@kagal/taistamp 0.1.1 → 0.2.0

package/dist/index.d.mts

@@ -1,4 +1,5 @@
-import { Signer, Signer as Signer$1, newSigner as newEd25519Signer } from "@kagal/ed25519-secret";
+import { LeapSeconds, TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, asLeapSeconds, extractLeapSeconds, tai64nLabelFromUTC, tai64nLabelToUTC } from "./_chunks/time.mjs";
+import { Bytes, KeyConfig, KeyRecord, Signer, Signer as Signer$1, Verifier, newSigner as newEd25519Signer, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys } from "@kagal/ed25519-secret";
 /**
  * Read a response body as a 7-bit ASCII string.
  *
@@ -23,71 +24,12 @@ declare const readASCII: (response: Response, context?: string) => Promise<strin
  *
  * Builds on {@link readASCII}, adding the structural
  * invariant every label satisfies: the body is exactly
- * `TAI64N_CONTENT_LENGTH` octets. Throws `TypeError` if the
+ * `TAI64N_LABEL_LENGTH` octets. Throws `TypeError` if the
  * length differs or the body carries a non-ASCII octet;
  * pass `context` to prefix that error message. Consumes the
  * response body.
  */
 declare const readLabel: (response: Response, context?: string) => Promise<string>;
-declare const TAISTAMP_PATH = "/.well-known/taistamp";
-/** @deprecated Renamed to {@link TAISTAMP_PATH}. */
-declare const TAI64N_PATH = "/.well-known/taistamp";
-declare const TAI64N_CONTENT_TYPE = "application/tai64n";
-declare const TAI64N_CONTENT_LENGTH: number;
-declare const TAI64N_HEADER_KEY_SELECTOR = "TAI-Key-Selector";
-declare const TAI64N_HEADER_LEAP_SECONDS = "TAI-Leap-Seconds";
-declare const TAI64N_HEADER_NONCE = "TAI-Nonce";
-declare const TAI64N_HEADER_SIGNATURE = "TAI-Signature";
-declare const TAI64_EPOCH_HI = 1073741824;
-/**
- * Upper bound for `leapSeconds` in the taistamp signed
- * payload. The framing encodes the value as a 4-byte
- * big-endian unsigned integer, so any input outside
- * `[0, 2^32-1]` cannot be represented. Verifiers MUST
- * treat an out-of-range `TAI-Leap-Seconds` response
- * header as unsigned, per spec §5.3.
- */
-declare const TAI_LEAP_SECONDS_MAX = 4294967295;
-declare const LeapSecondsBrand: unique symbol;
-/**
- * `number` that has been confirmed to fit the
- * `[0, TAI_LEAP_SECONDS_MAX]` u32be range required by
- * the taistamp signed-payload framing. Construct only
- * via {@link extractLeapSeconds} or {@link asLeapSeconds};
- * the brand prevents an arbitrary number from reaching
- * the signing path.
- */
-type LeapSeconds = number & {
-  readonly [LeapSecondsBrand]: never;
-};
-/**
- * Coerce a `number` to a {@link LeapSeconds}. Returns
- * `undefined` when `value` is non-integer, negative,
- * or exceeds {@link TAI_LEAP_SECONDS_MAX}.
- */
-declare const asLeapSeconds: (value: number) => LeapSeconds | undefined;
-/**
- * Current TAI − UTC offset in whole seconds, used by
- * `fromUTC()` and emitted in the `TAI-Leap-Seconds`
- * response header. The value 37 has been in force
- * since 2017-01-01; update on the next IERS leap-second
- * announcement.
- *
- * @remarks
- * Stays a single `LeapSeconds` until a leap-seconds
- * table is added so the offset can be computed for any
- * TAI second; this constant becomes redundant then.
- */
-declare const TAI_LEAP_SECONDS: LeapSeconds;
-/**
- * Extract a usable leap-seconds count from response
- * headers. Returns `undefined` when the
- * `TAI-Leap-Seconds` field is missing, empty,
- * non-numeric, non-integer, negative, or out-of-range
- * — every "treat as unsigned" case in spec §5.3
- * collapsed into one verdict.
- */
-declare const extractLeapSeconds: (headers: Headers) => LeapSeconds | undefined;
 declare const NonceBrand: unique symbol;
 /**
  * `string` that has been confirmed to satisfy the
@@ -96,9 +38,9 @@ declare const NonceBrand: unique symbol;
  * `[NONCE_MIN_OCTETS, NONCE_MAX_OCTETS]` — the
  * pre-decode form of spec §5.4's normative
  * decoded-length bound of 7..129 octets. Construct
- * only via {@link asNonce} or {@link extractNonce};
- * the brand prevents arbitrary strings from reaching
- * the signing path.
