@openleash/core 0.3.0 → 0.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/identity-validators.d.ts +26 -0
- package/dist/identity-validators.d.ts.map +1 -0
- package/dist/identity-validators.js +664 -0
- package/dist/identity-validators.js.map +1 -0
- package/dist/identity.d.ts +250 -0
- package/dist/identity.d.ts.map +1 -0
- package/dist/identity.js +244 -0
- package/dist/identity.js.map +1 -0
- package/dist/index.d.ts +4 -0
- package/dist/index.d.ts.map +1 -1
- package/dist/index.js +4 -0
- package/dist/index.js.map +1 -1
- package/dist/passphrase.d.ts +6 -0
- package/dist/passphrase.d.ts.map +1 -0
- package/dist/passphrase.js +61 -0
- package/dist/passphrase.js.map +1 -0
- package/dist/state.d.ts +10 -1
- package/dist/state.d.ts.map +1 -1
- package/dist/state.js +65 -0
- package/dist/state.js.map +1 -1
- package/dist/tokens.d.ts +35 -1
- package/dist/tokens.d.ts.map +1 -1
- package/dist/tokens.js +82 -0
- package/dist/tokens.js.map +1 -1
- package/dist/totp.d.ts +15 -0
- package/dist/totp.d.ts.map +1 -0
- package/dist/totp.js +149 -0
- package/dist/totp.js.map +1 -0
- package/dist/types.d.ts +227 -75
- package/dist/types.d.ts.map +1 -1
- package/dist/types.js +36 -3
- package/dist/types.js.map +1 -1
- package/package.json +8 -4
|
@@ -0,0 +1,61 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.hashPassphrase = hashPassphrase;
|
|
37
|
+
exports.verifyPassphrase = verifyPassphrase;
|
|
38
|
+
const crypto = __importStar(require("node:crypto"));
|
|
39
|
+
const SCRYPT_N = 16384;
|
|
40
|
+
const SCRYPT_R = 8;
|
|
41
|
+
const SCRYPT_P = 1;
|
|
42
|
+
const KEY_LEN = 64;
|
|
43
|
+
function hashPassphrase(passphrase, salt) {
|
|
44
|
+
const usedSalt = salt ?? crypto.randomBytes(32).toString('base64');
|
|
45
|
+
const derived = crypto.scryptSync(passphrase, usedSalt, KEY_LEN, {
|
|
46
|
+
N: SCRYPT_N,
|
|
47
|
+
r: SCRYPT_R,
|
|
48
|
+
p: SCRYPT_P,
|
|
49
|
+
});
|
|
50
|
+
return { hash: derived.toString('base64'), salt: usedSalt };
|
|
51
|
+
}
|
|
52
|
+
function verifyPassphrase(passphrase, hash, salt) {
|
|
53
|
+
const derived = crypto.scryptSync(passphrase, salt, KEY_LEN, {
|
|
54
|
+
N: SCRYPT_N,
|
|
55
|
+
r: SCRYPT_R,
|
|
56
|
+
p: SCRYPT_P,
|
|
57
|
+
});
|
|
58
|
+
const expected = Buffer.from(hash, 'base64');
|
|
59
|
+
return crypto.timingSafeEqual(derived, expected);
|
|
60
|
+
}
|
|
61
|
+
//# sourceMappingURL=passphrase.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"passphrase.js","sourceRoot":"","sources":["../src/passphrase.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAOA,wCAWC;AAED,4CAYC;AAhCD,oDAAsC;AAEtC,MAAM,QAAQ,GAAG,KAAK,CAAC;AACvB,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,QAAQ,GAAG,CAAC,CAAC;AACnB,MAAM,OAAO,GAAG,EAAE,CAAC;AAEnB,SAAgB,cAAc,CAC5B,UAAkB,EAClB,IAAa;IAEb,MAAM,QAAQ,GAAG,IAAI,IAAI,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,QAAQ,CAAC,QAAQ,CAAC,CAAC;IACnE,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,QAAQ,EAAE,OAAO,EAAE;QAC/D,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,QAAQ;KACZ,CAAC,CAAC;IACH,OAAO,EAAE,IAAI,EAAE,OAAO,CAAC,QAAQ,CAAC,QAAQ,CAAC,EAAE,IAAI,EAAE,QAAQ,EAAE,CAAC;AAC9D,CAAC;AAED,SAAgB,gBAAgB,CAC9B,UAAkB,EAClB,IAAY,EACZ,IAAY;IAEZ,MAAM,OAAO,GAAG,MAAM,CAAC,UAAU,CAAC,UAAU,EAAE,IAAI,EAAE,OAAO,EAAE;QAC3D,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,QAAQ;QACX,CAAC,EAAE,QAAQ;KACZ,CAAC,CAAC;IACH,MAAM,QAAQ,GAAG,MAAM,CAAC,IAAI,CAAC,IAAI,EAAE,QAAQ,CAAC,CAAC;IAC7C,OAAO,MAAM,CAAC,eAAe,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;AACnD,CAAC"}
|
package/dist/state.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { AgentFrontmatter, OwnerFrontmatter, StateData } from './types.js';
|
|
1
|
+
import type { AgentFrontmatter, AgentInvite, ApprovalRequestFrontmatter, OwnerFrontmatter, PolicyDraftFrontmatter, SetupInvite, StateData } from './types.js';
|
|
2
2
|
export declare function readState(dataDir: string): StateData;
|
|
3
3
|
export declare function writeState(dataDir: string, state: StateData): void;
|
|
4
4
|
export declare function parseStateMd(content: string): StateData;
|
|
@@ -9,4 +9,13 @@ export declare function readAgentFile(dataDir: string, agentPrincipalId: string)
|
|
|
9
9
|
export declare function writePolicyFile(dataDir: string, policyId: string, yamlContent: string): void;
|
|
10
10
|
export declare function readPolicyFile(dataDir: string, policyId: string): string;
|
|
11
11
|
export declare function deletePolicyFile(dataDir: string, policyId: string): void;
|
|
12
|
+
export declare function writeApprovalRequestFile(dataDir: string, req: ApprovalRequestFrontmatter): void;
|
|
13
|
+
export declare function readApprovalRequestFile(dataDir: string, approvalRequestId: string): ApprovalRequestFrontmatter;
|
|
14
|
+
export declare function writePolicyDraftFile(dataDir: string, draft: PolicyDraftFrontmatter): void;
|
|
15
|
+
export declare function readPolicyDraftFile(dataDir: string, policyDraftId: string): PolicyDraftFrontmatter;
|
|
16
|
+
export declare function writeSetupInviteFile(dataDir: string, invite: SetupInvite): void;
|
|
17
|
+
export declare function readSetupInviteFile(dataDir: string, inviteId: string): SetupInvite;
|
|
18
|
+
export declare function deleteSetupInviteFile(dataDir: string, inviteId: string): void;
