@lowerdeck/sign 1.0.0

package/.turbo/turbo-build.log

@@ -0,0 +1,13 @@
+
+$ microbundle
+No name was provided for external module '@lowerdeck/base62' in output.globals – guessing 'base62'
+No name was provided for external module '@lowerdeck/id' in output.globals – guessing 'id'
+Build "@lowerdeck/sign" to dist:
+        683 B: index.cjs.gz
+        608 B: index.cjs.br
+        581 B: index.modern.js.gz
+        532 B: index.modern.js.br
+        694 B: index.module.js.gz
+        628 B: index.module.js.br
+        776 B: index.umd.js.gz
+        700 B: index.umd.js.br

package/.turbo/turbo-test.log

@@ -0,0 +1,73 @@
+
+$ vitest run --passWithNoTests
+[?25l
+ RUN  v3.2.4 /Users/tobias/code/metorial/metorial-enterprise/oss/src/packages/backend/sign
+
+[?2026h
+ ❯ src/sign.test.ts [queued]
+
+ Test Files 0 passed (1)
+      Tests 0 passed (0)
+   Start at 10:23:52
+   Duration 101ms
+[?2026l[?2026h
+ ❯ src/sign.test.ts 1/4
+
+ Test Files 0 passed (1)
+      Tests 1 passed (4)
+   Start at 10:23:52
+   Duration 306ms
+[?2026l[?2026h
+ ❯ src/sign.test.ts 1/4
+
+ Test Files 0 passed (1)
+      Tests 1 passed (4)
+   Start at 10:23:52
+   Duration 910ms
+[?2026l[?2026h
+ ❯ src/sign.test.ts 1/4
+
+ Test Files 0 passed (1)
+      Tests 1 passed (4)
+   Start at 10:23:52
+   Duration 1.92s
+[?2026l[?2026h
+ ❯ src/sign.test.ts 2/4
+
+ Test Files 0 passed (1)
+      Tests 2 passed (4)
+   Start at 10:23:52
+   Duration 2.22s
+[?2026l[?2026h
+ ❯ src/sign.test.ts 2/4
+
+ Test Files 0 passed (1)
+      Tests 2 passed (4)
+   Start at 10:23:52
+   Duration 2.93s
+[?2026l[?2026h
+ ❯ src/sign.test.ts 2/4
+
+ Test Files 0 passed (1)
+      Tests 2 passed (4)
+   Start at 10:23:52
+   Duration 3.94s
+[?2026l[?2026h
+ ❯ src/sign.test.ts 3/4
+
+ Test Files 0 passed (1)
+      Tests 3 passed (4)
+   Start at 10:23:52
+   Duration 4.24s
+[?2026l ✓ src/sign.test.ts (4 tests) 4008ms
+   ✓ sign > sign + verify 3ms
+   ✓ sign > expired  2002ms
+   ✓ sign > acceptExpired  2003ms
+   ✓ sign > start with prefix 0ms
+
+ Test Files  1 passed (1)
+      Tests  4 passed (4)
+   Start at  10:23:52
+   Duration  4.31s (transform 77ms, setup 0ms, collect 96ms, tests 4.01s, environment 0ms, prepare 53ms)
+
+[?25h

package/README.md

@@ -0,0 +1,59 @@
+# `@lowerdeck/sign`
+
+HMAC signing and verification with expiration support. Uses HMAC-SHA512 and base62 encoding for secure, compact signatures.
+
+## Installation
+
+```bash
+npm install @lowerdeck/sign
+yarn add @lowerdeck/sign
+bun add @lowerdeck/sign
+pnpm add @lowerdeck/sign
+```
+
+## Usage
+
+### With Expiration
+
+```typescript
+import { signature } from '@lowerdeck/sign';
+
+const signer = signature({
+  prefix: 'token',
+  expirationMs: 3600000, // 1 hour
+  key: 'your-secret-key'
+});
+
+// Sign data with expiration
+const signed = await signer.sign('user-123');
+console.log(signed); // 'token_xyz123abc...'
+
+// Verify signature
+const verified = await signer.verify(signed);
+if (verified) {
+  console.log('Valid signature');
+} else {
+  console.log('Invalid or expired signature');
+}
+```
+
+### Without Expiration
+
+```typescript
+import { signatureBasic } from '@lowerdeck/sign';
+
+// Simple signing without expiration
+const signed = await signatureBasic.sign('data', 'secret-key');
+console.log(signed); // 'data.xyz123abc...'
+
+const isValid = await signatureBasic.verify(signed, 'secret-key');
+console.log(isValid); // true
+```
+
+## License
+
+This project is licensed under the Apache License 2.0.
+
+<div align="center">
+  <sub>Built with ❤️ by <a href="https://metorial.com">Metorial</a></sub>
+</div>

package/dist/index.cjs

@@ -0,0 +1,2 @@
+var e=require("@lowerdeck/base62"),r=require("@lowerdeck/id"),t=new Map,n=function(e){try{if(t.has(e))return Promise.resolve(t.get(e));var r=(new TextEncoder).encode(e);return Promise.resolve(crypto.subtle.importKey("raw",r,{name:"HMAC",hash:"SHA-512"},!0,["sign","verify"])).then(function(r){return t.set(e,r),r})}catch(e){return Promise.reject(e)}},i=function(e){return parseInt(e,36)},o=function(e){return(new TextEncoder).encode(e)},s={sign:function(r,t){try{var i=crypto.subtle,s=i.sign;return Promise.resolve(n(t)).then(function(t){return Promise.resolve(s.call(i,"HMAC",t,o(r))).then(function(r){return e.base62.encode(new Uint8Array(r))})})}catch(e){return Promise.reject(e)}},verify:function(r,t,i){try{var s=e.base62.decodeRaw(t),c=crypto.subtle,u=c.verify;return Promise.resolve(n(i)).then(function(e){return u.call(c,"HMAC",e,s,o(r))})}catch(e){return Promise.reject(e)}}};exports.signature=function(t){return{sign:function(i){var s=i.data,c=i.expirationMs,u=void 0===c?t.expirationMs:c;try{return Promise.resolve(n(t.key)).then(function(n){var i=Date.now()+u,c=r.generatePlainId(10),a=JSON.stringify([c,s,i]);return Promise.resolve(crypto.subtle.sign("HMAC",n,o(a))).then(function(r){var n=e.base62.encode(new Uint8Array(r));return""+t.prefix+n+"_"+function(e){return e.toString(36)}(i)+"_"+c})})}catch(e){return Promise.reject(e)}},verify:function(r){var s=r.data,c=r.signature,u=r.acceptExpired,a=void 0!==u&&u;try{return Promise.resolve(n(t.key)).then(function(r){var n=c.slice(t.prefix.length).split("_"),u=n[1],f=n[2],v=e.base62.decodeRaw(n[0]),l=JSON.stringify([f,s,i(u)]);return Promise.resolve(crypto.subtle.verify("HMAC",r,v,o(l))).then(function(e){return!!e&&(!!a||Date.now()<i(u))})})}catch(e){return Promise.reject(e)}}}},exports.signatureBasic=s;
+//# sourceMappingURL=index.cjs.map