+ * only via {@link asNonce}, {@link extractNonce}, or
+ * {@link newNonce}; the brand prevents arbitrary
+ * strings from reaching the signing path.
  */
 type Nonce = string & {
   readonly [NonceBrand]: never;
@@ -114,6 +56,25 @@ type Nonce = string & {
  * verdict.
  */
 declare const asNonce: (value: string) => Nonce | undefined;
+/**
+ * Extract a usable `TAI-Nonce` from headers — the
+ * request on the serving side, the response's nonce
+ * echo on the verifying side. Returns `undefined` when
+ * the field is missing or fails {@link asNonce}
+ * validation.
+ */
+declare const extractNonce: (headers: Headers) => Nonce | undefined;
+/**
+ * Mint a fresh client `TAI-Nonce`: `byteLength` random
+ * bytes framed as an sf-binary item, branded directly —
+ * the result is conformant by construction.
+ * `byteLength` must be an integer within
+ * `[NONCE_MIN_BYTES, NONCE_MAX_BYTES]` —
+ * spec §5.4's decoded-length bound; anything else
+ * throws `TypeError`. `context` (default `'newNonce'`)
+ * prefixes the thrown error.
+ */
+declare const newNonce: (byteLength?: number, context?: string) => Nonce;
 /**
  * Compose the byte sequence covered by a TAI-Signature.
  *
@@ -168,11 +129,11 @@ interface TaistampHandlerConfig {
    * Verifiers look up the public key at
    * `<selector>._taistamp.<host>` in DNS.
    *
-   * Must match `[A-Za-z][A-Za-z0-9_-]{0,62}` (a single
-   * DNS label starting with a letter, using
-   * DKIM-compatible characters and a valid sf-token);
-   * rotate by changing the selector and publishing a
-   * new TXT record.
+   * Must match `[A-Za-z]([A-Za-z0-9_-]{0,61}[A-Za-z0-9])?` —
+   * a single DNS-safe label that starts with a letter,
+   * ends with a letter or digit, and is also a valid
+   * Structured Field token; rotate by changing the
+   * selector and publishing a new TXT record.
    */
   selector?: string;
   /**
@@ -191,7 +152,8 @@ interface TaistampHandlerConfig {
    * gains `Access-Control-Allow-Origin`; pre-flight
    * `OPTIONS` also carries `-Allow-Methods`,
    * `-Allow-Headers`, `-Expose-Headers`, and
-   * `-Max-Age: 600` per spec §5.2; success
+   * `-Max-Age` (default 600s, see {@link corsMaxAge})
+   * per spec §5.2; success
    * `GET` / `HEAD` carry `-Expose-Headers` so browser
    * JS can read the `TAI-*` response headers. A
    * non-`'*'` value adds `Vary: Origin` so caches can
@@ -202,6 +164,15 @@ interface TaistampHandlerConfig {
    * `Allow: GET, HEAD, OPTIONS` per RFC 9110 §9.3.7.
    */
   cors?: false | string;
+  /**
+   * `Access-Control-Max-Age` for pre-flight `OPTIONS`
+   * responses, in seconds. Defaults to 600 (10 minutes,
+   * the spec §5.2 floor); a value below 600 clamps up to
+   * it so the pre-flight stays spec-compliant. Ignored
+   * when `cors` is `false`. Must be a non-negative
+   * integer.
+   */
+  corsMaxAge?: number;
 }
 /**
  * Build a handler for `/.well-known/taistamp`.
@@ -212,15 +183,18 @@ interface TaistampHandlerConfig {
  *   route handler.
  *
  * @throws TypeError if `signer` and `selector` are not
- *   both set or both unset, or if `selector` does not
- *   match `[A-Za-z][A-Za-z0-9_-]{0,62}`.
+ *   both set or both unset, if `selector` does not match
+ *   `[A-Za-z]([A-Za-z0-9_-]{0,61}[A-Za-z0-9])?`, or if
+ *   `corsMaxAge` is not a non-negative integer.
  *
  * @remarks
  * Behaviour:
  *
  * - `GET` / `HEAD` — body is a fresh 25-byte TAI64N
  *   label (`HEAD` omits the body). Response headers:
- *   Content-Type `application/tai64n`, Content-Length
+ *   Content-Type `application/tai64n`, Content-Disposition
+ *   `inline` (so a browser renders the label in place
+ *   rather than offering it as a download), Content-Length
  *   `25`, Cache-Control `no-store`, plus
  *   `TAI-Leap-Seconds` carrying the current count.