|
|
19
|
+
export declare function writeAgentInviteFile(dataDir: string, invite: AgentInvite): void;
|
|
20
|
+
export declare function readAgentInviteFile(dataDir: string, inviteId: string): AgentInvite;
|
|
12
21
|
//# sourceMappingURL=state.d.ts.map
|
package/dist/state.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,gBAAgB,EAChB,SAAS,EACV,MAAM,YAAY,CAAC;AAKpB,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAIpD;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,GAAG,IAAI,CAKlE;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAMvD;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAK5F;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGxE;AAUD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAKxE"}
|
|
1
|
+
{"version":3,"file":"state.d.ts","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAChB,WAAW,EACX,0BAA0B,EAC1B,gBAAgB,EAChB,sBAAsB,EACtB,WAAW,EACX,SAAS,EACV,MAAM,YAAY,CAAC;AAKpB,wBAAgB,SAAS,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAIpD;AAED,wBAAgB,UAAU,CAAC,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,SAAS,GAAG,IAAI,CAKlE;AAED,wBAAgB,YAAY,CAAC,OAAO,EAAE,MAAM,GAAG,SAAS,CAMvD;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,cAAc,CAC5B,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,gBAAgB,EACvB,IAAI,CAAC,EAAE,MAAM,GACZ,IAAI,CAON;AAED,wBAAgB,aAAa,CAAC,OAAO,EAAE,MAAM,EAAE,gBAAgB,EAAE,MAAM,GAAG,gBAAgB,CAIzF;AAED,wBAAgB,eAAe,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,GAAG,IAAI,CAK5F;AAED,wBAAgB,cAAc,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAGxE;AAUD,wBAAgB,gBAAgB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAKxE;AAID,wBAAgB,wBAAwB,CACtC,OAAO,EAAE,MAAM,EACf,GAAG,EAAE,0BAA0B,GAC9B,IAAI,CAON;AAED,wBAAgB,uBAAuB,CACrC,OAAO,EAAE,MAAM,EACf,iBAAiB,EAAE,MAAM,GACxB,0BAA0B,CAI5B;AAID,wBAAgB,oBAAoB,CAClC,OAAO,EAAE,MAAM,EACf,KAAK,EAAE,sBAAsB,GAC5B,IAAI,CAON;AAED,wBAAgB,mBAAmB,CACjC,OAAO,EAAE,MAAM,EACf,aAAa,EAAE,MAAM,GACpB,sBAAsB,CAIxB;AAID,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI,CAK/E;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,CAGlF;AAED,wBAAgB,qBAAqB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,IAAI,CAK7E;AAID,wBAAgB,oBAAoB,CAAC,OAAO,EAAE,MAAM,EAAE,MAAM,EAAE,WAAW,GAAG,IAAI,CAK/E;AAED,wBAAgB,mBAAmB,CAAC,OAAO,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,WAAW,CAGlF"}
|
package/dist/state.js
CHANGED
|
@@ -43,6 +43,15 @@ exports.readAgentFile = readAgentFile;
|
|
|
43
43
|
exports.writePolicyFile = writePolicyFile;
|
|
44
44
|
exports.readPolicyFile = readPolicyFile;
|
|
45
45
|
exports.deletePolicyFile = deletePolicyFile;
|
|
46
|
+
exports.writeApprovalRequestFile = writeApprovalRequestFile;
|
|
47
|
+
exports.readApprovalRequestFile = readApprovalRequestFile;
|
|
48
|
+
exports.writePolicyDraftFile = writePolicyDraftFile;
|
|
49
|
+
exports.readPolicyDraftFile = readPolicyDraftFile;
|
|
50
|
+
exports.writeSetupInviteFile = writeSetupInviteFile;
|
|
51
|
+
exports.readSetupInviteFile = readSetupInviteFile;
|
|
52
|
+
exports.deleteSetupInviteFile = deleteSetupInviteFile;
|
|
53
|
+
exports.writeAgentInviteFile = writeAgentInviteFile;
|
|
54
|
+
exports.readAgentInviteFile = readAgentInviteFile;
|
|
46
55
|
const fs = __importStar(require("node:fs"));
|
|
47
56
|
const path = __importStar(require("node:path"));
|
|
48
57
|
const yaml_1 = require("yaml");
|
|
@@ -115,4 +124,60 @@ function deletePolicyFile(dataDir, policyId) {
|
|
|
115
124
|
fs.unlinkSync(filePath);
|
|
116
125
|
}
|
|
117
126
|
}
|
|
127
|
+
// ─── Approval request files ─────────────────────────────────────────
|
|
128
|
+
function writeApprovalRequestFile(dataDir, req) {
|
|
129
|
+
const dir = path.join(dataDir, 'approval-requests');
|
|
130
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
131
|
+
const filePath = path.join(dir, `${req.approval_request_id}.md`);
|
|
132
|
+
const frontmatter = (0, yaml_1.stringify)(req, { lineWidth: 0 }).trim();
|
|
133
|
+
const content = `---\n${frontmatter}\n---\n\nApproval request for action: ${req.action_type}\n`;
|
|
134
|
+
fs.writeFileSync(filePath, content, 'utf-8');
|
|
135
|
+
}
|
|
136
|
+
function readApprovalRequestFile(dataDir, approvalRequestId) {
|
|
137
|
+
const filePath = path.join(dataDir, 'approval-requests', `${approvalRequestId}.md`);
|
|
138
|
+
const content = fs.readFileSync(filePath, 'utf-8');
|
|
139
|
+
return parseFrontmatter(content);
|
|
140
|
+
}
|
|
141
|
+
// ─── Policy draft files ─────────────────────────────────────────────
|
|
142
|
+
function writePolicyDraftFile(dataDir, draft) {
|
|
143
|
+
const dir = path.join(dataDir, 'policy-drafts');
|
|
144
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
145
|
+
const filePath = path.join(dir, `${draft.policy_draft_id}.md`);
|
|
146
|
+
const frontmatter = (0, yaml_1.stringify)(draft, { lineWidth: 0 }).trim();
|
|
147
|
+
const content = `---\n${frontmatter}\n---\n\nPolicy draft from agent: ${draft.agent_id}\n`;
|
|
148
|
+
fs.writeFileSync(filePath, content, 'utf-8');
|
|
149
|
+
}
|
|
150
|
+
function readPolicyDraftFile(dataDir, policyDraftId) {
|
|
151
|
+
const filePath = path.join(dataDir, 'policy-drafts', `${policyDraftId}.md`);
|
|
152
|
+
const content = fs.readFileSync(filePath, 'utf-8');
