npm - @sekyuriti/attest - Versions diffs - 0.2.1 → 0.2.3 - Mend

@sekyuriti/attest 0.2.1 → 0.2.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md CHANGED Viewed

@@ -2,52 +2,39 @@
 API protection for Next.js applications. Verify that requests come from real browsers, not bots or scripts.
-## Installation
+## Quick Start
+One command setup:
 ```bash
-npm install @sekyuriti/attest
+npx @sekyuriti/attest login
 ```
-## Quick Start
+This will:
+1. Open browser for authentication
+2. Let you select your project
+3. Auto-add environment variables to `.env.local`
+4. Auto-inject the ATTEST script into `layout.tsx`
-### 1. Add the script to your frontend
+Done. Your API is protected.
-```html
-<script src="https://sekyuriti.build/api/v2/attest/script/YOUR_PROJECT_ID" defer></script>
-```
+## What It Does
-Or in Next.js:
-```tsx
-// app/layout.tsx
-export default function RootLayout({ children }) {
-  return (
-    <html>
-      <head>
-        <script
-          src={`https://sekyuriti.build/api/v2/attest/script/${process.env.NEXT_PUBLIC_ATTEST_PROJECT_ID}`}
-          defer
-        />
-      </head>
-      <body>{children}</body>
-    </html>
-  );
-}
-```
-### 2. Protect your API routes
+- **Frontend script** automatically signs all `fetch()` and `XMLHttpRequest` calls
+- **Backend verification** validates signatures with SEKYURITI's API
+- **Bots and scripts** can't generate valid signatures without running in a real browser
-**Option A: Middleware (recommended)**
+## Optional: Middleware
-Protects all `/api/*` routes automatically:
+Add server-side verification for all API routes:
 ```ts
 // middleware.ts
 import { createAttestMiddleware } from "@sekyuriti/attest/middleware";
 export const middleware = createAttestMiddleware({
-  projectId: process.env.ATTEST_PROJECT_ID!,
-  apiKey: process.env.ATTEST_API_KEY!,
+  projectId: process.env.NEXT_PUBLIC_ATTEST_KEY!,
+  apiKey: process.env.ATTEST_SECRET_KEY!,
 });
 export const config = {
@@ -55,7 +42,7 @@ export const config = {
 };
 ```
-**Option B: Per-route verification**
+## Optional: Per-Route Verification
 ```ts
 // app/api/protected/route.ts
@@ -63,8 +50,8 @@ import { verifyAttest } from "@sekyuriti/attest";
 export async function POST(request: Request) {
   const result = await verifyAttest(request, {
-    projectId: process.env.ATTEST_PROJECT_ID!,
-    apiKey: process.env.ATTEST_API_KEY!,
+    projectId: process.env.NEXT_PUBLIC_ATTEST_KEY!,
+    apiKey: process.env.ATTEST_SECRET_KEY!,
   });
   if (!result.attested) {
@@ -75,72 +62,26 @@ export async function POST(request: Request) {
 }
 ```
-## Environment Variables
-```env
-ATTEST_PROJECT_ID=ATST_xxxxxxxxxxxx
-ATTEST_API_KEY=sk_xxxxxxxxxxxx
-NEXT_PUBLIC_ATTEST_PROJECT_ID=ATST_xxxxxxxxxxxx
-```
-## API Reference
-### `verifyAttest(request, config)`
-Verify a single request.
-```ts
-const result = await verifyAttest(request, {
-  projectId: "ATST_xxx",
-  apiKey: "sk_xxx",
-});
+## CLI Commands
-// result.attested: boolean
-// result.fingerprint: string (if attested)
-// result.reason: string (if not attested)
-```
-### `createAttestMiddleware(config)`
-Create middleware for automatic verification.
-```ts
-const middleware = createAttestMiddleware({
-  projectId: "ATST_xxx",
-  apiKey: "sk_xxx",
-  // Optional settings
-  protectedRoutes: ["/api/*"],  // Routes to protect
-  excludeRoutes: ["/api/health"], // Routes to skip
-  allowUnauthenticated: false, // Allow requests without headers
-  // Custom handlers
-  onBlocked: (req, result) => Response.json({ error: result.reason }, { status: 403 }),
-  onAllowed: (req, result) => console.log("Verified:", result.fingerprint),
-});
+```bash
+attest login     # Authenticate and setup project
+attest logout    # Sign out
+attest status    # Show account and usage info
+attest init      # Re-run setup in current project
+attest whoami    # Print current user email
+attest help      # Show help
 ```
-### `createAttestVerifier(config)`
-Create a reusable verifier function.
+## Environment Variables
-```ts
-const verify = createAttestVerifier({
-  projectId: process.env.ATTEST_PROJECT_ID!,
-  apiKey: process.env.ATTEST_API_KEY!,
-});
+Auto-generated by `attest login`:
-// Use in multiple routes
-const result = await verify(request);
+```env
+NEXT_PUBLIC_ATTEST_KEY=your_public_key
+ATTEST_SECRET_KEY=your_secret_key
 ```
-## How It Works
-1. **Frontend script** automatically signs all `fetch()` and `XMLHttpRequest` calls
-2. **Signatures** are added as headers: `X-Attest-Timestamp`, `X-Attest-Signature`, `X-Attest-Fingerprint`
-3. **Backend verification** validates signatures with SEKYURITI's API
-4. **Bots and scripts** can't generate valid signatures without running in a real browser
 ## Protection Features
 - DevTools detection
@@ -149,6 +90,10 @@ const result = await verify(request);
 - Browser fingerprinting
 - Timestamp validation
+## Documentation
+https://sekyuriti.build/docs/attest
 ## License
 MIT