  * - `OPTIONS` — `200` with `Allow: GET, HEAD, OPTIONS`.
@@ -259,16 +233,25 @@ interface TaistampHandlerConfig {
  *   TAI64N format
  */
 declare const newTaistampHandler: (config?: TaistampHandlerConfig) => ((request: Request) => Promise<Response>);
-type timestamp = {
-  nano: number;
-  sec: number;
-  offset?: number;
-};
-declare const fromUTC: (utc: number) => timestamp;
-declare const now: () => timestamp;
-declare const tai64nLabel: (value?: timestamp) => string;
-declare const tai64nLabelFromUTC: (utc: number) => string;
+/**
+ * Decode a `TAI-Signature` wire value into the raw
+ * Ed25519 signature bytes. Returns `undefined` when
+ * `value` fails sf-binary syntax (RFC 9651 §3.3.5) or
+ * does not decode to exactly `SIGNATURE_BYTES`
+ * octets — a malformed field is equivalent to a
+ * missing one. This validates form only; semantics
+ * involving other fields (nonce echo, selector,
+ * verification) stay with the caller.
+ */
+declare const asSignature: (value: string) => Bytes | undefined;
+/**
+ * Extract the raw Ed25519 signature from response
+ * headers. Returns `undefined` when the
+ * `TAI-Signature` field is missing or fails
+ * {@link asSignature} validation.
+ */
+declare const extractSignature: (headers: Headers) => Bytes | undefined;
 /** Package version from package.json. */
 declare const VERSION: string;
-export { type LeapSeconds, type Nonce, type Signer, TAI64N_CONTENT_LENGTH, TAI64N_CONTENT_TYPE, TAI64N_HEADER_KEY_SELECTOR, TAI64N_HEADER_LEAP_SECONDS, TAI64N_HEADER_NONCE, TAI64N_HEADER_SIGNATURE, TAI64N_PATH, TAI64_EPOCH_HI, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, type TaistampHandlerConfig, VERSION, asLeapSeconds, asNonce, composeSignaturePayload, extractLeapSeconds, fromUTC, newEd25519Signer, newTaistampHandler, now, readASCII, readLabel, tai64nLabel, tai64nLabelFromUTC };
+export { type KeyConfig, type KeyRecord, type LeapSeconds, type Nonce, type Signer, TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, type TaistampHandlerConfig, VERSION, type Verifier, asLeapSeconds, asNonce, asSignature, composeSignaturePayload, extractLeapSeconds, extractNonce, extractSignature, newEd25519Signer, newNonce, newTaistampHandler, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys, readASCII, readLabel, tai64nLabelFromUTC, tai64nLabelToUTC };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.d.ts

@@ -1,4 +1,5 @@
-import { Signer, Signer as Signer$1, newSigner as newEd25519Signer } from "@kagal/ed25519-secret";
+import { LeapSeconds, TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, asLeapSeconds, extractLeapSeconds, tai64nLabelFromUTC, tai64nLabelToUTC } from "./_chunks/time.mjs";
+import { Bytes, KeyConfig, KeyRecord, Signer, Signer as Signer$1, Verifier, newSigner as newEd25519Signer, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys } from "@kagal/ed25519-secret";
 /**
  * Read a response body as a 7-bit ASCII string.
  *
@@ -23,71 +24,12 @@ declare const readASCII: (response: Response, context?: string) => Promise<strin
  *
  * Builds on {@link readASCII}, adding the structural
  * invariant every label satisfies: the body is exactly
- * `TAI64N_CONTENT_LENGTH` octets. Throws `TypeError` if the
+ * `TAI64N_LABEL_LENGTH` octets. Throws `TypeError` if the
  * length differs or the body carries a non-ASCII octet;
  * pass `context` to prefix that error message. Consumes the
  * response body.
  */
 declare const readLabel: (response: Response, context?: string) => Promise<string>;
-declare const TAISTAMP_PATH = "/.well-known/taistamp";
-/** @deprecated Renamed to {@link TAISTAMP_PATH}. */
-declare const TAI64N_PATH = "/.well-known/taistamp";
-declare const TAI64N_CONTENT_TYPE = "application/tai64n";
-declare const TAI64N_CONTENT_LENGTH: number;
-declare const TAI64N_HEADER_KEY_SELECTOR = "TAI-Key-Selector";
-declare const TAI64N_HEADER_LEAP_SECONDS = "TAI-Leap-Seconds";
-declare const TAI64N_HEADER_NONCE = "TAI-Nonce";
-declare const TAI64N_HEADER_SIGNATURE = "TAI-Signature";
-declare const TAI64_EPOCH_HI = 1073741824;
-/**
- * Upper bound for `leapSeconds` in the taistamp signed
- * payload. The framing encodes the value as a 4-byte
- * big-endian unsigned integer, so any input outside
- * `[0, 2^32-1]` cannot be represented. Verifiers MUST
- * treat an out-of-range `TAI-Leap-Seconds` response
- * header as unsigned, per spec §5.3.