|
|
153
|
+
return parseFrontmatter(content);
|
|
154
|
+
}
|
|
155
|
+
// ─── Setup invite files ─────────────────────────────────────────────
|
|
156
|
+
function writeSetupInviteFile(dataDir, invite) {
|
|
157
|
+
const dir = path.join(dataDir, 'invites');
|
|
158
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
159
|
+
const filePath = path.join(dir, `${invite.invite_id}.json`);
|
|
160
|
+
fs.writeFileSync(filePath, JSON.stringify(invite, null, 2), 'utf-8');
|
|
161
|
+
}
|
|
162
|
+
function readSetupInviteFile(dataDir, inviteId) {
|
|
163
|
+
const filePath = path.join(dataDir, 'invites', `${inviteId}.json`);
|
|
164
|
+
return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
|
|
165
|
+
}
|
|
166
|
+
function deleteSetupInviteFile(dataDir, inviteId) {
|
|
167
|
+
const filePath = path.join(dataDir, 'invites', `${inviteId}.json`);
|
|
168
|
+
if (fs.existsSync(filePath)) {
|
|
169
|
+
fs.unlinkSync(filePath);
|
|
170
|
+
}
|
|
171
|
+
}
|
|
172
|
+
// ─── Agent invite files ────────────────────────────────────────────
|
|
173
|
+
function writeAgentInviteFile(dataDir, invite) {
|
|
174
|
+
const dir = path.join(dataDir, 'agent-invites');
|
|
175
|
+
fs.mkdirSync(dir, { recursive: true });
|
|
176
|
+
const filePath = path.join(dir, `${invite.invite_id}.json`);
|
|
177
|
+
fs.writeFileSync(filePath, JSON.stringify(invite, null, 2), 'utf-8');
|
|
178
|
+
}
|
|
179
|
+
function readAgentInviteFile(dataDir, inviteId) {
|
|
180
|
+
const filePath = path.join(dataDir, 'agent-invites', `${inviteId}.json`);
|
|
181
|
+
return JSON.parse(fs.readFileSync(filePath, 'utf-8'));
|
|
182
|
+
}
|
|
118
183
|
//# sourceMappingURL=state.js.map
|
package/dist/state.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"state.js","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"state.js","sourceRoot":"","sources":["../src/state.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAgBA,8BAIC;AAED,gCAKC;AAED,oCAMC;AAED,wCAWC;AAED,sCAIC;AAED,wCAWC;AAED,sCAIC;AAED,0CAKC;AAED,wCAGC;AAUD,4CAKC;AAID,4DAUC;AAED,0DAOC;AAID,oDAUC;AAED,kDAOC;AAID,oDAKC;AAED,kDAGC;AAED,sDAKC;AAID,oDAKC;AAED,kDAGC;AArLD,4CAA8B;AAC9B,gDAAkC;AAClC,+BAAsE;AAWtE,MAAM,YAAY,GAAG,gCAAgC,CAAC;AACtD,MAAM,YAAY,GAAG,OAAO,CAAC;AAE7B,SAAgB,SAAS,CAAC,OAAe;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,YAAY,CAAC,OAAO,CAAC,CAAC;AAC/B,CAAC;AAED,SAAgB,UAAU,CAAC,OAAe,EAAE,KAAgB;IAC1D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IAChD,MAAM,OAAO,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC;IACvD,MAAM,OAAO,GAAG,YAAY,GAAG,OAAO,GAAG,YAAY,CAAC;IACtD,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,YAAY,CAAC,OAAe;IAC1C,MAAM,SAAS,GAAG,OAAO,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC;IAC1D,IAAI,CAAC,SAAS,EAAE,CAAC;QACf,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;IAC3D,CAAC;IACD,OAAO,IAAA,YAAS,EAAC,SAAS,CAAC,CAAC,CAAC,CAAc,CAAC;AAC9C,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAe,EACf,KAAuB,EACvB,IAAa;IAEb,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,kBAAkB,KAAK,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,QAAQ,WAAW,YAAY,IAAI,IAAI,UAAU,KAAK,CAAC,YAAY,EAAE,IAAI,CAAC;IAC1F,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,gBAAwB;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,gBAAgB,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAAgC,CAAC;AAClE,CAAC;AAED,SAAgB,cAAc,CAC5B,OAAe,EACf,KAAuB,EACvB,IAAa;IAEb,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC;IAC/C,EAAE,CAAC,SAAS,CAAC,SAAS,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC7C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,EAAE,GAAG,KAAK,CAAC,kBAAkB,KAAK,CAAC,CAAC;IACxE,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,QAAQ,WAAW,YAAY,IAAI,IAAI,UAAU,KAAK,CAAC,QAAQ,EAAE,IAAI,CAAC;IACtF,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,aAAa,CAAC,OAAe,EAAE,gBAAwB;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,QAAQ,EAAE,GAAG,gBAAgB,KAAK,CAAC,CAAC;IACxE,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAAgC,CAAC;AAClE,CAAC;AAED,SAAgB,eAAe,CAAC,OAAe,EAAE,QAAgB,EAAE,WAAmB;IACpF,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,CAAC,CAAC;IACnD,EAAE,CAAC,SAAS,CAAC,WAAW,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IAC/C,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,WAAW,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IAC5D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,WAAW,EAAE,OAAO,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,cAAc,CAAC,OAAe,EAAE,QAAgB;IAC9D,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACpE,OAAO,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;AAC5C,CAAC;AAED,SAAS,gBAAgB,CAAC,OAAe;IACvC,MAAM,KAAK,GAAG,OAAO,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC;IACrD,IAAI,CAAC,KAAK,EAAE,CAAC;QACX,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;IAC1C,CAAC;IACD,OAAO,IAAA,YAAS,EAAC,KAAK,CAAC,CAAC,CAAC,CAA4B,CAAC;AACxD,CAAC;AAED,SAAgB,gBAAgB,CAAC,OAAe,EAAE,QAAgB;IAChE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,UAAU,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACpE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,uEAAuE;AAEvE,SAAgB,wBAAwB,CACtC,OAAe,EACf,GAA+B;IAE/B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