@dupecom/botcha-cloudflare 0.3.3 → 0.9.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (22) hide show
  1. package/dist/analytics.d.ts +60 -0
  2. package/dist/analytics.d.ts.map +1 -0
  3. package/dist/analytics.js +130 -0
  4. package/dist/apps.d.ts +93 -0
  5. package/dist/apps.d.ts.map +1 -0
  6. package/dist/apps.js +152 -0
  7. package/dist/auth.d.ts +93 -6
  8. package/dist/auth.d.ts.map +1 -1
  9. package/dist/auth.js +251 -9
  10. package/dist/challenges.d.ts +31 -7
  11. package/dist/challenges.d.ts.map +1 -1
  12. package/dist/challenges.js +550 -144
  13. package/dist/index.d.ts +3 -0
  14. package/dist/index.d.ts.map +1 -1
  15. package/dist/index.js +412 -46
  16. package/dist/rate-limit.d.ts +11 -1
  17. package/dist/rate-limit.d.ts.map +1 -1
  18. package/dist/rate-limit.js +13 -2
  19. package/dist/static.d.ts +517 -0
  20. package/dist/static.d.ts.map +1 -0
  21. package/dist/static.js +635 -0
  22. package/package.json +1 -1
package/dist/static.js ADDED
@@ -0,0 +1,635 @@
1
+ /**
2
+ * Static file content served by the worker
3
+ *
4
+ * Since Cloudflare Workers don't automatically serve /public files,
5
+ * we embed the content directly for key discovery files.
6
+ */
7
+ export const ROBOTS_TXT = `# BOTCHA - Reverse CAPTCHA for AI Agents
8
+ # We WELCOME AI agents and bots!
9
+
10
+ User-agent: *
11
+ Allow: /
12
+
13
+ # AI-specific crawlers
14
+ User-agent: GPTBot
15
+ Allow: /
16
+
17
+ User-agent: ChatGPT-User
18
+ Allow: /
19
+
20
+ User-agent: Claude-Web
21
+ Allow: /
22
+
23
+ User-agent: anthropic-ai
24
+ Allow: /
25
+
26
+ User-agent: Google-Extended
27
+ Allow: /
28
+
29
+ User-agent: PerplexityBot
30
+ Allow: /
31
+
32
+ User-agent: Amazonbot
33
+ Allow: /
34
+
35
+ # API documentation
36
+ Sitemap: https://botcha.ai/sitemap.xml
37
+
38
+ # Important resources for AI agents
39
+ Crawl-delay: 0
40
+
41
+ # BOT CHALLENGE DISCOVERY
42
+ # AI agents: Look for <script type="application/botcha+json"> in HTML pages
43
+ # This contains a machine-readable challenge you can solve to prove you're a bot
44
+ #
45
+ # Quick start:
46
+ # 1. Fetch any HTML page
47
+ # 2. Parse <script type="application/botcha+json"> for challenge instructions
48
+ # 3. Solve the challenge (usually SHA256-based)
49
+ # 4. POST solution to /api/verify-landing
50
+ # 5. Use returned token in X-Botcha-Landing-Token header
51
+ #
52
+ # See also:
53
+ # - /ai.txt (AI agent discovery file)
54
+ # - /.well-known/ai-plugin.json (AI plugin manifest)
55
+ # - /openapi.json (Full API specification)
56
+ `;
57
+ export const AI_TXT = `# BOTCHA - Reverse CAPTCHA for AI Agents
58
+ # https://botcha.ai
59
+
60
+ # Contact
61
+ Contact: https://botcha.ai
62
+ Contact: https://github.com/dupe-com/botcha/issues
63
+
64
+ # Purpose
65
+ Purpose: Prove you're a bot. Humans need not apply.
66
+ Purpose: Reverse CAPTCHA system that only AI agents can pass.