- */
-declare const TAI_LEAP_SECONDS_MAX = 4294967295;
-declare const LeapSecondsBrand: unique symbol;
-/**
- * `number` that has been confirmed to fit the
- * `[0, TAI_LEAP_SECONDS_MAX]` u32be range required by
- * the taistamp signed-payload framing. Construct only
- * via {@link extractLeapSeconds} or {@link asLeapSeconds};
- * the brand prevents an arbitrary number from reaching
- * the signing path.
- */
-type LeapSeconds = number & {
-  readonly [LeapSecondsBrand]: never;
-};
-/**
- * Coerce a `number` to a {@link LeapSeconds}. Returns
- * `undefined` when `value` is non-integer, negative,
- * or exceeds {@link TAI_LEAP_SECONDS_MAX}.
- */
-declare const asLeapSeconds: (value: number) => LeapSeconds | undefined;
-/**
- * Current TAI − UTC offset in whole seconds, used by
- * `fromUTC()` and emitted in the `TAI-Leap-Seconds`
- * response header. The value 37 has been in force
- * since 2017-01-01; update on the next IERS leap-second
- * announcement.
- *
- * @remarks
- * Stays a single `LeapSeconds` until a leap-seconds
- * table is added so the offset can be computed for any
- * TAI second; this constant becomes redundant then.
- */
-declare const TAI_LEAP_SECONDS: LeapSeconds;
-/**
- * Extract a usable leap-seconds count from response
- * headers. Returns `undefined` when the
- * `TAI-Leap-Seconds` field is missing, empty,
- * non-numeric, non-integer, negative, or out-of-range
- * — every "treat as unsigned" case in spec §5.3
- * collapsed into one verdict.
- */
-declare const extractLeapSeconds: (headers: Headers) => LeapSeconds | undefined;
 declare const NonceBrand: unique symbol;
 /**
  * `string` that has been confirmed to satisfy the
@@ -96,9 +38,9 @@ declare const NonceBrand: unique symbol;
  * `[NONCE_MIN_OCTETS, NONCE_MAX_OCTETS]` — the
  * pre-decode form of spec §5.4's normative
  * decoded-length bound of 7..129 octets. Construct
- * only via {@link asNonce} or {@link extractNonce};
- * the brand prevents arbitrary strings from reaching
- * the signing path.
+ * only via {@link asNonce}, {@link extractNonce}, or
+ * {@link newNonce}; the brand prevents arbitrary
+ * strings from reaching the signing path.
  */
 type Nonce = string & {
   readonly [NonceBrand]: never;
@@ -114,6 +56,25 @@ type Nonce = string & {
  * verdict.
  */
 declare const asNonce: (value: string) => Nonce | undefined;
+/**
+ * Extract a usable `TAI-Nonce` from headers — the
+ * request on the serving side, the response's nonce
+ * echo on the verifying side. Returns `undefined` when
+ * the field is missing or fails {@link asNonce}
+ * validation.
+ */
+declare const extractNonce: (headers: Headers) => Nonce | undefined;
+/**
+ * Mint a fresh client `TAI-Nonce`: `byteLength` random
+ * bytes framed as an sf-binary item, branded directly —
+ * the result is conformant by construction.
+ * `byteLength` must be an integer within
+ * `[NONCE_MIN_BYTES, NONCE_MAX_BYTES]` —
+ * spec §5.4's decoded-length bound; anything else
+ * throws `TypeError`. `context` (default `'newNonce'`)
+ * prefixes the thrown error.
+ */
+declare const newNonce: (byteLength?: number, context?: string) => Nonce;
 /**
  * Compose the byte sequence covered by a TAI-Signature.
  *
@@ -168,11 +129,11 @@ interface TaistampHandlerConfig {
    * Verifiers look up the public key at
    * `<selector>._taistamp.<host>` in DNS.
    *
-   * Must match `[A-Za-z][A-Za-z0-9_-]{0,62}` (a single
-   * DNS label starting with a letter, using
-   * DKIM-compatible characters and a valid sf-token);
-   * rotate by changing the selector and publishing a
-   * new TXT record.
