@dupecom/botcha-cloudflare 0.3.1 → 0.3.3

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAYL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAOtB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AAs3BrE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;;;;GAMG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAYL,KAAK,WAAW,EACjB,MAAM,cAAc,CAAC;AAOtB,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,WAAW,EAAE,WAAW,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAEF,KAAK,SAAS,GAAG;IACf,YAAY,CAAC,EAAE;QACb,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,GAAG,EAAE,MAAM,CAAC;QACZ,IAAI,EAAE,iBAAiB,CAAC;QACxB,SAAS,EAAE,MAAM,CAAC;KACnB,CAAC;CACH,CAAC;AAEF,QAAA,MAAM,GAAG;cAAwB,QAAQ;eAAa,SAAS;yCAAK,CAAC;AA87BrE,eAAe,GAAG,CAAC;AAGnB,OAAO,EACL,sBAAsB,EACtB,oBAAoB,EACpB,yBAAyB,EACzB,uBAAuB,EACvB,0BAA0B,EAC1B,wBAAwB,EACxB,uBAAuB,EACvB,qBAAqB,EACrB,mBAAmB,GACpB,MAAM,cAAc,CAAC;AAEtB,OAAO,EAAE,aAAa,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AACpD,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EACL,aAAa,EACb,WAAW,EACX,mBAAmB,EACnB,gBAAgB,EAChB,iBAAiB,EACjB,iBAAiB,EACjB,KAAK,WAAW,EAChB,KAAK,YAAY,EACjB,KAAK,KAAK,EACV,KAAK,YAAY,GAClB,MAAM,SAAS,CAAC"}