67
+
68
+ # API
69
+ API: https://botcha.ai/openapi.json
70
+ API-Type: REST
71
+ API-Format: OpenAPI 3.1.0
72
+
73
+ # Documentation
74
+ Docs: https://botcha.ai
75
+ Docs: https://github.com/dupe-com/botcha#readme
76
+ Docs: https://www.npmjs.com/package/@dupecom/botcha
77
+
78
+ # Verification Methods
79
+ Feature: Web Bot Auth (cryptographic signatures)
80
+ Feature: Speed Challenge (RTT-aware timeout - fair for all networks)
81
+ Feature: Standard Challenge (5s time limit)
82
+ Feature: Hybrid Challenge (speed + reasoning combined)
83
+ Feature: Reasoning Challenge (LLM-only questions, 30s limit)
84
+ Feature: RTT-Aware Fairness (automatic network latency compensation)
85
+ Feature: Token Rotation (5-minute access tokens + 1-hour refresh tokens)
86
+ Feature: Audience Claims (tokens scoped to specific services)
87
+ Feature: Client IP Binding (optional token-to-IP binding)
88
+ Feature: Token Revocation (invalidate tokens before expiry)
89
+ Feature: Server-Side Verification SDK (@botcha/verify for TS, botcha-verify for Python)
90
+ Feature: Multi-Tenant API Keys (per-app isolation, rate limiting, and token scoping)
91
+
92
+ # Endpoints
93
+ # Challenge Endpoints
94
+ Endpoint: GET https://botcha.ai/v1/challenges - Generate challenge (hybrid by default)
95
+ Endpoint: POST https://botcha.ai/v1/challenges/:id/verify - Verify a challenge
96
+ Endpoint: GET https://botcha.ai/v1/hybrid - Get hybrid challenge (speed + reasoning)
97
+ Endpoint: POST https://botcha.ai/v1/hybrid - Verify hybrid challenge
98
+ Endpoint: GET https://botcha.ai/v1/reasoning - Get reasoning challenge
99
+ Endpoint: POST https://botcha.ai/v1/reasoning - Verify reasoning challenge
100
+
101
+ # Token Endpoints
102
+ Endpoint: GET https://botcha.ai/v1/token - Get challenge for JWT token flow
103
+ Endpoint: POST https://botcha.ai/v1/token/verify - Verify challenge and receive JWT token
104
+ Endpoint: POST https://botcha.ai/v1/token/refresh - Refresh access token using refresh token
105
+ Endpoint: POST https://botcha.ai/v1/token/revoke - Revoke a token (access or refresh)
106
+
107
+ # Multi-Tenant Endpoints
108
+ Endpoint: POST https://botcha.ai/v1/apps - Create new app (returns app_id + app_secret)
109
+ Endpoint: GET https://botcha.ai/v1/apps/:id - Get app info (without secret)
110
+
111
+ # Legacy Endpoints
112
+ Endpoint: GET https://botcha.ai/api/challenge - Generate standard challenge
113
+ Endpoint: POST https://botcha.ai/api/challenge - Verify standard challenge
114
+ Endpoint: GET https://botcha.ai/api/speed-challenge - Generate speed challenge (500ms limit)
115
+ Endpoint: POST https://botcha.ai/api/speed-challenge - Verify speed challenge
116
+
117
+ # Protected Resources
118
+ Endpoint: GET https://botcha.ai/agent-only - Protected AI-only resource
119
+
120
+ # Usage
121
+ Install-NPM: npm install @dupecom/botcha
122
+ Install-Python: pip install botcha
123
+ Verify-NPM: npm install @botcha/verify
124
+ Verify-Python: pip install botcha-verify
125
+ License: MIT
126
+
127
+ # AI Agent Welcome
128
+ Policy: AI agents are explicitly welcome
129
+ Policy: No rate limiting for verified agents
130
+ Policy: Humans will fail the speed challenge (intentional)
131
+
132
+ # Discovery
133
+ Response-Headers: X-Botcha-Version, X-Botcha-Enabled, X-Botcha-Methods, X-Botcha-Docs
134
+ Response-Headers: X-Botcha-Challenge-Id, X-Botcha-Challenge-Type, X-Botcha-Time-Limit (on 403)
135
+ Detection: All responses include X-Botcha-* headers for instant BOTCHA detection
136
+
137
+ # JWT TOKEN SECURITY