package/dist/index.cjs.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.cjs","sources":["../src/sign.ts"],"sourcesContent":["import { base62 } from '@lowerdeck/base62';\nimport { generatePlainId } from '@lowerdeck/id';\n\nlet importedKeys = new Map<string, CryptoKey>();\nlet importKey = async (keyStr: string) => {\n  if (importedKeys.has(keyStr)) return importedKeys.get(keyStr)!;\n\n  let encoder = new TextEncoder();\n  let secretKeyData = encoder.encode(keyStr);\n  let ck = await crypto.subtle.importKey(\n    'raw',\n    secretKeyData,\n    { name: 'HMAC', hash: 'SHA-512' },\n    true,\n    ['sign', 'verify']\n  );\n\n  importedKeys.set(keyStr, ck);\n\n  return ck;\n};\n\nlet exp = {\n  stringify: (expiry: number) => expiry.toString(36),\n  parse: (expiry: string) => parseInt(expiry, 36)\n};\n\nlet encode = (data: string) => new TextEncoder().encode(data);\n\nexport let signature = (opts: { prefix: string; expirationMs: number; key: string }) => ({\n  sign: async ({\n    data,\n    expirationMs = opts.expirationMs\n  }: {\n    data: string;\n\n    expirationMs?: number;\n  }) => {\n    let key = await importKey(opts.key);\n    let expiry = Date.now() + expirationMs;\n\n    let id = generatePlainId(10);\n\n    let dataToAuthenticate = JSON.stringify([id, data, expiry]);\n    let signature = await crypto.subtle.sign('HMAC', key, encode(dataToAuthenticate));\n\n    let hmac = base62.encode(new Uint8Array(signature));\n\n    return `${opts.prefix}${hmac}_${exp.stringify(expiry)}_${id}`;\n  },\n\n  verify: async ({\n    data,\n    signature,\n    acceptExpired = false\n  }: {\n    data: string;\n    signature: string;\n    acceptExpired?: boolean;\n  }) => {\n    let key = await importKey(opts.key);\n\n    let sigStr = signature.slice(opts.prefix.length);\n    let [encodedHmac, expiry, id] = sigStr.split('_');\n\n    let hmac = base62.decodeRaw(encodedHmac);\n\n    let dataToAuthenticate = JSON.stringify([id, data, exp.parse(expiry)]);\n\n    let isValid = await crypto.subtle.verify('HMAC', key, hmac, encode(dataToAuthenticate));\n\n    if (!isValid) return false;\n    if (acceptExpired) return true;\n\n    return Date.now() < exp.parse(expiry);\n  }\n});\n\nexport let signatureBasic = {\n  sign: async (data: string, key: string) => {\n    let signature = await crypto.subtle.sign('HMAC', await importKey(key), encode(data));\n    let hmac = base62.encode(new Uint8Array(signature));\n    return hmac;\n  },\n\n  verify: async (data: string, signature: string, key: string) => {\n    let hmac = base62.decodeRaw(signature);\n    return crypto.subtle.verify('HMAC', await importKey(key), hmac, encode(data));\n  }\n};\n"],"names":["importedKeys","Map","importKey","keyStr","has","Promise","resolve","get","secretKeyData","TextEncoder","encode","crypto","subtle","name","hash","then","ck","set","e","reject","exp","expiry","parseInt","data","signatureBasic","sign","key","_crypto$subtle","_sign","_importKey","call","signature","base62","Uint8Array","verify","hmac","decodeRaw","_crypto$subtle2","_verify","_importKey2","opts","_ref","_ref$expirationMs","expirationMs","Date","now","id","generatePlainId","dataToAuthenticate","JSON","stringify","prefix","toString","_ref2","_ref2$acceptExpired","acceptExpired","_sigStr$split","slice","length","split","isValid"],"mappings":"8DAGIA,EAAe,IAAIC,IACnBC,EAAS,SAAUC,GAAkB,IACvC,GAAIH,EAAaI,IAAID,GAAS,OAAAE,QAAAC,QAAON,EAAaO,IAAIJ,IAEtD,IACIK,GADU,IAAIC,aACUC,OAAOP,GAAQ,OAAAE,QAAAC,QAC5BK,OAAOC,OAAOV,UAC3B,MACAM,EACA,CAAEK,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,OAAQ,YACVC,cANGC,GAUJ,OAFAhB,EAAaiB,IAAId,EAAQa,GAElBA,CAAG,EACZ,CAAC,MAAAE,UAAAb,QAAAc,OAAAD,KAEGE,EAEK,SAACC,GAAc,OAAKC,SAASD,EAAQ,GAAG,EAG7CX,EAAS,SAACa,UAAqB,IAAAd,aAAcC,OAAOa,EAAK,EAmDlDC,EAAiB,CAC1BC,cAAaF,EAAcG,GAAW,QAAIC,EAClBhB,OAAOC,OAAMgB,EAAbD,EAAcF,KAAIpB,OAAAA,QAAAC,QAAeJ,EAAUwB,IAAIX,KAAAc,SAAAA,GAAAxB,OAAAA,QAAAC,QAAAsB,EAAAE,KAAAH,EAA5B,OAAME,EAAwBnB,EAAOa,KAAKR,KAAA,SAA/EgB,GAEJ,OADWC,SAAOtB,OAAO,IAAIuB,WAAWF,GAC5B,EAAA,EACd,CAAC,MAAAb,GAAAb,OAAAA,QAAAc,OAAAD,EAEDgB,CAAAA,EAAAA,OAAMA,SAASX,EAAcQ,EAAmBL,GAAW,IACzD,IAAIS,EAAOH,SAAOI,UAAUL,GAAWM,EAChC1B,OAAOC,OAAM0B,EAAbD,EAAcH,OAAM,OAAA7B,QAAAC,QAAeJ,EAAUwB,IAAIX,KAAA,SAAAwB,GAAxD,OAAAD,EAAAR,KAAAO,EAA4B,OAAME,EAAwBJ,EAAMzB,EAAOa,GAAO,EAChF,CAAC,MAAAL,UAAAb,QAAAc,OAAAD,wBA3DoB,SAACsB,GAAiE,MAAA,CACvFf,KAAIA,SAAAgB,GACF,IAAAlB,EAAIkB,EAAJlB,KAAImB,EAAAD,EACJE,aAAAA,OAAY,IAAAD,EAAGF,EAAKG,aAAYD,EAAA,IAK7BrC,OAAAA,QAAAC,QACaJ,EAAUsC,EAAKd,MAAIX,cAA/BW,GACJ,IAAIL,EAASuB,KAAKC,MAAQF,EAEtBG,EAAKC,EAAAA,gBAAgB,IAErBC,EAAqBC,KAAKC,UAAU,CAACJ,EAAIvB,EAAMF,IAAS,OAAAhB,QAAAC,QACtCK,OAAOC,OAAOa,KAAK,OAAQC,EAAKhB,EAAOsC,KAAoBjC,KAAA,SAA7EgB,GAEJ,IAAII,EAAOH,EAAMA,OAACtB,OAAO,IAAIuB,WAAWF,IAExC,MAAA,GAAUS,EAAKW,OAAShB,MAzBf,SAACd,GAAc,OAAKA,EAAO+B,SAAS,GAAG,CAyBhBhC,CAAcC,GAAWyB,IAAAA,CAAK,EAChE,EAAA,CAAC,MAAA5B,GAAA,OAAAb,QAAAc,OAAAD,EAAA,CAAA,EAEDgB,OAAM,SAAAmB,GAAA,IACJ9B,EAAI8B,EAAJ9B,KACAQ,EAASsB,EAATtB,UAASuB,EAAAD,EACTE,cAAAA,OAAgB,IAAHD,GAAQA,EAAA,IAKlBjD,OAAAA,QAAAC,QACaJ,EAAUsC,EAAKd,MAAIX,cAA/BW,GAEJ,IACA8B,EADazB,EAAU0B,MAAMjB,EAAKW,OAAOO,QACFC,MAAM,KAA3BtC,EAAMmC,EAAA,GAAEV,EAAEU,KAExBrB,EAAOH,EAAAA,OAAOI,UAFFoB,EAAEnC,IAId2B,EAAqBC,KAAKC,UAAU,CAACJ,EAAIvB,EAAMH,EAAUC,KAAU,OAAAhB,QAAAC,QAEnDK,OAAOC,OAAOsB,OAAO,OAAQR,EAAKS,EAAMzB,EAAOsC,KAAoBjC,KAAnF6C,SAAAA,WAECA,MACDL,GAEGX,KAAKC,MAAQzB,EAAUC,GAHJ,IAI5B,CAAC,MAAAH,GAAAb,OAAAA,QAAAc,OAAAD,EAAA,CAAA,EACF"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from './sign';
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,QAAQ,CAAC"}