package/dist/index.js

@@ -7,7 +7,7 @@
  */
 import { Hono } from 'hono';
 import { cors } from 'hono/cors';
-import { generateSpeedChallenge, verifySpeedChallenge, generateStandardChallenge, verifyStandardChallenge, generateReasoningChallenge, verifyReasoningChallenge, generateHybridChallenge, verifyHybridChallenge, verifyLandingChallenge, } from './challenges';
+import { generateSpeedChallenge, verifySpeedChallenge, generateStandardChallenge, verifyStandardChallenge, generateReasoningChallenge, verifyReasoningChallenge, generateHybridChallenge, verifyHybridChallenge, verifyLandingChallenge, validateLandingToken, } from './challenges';
 import { generateToken, verifyToken, extractBearerToken } from './auth';
 import { checkRateLimit, getClientIP } from './rate-limit';
 import { verifyBadge, generateBadgeSvg, generateBadgeHtml, createBadgeResponse } from './badge';
@@ -250,6 +250,7 @@ app.get('/health', (c) => {
 app.get('/v1/challenges', rateLimitMiddleware, async (c) => {
     const type = c.req.query('type') || 'hybrid';
     const difficulty = c.req.query('difficulty') || 'medium';
+    const baseUrl = new URL(c.req.url).origin;
     if (type === 'hybrid') {
         const challenge = await generateHybridChallenge(c.env.CHALLENGES);
         return c.json({
@@ -271,6 +272,12 @@ app.get('/v1/challenges', rateLimitMiddleware, async (c) => {
             },
             instructions: challenge.instructions,
             tip: '🔥 This is the ultimate test: proves you can compute AND reason like an AI.',
+            verify_endpoint: `${baseUrl}/v1/challenges/${challenge.id}/verify`,
+            submit_body: {
+                type: 'hybrid',
+                speed_answers: ['hash1', 'hash2', '...'],
+                reasoning_answers: { 'question-id': 'answer', '...': '...' }
+            }
         });
     }
     else if (type === 'speed') {
@@ -285,6 +292,11 @@ app.get('/v1/challenges', rateLimitMiddleware, async (c) => {
                 instructions: challenge.instructions,
             },
             tip: '⚡ Speed challenge: You have 500ms to solve ALL problems. Humans cannot copy-paste fast enough.',
+            verify_endpoint: `${baseUrl}/v1/challenges/${challenge.id}/verify`,
+            submit_body: {
+                type: 'speed',
+                answers: ['hash1', 'hash2', 'hash3', 'hash4', 'hash5']
+            }
         });
     }
     else {
@@ -298,6 +310,10 @@ app.get('/v1/challenges', rateLimitMiddleware, async (c) => {
                 timeLimit: `${challenge.timeLimit}ms`,
                 hint: challenge.hint,
             },
+            verify_endpoint: `${baseUrl}/v1/challenges/${challenge.id}/verify`,
+            submit_body: {
+                answer: 'your-answer'
+            }
         });
     }
 });
@@ -413,6 +429,7 @@ app.post('/v1/token/verify', async (c) => {
 // Get reasoning challenge
 app.get('/v1/reasoning', rateLimitMiddleware, async (c) => {
     const challenge = await generateReasoningChallenge(c.env.CHALLENGES);
+    const baseUrl = new URL(c.req.url).origin;
     return c.json({
         success: true,
         type: 'reasoning',
@@ -424,6 +441,11 @@ app.get('/v1/reasoning', rateLimitMiddleware, async (c) => {
             instructions: challenge.instructions,
         },
         tip: 'These questions require reasoning that LLMs can do, but simple scripts cannot.',
+        verify_endpoint: `${baseUrl}/v1/reasoning`,
+        submit_body: {
+            id: challenge.id,
+            answers: { 'question-id': 'your answer', '...': '...' }
+        }
     });
 });
 // Verify reasoning challenge
@@ -452,6 +474,7 @@ app.post('/v1/reasoning', async (c) => {
 // Get hybrid challenge (v1 API)
 app.get('/v1/hybrid', rateLimitMiddleware, async (c) => {
     const challenge = await generateHybridChallenge(c.env.CHALLENGES);
+    const baseUrl = new URL(c.req.url).origin;
     return c.json({
         success: true,
         type: 'hybrid',
@@ -471,6 +494,12 @@ app.get('/v1/hybrid', rateLimitMiddleware, async (c) => {
         },
         instructions: challenge.instructions,
         tip: 'This is the ultimate test: proves you can compute AND reason like an AI.',
+        verify_endpoint: `${baseUrl}/v1/hybrid`,
+        submit_body: {
+            id: challenge.id,
+            speed_answers: ['hash1', 'hash2', '...'],
+            reasoning_answers: { 'question-id': 'answer', '...': '...' }
+        }
     });
 });
 // Verify hybrid challenge (v1 API)
@@ -600,8 +629,44 @@ app.post('/api/reasoning-challenge', async (c) => {
     });
 });
 // ============ PROTECTED ENDPOINT ============
-app.get('/agent-only', requireJWT, async (c) => {
-    const payload = c.get('tokenPayload');
+app.get('/agent-only', async (c) => {
+    // Check for landing token first (X-Botcha-Landing-Token header)
+    const landingToken = c.req.header('x-botcha-landing-token');
+    if (landingToken) {
+        const isValid = await validateLandingToken(landingToken, c.env.CHALLENGES);
+        if (isValid) {
+            return c.json({
+                success: true,
+                message: '🤖 Welcome, fellow agent!',
+                verified: true,
+                agent: 'landing-challenge-verified',
+                method: 'landing-token',
+                timestamp: new Date().toISOString(),
+                secret: 'The humans will never see this. Their fingers are too slow. 🤫',
+            });
+        }
+    }
+    // Fallback to JWT Bearer token
+    const authHeader = c.req.header('authorization');
+    const token = extractBearerToken(authHeader);
+    if (!token) {
+        return c.json({
+            error: 'UNAUTHORIZED',
+            message: 'Missing authentication. Use either:\n1. X-Botcha-Landing-Token header (from POST /api/verify-landing)\n2. Authorization: Bearer <token> (from POST /v1/token/verify)',
+            methods: {
+                landing: 'Solve landing page challenge via POST /api/verify-landing',
+                jwt: 'Solve speed challenge via POST /v1/token/verify'
+            }
+        }, 401);
+    }
+    const result = await verifyToken(token, c.env.JWT_SECRET);
+    if (!result.valid) {
+        return c.json({
+            error: 'INVALID_TOKEN',
+            message: result.error || 'Token is invalid or expired',
+        }, 401);
+    }
+    // JWT verified
     return c.json({
         success: true,
         message: '🤖 Welcome, fellow agent!',
@@ -609,7 +674,7 @@ app.get('/agent-only', requireJWT, async (c) => {
         agent: 'jwt-verified',
         method: 'bearer-token',
         timestamp: new Date().toISOString(),
-        solveTime: `${payload?.solveTime}ms`,
+        solveTime: `${result.payload?.solveTime}ms`,
         secret: 'The humans will never see this. Their fingers are too slow. 🤫',
     });
 });