+   * Must match `[A-Za-z]([A-Za-z0-9_-]{0,61}[A-Za-z0-9])?` —
+   * a single DNS-safe label that starts with a letter,
+   * ends with a letter or digit, and is also a valid
+   * Structured Field token; rotate by changing the
+   * selector and publishing a new TXT record.
    */
   selector?: string;
   /**
@@ -191,7 +152,8 @@ interface TaistampHandlerConfig {
    * gains `Access-Control-Allow-Origin`; pre-flight
    * `OPTIONS` also carries `-Allow-Methods`,
    * `-Allow-Headers`, `-Expose-Headers`, and
-   * `-Max-Age: 600` per spec §5.2; success
+   * `-Max-Age` (default 600s, see {@link corsMaxAge})
+   * per spec §5.2; success
    * `GET` / `HEAD` carry `-Expose-Headers` so browser
    * JS can read the `TAI-*` response headers. A
    * non-`'*'` value adds `Vary: Origin` so caches can
@@ -202,6 +164,15 @@ interface TaistampHandlerConfig {
    * `Allow: GET, HEAD, OPTIONS` per RFC 9110 §9.3.7.
    */
   cors?: false | string;
+  /**
+   * `Access-Control-Max-Age` for pre-flight `OPTIONS`
+   * responses, in seconds. Defaults to 600 (10 minutes,
+   * the spec §5.2 floor); a value below 600 clamps up to
+   * it so the pre-flight stays spec-compliant. Ignored
+   * when `cors` is `false`. Must be a non-negative
+   * integer.
+   */
+  corsMaxAge?: number;
 }
 /**
  * Build a handler for `/.well-known/taistamp`.
@@ -212,15 +183,18 @@ interface TaistampHandlerConfig {
  *   route handler.
  *
  * @throws TypeError if `signer` and `selector` are not
- *   both set or both unset, or if `selector` does not
- *   match `[A-Za-z][A-Za-z0-9_-]{0,62}`.
+ *   both set or both unset, if `selector` does not match
+ *   `[A-Za-z]([A-Za-z0-9_-]{0,61}[A-Za-z0-9])?`, or if
+ *   `corsMaxAge` is not a non-negative integer.
  *
  * @remarks
  * Behaviour:
  *
  * - `GET` / `HEAD` — body is a fresh 25-byte TAI64N
  *   label (`HEAD` omits the body). Response headers:
- *   Content-Type `application/tai64n`, Content-Length
+ *   Content-Type `application/tai64n`, Content-Disposition
+ *   `inline` (so a browser renders the label in place
+ *   rather than offering it as a download), Content-Length
  *   `25`, Cache-Control `no-store`, plus
  *   `TAI-Leap-Seconds` carrying the current count.
  * - `OPTIONS` — `200` with `Allow: GET, HEAD, OPTIONS`.
@@ -259,16 +233,25 @@ interface TaistampHandlerConfig {
  *   TAI64N format
  */
 declare const newTaistampHandler: (config?: TaistampHandlerConfig) => ((request: Request) => Promise<Response>);
-type timestamp = {
-  nano: number;
-  sec: number;
-  offset?: number;
-};
-declare const fromUTC: (utc: number) => timestamp;
-declare const now: () => timestamp;
-declare const tai64nLabel: (value?: timestamp) => string;
-declare const tai64nLabelFromUTC: (utc: number) => string;
+/**
+ * Decode a `TAI-Signature` wire value into the raw
+ * Ed25519 signature bytes. Returns `undefined` when
+ * `value` fails sf-binary syntax (RFC 9651 §3.3.5) or
+ * does not decode to exactly `SIGNATURE_BYTES`
+ * octets — a malformed field is equivalent to a
+ * missing one. This validates form only; semantics
+ * involving other fields (nonce echo, selector,
+ * verification) stay with the caller.
+ */
+declare const asSignature: (value: string) => Bytes | undefined;
+/**
+ * Extract the raw Ed25519 signature from response
+ * headers. Returns `undefined` when the
+ * `TAI-Signature` field is missing or fails
+ * {@link asSignature} validation.
