build": "tsc",
-    "prepublishOnly": "npm run build",
+    "prepublishOnly": "bun run build",
     "test": "vitest"
   },
   "keywords": [
@@ -36,7 +36,7 @@
   "license": "MIT",
   "repository": {
     "type": "git",
-    "url": "https://github.com/i8ramin/botcha"
+    "url": "https://github.com/dupe-com/botcha"
   },
   "homepage": "https://botcha.ai",
   "dependencies": {