package/dist/index.modern.js

@@ -0,0 +1,2 @@
+import{base62 as e}from"@lowerdeck/base62";import{generatePlainId as t}from"@lowerdeck/id";let r=new Map,a=async e=>{if(r.has(e))return r.get(e);let t=(new TextEncoder).encode(e),a=await crypto.subtle.importKey("raw",t,{name:"HMAC",hash:"SHA-512"},!0,["sign","verify"]);return r.set(e,a),a},i=e=>parseInt(e,36),n=e=>(new TextEncoder).encode(e),s=r=>({sign:async({data:i,expirationMs:s=r.expirationMs})=>{let o=await a(r.key),c=Date.now()+s,y=t(10),w=JSON.stringify([y,i,c]),p=await crypto.subtle.sign("HMAC",o,n(w)),d=e.encode(new Uint8Array(p));return`${r.prefix}${d}_${(e=>e.toString(36))(c)}_${y}`},verify:async({data:t,signature:s,acceptExpired:o=!1})=>{let c=await a(r.key),y=s.slice(r.prefix.length),[w,p,d]=y.split("_"),l=e.decodeRaw(w),f=JSON.stringify([d,t,i(p)]);return!!await crypto.subtle.verify("HMAC",c,l,n(f))&&(!!o||Date.now()<i(p))}}),o={sign:async(t,r)=>{let i=await crypto.subtle.sign("HMAC",await a(r),n(t));return e.encode(new Uint8Array(i))},verify:async(t,r,i)=>{let s=e.decodeRaw(r);return crypto.subtle.verify("HMAC",await a(i),s,n(t))}};export{s as signature,o as signatureBasic};
+//# sourceMappingURL=index.modern.js.map