,CAAC,CAAC;IACpD,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,GAAG,CAAC,mBAAmB,KAAK,CAAC,CAAC;IACjE,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,GAAG,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAChE,MAAM,OAAO,GAAG,QAAQ,WAAW,yCAAyC,GAAG,CAAC,WAAW,IAAI,CAAC;IAChG,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,uBAAuB,CACrC,OAAe,EACf,iBAAyB;IAEzB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,mBAAmB,EAAE,GAAG,iBAAiB,KAAK,CAAC,CAAC;IACpF,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAA0C,CAAC;AAC5E,CAAC;AAED,uEAAuE;AAEvE,SAAgB,oBAAoB,CAClC,OAAe,EACf,KAA6B;IAE7B,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAChD,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,KAAK,CAAC,eAAe,KAAK,CAAC,CAAC;IAC/D,MAAM,WAAW,GAAG,IAAA,gBAAa,EAAC,KAAK,EAAE,EAAE,SAAS,EAAE,CAAC,EAAE,CAAC,CAAC,IAAI,EAAE,CAAC;IAClE,MAAM,OAAO,GAAG,QAAQ,WAAW,qCAAqC,KAAK,CAAC,QAAQ,IAAI,CAAC;IAC3F,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,OAAO,EAAE,OAAO,CAAC,CAAC;AAC/C,CAAC;AAED,SAAgB,mBAAmB,CACjC,OAAe,EACf,aAAqB;IAErB,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,aAAa,KAAK,CAAC,CAAC;IAC5E,MAAM,OAAO,GAAG,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC;IACnD,OAAO,gBAAgB,CAAC,OAAO,CAAsC,CAAC;AACxE,CAAC;AAED,uEAAuE;AAEvE,SAAgB,oBAAoB,CAAC,OAAe,EAAE,MAAmB;IACvE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,CAAC,CAAC;IAC1C,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,OAAO,CAAC,CAAC;IAC5D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAe,EAAE,QAAgB;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACnE,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AACxD,CAAC;AAED,SAAgB,qBAAqB,CAAC,OAAe,EAAE,QAAgB;IACrE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,SAAS,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACnE,IAAI,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,EAAE,CAAC;QAC5B,EAAE,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC;IAC1B,CAAC;AACH,CAAC;AAED,sEAAsE;AAEtE,SAAgB,oBAAoB,CAAC,OAAe,EAAE,MAAmB;IACvE,MAAM,GAAG,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,CAAC,CAAC;IAChD,EAAE,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,CAAC,CAAC;IACvC,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,SAAS,OAAO,CAAC,CAAC;IAC5D,EAAE,CAAC,aAAa,CAAC,QAAQ,EAAE,IAAI,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,EAAE,CAAC,CAAC,EAAE,OAAO,CAAC,CAAC;AACvE,CAAC;AAED,SAAgB,mBAAmB,CAAC,OAAe,EAAE,QAAgB;IACnE,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,OAAO,EAAE,eAAe,EAAE,GAAG,QAAQ,OAAO,CAAC,CAAC;IACzE,OAAO,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,QAAQ,EAAE,OAAO,CAAC,CAAC,CAAC;AACxD,CAAC"}
|
package/dist/tokens.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { ServerKeyFile } from './types.js';
|
|
1
|
+
import type { ServerKeyFile, SessionClaims, ApprovalTokenClaims } from './types.js';
|
|
2
2
|
export interface ProofClaims {
|
|
3
3
|
iss: string;
|
|
4
4
|
kid: string;
|
|
@@ -35,4 +35,38 @@ export declare function verifyProofToken(token: string, keys: ServerKeyFile[]):
|
|
|
35
35
|
claims?: ProofClaims;
|
|
36
36
|
reason?: string;
|
|
37
37
|
}>;
|
|
38
|
+
export interface IssueSessionParams {
|
|
39
|
+
key: ServerKeyFile;
|
|
40
|
+
ownerPrincipalId: string;
|
|
41
|
+
ttlSeconds: number;
|
|
42
|
+
}
|
|
43
|
+
export declare function issueSessionToken(params: IssueSessionParams): Promise<{
|
|
44
|
+
token: string;
|
|
45
|
+
expiresAt: string;
|
|
46
|
+
claims: SessionClaims;
|
|
47
|
+
}>;
|
|
48
|
+
export declare function verifySessionToken(token: string, keys: ServerKeyFile[]): Promise<{
|
|
49
|
+
valid: boolean;
|
|
50
|
+
claims?: SessionClaims;
|
|
51
|
+
reason?: string;
|
|
52
|
+
}>;
|
|
53
|
+
export interface IssueApprovalTokenParams {
|
|
54
|
+
key: ServerKeyFile;
|
|
55
|
+
approvalRequestId: string;
|
|
56
|
+
ownerPrincipalId: string;
|
|
57
|
+
agentId: string;
|
|
58
|
+
actionType: string;
|
|
59
|
+
actionHash: string;
|
|
60
|
+
ttlSeconds: number;
|
|
61
|
+
}
|
|
62
|
+
export declare function issueApprovalToken(params: IssueApprovalTokenParams): Promise<{
|
|
63
|
+
token: string;
|
|
64
|
+
expiresAt: string;
|
|
65
|
+
claims: ApprovalTokenClaims;
|
|
66
|
+
}>;
|
|
67
|
+
export declare function verifyApprovalToken(token: string, keys: ServerKeyFile[]): Promise<{
|
|
68
|
+
valid: boolean;
|
|
69
|
+
claims?: ApprovalTokenClaims;
|
|
70
|
+
reason?: string;
|
|
71
|
+
}>;
|
|
38
72
|
//# sourceMappingURL=tokens.d.ts.map
|