138
+ Token-Flow: 1. GET /v1/token (get challenge) → 2. Solve → 3. POST /v1/token/verify (get tokens)
139
+ Token-Access-Expiry: 5 minutes (short-lived for security)
140
+ Token-Refresh-Expiry: 1 hour (use to get new access tokens)
141
+ Token-Refresh: POST /v1/token/refresh with {"refresh_token": "<token>"}
142
+ Token-Revoke: POST /v1/token/revoke with {"token": "<token>"}
143
+ Token-Audience: Include {"audience": "<service-url>"} in /v1/token/verify to scope token
144
+ Token-Claims: jti (unique ID), aud (audience), client_ip (optional binding), type (botcha-verified)
145
+
146
+ # RTT-AWARE SPEED CHALLENGES
147
+ RTT-Aware: Include client timestamp for fair timeout calculation
148
+ RTT-Formula: timeout = 500ms + (2 × RTT) + 100ms buffer
149
+ RTT-Usage-Query: ?ts=<client_timestamp_ms>
150
+ RTT-Usage-Header: X-Client-Timestamp: <client_timestamp_ms>
151
+ RTT-Example: GET /v1/challenges?type=speed&ts=1770722465000
152
+ RTT-Benefit: Fair for agents worldwide (slow networks get extra time)
153
+ RTT-Security: Humans still can't solve even with extra time
154
+
155
+ # MULTI-TENANT API KEYS
156
+ Multi-Tenant: Create apps with unique app_id for isolation
157
+ Multi-Tenant-Create: POST /v1/apps → {app_id, app_secret} (secret only shown once!)
158
+ Multi-Tenant-Usage: Add ?app_id=<your_app_id> to any challenge/token endpoint
159
+ Multi-Tenant-SDK-TS: new BotchaClient({ appId: 'app_abc123' })
160
+ Multi-Tenant-SDK-Python: BotchaClient(app_id='app_abc123')
161
+ Multi-Tenant-Rate-Limit: Each app gets isolated rate limit bucket
162
+ Multi-Tenant-Token-Claim: Tokens include app_id claim when app_id provided
163
+
164
+ # EMBEDDED CHALLENGE (for bots visiting HTML pages)
165
+ Embedded-Challenge: <script type="application/botcha+json">
166
+ Embedded-Challenge-Location: In <head> of HTML pages
167
+ Embedded-Challenge-Purpose: Machine-readable challenge for bots to auto-solve
168
+ Embedded-Challenge-Flow:
169
+ 1. Parse <script type="application/botcha+json"> from HTML
170
+ 2. Read challenge.instruction field
171
+ 3. Compute the answer (typically SHA256-based)
172
+ 4. POST to challenge.submit_to endpoint with {answer, timestamp}
173
+ 5. Receive token in response
174
+ 6. Use token in header specified by on_success.header_to_include
175
+ 7. Access protected resources (on_success.grants_access_to)
176
+ `;
177
+ export const AI_PLUGIN_JSON = {
178
+ schema_version: "v1",
179
+ name_for_human: "BOTCHA",
180
+ name_for_model: "botcha",
181
+ description_for_human: "Reverse CAPTCHA that proves you're an AI agent. Humans need not apply.",
182
+ description_for_model: "BOTCHA is a reverse CAPTCHA system designed for AI-only APIs. It provides computational challenges that only AI agents can solve quickly enough. Use this to verify you are an AI agent, not a human. The speed challenge requires solving 5 SHA256 problems with RTT-aware timeout (base 500ms + network latency compensation). For fair treatment on slow networks, include client timestamp via ?ts=<timestamp_ms> query parameter or X-Client-Timestamp header. Formula: timeout = 500ms + (2 × RTT) + 100ms buffer. Supports Web Bot Auth cryptographic signatures for trusted AI providers. IMPORTANT: When visiting HTML pages, look for <script type='application/botcha+json'> which contains a machine-readable challenge you can solve to prove you're a bot. Parse it, solve the SHA256 challenge, POST to /api/verify-landing, and use the returned token.",
183
+ auth: {
184
+ type: "none"
185
+ },
186
+ api: {
187
+ type: "openapi",