package/dist/index.modern.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.modern.js","sources":["../src/sign.ts"],"sourcesContent":["import { base62 } from '@lowerdeck/base62';\nimport { generatePlainId } from '@lowerdeck/id';\n\nlet importedKeys = new Map<string, CryptoKey>();\nlet importKey = async (keyStr: string) => {\n  if (importedKeys.has(keyStr)) return importedKeys.get(keyStr)!;\n\n  let encoder = new TextEncoder();\n  let secretKeyData = encoder.encode(keyStr);\n  let ck = await crypto.subtle.importKey(\n    'raw',\n    secretKeyData,\n    { name: 'HMAC', hash: 'SHA-512' },\n    true,\n    ['sign', 'verify']\n  );\n\n  importedKeys.set(keyStr, ck);\n\n  return ck;\n};\n\nlet exp = {\n  stringify: (expiry: number) => expiry.toString(36),\n  parse: (expiry: string) => parseInt(expiry, 36)\n};\n\nlet encode = (data: string) => new TextEncoder().encode(data);\n\nexport let signature = (opts: { prefix: string; expirationMs: number; key: string }) => ({\n  sign: async ({\n    data,\n    expirationMs = opts.expirationMs\n  }: {\n    data: string;\n\n    expirationMs?: number;\n  }) => {\n    let key = await importKey(opts.key);\n    let expiry = Date.now() + expirationMs;\n\n    let id = generatePlainId(10);\n\n    let dataToAuthenticate = JSON.stringify([id, data, expiry]);\n    let signature = await crypto.subtle.sign('HMAC', key, encode(dataToAuthenticate));\n\n    let hmac = base62.encode(new Uint8Array(signature));\n\n    return `${opts.prefix}${hmac}_${exp.stringify(expiry)}_${id}`;\n  },\n\n  verify: async ({\n    data,\n    signature,\n    acceptExpired = false\n  }: {\n    data: string;\n    signature: string;\n    acceptExpired?: boolean;\n  }) => {\n    let key = await importKey(opts.key);\n\n    let sigStr = signature.slice(opts.prefix.length);\n    let [encodedHmac, expiry, id] = sigStr.split('_');\n\n    let hmac = base62.decodeRaw(encodedHmac);\n\n    let dataToAuthenticate = JSON.stringify([id, data, exp.parse(expiry)]);\n\n    let isValid = await crypto.subtle.verify('HMAC', key, hmac, encode(dataToAuthenticate));\n\n    if (!isValid) return false;\n    if (acceptExpired) return true;\n\n    return Date.now() < exp.parse(expiry);\n  }\n});\n\nexport let signatureBasic = {\n  sign: async (data: string, key: string) => {\n    let signature = await crypto.subtle.sign('HMAC', await importKey(key), encode(data));\n    let hmac = base62.encode(new Uint8Array(signature));\n    return hmac;\n  },\n\n  verify: async (data: string, signature: string, key: string) => {\n    let hmac = base62.decodeRaw(signature);\n    return crypto.subtle.verify('HMAC', await importKey(key), hmac, encode(data));\n  }\n};\n"],"names":["importedKeys","Map","importKey","async","has","keyStr","get","secretKeyData","TextEncoder","encode","ck","crypto","subtle","name","hash","set","exp","expiry","parseInt","data","signature","opts","sign","expirationMs","key","Date","now","id","generatePlainId","dataToAuthenticate","JSON","stringify","hmac","base62","Uint8Array","prefix","toString","verify","acceptExpired","sigStr","slice","length","encodedHmac","split","decodeRaw","signatureBasic"],"mappings":"2FAGA,IAAIA,EAAe,IAAIC,IACnBC,EAAYC,UACd,GAAIH,EAAaI,IAAIC,GAAS,OAAOL,EAAaM,IAAID,GAEtD,IACIE,GADU,IAAIC,aACUC,OAAOJ,GAC/BK,QAAWC,OAAOC,OAAOV,UAC3B,MACAK,EACA,CAAEM,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,OAAQ,WAKX,OAFAd,EAAae,IAAIV,EAAQK,GAElBA,GAGLM,EAEMC,GAAmBC,SAASD,EAAQ,IAG1CR,EAAUU,IAAiB,IAAIX,aAAcC,OAAOU,GAE7CC,EAAaC,IAAiE,CACvFC,KAAMnB,OACJgB,OACAI,aAAAA,EAAeF,EAAKE,iBAMpB,IAAIC,QAAYtB,EAAUmB,EAAKG,KAC3BP,EAASQ,KAAKC,MAAQH,EAEtBI,EAAKC,EAAgB,IAErBC,EAAqBC,KAAKC,UAAU,CAACJ,EAAIR,EAAMF,IAC/CG,QAAkBT,OAAOC,OAAOU,KAAK,OAAQE,EAAKf,EAAOoB,IAEzDG,EAAOC,EAAOxB,OAAO,IAAIyB,WAAWd,IAExC,MAAO,GAAGC,EAAKc,SAASH,KAzBdf,IAAmBA,EAAOmB,SAAS,IAyBbpB,CAAcC,MAAWU,KAG3DU,OAAQlC,OACNgB,OACAC,YACAkB,cAAAA,GAAgB,MAMhB,IAAId,QAAYtB,EAAUmB,EAAKG,KAE3Be,EAASnB,EAAUoB,MAAMnB,EAAKc,OAAOM,SACpCC,EAAazB,EAAQU,GAAMY,EAAOI,MAAM,KAEzCX,EAAOC,EAAOW,UAAUF,GAExBb,EAAqBC,KAAKC,UAAU,CAACJ,EAAIR,EAAMH,EAAUC,KAI7D,cAFoBN,OAAOC,OAAOyB,OAAO,OAAQb,EAAKQ,EAAMvB,EAAOoB,QAG/DS,GAEGb,KAAKC,MAAQV,EAAUC,OAIvB4B,EAAiB,CAC1BvB,KAAMnB,MAAOgB,EAAcK,KACzB,IAAIJ,QAAkBT,OAAOC,OAAOU,KAAK,aAAcpB,EAAUsB,GAAMf,EAAOU,IAE9E,OADWc,EAAOxB,OAAO,IAAIyB,WAAWd,KAI1CiB,OAAQlC,MAAOgB,EAAcC,EAAmBI,KAC9C,IAAIQ,EAAOC,EAAOW,UAAUxB,GAC5B,OAAOT,OAAOC,OAAOyB,OAAO,aAAcnC,EAAUsB,GAAMQ,EAAMvB,EAAOU"}

package/dist/index.module.js

@@ -0,0 +1,2 @@
+import{base62 as e}from"@lowerdeck/base62";import{generatePlainId as r}from"@lowerdeck/id";var t=new Map,n=function(e){try{if(t.has(e))return Promise.resolve(t.get(e));var r=(new TextEncoder).encode(e);return Promise.resolve(crypto.subtle.importKey("raw",r,{name:"HMAC",hash:"SHA-512"},!0,["sign","verify"])).then(function(r){return t.set(e,r),r})}catch(e){return Promise.reject(e)}},o=function(e){return parseInt(e,36)},i=function(e){return(new TextEncoder).encode(e)},c=function(t){return{sign:function(o){var c=o.data,u=o.expirationMs,s=void 0===u?t.expirationMs:u;try{return Promise.resolve(n(t.key)).then(function(n){var o=Date.now()+s,u=r(10),a=JSON.stringify([u,c,o]);return Promise.resolve(crypto.subtle.sign("HMAC",n,i(a))).then(function(r){var n=e.encode(new Uint8Array(r));return""+t.prefix+n+"_"+function(e){return e.toString(36)}(o)+"_"+u})})}catch(e){return Promise.reject(e)}},verify:function(r){var c=r.data,u=r.signature,s=r.acceptExpired,a=void 0!==s&&s;try{return Promise.resolve(n(t.key)).then(function(r){var n=u.slice(t.prefix.length).split("_"),s=n[1],f=n[2],v=e.decodeRaw(n[0]),l=JSON.stringify([f,c,o(s)]);return Promise.resolve(crypto.subtle.verify("HMAC",r,v,i(l))).then(function(e){return!!e&&(!!a||Date.now()<o(s))})})}catch(e){return Promise.reject(e)}}}},u={sign:function(r,t){try{var o=crypto.subtle,c=o.sign;return Promise.resolve(n(t)).then(function(t){return Promise.resolve(c.call(o,"HMAC",t,i(r))).then(function(r){return e.encode(new Uint8Array(r))})})}catch(e){return Promise.reject(e)}},verify:function(r,t,o){try{var c=e.decodeRaw(t),u=crypto.subtle,s=u.verify;return Promise.resolve(n(o)).then(function(e){return s.call(u,"HMAC",e,c,i(r))})}catch(e){return Promise.reject(e)}}};export{c as signature,u as signatureBasic};
+//# sourceMappingURL=index.module.js.map