+ */
+declare const extractSignature: (headers: Headers) => Bytes | undefined;
 /** Package version from package.json. */
 declare const VERSION: string;
-export { type LeapSeconds, type Nonce, type Signer, TAI64N_CONTENT_LENGTH, TAI64N_CONTENT_TYPE, TAI64N_HEADER_KEY_SELECTOR, TAI64N_HEADER_LEAP_SECONDS, TAI64N_HEADER_NONCE, TAI64N_HEADER_SIGNATURE, TAI64N_PATH, TAI64_EPOCH_HI, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, type TaistampHandlerConfig, VERSION, asLeapSeconds, asNonce, composeSignaturePayload, extractLeapSeconds, fromUTC, newEd25519Signer, newTaistampHandler, now, readASCII, readLabel, tai64nLabel, tai64nLabelFromUTC };
+export { type KeyConfig, type KeyRecord, type LeapSeconds, type Nonce, type Signer, TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, type TaistampHandlerConfig, VERSION, type Verifier, asLeapSeconds, asNonce, asSignature, composeSignaturePayload, extractLeapSeconds, extractNonce, extractSignature, newEd25519Signer, newNonce, newTaistampHandler, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys, readASCII, readLabel, tai64nLabelFromUTC, tai64nLabelToUTC };
 //# sourceMappingURL=index.d.mts.map

package/dist/index.mjs

@@ -1,14 +1,6 @@
-import { assertValidSelector, decodeASCII, decodeBase64, encodeBase64, newSigner as newEd25519Signer } from "@kagal/ed25519-secret";
-var version = "0.1.1";
-const TAISTAMP_PATH = "/.well-known/taistamp";
-const TAI64N_PATH = TAISTAMP_PATH;
-const TAI64N_CONTENT_TYPE = "application/tai64n";
-const TAI64N_CONTENT_LENGTH = 25;
-const TAI64N_HEADER_KEY_SELECTOR = "TAI-Key-Selector";
-const TAI64N_HEADER_LEAP_SECONDS = "TAI-Leap-Seconds";
-const TAI64N_HEADER_NONCE = "TAI-Nonce";
-const TAI64N_HEADER_SIGNATURE = "TAI-Signature";
-const TAI64_EPOCH_HI = 1073741824;
+import { SF_BINARY_PATTERN, TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, asLeapSeconds, decodeSFBinary, encodeSFBinary, extractLeapSeconds, tai64nLabel, tai64nLabelFromUTC, tai64nLabelToUTC } from "./_chunks/time.mjs";
+import { assertValidSelector, atLeast, decodeASCII, getRandom, isInRange, newSigner as newEd25519Signer, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys } from "@kagal/ed25519-secret";
+var version = "0.2.0";
 const readASCII = async (response, context) => decodeASCII(new Uint8Array(await response.arrayBuffer()), context);
 const readLabel = async (response, context) => {
 	const label = await readASCII(response, context);
@@ -19,88 +11,65 @@ const readLabel = async (response, context) => {
 	return label;
 };
 const CORS_ALLOW_METHODS = "GET, HEAD";
-const CORS_ALLOW_HEADERS = TAI64N_HEADER_NONCE;
+const CORS_ALLOW_HEADERS = TAISTAMP_HEADER_NONCE;
 const CORS_EXPOSE_HEADERS = [
-	TAI64N_HEADER_LEAP_SECONDS,
-	TAI64N_HEADER_NONCE,
-	TAI64N_HEADER_KEY_SELECTOR,
-	TAI64N_HEADER_SIGNATURE
+	TAISTAMP_HEADER_LEAP_SECONDS,
+	TAISTAMP_HEADER_NONCE,
+	TAISTAMP_HEADER_KEY_SELECTOR,
+	TAISTAMP_HEADER_SIGNATURE
 ].join(", ");
-const CORS_MAX_AGE = "600";
-const buildCORSHeaders = (cors) => {
+const CORS_MAX_AGE_MIN = 600;
+const buildCORSHeaders = (cors, corsMaxAge) => {
 	if (cors === false) return {
 		error: {},
 		preflight: {},
 		response: {}
 	};
 	const origin = cors || "*";
-	const vary = origin === "*" ? {} : { vary: "Origin" };
+	const maxAge = atLeast(CORS_MAX_AGE_MIN, corsMaxAge);
+	const vary = origin === "*" ? {} : { Vary: "Origin" };
 	return {
 		error: {
-			"access-control-allow-origin": origin,
+			"Access-Control-Allow-Origin": origin,
 			...vary
 		},
 		preflight: {
-			"access-control-allow-origin": origin,
-			"access-control-allow-methods": CORS_ALLOW_METHODS,
-			"access-control-allow-headers": CORS_ALLOW_HEADERS,