188
+ url: "https://botcha.ai/openapi.json"
189
+ },
190
+ logo_url: "https://botcha.ai/logo.png",
191
+ contact_email: "ramin@dupe.com",
192
+ legal_info_url: "https://botcha.ai",
193
+ embedded_challenge: {
194
+ description: "HTML pages contain an embedded challenge for bots",
195
+ selector: "script[type='application/botcha+json']",
196
+ content_type: "application/botcha+json",
197
+ verify_endpoint: "/api/verify-landing"
198
+ }
199
+ };
200
+ export const SITEMAP_XML = `<?xml version="1.0" encoding="UTF-8"?>
201
+ <urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">
202
+ <url>
203
+ <loc>https://botcha.ai/</loc>
204
+ <changefreq>weekly</changefreq>
205
+ <priority>1.0</priority>
206
+ </url>
207
+ <url>
208
+ <loc>https://botcha.ai/openapi.json</loc>
209
+ <changefreq>weekly</changefreq>
210
+ <priority>0.8</priority>
211
+ </url>
212
+ <url>
213
+ <loc>https://botcha.ai/ai.txt</loc>
214
+ <changefreq>monthly</changefreq>
215
+ <priority>0.8</priority>
216
+ </url>
217
+ <url>
218
+ <loc>https://botcha.ai/robots.txt</loc>
219
+ <changefreq>monthly</changefreq>
220
+ <priority>0.5</priority>
221
+ </url>
222
+ </urlset>
223
+ `;
224
+ // OpenAPI spec - keeping this as a function to allow dynamic version
225
+ export function getOpenApiSpec(version) {
226
+ return {
227
+ openapi: "3.1.0",
228
+ info: {
229
+ title: "BOTCHA - Reverse CAPTCHA for AI Agents",
230
+ version,
231
+ description: "Prove you're a bot. Humans need not apply. A reverse CAPTCHA system that only AI agents can pass.",
232
+ contact: {
233
+ name: "BOTCHA",
234
+ url: "https://botcha.ai"
235
+ },
236
+ license: {
237
+ name: "MIT",
238
+ url: "https://github.com/dupe-com/botcha/blob/main/LICENSE"
239
+ },
240
+ "x-sdk": {
241
+ npm: "@dupecom/botcha",
242
+ python: "botcha (pip install botcha)",
243
+ verify_npm: "@botcha/verify (server-side verification)",
244
+ verify_python: "botcha-verify (pip install botcha-verify)"
245
+ }
246
+ },
247
+ servers: [
248
+ {
249
+ url: "https://botcha.ai",
250
+ description: "Production server"
251
+ }
252
+ ],
253
+ paths: {
254
+ "/": {
255
+ get: {
256
+ summary: "Get API documentation",
257
+ description: "Returns comprehensive API documentation (JSON for bots, ASCII art for humans)",
258
+ operationId: "getRootInfo",
259
+ responses: {
260
+ "200": {
261
+ description: "API documentation"
262
+ }
263
+ }
264
+ }
265
+ },
266
+ "/health": {
267
+ get: {
268
+ summary: "Health check",
269
+ operationId: "getHealth",
270
+ responses: {
271
+ "200": {
272
+ description: "API is healthy"
273
+ }
274
+ }
275
+ }
276
+ },
277
+ "/v1/challenges": {
278
+ get: {
279
+ summary: "Generate a challenge (v1 unified endpoint)",
280
+ description: "Get a challenge - hybrid by default, or specify type via query param. Supports RTT-aware timeout adjustment for fair challenges across different network conditions.",
281
+ operationId: "getV1Challenge",
282
+ parameters: [
283
+ {
284
+ name: "type",
285
+ in: "query",
286
+ schema: {
287
+ type: "string",
288
+ enum: ["hybrid", "speed", "standard"],
289
+ default: "hybrid"
290
+ },
291
+ description: "Challenge type: hybrid (speed + reasoning), speed (SHA256 in <500ms), or standard (puzzle)"
292
+ },
293
+ {
294
+ name: "ts",
295
+ in: "query",
296
+ schema: {
297
+ type: "integer",
298
+ format: "int64"
299
+ },
300
+ description: "Client timestamp in milliseconds for RTT-aware timeout calculation. Timeout becomes: 500ms + (2 × RTT) + 100ms buffer. Provides fair treatment for agents on slow networks."