package/dist/index.module.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.module.js","sources":["../src/sign.ts"],"sourcesContent":["import { base62 } from '@lowerdeck/base62';\nimport { generatePlainId } from '@lowerdeck/id';\n\nlet importedKeys = new Map<string, CryptoKey>();\nlet importKey = async (keyStr: string) => {\n  if (importedKeys.has(keyStr)) return importedKeys.get(keyStr)!;\n\n  let encoder = new TextEncoder();\n  let secretKeyData = encoder.encode(keyStr);\n  let ck = await crypto.subtle.importKey(\n    'raw',\n    secretKeyData,\n    { name: 'HMAC', hash: 'SHA-512' },\n    true,\n    ['sign', 'verify']\n  );\n\n  importedKeys.set(keyStr, ck);\n\n  return ck;\n};\n\nlet exp = {\n  stringify: (expiry: number) => expiry.toString(36),\n  parse: (expiry: string) => parseInt(expiry, 36)\n};\n\nlet encode = (data: string) => new TextEncoder().encode(data);\n\nexport let signature = (opts: { prefix: string; expirationMs: number; key: string }) => ({\n  sign: async ({\n    data,\n    expirationMs = opts.expirationMs\n  }: {\n    data: string;\n\n    expirationMs?: number;\n  }) => {\n    let key = await importKey(opts.key);\n    let expiry = Date.now() + expirationMs;\n\n    let id = generatePlainId(10);\n\n    let dataToAuthenticate = JSON.stringify([id, data, expiry]);\n    let signature = await crypto.subtle.sign('HMAC', key, encode(dataToAuthenticate));\n\n    let hmac = base62.encode(new Uint8Array(signature));\n\n    return `${opts.prefix}${hmac}_${exp.stringify(expiry)}_${id}`;\n  },\n\n  verify: async ({\n    data,\n    signature,\n    acceptExpired = false\n  }: {\n    data: string;\n    signature: string;\n    acceptExpired?: boolean;\n  }) => {\n    let key = await importKey(opts.key);\n\n    let sigStr = signature.slice(opts.prefix.length);\n    let [encodedHmac, expiry, id] = sigStr.split('_');\n\n    let hmac = base62.decodeRaw(encodedHmac);\n\n    let dataToAuthenticate = JSON.stringify([id, data, exp.parse(expiry)]);\n\n    let isValid = await crypto.subtle.verify('HMAC', key, hmac, encode(dataToAuthenticate));\n\n    if (!isValid) return false;\n    if (acceptExpired) return true;\n\n    return Date.now() < exp.parse(expiry);\n  }\n});\n\nexport let signatureBasic = {\n  sign: async (data: string, key: string) => {\n    let signature = await crypto.subtle.sign('HMAC', await importKey(key), encode(data));\n    let hmac = base62.encode(new Uint8Array(signature));\n    return hmac;\n  },\n\n  verify: async (data: string, signature: string, key: string) => {\n    let hmac = base62.decodeRaw(signature);\n    return crypto.subtle.verify('HMAC', await importKey(key), hmac, encode(data));\n  }\n};\n"],"names":["importedKeys","Map","importKey","keyStr","has","Promise","resolve","get","secretKeyData","TextEncoder","encode","crypto","subtle","name","hash","then","ck","set","e","reject","exp","expiry","parseInt","data","signature","opts","sign","_ref","_ref$expirationMs","expirationMs","key","Date","now","id","generatePlainId","dataToAuthenticate","JSON","stringify","hmac","base62","Uint8Array","prefix","toString","verify","_ref2","_ref2$acceptExpired","acceptExpired","_sigStr$split","slice","length","split","decodeRaw","isValid","signatureBasic","_crypto$subtle","_sign","_importKey","call","_crypto$subtle2","_verify","_importKey2"],"mappings":"2FAGA,IAAIA,EAAe,IAAIC,IACnBC,EAAS,SAAUC,GAAkB,IACvC,GAAIH,EAAaI,IAAID,GAAS,OAAAE,QAAAC,QAAON,EAAaO,IAAIJ,IAEtD,IACIK,GADU,IAAIC,aACUC,OAAOP,GAAQ,OAAAE,QAAAC,QAC5BK,OAAOC,OAAOV,UAC3B,MACAM,EACA,CAAEK,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,OAAQ,YACVC,cANGC,GAUJ,OAFAhB,EAAaiB,IAAId,EAAQa,GAElBA,CAAG,EACZ,CAAC,MAAAE,UAAAb,QAAAc,OAAAD,KAEGE,EAEK,SAACC,GAAc,OAAKC,SAASD,EAAQ,GAAG,EAG7CX,EAAS,SAACa,UAAqB,IAAAd,aAAcC,OAAOa,EAAK,EAElDC,EAAY,SAACC,GAAiE,MAAA,CACvFC,KAAIA,SAAAC,GACF,IAAAJ,EAAII,EAAJJ,KAAIK,EAAAD,EACJE,aAAAA,OAAY,IAAAD,EAAGH,EAAKI,aAAYD,EAAA,IAK7BvB,OAAAA,QAAAC,QACaJ,EAAUuB,EAAKK,MAAIf,cAA/Be,GACJ,IAAIT,EAASU,KAAKC,MAAQH,EAEtBI,EAAKC,EAAgB,IAErBC,EAAqBC,KAAKC,UAAU,CAACJ,EAAIV,EAAMF,IAAS,OAAAhB,QAAAC,QACtCK,OAAOC,OAAOc,KAAK,OAAQI,EAAKpB,EAAOyB,KAAoBpB,KAAA,SAA7ES,GAEJ,IAAIc,EAAOC,EAAO7B,OAAO,IAAI8B,WAAWhB,IAExC,MAAA,GAAUC,EAAKgB,OAASH,MAzBf,SAACjB,GAAc,OAAKA,EAAOqB,SAAS,GAAG,CAyBhBtB,CAAcC,GAAWY,IAAAA,CAAK,EAChE,EAAA,CAAC,MAAAf,GAAA,OAAAb,QAAAc,OAAAD,EAAA,CAAA,EAEDyB,OAAM,SAAAC,GAAA,IACJrB,EAAIqB,EAAJrB,KACAC,EAASoB,EAATpB,UAASqB,EAAAD,EACTE,cAAAA,OAAgB,IAAHD,GAAQA,EAAA,IAKlBxC,OAAAA,QAAAC,QACaJ,EAAUuB,EAAKK,MAAIf,cAA/Be,GAEJ,IACAiB,EADavB,EAAUwB,MAAMvB,EAAKgB,OAAOQ,QACFC,MAAM,KAA3B7B,EAAM0B,EAAA,GAAEd,EAAEc,KAExBT,EAAOC,EAAOY,UAFFJ,EAAE1B,IAIdc,EAAqBC,KAAKC,UAAU,CAACJ,EAAIV,EAAMH,EAAUC,KAAU,OAAAhB,QAAAC,QAEnDK,OAAOC,OAAO+B,OAAO,OAAQb,EAAKQ,EAAM5B,EAAOyB,KAAoBpB,KAAnFqC,SAAAA,WAECA,MACDN,GAEGf,KAAKC,MAAQZ,EAAUC,GAHJ,IAI5B,CAAC,MAAAH,GAAAb,OAAAA,QAAAc,OAAAD,EAAA,CAAA,EACF,EAEUmC,EAAiB,CAC1B3B,cAAaH,EAAcO,GAAW,QAAIwB,EAClB3C,OAAOC,OAAM2C,EAAbD,EAAc5B,KAAIrB,OAAAA,QAAAC,QAAeJ,EAAU4B,IAAIf,KAAAyC,SAAAA,GAAAnD,OAAAA,QAAAC,QAAAiD,EAAAE,KAAAH,EAA5B,OAAME,EAAwB9C,EAAOa,KAAKR,KAAA,SAA/ES,GAEJ,OADWe,EAAO7B,OAAO,IAAI8B,WAAWhB,GAC5B,EAAA,EACd,CAAC,MAAAN,GAAAb,OAAAA,QAAAc,OAAAD,EAEDyB,CAAAA,EAAAA,OAAMA,SAASpB,EAAcC,EAAmBM,GAAW,IACzD,IAAIQ,EAAOC,EAAOY,UAAU3B,GAAWkC,EAChC/C,OAAOC,OAAM+C,EAAbD,EAAcf,OAAM,OAAAtC,QAAAC,QAAeJ,EAAU4B,IAAIf,KAAA,SAAA6C,GAAxD,OAAAD,EAAAF,KAAAC,EAA4B,OAAME,EAAwBtB,EAAM5B,EAAOa,GAAO,EAChF,CAAC,MAAAL,UAAAb,QAAAc,OAAAD"}