package/dist/tokens.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"tokens.d.ts","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,aAAa,EAAE,mBAAmB,EAAE,MAAM,YAAY,CAAC;AAGpF,MAAM,WAAW,WAAW;IAC1B,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,GAAG,EAAE,MAAM,CAAC;IACZ,WAAW,EAAE,MAAM,CAAC;IACpB,kBAAkB,EAAE,MAAM,CAAC;IAC3B,QAAQ,EAAE,MAAM,CAAC;IACjB,WAAW,EAAE,MAAM,CAAC;IACpB,WAAW,EAAE,MAAM,CAAC;IACpB,eAAe,EAAE,MAAM,GAAG,IAAI,CAAC;IAC/B,aAAa,CAAC,EAAE,MAAM,CAAC;IACvB,oBAAoB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAChD;AAED,MAAM,WAAW,gBAAgB;IAC/B,GAAG,EAAE,aAAa,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;IAC7B,UAAU,EAAE,MAAM,CAAC;IACnB,YAAY,CAAC,EAAE,MAAM,CAAC;IACtB,mBAAmB,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,CAAC;CAC/C;AAED,wBAAsB,eAAe,CAAC,MAAM,EAAE,gBAAgB,GAAG,OAAO,CAAC;IACvE,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,WAAW,CAAC;CACrB,CAAC,CA8BD;AAED,wBAAsB,gBAAgB,CACpC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,aAAa,EAAE,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,WAAW,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAuBpE;AAID,MAAM,WAAW,kBAAkB;IACjC,GAAG,EAAE,aAAa,CAAC;IACnB,gBAAgB,EAAE,MAAM,CAAC;IACzB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,iBAAiB,CAAC,MAAM,EAAE,kBAAkB,GAAG,OAAO,CAAC;IAC3E,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,aAAa,CAAC;CACvB,CAAC,CAqBD;AAED,wBAAsB,kBAAkB,CACtC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,aAAa,EAAE,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,aAAa,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwBtE;AAID,MAAM,WAAW,wBAAwB;IACvC,GAAG,EAAE,aAAa,CAAC;IACnB,iBAAiB,EAAE,MAAM,CAAC;IAC1B,gBAAgB,EAAE,MAAM,CAAC;IACzB,OAAO,EAAE,MAAM,CAAC;IAChB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;IACnB,UAAU,EAAE,MAAM,CAAC;CACpB;AAED,wBAAsB,kBAAkB,CAAC,MAAM,EAAE,wBAAwB,GAAG,OAAO,CAAC;IAClF,KAAK,EAAE,MAAM,CAAC;IACd,SAAS,EAAE,MAAM,CAAC;IAClB,MAAM,EAAE,mBAAmB,CAAC;CAC7B,CAAC,CAyBD;AAED,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,MAAM,EACb,IAAI,EAAE,aAAa,EAAE,GACpB,OAAO,CAAC;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,MAAM,CAAC,EAAE,mBAAmB,CAAC;IAAC,MAAM,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC,CAwB5E"}
|
package/dist/tokens.js
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.issueProofToken = issueProofToken;
|
|
4
4
|
exports.verifyProofToken = verifyProofToken;
|
|
5
|
+
exports.issueSessionToken = issueSessionToken;
|
|
6
|
+
exports.verifySessionToken = verifySessionToken;
|
|
7
|
+
exports.issueApprovalToken = issueApprovalToken;
|
|
8
|
+
exports.verifyApprovalToken = verifyApprovalToken;
|
|
5
9
|
const paseto_1 = require("paseto");
|
|
6
10
|
const keys_js_1 = require("./keys.js");
|
|
7
11
|
async function issueProofToken(params) {
|
|
@@ -53,4 +57,82 @@ async function verifyProofToken(token, keys) {
|
|
|
53
57
|
}
|
|
54
58
|
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
55
59
|
}
|
|
60
|
+
async function issueSessionToken(params) {
|
|
61
|
+
const now = new Date();
|
|
62
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
63
|
+
const claims = {
|
|
64
|
+
iss: 'openleash',
|
|
65
|
+
kid: params.key.kid,
|
|
66
|
+
sub: params.ownerPrincipalId,
|
|
67
|
+
iat: now.toISOString(),
|
|
68
|
+
exp: exp.toISOString(),
|
|
69
|
+
purpose: 'owner_session',
|
|
70
|
+
};
|
|
71
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
72
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
73
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
74
|
+
}
|
|
75
|
+
async function verifySessionToken(token, keys) {
|
|
76
|
+
for (const key of keys) {
|
|
77
|
+
try {
|
|
78
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
79
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
80
|
+
if (payload.purpose !== 'owner_session') {
|
|
81
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
82
|
+
}
|
|
83
|
+
if (payload.exp) {
|
|
84
|
+
const expDate = new Date(payload.exp);
|
|
85
|
+
if (expDate.getTime() < Date.now()) {
|
|
86
|
+
return { valid: false, reason: 'Session expired', claims: payload };
|
|
87
|
+
}
|
|
88
|
+
}
|
|
89
|
+
return { valid: true, claims: payload };
|
|
90
|
+
}
|
|
91
|
+
catch {
|
|
92
|
+
continue;
|
|
93
|
+
}
|
|
94
|
+
}
|
|
95
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
96
|
+
}
|
|
97
|
+
async function issueApprovalToken(params) {
|
|
98
|
+
const now = new Date();
|
|
99
|
+
const exp = new Date(now.getTime() + params.ttlSeconds * 1000);
|
|
100
|
+
const claims = {
|
|
101
|
+
iss: 'openleash',
|
|
102
|
+
kid: params.key.kid,
|
|
103
|
+
iat: now.toISOString(),
|
|
104
|
+
exp: exp.toISOString(),
|
|
105
|
+
approval_request_id: params.approvalRequestId,
|
|
106
|
+
owner_principal_id: params.ownerPrincipalId,
|
|
107
|
+
agent_id: params.agentId,
|
|
108
|
+
action_type: params.actionType,
|
|
109
|
+
action_hash: params.actionHash,
|
|
110
|
+
purpose: 'approval',
|
|
111
|
+
};
|
|
112
|
+
const privateKey = (0, keys_js_1.getPrivateKeyObject)(params.key);
|
|
113
|
+
const token = await paseto_1.V4.sign({ ...claims }, privateKey, { expiresIn: `${params.ttlSeconds} seconds` });
|
|
114
|
+
return { token, expiresAt: exp.toISOString(), claims };
|
|
115
|
+
}
|
|
116
|
+
async function verifyApprovalToken(token, keys) {
|
|
117
|
+
for (const key of keys) {
|
|
118
|
+
try {
|
|
119
|
+
const publicKey = (0, keys_js_1.getPublicKeyObject)(key);
|
|
120
|
+
const payload = await paseto_1.V4.verify(token, publicKey);
|
|
121
|
+
if (payload.purpose !== 'approval') {
|
|
122
|
+
return { valid: false, reason: 'Invalid token purpose' };
|
|
123
|
+
}
|
|
124
|
+
if (payload.exp) {
|
|
125
|
+
const expDate = new Date(payload.exp);
|
|
126
|
+
if (expDate.getTime() < Date.now()) {
|
|
127
|
+
return { valid: false, reason: 'Approval token expired', claims: payload };
|
|
128
|
+
}
|
|
129
|
+
}
|
|
130
|
+
return { valid: true, claims: payload };
|
|
131
|
+
}
|
|
132
|
+
catch {
|
|
133
|
+
continue;