-			"access-control-expose-headers": CORS_EXPOSE_HEADERS,
-			"access-control-max-age": CORS_MAX_AGE,
+			"Access-Control-Allow-Origin": origin,
+			"Access-Control-Allow-Methods": CORS_ALLOW_METHODS,
+			"Access-Control-Allow-Headers": CORS_ALLOW_HEADERS,
+			"Access-Control-Expose-Headers": CORS_EXPOSE_HEADERS,
+			"Access-Control-Max-Age": String(maxAge),
 			...vary
 		},
 		response: {
-			"access-control-allow-origin": origin,
-			"access-control-expose-headers": CORS_EXPOSE_HEADERS,
+			"Access-Control-Allow-Origin": origin,
+			"Access-Control-Expose-Headers": CORS_EXPOSE_HEADERS,
 			...vary
 		}
 	};
 };
-const TAI_LEAP_SECONDS_MAX = 4294967295;
-const asLeapSeconds = (value) => {
-	if (!Number.isInteger(value) || value < 0 || value > 4294967295) return void 0;
-	return value;
-};
-const TAI_LEAP_SECONDS = 37;
-const DECIMAL_INTEGER = /^(?:0|[1-9]\d*)$/;
-const extractLeapSeconds = (headers) => {
-	const raw = headers.get(TAI64N_HEADER_LEAP_SECONDS);
-	if (!raw || !DECIMAL_INTEGER.test(raw)) return void 0;
-	return asLeapSeconds(Number(raw));
-};
-const SF_BINARY_PATTERN = /^:(?:[\d+/A-Za-z]{4})*(?:[\d+/A-Za-z]{4}|[\d+/A-Za-z]{3}=|[\d+/A-Za-z]{2}==):$/;
 const asNonce = (value) => {
 	if (!value || value.length < 14 || value.length > 174 || !SF_BINARY_PATTERN.test(value)) return void 0;
 	return value;
 };
 const extractNonce = (headers) => {
-	const value = headers.get(TAI64N_HEADER_NONCE);
+	const value = headers.get(TAISTAMP_HEADER_NONCE);
 	return value === null ? void 0 : asNonce(value);
 };
-const fromUTC = (utc) => {
-	return {
-		sec: Math.floor(utc / 1e3) + 37,
-		nano: utc % 1e3 * 1e6,
-		offset: 37
-	};
-};
-const now = () => {
-	return fromUTC(Date.now());
-};
-const tai64nLabel = (value) => {
-	const { sec, nano } = value ?? now();
-	const secHi = Math.trunc(sec / u32Range) + TAI64_EPOCH_HI;
-	const secLo = sec % u32Range;
-	return `@${secHi.toString(16).padStart(8, "0")}${secLo.toString(16).padStart(8, "0")}${nano.toString(16).padStart(8, "0")}`;
+const newNonce = (byteLength = 16, context = "newNonce") => {
+	if (!isInRange(byteLength, 7, 129)) {
+		const prefix = context ? `${context}: ` : "";
+		throw new TypeError(`${prefix}expected integer byte length within 7..129, got ${byteLength}`);
+	}
+	return encodeSFBinary(getRandom(byteLength, context));
 };
-const tai64nLabelFromUTC = (utc) => tai64nLabel(fromUTC(utc));
-const u32Range = 4294967296;
 const ALLOW_HEADER = "GET, HEAD, OPTIONS";
 const textEncoder = new TextEncoder();
 const DOMAIN_SEPARATOR = textEncoder.encode("taistamp-v1\0");
 const composeSignaturePayload = (label, leapSeconds, selector, nonce) => {
 	const labelBytes = textEncoder.encode(label);
 	const selectorBytes = textEncoder.encode(selector);
-	const nonceBytes = decodeBase64(nonce.slice(1, -1));
+	const nonceBytes = decodeSFBinary(nonce, "composeSignaturePayload");
 	const buffer = new ArrayBuffer(DOMAIN_SEPARATOR.length + labelBytes.length + 4 + 1 + selectorBytes.length + nonceBytes.length);
 	const view = new Uint8Array(buffer);
 	let offset = 0;
@@ -118,21 +87,22 @@ const composeSignaturePayload = (label, leapSeconds, selector, nonce) => {
 	return buffer;
 };
 const validateHandlerConfig = (config) => {
-	const { cors, selector, signer } = config;
+	const { cors, corsMaxAge, selector, signer } = config;
 	if (signer === void 0 !== (selector === void 0)) throw new TypeError("newTaistampHandler: signer and selector must be set together");
 	if (cors !== void 0 && cors !== false && typeof cors !== "string") throw new TypeError("newTaistampHandler: cors must be false or a string origin");
+	if (corsMaxAge !== void 0 && !isInRange(corsMaxAge, 0)) throw new TypeError("newTaistampHandler: corsMaxAge must be a non-negative integer");