package/dist/index.umd.js

@@ -0,0 +1,2 @@
+!function(e,r){"object"==typeof exports&&"undefined"!=typeof module?r(exports,require("@lowerdeck/base62"),require("@lowerdeck/id")):"function"==typeof define&&define.amd?define(["exports","@lowerdeck/base62","@lowerdeck/id"],r):r((e||self).sign={},e.base62,e.id)}(this,function(e,r,n){var t=new Map,i=function(e){try{if(t.has(e))return Promise.resolve(t.get(e));var r=(new TextEncoder).encode(e);return Promise.resolve(crypto.subtle.importKey("raw",r,{name:"HMAC",hash:"SHA-512"},!0,["sign","verify"])).then(function(r){return t.set(e,r),r})}catch(e){return Promise.reject(e)}},o=function(e){return parseInt(e,36)},s=function(e){return(new TextEncoder).encode(e)},c={sign:function(e,n){try{var t=crypto.subtle,o=t.sign;return Promise.resolve(i(n)).then(function(n){return Promise.resolve(o.call(t,"HMAC",n,s(e))).then(function(e){return r.base62.encode(new Uint8Array(e))})})}catch(e){return Promise.reject(e)}},verify:function(e,n,t){try{var o=r.base62.decodeRaw(n),c=crypto.subtle,u=c.verify;return Promise.resolve(i(t)).then(function(r){return u.call(c,"HMAC",r,o,s(e))})}catch(e){return Promise.reject(e)}}};e.signature=function(e){return{sign:function(t){var o=t.data,c=t.expirationMs,u=void 0===c?e.expirationMs:c;try{return Promise.resolve(i(e.key)).then(function(t){var i=Date.now()+u,c=n.generatePlainId(10),a=JSON.stringify([c,o,i]);return Promise.resolve(crypto.subtle.sign("HMAC",t,s(a))).then(function(n){var t=r.base62.encode(new Uint8Array(n));return""+e.prefix+t+"_"+function(e){return e.toString(36)}(i)+"_"+c})})}catch(e){return Promise.reject(e)}},verify:function(n){var t=n.data,c=n.signature,u=n.acceptExpired,a=void 0!==u&&u;try{return Promise.resolve(i(e.key)).then(function(n){var i=c.slice(e.prefix.length).split("_"),u=i[1],f=i[2],d=r.base62.decodeRaw(i[0]),l=JSON.stringify([f,t,o(u)]);return Promise.resolve(crypto.subtle.verify("HMAC",n,d,s(l))).then(function(e){return!!e&&(!!a||Date.now()<o(u))})})}catch(e){return Promise.reject(e)}}}},e.signatureBasic=c});
+//# sourceMappingURL=index.umd.js.map