|
|
134
|
+
}
|
|
135
|
+
}
|
|
136
|
+
return { valid: false, reason: 'No matching key found or invalid signature' };
|
|
137
|
+
}
|
|
56
138
|
//# sourceMappingURL=tokens.js.map
|
package/dist/tokens.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;
|
|
1
|
+
{"version":3,"file":"tokens.js","sourceRoot":"","sources":["../src/tokens.ts"],"names":[],"mappings":";;AAgCA,0CAkCC;AAED,4CA0BC;AAUD,8CAyBC;AAED,gDA2BC;AAcD,gDA6BC;AAED,kDA2BC;AAtOD,mCAA4B;AAE5B,uCAAoE;AA8B7D,KAAK,UAAU,eAAe,CAAC,MAAwB;IAK5D,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAgB;QAC1B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,eAAe,EAAE,MAAM,CAAC,aAAa;KACtC,CAAC;IAEF,IAAI,MAAM,CAAC,YAAY,EAAE,CAAC;QACxB,MAAM,CAAC,aAAa,GAAG,MAAM,CAAC,YAAY,CAAC;IAC7C,CAAC;IACD,IAAI,MAAM,CAAC,mBAAmB,EAAE,CAAC;QAC/B,MAAM,CAAC,oBAAoB,GAAG,MAAM,CAAC,mBAAmB,CAAC;IAC3D,CAAC;IAED,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CAAC,EAAE,GAAG,MAAM,EAAwC,EAAE,UAAU,EAAE;QAC3F,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU;KAC1C,CAAC,CAAC;IAEH,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,gBAAgB,CACpC,KAAa,EACb,IAAqB;IAErB,eAAe;IACf,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAgB,CAAC;YAEjE,mBAAmB;YACnB,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,eAAe,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACpE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,eAAe;YACf,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAUM,KAAK,UAAU,iBAAiB,CAAC,MAA0B;IAKhE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAkB;QAC5B,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,MAAM,CAAC,gBAAgB;QAC5B,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,OAAO,EAAE,eAAe;KACzB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,kBAAkB,CACtC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAkB,CAAC;YAEnE,IAAI,OAAO,CAAC,OAAO,KAAK,eAAe,EAAE,CAAC;gBACxC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBACtE,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC;AAcM,KAAK,UAAU,kBAAkB,CAAC,MAAgC;IAKvE,MAAM,GAAG,GAAG,IAAI,IAAI,EAAE,CAAC;IACvB,MAAM,GAAG,GAAG,IAAI,IAAI,CAAC,GAAG,CAAC,OAAO,EAAE,GAAG,MAAM,CAAC,UAAU,GAAG,IAAI,CAAC,CAAC;IAE/D,MAAM,MAAM,GAAwB;QAClC,GAAG,EAAE,WAAW;QAChB,GAAG,EAAE,MAAM,CAAC,GAAG,CAAC,GAAG;QACnB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,GAAG,EAAE,GAAG,CAAC,WAAW,EAAE;QACtB,mBAAmB,EAAE,MAAM,CAAC,iBAAiB;QAC7C,kBAAkB,EAAE,MAAM,CAAC,gBAAgB;QAC3C,QAAQ,EAAE,MAAM,CAAC,OAAO;QACxB,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,WAAW,EAAE,MAAM,CAAC,UAAU;QAC9B,OAAO,EAAE,UAAU;KACpB,CAAC;IAEF,MAAM,UAAU,GAAG,IAAA,6BAAmB,EAAC,MAAM,CAAC,GAAG,CAAC,CAAC;IACnD,MAAM,KAAK,GAAG,MAAM,WAAE,CAAC,IAAI,CACzB,EAAE,GAAG,MAAM,EAAwC,EACnD,UAAU,EACV,EAAE,SAAS,EAAE,GAAG,MAAM,CAAC,UAAU,UAAU,EAAE,CAC9C,CAAC;IAEF,OAAO,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,CAAC,WAAW,EAAE,EAAE,MAAM,EAAE,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,mBAAmB,CACvC,KAAa,EACb,IAAqB;IAErB,KAAK,MAAM,GAAG,IAAI,IAAI,EAAE,CAAC;QACvB,IAAI,CAAC;YACH,MAAM,SAAS,GAAG,IAAA,4BAAkB,EAAC,GAAG,CAAC,CAAC;YAC1C,MAAM,OAAO,GAAG,MAAM,WAAE,CAAC,MAAM,CAAC,KAAK,EAAE,SAAS,CAAwB,CAAC;YAEzE,IAAI,OAAO,CAAC,OAAO,KAAK,UAAU,EAAE,CAAC;gBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;YAC3D,CAAC;YAED,IAAI,OAAO,CAAC,GAAG,EAAE,CAAC;gBAChB,MAAM,OAAO,GAAG,IAAI,IAAI,CAAC,OAAO,CAAC,GAAG,CAAC,CAAC;gBACtC,IAAI,OAAO,CAAC,OAAO,EAAE,GAAG,IAAI,CAAC,GAAG,EAAE,EAAE,CAAC;oBACnC,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,wBAAwB,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;gBAC7E,CAAC;YACH,CAAC;YAED,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,EAAE,OAAO,EAAE,CAAC;QAC1C,CAAC;QAAC,MAAM,CAAC;YACP,SAAS;QACX,CAAC;IACH,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,4CAA4C,EAAE,CAAC;AAChF,CAAC"}
|
package/dist/totp.d.ts
ADDED
|
@@ -0,0 +1,15 @@
|
|
|
1
|
+
export declare function base32Encode(buffer: Buffer): string;
|
|
2
|
+
export declare function base32Decode(str: string): Buffer;
|
|
3
|
+
export declare function generateTotpSecret(): string;
|
|
4
|
+
export declare function generateTotpUri(secret: string, accountName: string, issuer?: string): string;
|
|
5
|
+
export declare function verifyTotp(secret: string, code: string, window?: number): boolean;
|
|
6
|
+
export declare function generateBackupCodes(count?: number): {
|
|
7
|
+
codes: string[];
|
|
8
|
+
hashes: string[];
|
|
9
|
+
};
|
|
10
|
+
export declare function verifyBackupCode(code: string, hashes: string[]): {
|
|
11
|
+
valid: boolean;
|
|
12
|
+
remainingHashes: string[];
|
|
13
|
+
};
|
|
14
|
+
export declare function generateTotpQrSvg(uri: string): string;
|
|
15
|
+
//# sourceMappingURL=totp.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.d.ts","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":"AAMA,wBAAgB,YAAY,CAAC,MAAM,EAAE,MAAM,GAAG,MAAM,CAmBnD;AAED,wBAAgB,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAkBhD;AAID,wBAAgB,kBAAkB,IAAI,MAAM,CAE3C;AAED,wBAAgB,eAAe,CAAC,MAAM,EAAE,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,MAAM,SAAc,GAAG,MAAM,CAIjG;AAeD,wBAAgB,UAAU,CAAC,MAAM,EAAE,MAAM,EAAE,IAAI,EAAE,MAAM,EAAE,MAAM,SAAI,GAAG,OAAO,CAS5E;AAID,wBAAgB,mBAAmB,CAAC,KAAK,SAAI,GAAG;IAAE,KAAK,EAAE,MAAM,EAAE,CAAC;IAAC,MAAM,EAAE,MAAM,EAAE,CAAA;CAAE,CAWpF;AAED,wBAAgB,gBAAgB,CAAC,IAAI,EAAE,MAAM,EAAE,MAAM,EAAE,MAAM,EAAE,GAAG;IAAE,KAAK,EAAE,OAAO,CAAC;IAAC,eAAe,EAAE,MAAM,EAAE,CAAA;CAAE,CAO9G;AAOD,wBAAgB,iBAAiB,CAAC,GAAG,EAAE,MAAM,GAAG,MAAM,CAYrD"}
