@gitpagedocs/tools 1.1.49 → 1.1.51
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/package.json +37 -37
- package/src/crypto/doc-access.ts +62 -0
- package/src/crypto/index.ts +2 -0
- package/src/crypto/web.ts +2 -0
package/package.json
CHANGED
|
@@ -1,37 +1,37 @@
|
|
|
1
|
-
{
|
|
2
|
-
"name": "@gitpagedocs/tools",
|
|
3
|
-
"version": "1.1.
|
|
4
|
-
"type": "module",
|
|
5
|
-
"description": "Shared business-logic core for Git Page Docs (consumed by frontend, cli and mcp). Ships TypeScript source; consume via tsx or a TS-aware bundler.",
|
|
6
|
-
"main": "./src/index.ts",
|
|
7
|
-
"types": "./src/index.ts",
|
|
8
|
-
"exports": {
|
|
9
|
-
".": "./src/index.ts",
|
|
10
|
-
"./ai": "./src/ai/index.ts",
|
|
11
|
-
"./errors": "./src/errors/index.ts",
|
|
12
|
-
"./ports": "./src/ports/index.ts",
|
|
13
|
-
"./crypto/web": "./src/crypto/web.ts",
|
|
14
|
-
"./security/web": "./src/security/web.ts",
|
|
15
|
-
"./cache/web": "./src/cache/web-storage-cache.ts"
|
|
16
|
-
},
|
|
17
|
-
"files": [
|
|
18
|
-
"src",
|
|
19
|
-
"README.md"
|
|
20
|
-
],
|
|
21
|
-
"engines": {
|
|
22
|
-
"node": ">=20"
|
|
23
|
-
},
|
|
24
|
-
"scripts": {
|
|
25
|
-
"typecheck": "tsc --noEmit -p tsconfig.json"
|
|
26
|
-
},
|
|
27
|
-
"repository": {
|
|
28
|
-
"type": "git",
|
|
29
|
-
"url": "git+https://github.com/Vidigal-code/git-page-docs.git",
|
|
30
|
-
"directory": "tools"
|
|
31
|
-
},
|
|
32
|
-
"author": "Vidigal-code",
|
|
33
|
-
"license": "ISC",
|
|
34
|
-
"publishConfig": {
|
|
35
|
-
"access": "public"
|
|
36
|
-
}
|
|
37
|
-
}
|
|
1
|
+
{
|
|
2
|
+
"name": "@gitpagedocs/tools",
|
|
3
|
+
"version": "1.1.51",
|
|
4
|
+
"type": "module",
|
|
5
|
+
"description": "Shared business-logic core for Git Page Docs (consumed by frontend, cli and mcp). Ships TypeScript source; consume via tsx or a TS-aware bundler.",
|
|
6
|
+
"main": "./src/index.ts",
|
|
7
|
+
"types": "./src/index.ts",
|
|
8
|
+
"exports": {
|
|
9
|
+
".": "./src/index.ts",
|
|
10
|
+
"./ai": "./src/ai/index.ts",
|
|
11
|
+
"./errors": "./src/errors/index.ts",
|
|
12
|
+
"./ports": "./src/ports/index.ts",
|
|
13
|
+
"./crypto/web": "./src/crypto/web.ts",
|
|
14
|
+
"./security/web": "./src/security/web.ts",
|
|
15
|
+
"./cache/web": "./src/cache/web-storage-cache.ts"
|
|
16
|
+
},
|
|
17
|
+
"files": [
|
|
18
|
+
"src",
|
|
19
|
+
"README.md"
|
|
20
|
+
],
|
|
21
|
+
"engines": {
|
|
22
|
+
"node": ">=20"
|
|
23
|
+
},
|
|
24
|
+
"scripts": {
|
|
25
|
+
"typecheck": "tsc --noEmit -p tsconfig.json"
|
|
26
|
+
},
|
|
27
|
+
"repository": {
|
|
28
|
+
"type": "git",
|
|
29
|
+
"url": "git+https://github.com/Vidigal-code/git-page-docs.git",
|
|
30
|
+
"directory": "tools"
|
|
31
|
+
},
|
|
32
|
+
"author": "Vidigal-code",
|
|
33
|
+
"license": "ISC",
|
|
34
|
+
"publishConfig": {
|
|
35
|
+
"access": "public"
|
|
36
|
+
}
|
|
37
|
+
}
|
|
@@ -0,0 +1,62 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Documentation password-gate key scheme (runtime-agnostic).