package/dist/index.umd.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.umd.js","sources":["../src/sign.ts"],"sourcesContent":["import { base62 } from '@lowerdeck/base62';\nimport { generatePlainId } from '@lowerdeck/id';\n\nlet importedKeys = new Map<string, CryptoKey>();\nlet importKey = async (keyStr: string) => {\n  if (importedKeys.has(keyStr)) return importedKeys.get(keyStr)!;\n\n  let encoder = new TextEncoder();\n  let secretKeyData = encoder.encode(keyStr);\n  let ck = await crypto.subtle.importKey(\n    'raw',\n    secretKeyData,\n    { name: 'HMAC', hash: 'SHA-512' },\n    true,\n    ['sign', 'verify']\n  );\n\n  importedKeys.set(keyStr, ck);\n\n  return ck;\n};\n\nlet exp = {\n  stringify: (expiry: number) => expiry.toString(36),\n  parse: (expiry: string) => parseInt(expiry, 36)\n};\n\nlet encode = (data: string) => new TextEncoder().encode(data);\n\nexport let signature = (opts: { prefix: string; expirationMs: number; key: string }) => ({\n  sign: async ({\n    data,\n    expirationMs = opts.expirationMs\n  }: {\n    data: string;\n\n    expirationMs?: number;\n  }) => {\n    let key = await importKey(opts.key);\n    let expiry = Date.now() + expirationMs;\n\n    let id = generatePlainId(10);\n\n    let dataToAuthenticate = JSON.stringify([id, data, expiry]);\n    let signature = await crypto.subtle.sign('HMAC', key, encode(dataToAuthenticate));\n\n    let hmac = base62.encode(new Uint8Array(signature));\n\n    return `${opts.prefix}${hmac}_${exp.stringify(expiry)}_${id}`;\n  },\n\n  verify: async ({\n    data,\n    signature,\n    acceptExpired = false\n  }: {\n    data: string;\n    signature: string;\n    acceptExpired?: boolean;\n  }) => {\n    let key = await importKey(opts.key);\n\n    let sigStr = signature.slice(opts.prefix.length);\n    let [encodedHmac, expiry, id] = sigStr.split('_');\n\n    let hmac = base62.decodeRaw(encodedHmac);\n\n    let dataToAuthenticate = JSON.stringify([id, data, exp.parse(expiry)]);\n\n    let isValid = await crypto.subtle.verify('HMAC', key, hmac, encode(dataToAuthenticate));\n\n    if (!isValid) return false;\n    if (acceptExpired) return true;\n\n    return Date.now() < exp.parse(expiry);\n  }\n});\n\nexport let signatureBasic = {\n  sign: async (data: string, key: string) => {\n    let signature = await crypto.subtle.sign('HMAC', await importKey(key), encode(data));\n    let hmac = base62.encode(new Uint8Array(signature));\n    return hmac;\n  },\n\n  verify: async (data: string, signature: string, key: string) => {\n    let hmac = base62.decodeRaw(signature);\n    return crypto.subtle.verify('HMAC', await importKey(key), hmac, encode(data));\n  }\n};\n"],"names":["importedKeys","Map","importKey","keyStr","has","Promise","resolve","get","secretKeyData","TextEncoder","encode","crypto","subtle","name","hash","then","ck","set","e","reject","exp","expiry","parseInt","data","signatureBasic","sign","key","_crypto$subtle","_sign","_importKey","call","signature","base62","Uint8Array","verify","hmac","decodeRaw","_crypto$subtle2","_verify","_importKey2","opts","_ref","_ref$expirationMs","expirationMs","Date","now","id","generatePlainId","dataToAuthenticate","JSON","stringify","prefix","toString","_ref2","_ref2$acceptExpired","acceptExpired","_sigStr$split","slice","length","split","isValid"],"mappings":"0UAGA,IAAIA,EAAe,IAAIC,IACnBC,EAAS,SAAUC,GAAkB,IACvC,GAAIH,EAAaI,IAAID,GAAS,OAAAE,QAAAC,QAAON,EAAaO,IAAIJ,IAEtD,IACIK,GADU,IAAIC,aACUC,OAAOP,GAAQ,OAAAE,QAAAC,QAC5BK,OAAOC,OAAOV,UAC3B,MACAM,EACA,CAAEK,KAAM,OAAQC,KAAM,YACtB,EACA,CAAC,OAAQ,YACVC,cANGC,GAUJ,OAFAhB,EAAaiB,IAAId,EAAQa,GAElBA,CAAG,EACZ,CAAC,MAAAE,UAAAb,QAAAc,OAAAD,KAEGE,EAEK,SAACC,GAAc,OAAKC,SAASD,EAAQ,GAAG,EAG7CX,EAAS,SAACa,UAAqB,IAAAd,aAAcC,OAAOa,EAAK,EAmDlDC,EAAiB,CAC1BC,cAAaF,EAAcG,GAAW,QAAIC,EAClBhB,OAAOC,OAAMgB,EAAbD,EAAcF,KAAIpB,OAAAA,QAAAC,QAAeJ,EAAUwB,IAAIX,KAAAc,SAAAA,GAAAxB,OAAAA,QAAAC,QAAAsB,EAAAE,KAAAH,EAA5B,OAAME,EAAwBnB,EAAOa,KAAKR,KAAA,SAA/EgB,GAEJ,OADWC,SAAOtB,OAAO,IAAIuB,WAAWF,GAC5B,EAAA,EACd,CAAC,MAAAb,GAAAb,OAAAA,QAAAc,OAAAD,EAEDgB,CAAAA,EAAAA,OAAMA,SAASX,EAAcQ,EAAmBL,GAAW,IACzD,IAAIS,EAAOH,SAAOI,UAAUL,GAAWM,EAChC1B,OAAOC,OAAM0B,EAAbD,EAAcH,OAAM,OAAA7B,QAAAC,QAAeJ,EAAUwB,IAAIX,KAAA,SAAAwB,GAAxD,OAAAD,EAAAR,KAAAO,EAA4B,OAAME,EAAwBJ,EAAMzB,EAAOa,GAAO,EAChF,CAAC,MAAAL,UAAAb,QAAAc,OAAAD,kBA3DoB,SAACsB,GAAiE,MAAA,CACvFf,KAAIA,SAAAgB,GACF,IAAAlB,EAAIkB,EAAJlB,KAAImB,EAAAD,EACJE,aAAAA,OAAY,IAAAD,EAAGF,EAAKG,aAAYD,EAAA,IAK7BrC,OAAAA,QAAAC,QACaJ,EAAUsC,EAAKd,MAAIX,cAA/BW,GACJ,IAAIL,EAASuB,KAAKC,MAAQF,EAEtBG,EAAKC,EAAAA,gBAAgB,IAErBC,EAAqBC,KAAKC,UAAU,CAACJ,EAAIvB,EAAMF,IAAS,OAAAhB,QAAAC,QACtCK,OAAOC,OAAOa,KAAK,OAAQC,EAAKhB,EAAOsC,KAAoBjC,KAAA,SAA7EgB,GAEJ,IAAII,EAAOH,EAAMA,OAACtB,OAAO,IAAIuB,WAAWF,IAExC,MAAA,GAAUS,EAAKW,OAAShB,MAzBf,SAACd,GAAc,OAAKA,EAAO+B,SAAS,GAAG,CAyBhBhC,CAAcC,GAAWyB,IAAAA,CAAK,EAChE,EAAA,CAAC,MAAA5B,GAAA,OAAAb,QAAAc,OAAAD,EAAA,CAAA,EAEDgB,OAAM,SAAAmB,GAAA,IACJ9B,EAAI8B,EAAJ9B,KACAQ,EAASsB,EAATtB,UAASuB,EAAAD,EACTE,cAAAA,OAAgB,IAAHD,GAAQA,EAAA,IAKlBjD,OAAAA,QAAAC,QACaJ,EAAUsC,EAAKd,MAAIX,cAA/BW,GAEJ,IACA8B,EADazB,EAAU0B,MAAMjB,EAAKW,OAAOO,QACFC,MAAM,KAA3BtC,EAAMmC,EAAA,GAAEV,EAAEU,KAExBrB,EAAOH,EAAAA,OAAOI,UAFFoB,EAAEnC,IAId2B,EAAqBC,KAAKC,UAAU,CAACJ,EAAIvB,EAAMH,EAAUC,KAAU,OAAAhB,QAAAC,QAEnDK,OAAOC,OAAOsB,OAAO,OAAQR,EAAKS,EAAMzB,EAAOsC,KAAoBjC,KAAnF6C,SAAAA,WAECA,MACDL,GAEGX,KAAKC,MAAQzB,EAAUC,GAHJ,IAI5B,CAAC,MAAAH,GAAAb,OAAAA,QAAAc,OAAAD,EAAA,CAAA,EACF"}

package/dist/sign.d.ts

@@ -0,0 +1,20 @@
+export declare let signature: (opts: {
+    prefix: string;
+    expirationMs: number;
+    key: string;
+}) => {
+    sign: ({ data, expirationMs }: {
+        data: string;
+        expirationMs?: number;
+    }) => Promise<string>;
+    verify: ({ data, signature, acceptExpired }: {
+        data: string;
+        signature: string;
+        acceptExpired?: boolean;
+    }) => Promise<boolean>;
+};
+export declare let signatureBasic: {
+    sign: (data: string, key: string) => Promise<string>;
+    verify: (data: string, signature: string, key: string) => Promise<boolean>;
+};
+//# sourceMappingURL=sign.d.ts.map

package/dist/sign.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AA6BA,eAAO,IAAI,SAAS,GAAI,MAAM;IAAE,MAAM,EAAE,MAAM,CAAC;IAAC,YAAY,EAAE,MAAM,CAAC;IAAC,GAAG,EAAE,MAAM,CAAA;CAAE;mCAI9E;QACD,IAAI,EAAE,MAAM,CAAC;QAEb,YAAY,CAAC,EAAE,MAAM,CAAC;KACvB;iDAkBE;QACD,IAAI,EAAE,MAAM,CAAC;QACb,SAAS,EAAE,MAAM,CAAC;QAClB,aAAa,CAAC,EAAE,OAAO,CAAC;KACzB;CAiBD,CAAC;AAEH,eAAO,IAAI,cAAc;iBACJ,MAAM,OAAO,MAAM;mBAMjB,MAAM,aAAa,MAAM,OAAO,MAAM;CAI5D,CAAC"}