|
package/dist/totp.js
ADDED
|
@@ -0,0 +1,149 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
+
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
+
}) : function(o, v) {
|
|
16
|
+
o["default"] = v;
|
|
17
|
+
});
|
|
18
|
+
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
+
var ownKeys = function(o) {
|
|
20
|
+
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
+
var ar = [];
|
|
22
|
+
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
+
return ar;
|
|
24
|
+
};
|
|
25
|
+
return ownKeys(o);
|
|
26
|
+
};
|
|
27
|
+
return function (mod) {
|
|
28
|
+
if (mod && mod.__esModule) return mod;
|
|
29
|
+
var result = {};
|
|
30
|
+
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
+
__setModuleDefault(result, mod);
|
|
32
|
+
return result;
|
|
33
|
+
};
|
|
34
|
+
})();
|
|
35
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
|
+
exports.base32Encode = base32Encode;
|
|
37
|
+
exports.base32Decode = base32Decode;
|
|
38
|
+
exports.generateTotpSecret = generateTotpSecret;
|
|
39
|
+
exports.generateTotpUri = generateTotpUri;
|
|
40
|
+
exports.verifyTotp = verifyTotp;
|
|
41
|
+
exports.generateBackupCodes = generateBackupCodes;
|
|
42
|
+
exports.verifyBackupCode = verifyBackupCode;
|
|
43
|
+
exports.generateTotpQrSvg = generateTotpQrSvg;
|
|
44
|
+
const crypto = __importStar(require("node:crypto"));
|
|
45
|
+
// ─── Base32 (RFC 4648) ──────────────────────────────────────────────
|
|
46
|
+
const BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
|
|
47
|
+
function base32Encode(buffer) {
|
|
48
|
+
let bits = 0;
|
|
49
|
+
let value = 0;
|
|
50
|
+
let output = '';
|
|
51
|
+
for (const byte of buffer) {
|
|
52
|
+
value = (value << 8) | byte;
|
|
53
|
+
bits += 8;
|
|
54
|
+
while (bits >= 5) {
|
|
55
|
+
bits -= 5;
|
|
56
|
+
output += BASE32_ALPHABET[(value >>> bits) & 0x1f];
|
|
57
|
+
}
|
|
58
|
+
}
|
|
59
|
+
if (bits > 0) {
|
|
60
|
+
output += BASE32_ALPHABET[(value << (5 - bits)) & 0x1f];
|
|
61
|
+
}
|
|
62
|
+
return output;
|
|
63
|
+
}
|
|
64
|
+
function base32Decode(str) {
|
|
65
|
+
const cleaned = str.replace(/=+$/, '').toUpperCase();
|
|
66
|
+
let bits = 0;
|
|
67
|
+
let value = 0;
|
|
68
|
+
const bytes = [];
|
|
69
|
+
for (const char of cleaned) {
|
|
70
|
+
const idx = BASE32_ALPHABET.indexOf(char);
|
|
71
|
+
if (idx === -1)
|
|
72
|
+
throw new Error(`Invalid base32 character: ${char}`);
|
|
73
|
+
value = (value << 5) | idx;
|
|
74
|
+
bits += 5;
|
|
75
|
+
if (bits >= 8) {
|
|
76
|
+
bits -= 8;
|
|
77
|
+
bytes.push((value >>> bits) & 0xff);
|
|
78
|
+
}
|
|
79
|
+
}
|
|
80
|
+
return Buffer.from(bytes);
|
|
81
|
+
}
|
|
82
|
+
// ─── TOTP (RFC 6238 / RFC 4226) ─────────────────────────────────────
|
|
83
|
+
function generateTotpSecret() {
|
|
84
|
+
return base32Encode(crypto.randomBytes(20));
|
|
85
|
+
}
|
|
86
|
+
function generateTotpUri(secret, accountName, issuer = 'OpenLeash') {
|
|
87
|
+
const encodedIssuer = encodeURIComponent(issuer);
|
|
88
|
+
const encodedAccount = encodeURIComponent(accountName);
|
|
89
|
+
return `otpauth://totp/${encodedIssuer}:${encodedAccount}?secret=${secret}&issuer=${encodedIssuer}&algorithm=SHA1&digits=6&period=30`;
|
|
90
|
+
}
|
|
91
|
+
function computeHotp(secret, counter) {
|
|
92
|
+
const buf = Buffer.alloc(8);
|
|
93
|
+
buf.writeBigUInt64BE(counter);
|
|
94
|
+
const hmac = crypto.createHmac('sha1', secret).update(buf).digest();
|
|
95
|
+
const offset = hmac[hmac.length - 1] & 0x0f;
|
|
96
|
+
const code = ((hmac[offset] & 0x7f) << 24) |
|
|
97
|
+
((hmac[offset + 1] & 0xff) << 16) |
|
|
98
|
+
((hmac[offset + 2] & 0xff) << 8) |
|
|
99
|
+
(hmac[offset + 3] & 0xff);
|
|
100
|
+
return String(code % 1_000_000).padStart(6, '0');
|
|
101
|
+
}
|
|
102
|
+
function verifyTotp(secret, code, window = 1) {
|
|
103
|
+
if (!/^\d{6}$/.test(code))
|
|
104
|
+
return false;
|
|
105
|
+
const key = base32Decode(secret);
|
|
106
|
+
const counter = BigInt(Math.floor(Date.now() / 30_000));
|
|
107
|
+
for (let i = -window; i <= window; i++) {
|
|
108
|
+
if (computeHotp(key, counter + BigInt(i)) === code)
|
|
109
|
+
return true;
|
|
110
|
+
}
|
|
111
|
+
return false;
|
|
112
|
+
}
|
|
113
|
+
// ─── Backup codes ────────────────────────────────────────────────────
|
|
114
|
+
function generateBackupCodes(count = 8) {
|
|
115
|
+
const codes = [];
|
|
116
|
+
const hashes = [];
|
|
117
|
+
for (let i = 0; i < count; i++) {
|
|
118
|
+
const code = crypto.randomBytes(4).toString('hex'); // 8-char hex
|
|
119
|
+
codes.push(code);
|
|
120
|
+
hashes.push(crypto.createHash('sha256').update(code).digest('hex'));
|
|
121
|
+
}
|
|
122
|
+
return { codes, hashes };
|
|
123
|
+
}
|
|
124
|
+
function verifyBackupCode(code, hashes) {
|
|
125
|
+
const hash = crypto.createHash('sha256').update(code).digest('hex');
|
|
126
|
+
const idx = hashes.indexOf(hash);
|
|
127
|
+
if (idx === -1)
|
|
128
|
+
return { valid: false, remainingHashes: hashes };
|
|
129
|
+
const remainingHashes = [...hashes];
|
|
130
|
+
remainingHashes.splice(idx, 1);
|