|
|
3
|
+
*
|
|
4
|
+
* Double-hash so config.json can ship a non-reversible verifier while the user
|
|
5
|
+
* keeps a copyable credential:
|
|
6
|
+
* privateKey = sha256(password) // printed by the CLI, shareable
|
|
7
|
+
* publicKey = sha256(privateKey) // stored in config.json
|
|
8
|
+
* Unlock succeeds when the supplied input is the password OR the private key.
|
|
9
|
+
*
|
|
10
|
+
* Pure: depends only on a { sha256 } service, so the SAME code runs in the CLI
|
|
11
|
+
* (NodeCryptoService) and the browser (WebCryptoService). It must NOT import
|
|
12
|
+
* node:crypto (e.g. safeHexEqual) so it stays safe to bundle for the web.
|
|
13
|
+
*/
|
|
14
|
+
|
|
15
|
+
/** Minimal hashing surface — satisfied by both Node and Web CryptoService. */
|
|
16
|
+
export interface Sha256Service {
|
|
17
|
+
sha256(input: string): Promise<string>;
|
|
18
|
+
}
|
|
19
|
+
|
|
20
|
+
export interface DocAccessKeys {
|
|
21
|
+
/** sha256(password) — printed for the user to copy/share. */
|
|
22
|
+
readonly privateKey: string;
|
|
23
|
+
/** sha256(privateKey) — safe to commit in config.json. */
|
|
24
|
+
readonly publicKey: string;
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
/** Derive the { privateKey, publicKey } pair from a plaintext password. */
|
|
28
|
+
export async function deriveDocAccessKeys(
|
|
29
|
+
password: string,
|
|
30
|
+
crypto: Sha256Service,
|
|
31
|
+
): Promise<DocAccessKeys> {
|
|
32
|
+
const privateKey = await crypto.sha256(password);
|
|
33
|
+
const publicKey = await crypto.sha256(privateKey);
|
|
34
|
+
return { privateKey, publicKey };
|
|
35
|
+
}
|
|
36
|
+
|
|
37
|
+
/**
|
|
38
|
+
* Verify a user-supplied credential (password OR private key) against the stored
|
|
39
|
+
* public key. Returns false when either side is empty.
|
|
40
|
+
*/
|
|
41
|
+
export async function verifyDocAccess(
|
|
42
|
+
input: string,
|
|
43
|
+
publicKey: string,
|
|
44
|
+
crypto: Sha256Service,
|
|
45
|
+
): Promise<boolean> {
|
|
46
|
+
if (!input || !publicKey) return false;
|
|
47
|
+
const once = await crypto.sha256(input);
|
|
48
|
+
if (hexEqual(once, publicKey)) return true; // input is the private key
|
|
49
|
+
const twice = await crypto.sha256(once);
|
|
50
|
+
return hexEqual(twice, publicKey); // input is the password
|
|
51
|
+
}
|
|
52
|
+
|
|
53
|
+
/**
|
|
54
|
+
* Length-checked, constant-time hex comparison. Local (not safeHexEqual) so this
|
|
55
|
+
* module never imports node:crypto and stays browser-bundle-safe.
|
|
56
|
+
*/
|
|
57
|
+
function hexEqual(a: string, b: string): boolean {
|
|
58
|
+
if (a.length !== b.length) return false;
|
|
59
|
+
let diff = 0;
|
|
60
|
+
for (let i = 0; i < a.length; i += 1) diff |= a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
61
|
+
return diff === 0;
|
|
62
|
+
}
|
package/src/crypto/index.ts
CHANGED
package/src/crypto/web.ts
CHANGED