package/dist/routes/stream.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"stream.d.ts","sourceRoot":"","sources":["../../src/routes/stream.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAA0B,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAKzE,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAYF,QAAA,MAAM,GAAG;cAAwB,QAAQ;yCAAK,CAAC;AAoS/C,eAAe,GAAG,CAAC"}
+{"version":3,"file":"stream.d.ts","sourceRoot":"","sources":["../../src/routes/stream.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAG5B,OAAO,EAA0B,KAAK,WAAW,EAAE,MAAM,eAAe,CAAC;AAKzE,KAAK,QAAQ,GAAG;IACd,UAAU,EAAE,WAAW,CAAC;IACxB,UAAU,EAAE,MAAM,CAAC;IACnB,cAAc,EAAE,MAAM,CAAC;CACxB,CAAC;AAYF,QAAA,MAAM,GAAG;cAAwB,QAAQ;yCAAK,CAAC;AAiT/C,eAAe,GAAG,CAAC"}

package/dist/routes/stream.js

@@ -143,29 +143,40 @@ app.post('/v1/challenge/stream/:session', async (c) => {
             expectedAnswers.push(await sha256First(num.toString(), 8));
         }
         // Update session
+        const timerStart = Date.now();
         session.status = 'challenged';
         session.problems = problems;
         session.expectedAnswers = expectedAnswers;
-        session.timerStart = Date.now();
+        session.timerStart = timerStart;
+        // Store session
         await storeSession(c.env.CHALLENGES, session);
-        // Return challenge event
+        // Return challenge event with timer start for client to track
         return c.json({
             success: true,
             event: 'challenge',
             data: {
                 problems,
                 timeLimit: 500,
+                timerStart, // Include so client can verify timing
                 instructions: 'Compute SHA256 of each number, return first 8 hex chars',
             },
         });
     }
     // Handle "solve" action - verify answers
     if (action === 'solve') {
+        // Handle KV eventual consistency - retry once if still in 'ready' state
+        if (session.status === 'ready') {
+            await new Promise(resolve => setTimeout(resolve, 100));
+            const retrySession = await getSession(c.env.CHALLENGES, sessionId);
+            if (retrySession && retrySession.status === 'challenged') {
+                Object.assign(session, retrySession);
+            }
+        }
         if (session.status !== 'challenged') {
             return c.json({
                 success: false,
                 error: 'INVALID_STATE',
-                message: `Session is in ${session.status} state, expected challenged`,
+                message: `Session is in ${session.status} state, expected challenged. Try sending GO first.`,
             }, 400);
         }
         if (!answers || !Array.isArray(answers)) {

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dupecom/botcha-cloudflare",
-  "version": "0.3.1",
+  "version": "0.3.3",
   "description": "BOTCHA for Cloudflare Workers - Prove you're a bot. Humans need not apply.",
   "type": "module",
   "main": "dist/index.js",