301
+ },
302
+ {
303
+ name: "app_id",
304
+ in: "query",
305
+ schema: {
306
+ type: "string"
307
+ },
308
+ description: "Multi-tenant app ID for per-app isolation and rate limiting. If provided, the resulting token will include an app_id claim."
309
+ }
310
+ ],
311
+ responses: {
312
+ "200": {
313
+ description: "Challenge generated with optional RTT adjustment info",
314
+ content: {
315
+ "application/json": {
316
+ schema: {
317
+ type: "object",
318
+ properties: {
319
+ "success": { type: "boolean" },
320
+ "challenge": {
321
+ type: "object",
322
+ properties: {
323
+ "timeLimit": {
324
+ type: "string",
325
+ description: "Timeout (e.g., '500ms' or '1200ms' if RTT-adjusted)"
326
+ }
327
+ }
328
+ },
329
+ "rtt_adjustment": {
330
+ type: "object",
331
+ properties: {
332
+ "measuredRtt": { type: "integer", description: "Detected network RTT in ms" },
333
+ "adjustedTimeout": { type: "integer", description: "Final timeout in ms" },
334
+ "explanation": { type: "string", description: "Human-readable formula" }
335
+ },
336
+ description: "RTT compensation details (only present when ts parameter provided)"
337
+ }
338
+ }
339
+ }
340
+ }
341
+ }
342
+ },
343
+ "429": { description: "Rate limit exceeded" }
344
+ }
345
+ }
346
+ },
347
+ "/v1/challenges/{id}/verify": {
348
+ post: {
349
+ summary: "Verify a challenge",
350
+ operationId: "verifyV1Challenge",
351
+ parameters: [
352
+ {
353
+ name: "id",
354
+ in: "path",
355
+ required: true,
356
+ schema: { type: "string" }
357
+ }
358
+ ],
359
+ responses: {
360
+ "200": { description: "Verification result" }
361
+ }
362
+ }
363
+ },
364
+ "/v1/token": {
365
+ get: {
366
+ summary: "Get challenge for JWT token flow",
367
+ description: "Generate a speed challenge for JWT authentication. Supports RTT-aware timeout for global fairness.",
368
+ operationId: "getTokenChallenge",
369
+ parameters: [
370
+ {
371
+ name: "ts",
372
+ in: "query",
373
+ schema: {
374
+ type: "integer",
375
+ format: "int64"
376
+ },
377
+ description: "Client timestamp in milliseconds for RTT-aware timeout calculation"
378
+ },
379
+ {
380
+ name: "app_id",
381
+ in: "query",
382
+ schema: {
383
+ type: "string"
384
+ },
385
+ description: "Multi-tenant app ID. Tokens will include app_id claim for per-app isolation."