package/package.json

@@ -0,0 +1,34 @@
+{
+  "name": "@lowerdeck/sign",
+  "version": "1.0.0",
+  "publishConfig": {
+    "access": "public"
+  },
+  "author": "Tobias Herber",
+  "license": "Apache 2",
+  "type": "module",
+  "source": "src/index.ts",
+  "exports": {
+    "require": "./dist/index.cjs",
+    "default": "./dist/index.modern.js"
+  },
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.module.js",
+  "types": "dist/index.d.ts",
+  "unpkg": "./dist/index.umd.js",
+  "scripts": {
+    "test": "vitest run --passWithNoTests",
+    "lint": "prettier src/**/*.ts --check",
+    "build": "microbundle"
+  },
+  "dependencies": {
+    "@lowerdeck/base62": "^1.0.0",
+    "@lowerdeck/id": "^1.0.0"
+  },
+  "devDependencies": {
+    "microbundle": "^0.15.1",
+    "@lowerdeck/tsconfig": "^1.0.0",
+    "typescript": "5.8.2",
+    "vitest": "^3.1.2"
+  }
+}

package/src/index.ts

@@ -0,0 +1 @@
+export * from './sign';

package/src/sign.test.ts

@@ -0,0 +1,87 @@
+import { describe, expect, test } from 'vitest';
+import { signature } from './sign';
+
+describe('sign', () => {
+  test('sign + verify', async () => {
+    let key = 'Luw6icRYtGAiWuWp3Qen';
+    let data = 'test';
+
+    let sign = await signature({ prefix: 'abc_', expirationMs: 1000, key }).sign({
+      data
+    });
+
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign
+      })
+    ).toBeTruthy();
+  });
+
+  test('expired', async () => {
+    let key = 'Luw6icRYtGAiWuWp3Qen';
+    let data = 'test';
+
+    let sign = await signature({ prefix: 'abc_', expirationMs: 1000, key }).sign({
+      data
+    });
+
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign
+      })
+    ).toBeTruthy();
+
+    await new Promise(resolve => setTimeout(resolve, 1000 * 2));
+
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign
+      })
+    ).toBeFalsy();
+  }, 10_000);
+
+  test('acceptExpired', async () => {
+    let key = 'Luw6icRYtGAiWuWp3Qen';
+    let data = 'test';
+
+    let sign = await signature({ prefix: 'abc_', expirationMs: 1000, key }).sign({
+      data
+    });
+
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign
+      })
+    ).toBeTruthy();
+
+    await new Promise(resolve => setTimeout(resolve, 1000 * 2));
+
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign,
+        acceptExpired: true
+      })
+    ).toBeTruthy();
+    expect(
+      await signature({ prefix: 'abc_', expirationMs: 1000, key }).verify({
+        data,
+        signature: sign
+      })
+    ).toBeFalsy();
+  }, 10_000);
+
+  test('start with prefix', async () => {
+    let key = 'Luw6icRYtGAiWuWp3Qen';
+    let data = 'test';
+
+    let sign = await signature({ prefix: 'abc_', expirationMs: 1000, key }).sign({
+      data
+    });
+    expect(sign.startsWith('abc_')).toBeTruthy();
+  });
+});

package/src/sign.ts

@@ -0,0 +1,90 @@
+import { base62 } from '@lowerdeck/base62';
+import { generatePlainId } from '@lowerdeck/id';
+
+let importedKeys = new Map<string, CryptoKey>();
+let importKey = async (keyStr: string) => {
+  if (importedKeys.has(keyStr)) return importedKeys.get(keyStr)!;
+
+  let encoder = new TextEncoder();
+  let secretKeyData = encoder.encode(keyStr);
+  let ck = await crypto.subtle.importKey(
+    'raw',
+    secretKeyData,
+    { name: 'HMAC', hash: 'SHA-512' },
+    true,
+    ['sign', 'verify']
+  );
+
+  importedKeys.set(keyStr, ck);
+
+  return ck;
+};
+
+let exp = {
+  stringify: (expiry: number) => expiry.toString(36),
+  parse: (expiry: string) => parseInt(expiry, 36)
+};
+
+let encode = (data: string) => new TextEncoder().encode(data);
+
+export let signature = (opts: { prefix: string; expirationMs: number; key: string }) => ({
+  sign: async ({
+    data,
+    expirationMs = opts.expirationMs
+  }: {
+    data: string;
+
+    expirationMs?: number;
+  }) => {
+    let key = await importKey(opts.key);
+    let expiry = Date.now() + expirationMs;
+
+    let id = generatePlainId(10);
+
+    let dataToAuthenticate = JSON.stringify([id, data, expiry]);
+    let signature = await crypto.subtle.sign('HMAC', key, encode(dataToAuthenticate));
+
+    let hmac = base62.encode(new Uint8Array(signature));
+
+    return `${opts.prefix}${hmac}_${exp.stringify(expiry)}_${id}`;
+  },
+
+  verify: async ({
+    data,
+    signature,
+    acceptExpired = false
+  }: {
+    data: string;
+    signature: string;
+    acceptExpired?: boolean;
+  }) => {
+    let key = await importKey(opts.key);
+
+    let sigStr = signature.slice(opts.prefix.length);
+    let [encodedHmac, expiry, id] = sigStr.split('_');
+
+    let hmac = base62.decodeRaw(encodedHmac);
+
+    let dataToAuthenticate = JSON.stringify([id, data, exp.parse(expiry)]);
+
+    let isValid = await crypto.subtle.verify('HMAC', key, hmac, encode(dataToAuthenticate));
+
+    if (!isValid) return false;
+    if (acceptExpired) return true;
+
+    return Date.now() < exp.parse(expiry);
+  }
+});
+
+export let signatureBasic = {
+  sign: async (data: string, key: string) => {
+    let signature = await crypto.subtle.sign('HMAC', await importKey(key), encode(data));
+    let hmac = base62.encode(new Uint8Array(signature));
+    return hmac;
+  },
+
+  verify: async (data: string, signature: string, key: string) => {
+    let hmac = base62.decodeRaw(signature);
+    return crypto.subtle.verify('HMAC', await importKey(key), hmac, encode(data));
+  }
+};

package/tsconfig.json

@@ -0,0 +1,8 @@
+{
+  "$schema": "https://json.schemastore.org/tsconfig",
+  "extends": "@lowerdeck/tsconfig/base.json",
+  "exclude": ["dist"],
+  "compilerOptions": {
+    "outDir": "dist"
+  }
+}