 	if (selector !== void 0) assertValidSelector(selector, "newTaistampHandler");
 	return config;
 };
 const fromHandlerConfig = (config) => {
-	const { cors, selector, signer } = validateHandlerConfig(config);
-	const corsHeaders = buildCORSHeaders(cors);
+	const { cors, corsMaxAge, selector, signer } = validateHandlerConfig(config);
+	const corsHeaders = buildCORSHeaders(cors, corsMaxAge);
 	return {
 		addSignature: selector !== void 0 && signer !== void 0 ? async (headers, label, nonce) => {
 			const payload = composeSignaturePayload(label, 37, selector, nonce);
 			const signature = await signer.sign(payload);
-			headers.set(TAI64N_HEADER_KEY_SELECTOR, selector);
-			headers.set(TAI64N_HEADER_SIGNATURE, `:${encodeBase64(new Uint8Array(signature))}:`);
+			headers.set(TAISTAMP_HEADER_KEY_SELECTOR, selector);
+			headers.set(TAISTAMP_HEADER_SIGNATURE, encodeSFBinary(new Uint8Array(signature)));
 		} : void 0,
 		corsHeaders
 	};
@@ -143,28 +113,29 @@ const newTaistampHandler = (config = {}) => {
 		if (request.method === "OPTIONS") return new Response(void 0, {
 			status: 200,
 			headers: {
-				allow: ALLOW_HEADER,
+				Allow: ALLOW_HEADER,
 				...corsHeaders.preflight
 			}
 		});
 		if (request.method !== "GET" && request.method !== "HEAD") return new Response(void 0, {
 			status: 405,
 			headers: {
-				allow: ALLOW_HEADER,
+				Allow: ALLOW_HEADER,
 				...corsHeaders.error
 			}
 		});
 		const nonce = extractNonce(request.headers);
 		const label = tai64nLabel();
 		const headers = new Headers({
-			"cache-control": "no-store",
-			"content-length": String(25),
-			"content-type": TAI64N_CONTENT_TYPE,
-			[TAI64N_HEADER_LEAP_SECONDS]: String(37),
+			"Cache-Control": "no-store",
+			"Content-Disposition": "inline",
+			"Content-Length": String(25),
+			"Content-Type": TAISTAMP_CONTENT_TYPE,
+			[TAISTAMP_HEADER_LEAP_SECONDS]: String(37),
 			...corsHeaders.response
 		});
 		if (nonce && request.method === "GET") {
-			headers.set(TAI64N_HEADER_NONCE, nonce);
+			headers.set(TAISTAMP_HEADER_NONCE, nonce);
 			if (addSignature) await addSignature(headers, label, nonce);
 		}
 		const body = request.method === "HEAD" ? void 0 : label;
@@ -174,7 +145,16 @@ const newTaistampHandler = (config = {}) => {
 		});
 	};
 };
+const asSignature = (value) => {
+	if (!SF_BINARY_PATTERN.test(value)) return void 0;
+	const bytes = decodeSFBinary(value);
+	return bytes.length === 64 ? bytes : void 0;
+};
+const extractSignature = (headers) => {
+	const value = headers.get(TAISTAMP_HEADER_SIGNATURE);
+	return value === null ? void 0 : asSignature(value);
+};
 const VERSION = version;
-export { TAI64N_CONTENT_LENGTH, TAI64N_CONTENT_TYPE, TAI64N_HEADER_KEY_SELECTOR, TAI64N_HEADER_LEAP_SECONDS, TAI64N_HEADER_NONCE, TAI64N_HEADER_SIGNATURE, TAI64N_PATH, TAI64_EPOCH_HI, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, VERSION, asLeapSeconds, asNonce, composeSignaturePayload, extractLeapSeconds, fromUTC, newEd25519Signer, newTaistampHandler, now, readASCII, readLabel, tai64nLabel, tai64nLabelFromUTC };
+export { TAISTAMP_CONTENT_LENGTH, TAISTAMP_CONTENT_TYPE, TAISTAMP_HEADER_KEY_SELECTOR, TAISTAMP_HEADER_LEAP_SECONDS, TAISTAMP_HEADER_NONCE, TAISTAMP_HEADER_SIGNATURE, TAISTAMP_PATH, TAI_LEAP_SECONDS, TAI_LEAP_SECONDS_MAX, VERSION, asLeapSeconds, asNonce, asSignature, composeSignaturePayload, extractLeapSeconds, extractNonce, extractSignature, newEd25519Signer, newNonce, newTaistampHandler, parseRecordToVerifier, parseSecretToKey, parseSecretsToKeys, readASCII, readLabel, tai64nLabelFromUTC, tai64nLabelToUTC };
 
 //# sourceMappingURL=index.mjs.map