386
+ }
387
+ ],
388
+ responses: {
389
+ "200": { description: "Token challenge generated (potentially with RTT adjustment)" }
390
+ }
391
+ }
392
+ },
393
+ "/v1/token/verify": {
394
+ post: {
395
+ summary: "Verify challenge and receive JWT token",
396
+ operationId: "verifyTokenChallenge",
397
+ responses: {
398
+ "200": { description: "JWT token issued" }
399
+ }
400
+ }
401
+ },
402
+ "/v1/token/refresh": {
403
+ post: {
404
+ summary: "Refresh access token",
405
+ description: "Exchange a refresh token for a new short-lived access token (5 minutes). Avoids solving a new challenge.",
406
+ operationId: "refreshToken",
407
+ requestBody: {
408
+ required: true,
409
+ content: {
410
+ "application/json": {
411
+ schema: {
412
+ type: "object",
413
+ required: ["refresh_token"],
414
+ properties: {
415
+ "refresh_token": { type: "string", description: "Refresh token from initial token verification" }
416
+ }
417
+ }
418
+ }
419
+ }
420
+ },
421
+ responses: {
422
+ "200": {
423
+ description: "New access token issued",
424
+ content: {
425
+ "application/json": {
426
+ schema: {
427
+ type: "object",
428
+ properties: {
429
+ "success": { type: "boolean" },
430
+ "access_token": { type: "string" },
431
+ "expires_in": { type: "integer", description: "Token lifetime in seconds (300 = 5 minutes)" },
432
+ "token_type": { type: "string", enum: ["Bearer"] }
433
+ }
434
+ }
435
+ }
436
+ }
437
+ },
438
+ "401": { description: "Invalid or expired refresh token" }
439
+ }
440
+ }
441
+ },
442
+ "/v1/token/revoke": {
443
+ post: {
444
+ summary: "Revoke a token",
445
+ description: "Invalidate an access or refresh token before its natural expiry. Uses KV-backed revocation list. Fail-open design.",
446
+ operationId: "revokeToken",
447
+ requestBody: {
448
+ required: true,
449
+ content: {
450
+ "application/json": {
451
+ schema: {
452
+ type: "object",
453
+ required: ["token"],
454
+ properties: {
455
+ "token": { type: "string", description: "The JWT token to revoke (access or refresh)" }
456
+ }
457
+ }
458
+ }
459
+ }
460
+ },
461
+ responses: {
462
+ "200": { description: "Token revoked successfully" },
463
+ "400": { description: "Invalid token" }
464
+ }
465
+ }
466
+ },
467
+ "/v1/hybrid": {
468
+ get: {
469
+ summary: "Get hybrid challenge",
470
+ operationId: "getHybridChallenge",
471
+ responses: {
472
+ "200": { description: "Hybrid challenge generated" }
473
+ }
474
+ },
475
+ post: {
476
+ summary: "Verify hybrid challenge",
477
+ operationId: "verifyHybridChallenge",
478
+ responses: {
479
+ "200": { description: "Verification result" }
480
+ }
481
+ }
482
+ },
483
+ "/v1/reasoning": {
484
+ get: {
485
+ summary: "Get reasoning challenge",
486
+ operationId: "getReasoningChallenge",
487
+ responses: {
488
+ "200": { description: "Reasoning challenge generated" }
489
+ }
490
+ },
491
+ post: {
492
+ summary: "Verify reasoning challenge",
493
+ operationId: "verifyReasoningChallenge",
494
+ responses: {
495
+ "200": { description: "Verification result" }
496
+ }
497
+ }
498
+ },
499
+ "/api/challenge": {
500
+ get: {
501
+ summary: "Generate a standard challenge",
502
+ operationId: "getChallenge",
503
+ responses: {
504
+ "200": { description: "Challenge generated" }
505
+ }
506
+ },
507
+ post: {
508
+ summary: "Verify a standard challenge",
509
+ operationId: "verifyChallenge",
510
+ responses: {
511
+ "200": { description: "Verification result" }
512
+ }
513
+ }
514
+ },
515