|
131
|
+
return { valid: true, remainingHashes };
|
|
132
|
+
}
|
|
133
|
+
// ─── QR code SVG generation ──────────────────────────────────────────
|
|
134
|
+
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
135
|
+
const QRCode = require('qrcode-svg');
|
|
136
|
+
function generateTotpQrSvg(uri) {
|
|
137
|
+
const qr = new QRCode({
|
|
138
|
+
content: uri,
|
|
139
|
+
padding: 4,
|
|
140
|
+
width: 200,
|
|
141
|
+
height: 200,
|
|
142
|
+
color: '#000000',
|
|
143
|
+
background: '#ffffff',
|
|
144
|
+
ecl: 'M',
|
|
145
|
+
join: true,
|
|
146
|
+
});
|
|
147
|
+
return qr.svg();
|
|
148
|
+
}
|
|
149
|
+
//# sourceMappingURL=totp.js.map
|
package/dist/totp.js.map
ADDED
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"totp.js","sourceRoot":"","sources":["../src/totp.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;AAMA,oCAmBC;AAED,oCAkBC;AAID,gDAEC;AAED,0CAIC;AAeD,gCASC;AAID,kDAWC;AAED,4CAOC;AAOD,8CAYC;AA5HD,oDAAsC;AAEtC,uEAAuE;AAEvE,MAAM,eAAe,GAAG,kCAAkC,CAAC;AAE3D,SAAgB,YAAY,CAAC,MAAc;IACzC,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,IAAI,MAAM,GAAG,EAAE,CAAC;IAEhB,KAAK,MAAM,IAAI,IAAI,MAAM,EAAE,CAAC;QAC1B,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC;QAC5B,IAAI,IAAI,CAAC,CAAC;QACV,OAAO,IAAI,IAAI,CAAC,EAAE,CAAC;YACjB,IAAI,IAAI,CAAC,CAAC;YACV,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACrD,CAAC;IACH,CAAC;IAED,IAAI,IAAI,GAAG,CAAC,EAAE,CAAC;QACb,MAAM,IAAI,eAAe,CAAC,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC1D,CAAC;IAED,OAAO,MAAM,CAAC;AAChB,CAAC;AAED,SAAgB,YAAY,CAAC,GAAW;IACtC,MAAM,OAAO,GAAG,GAAG,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,CAAC,CAAC,WAAW,EAAE,CAAC;IACrD,IAAI,IAAI,GAAG,CAAC,CAAC;IACb,IAAI,KAAK,GAAG,CAAC,CAAC;IACd,MAAM,KAAK,GAAa,EAAE,CAAC;IAE3B,KAAK,MAAM,IAAI,IAAI,OAAO,EAAE,CAAC;QAC3B,MAAM,GAAG,GAAG,eAAe,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;QAC1C,IAAI,GAAG,KAAK,CAAC,CAAC;YAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,IAAI,EAAE,CAAC,CAAC;QACrE,KAAK,GAAG,CAAC,KAAK,IAAI,CAAC,CAAC,GAAG,GAAG,CAAC;QAC3B,IAAI,IAAI,CAAC,CAAC;QACV,IAAI,IAAI,IAAI,CAAC,EAAE,CAAC;YACd,IAAI,IAAI,CAAC,CAAC;YACV,KAAK,CAAC,IAAI,CAAC,CAAC,KAAK,KAAK,IAAI,CAAC,GAAG,IAAI,CAAC,CAAC;QACtC,CAAC;IACH,CAAC;IAED,OAAO,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;AAC5B,CAAC;AAED,uEAAuE;AAEvE,SAAgB,kBAAkB;IAChC,OAAO,YAAY,CAAC,MAAM,CAAC,WAAW,CAAC,EAAE,CAAC,CAAC,CAAC;AAC9C,CAAC;AAED,SAAgB,eAAe,CAAC,MAAc,EAAE,WAAmB,EAAE,MAAM,GAAG,WAAW;IACvF,MAAM,aAAa,GAAG,kBAAkB,CAAC,MAAM,CAAC,CAAC;IACjD,MAAM,cAAc,GAAG,kBAAkB,CAAC,WAAW,CAAC,CAAC;IACvD,OAAO,kBAAkB,aAAa,IAAI,cAAc,WAAW,MAAM,WAAW,aAAa,oCAAoC,CAAC;AACxI,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAE,OAAe;IAClD,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,CAAC;IAC5B,GAAG,CAAC,gBAAgB,CAAC,OAAO,CAAC,CAAC;IAC9B,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC;IACpE,MAAM,MAAM,GAAG,IAAI,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC;IAC5C,MAAM,IAAI,GACR,CAAC,CAAC,IAAI,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QAC7B,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,EAAE,CAAC;QACjC,CAAC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,IAAI,CAAC,CAAC;QAChC,CAAC,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,GAAG,IAAI,CAAC,CAAC;IAC5B,OAAO,MAAM,CAAC,IAAI,GAAG,SAAS,CAAC,CAAC,QAAQ,CAAC,CAAC,EAAE,GAAG,CAAC,CAAC;AACnD,CAAC;AAED,SAAgB,UAAU,CAAC,MAAc,EAAE,IAAY,EAAE,MAAM,GAAG,CAAC;IACjE,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC;QAAE,OAAO,KAAK,CAAC;IACxC,MAAM,GAAG,GAAG,YAAY,CAAC,MAAM,CAAC,CAAC;IACjC,MAAM,OAAO,GAAG,MAAM,CAAC,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,MAAM,CAAC,CAAC,CAAC;IAExD,KAAK,IAAI,CAAC,GAAG,CAAC,MAAM,EAAE,CAAC,IAAI,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QACvC,IAAI,WAAW,CAAC,GAAG,EAAE,OAAO,GAAG,MAAM,CAAC,CAAC,CAAC,CAAC,KAAK,IAAI;YAAE,OAAO,IAAI,CAAC;IAClE,CAAC;IACD,OAAO,KAAK,CAAC;AACf,CAAC;AAED,wEAAwE;AAExE,SAAgB,mBAAmB,CAAC,KAAK,GAAG,CAAC;IAC3C,MAAM,KAAK,GAAa,EAAE,CAAC;IAC3B,MAAM,MAAM,GAAa,EAAE,CAAC;IAE5B,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,KAAK,EAAE,CAAC,EAAE,EAAE,CAAC;QAC/B,MAAM,IAAI,GAAG,MAAM,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,KAAK,CAAC,CAAC,CAAC,aAAa;QACjE,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;QACjB,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC;IACtE,CAAC;IAED,OAAO,EAAE,KAAK,EAAE,MAAM,EAAE,CAAC;AAC3B,CAAC;AAED,SAAgB,gBAAgB,CAAC,IAAY,EAAE,MAAgB;IAC7D,MAAM,IAAI,GAAG,MAAM,CAAC,UAAU,CAAC,QAAQ,CAAC,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC;IACpE,MAAM,GAAG,GAAG,MAAM,CAAC,OAAO,CAAC,IAAI,CAAC,CAAC;IACjC,IAAI,GAAG,KAAK,CAAC,CAAC;QAAE,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,eAAe,EAAE,MAAM,EAAE,CAAC;IACjE,MAAM,eAAe,GAAG,CAAC,GAAG,MAAM,CAAC,CAAC;IACpC,eAAe,CAAC,MAAM,CAAC,GAAG,EAAE,CAAC,CAAC,CAAC;IAC/B,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,eAAe,EAAE,CAAC;AAC1C,CAAC;AAED,wEAAwE;AAExE,iEAAiE;AACjE,MAAM,MAAM,GAAG,OAAO,CAAC,YAAY,CAAC,CAAC;AAErC,SAAgB,iBAAiB,CAAC,GAAW;IAC3C,MAAM,EAAE,GAAG,IAAI,MAAM,CAAC;QACpB,OAAO,EAAE,GAAG;QACZ,OAAO,EAAE,CAAC;QACV,KAAK,EAAE,GAAG;QACV,MAAM,EAAE,GAAG;QACX,KAAK,EAAE,SAAS;QAChB,UAAU,EAAE,SAAS;QACrB,GAAG,EAAE,GAAG;QACR,IAAI,EAAE,IAAI;KACX,CAAC,CAAC;IACH,OAAO,EAAE,CAAC,GAAG,EAAY,CAAC;AAC5B,CAAC"}
|