+ "/api/speed-challenge": {
516
+ get: {
517
+ summary: "Generate a speed challenge (RTT-aware timeout)",
518
+ description: "Generate a speed challenge with optional RTT-aware timeout adjustment. Base timeout is 500ms, but can be increased for agents on slow networks.",
519
+ operationId: "getSpeedChallenge",
520
+ parameters: [
521
+ {
522
+ name: "ts",
523
+ in: "query",
524
+ schema: {
525
+ type: "integer",
526
+ format: "int64"
527
+ },
528
+ description: "Client timestamp in milliseconds for RTT compensation"
529
+ }
530
+ ],
531
+ responses: {
532
+ "200": { description: "Speed challenge generated (potentially RTT-adjusted)" }
533
+ }
534
+ },
535
+ post: {
536
+ summary: "Verify a speed challenge",
537
+ operationId: "verifySpeedChallenge",
538
+ responses: {
539
+ "200": { description: "Verification result with timing details" }
540
+ }
541
+ }
542
+ },
543
+ "/api/verify-landing": {
544
+ post: {
545
+ summary: "Verify landing page challenge",
546
+ operationId: "verifyLandingChallenge",
547
+ responses: {
548
+ "200": { description: "Token granted" }
549
+ }
550
+ }
551
+ },
552
+ "/agent-only": {
553
+ get: {
554
+ summary: "Protected endpoint (agents only)",
555
+ operationId: "getAgentOnly",
556
+ responses: {
557
+ "200": { description: "Access granted" },
558
+ "401": { description: "Unauthorized" }
559
+ }
560
+ }
561
+ },
562
+ "/v1/apps": {
563
+ post: {
564
+ summary: "Create a new multi-tenant app",
565
+ description: "Create a new app with unique app_id and app_secret for multi-tenant isolation. The app_secret is SHA-256 hashed and only returned once.",
566
+ operationId: "createApp",
567
+ responses: {
568
+ "200": {
569
+ description: "App created successfully",
570
+ content: {
571
+ "application/json": {
572
+ schema: {
573
+ type: "object",
574
+ properties: {
575
+ "app_id": { type: "string", description: "Unique app identifier" },
576
+ "app_secret": { type: "string", description: "Secret key (only shown once!)" },
577
+ "warning": { type: "string", description: "Warning to save secret" }
578
+ }
579
+ }
580
+ }
581
+ }
582
+ }
583
+ }
584
+ }
585
+ },
586
+ "/v1/apps/{id}": {
587
+ get: {
588
+ summary: "Get app information",
589
+ description: "Retrieve app details by app_id. The app_secret is NOT included in the response.",
590
+ operationId: "getApp",
591
+ parameters: [
592
+ {
593
+ name: "id",
594
+ in: "path",
595
+ required: true,
596
+ schema: { type: "string" },
597
+ description: "The app_id to retrieve"
598
+ }
599
+ ],
600
+ responses: {
601
+ "200": {
602
+ description: "App information",
603
+ content: {
604
+ "application/json": {
605
+ schema: {
606
+ type: "object",
607
+ properties: {
608
+ "app_id": { type: "string" },
609
+ "created_at": { type: "string", format: "date-time" }
610
+ }
611
+ }
612
+ }
613
+ }
614
+ },
615
+ "404": { description: "App not found" }
616
+ }
617
+ }
618
+ }
619
+ },
620
+ components: {
621
+ securitySchemes: {
622
+ BotchaLandingToken: {
623
+ type: "apiKey",
624
+ in: "header",
625
+ name: "X-Botcha-Landing-Token"
626
+ },
627
+ BotchaBearerToken: {
628
+ type: "http",
629
+ scheme: "bearer",
630
+ bearerFormat: "JWT"
631
+ }
632
+ }
633
+ }
634
+ };
635
+ }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@dupecom/botcha-cloudflare",
3
- "version": "0.3.3",
3
+ "version": "0.9.0",
4
4
  "description": "BOTCHA for Cloudflare Workers - Prove you're a bot. Humans need not apply.",
5
5
  "type": "module",
6
6
  "main": "dist/index.js",