package/bin/attest.js CHANGED Viewed

@@ -139,7 +139,109 @@ function printHeader() {
   logBold("  █▀▀ █▀▀ █▄▀ █▄█ █ █ █▀█ █ ▀█▀ █");
   logBold("  ▄▄█ ██▄ █ █  █  █▄█ █▀▄ █  █  █");
   log("");
-  logDim("  ATTEST CLI v0.2.0");
+  logDim("  ATTEST CLI v0.2.1");
+  log("");
+}
+// ═══════════════════════════════════════════════════════════════════
+// INIT HELPER (used by both login and init commands)
+// ═══════════════════════════════════════════════════════════════════
+async function runInit(publicKey, apiKey) {
+  let steps = [];
+  // Step 1: Add .env variables
+  const envPath = path.join(process.cwd(), ".env");
+  const envLocalPath = path.join(process.cwd(), ".env.local");
+  let targetEnvPath = envLocalPath;
+  if (fs.existsSync(envLocalPath)) {
+    targetEnvPath = envLocalPath;
+  } else if (fs.existsSync(envPath)) {
+    targetEnvPath = envPath;
+  }
+  const envVars = `
+# ATTEST Configuration
+NEXT_PUBLIC_ATTEST_KEY=${publicKey}
+ATTEST_SECRET_KEY=${apiKey}
+`.trim();
+  if (fs.existsSync(targetEnvPath)) {
+    let content = fs.readFileSync(targetEnvPath, "utf-8");
+    if (!content.includes("ATTEST_KEY")) {
+      content += "\n\n" + envVars + "\n";
+      fs.writeFileSync(targetEnvPath, content);
+      steps.push(`Added ATTEST config to ${path.basename(targetEnvPath)}`);
+    } else {
+      steps.push(`ATTEST config already in ${path.basename(targetEnvPath)}`);
+    }
+  } else {
+    fs.writeFileSync(envLocalPath, envVars + "\n");
+    steps.push("Created .env.local with ATTEST config");
+  }
+  // Step 2: Find and update layout.tsx
+  const layoutPaths = [
+    path.join(process.cwd(), "src/app/layout.tsx"),
+    path.join(process.cwd(), "app/layout.tsx"),
+    path.join(process.cwd(), "src/app/layout.js"),
+    path.join(process.cwd(), "app/layout.js"),
+  ];
+  let layoutPath = null;
+  for (const p of layoutPaths) {
+    if (fs.existsSync(p)) {
+      layoutPath = p;
+      break;
+    }
+  }
+  const scriptTag = `<Script
+        src="https://sekyuriti.build/api/v2/attest/script/${publicKey}"
+        strategy="beforeInteractive"
+      />`;
+  if (layoutPath) {
+    let layoutContent = fs.readFileSync(layoutPath, "utf-8");
+    if (layoutContent.includes("sekyuriti.build/api/v2/attest/script")) {
+      steps.push("ATTEST script already in layout");
+    } else {
+      // Check if Script is already imported
+      const hasScriptImport = layoutContent.includes("from 'next/script'") || layoutContent.includes('from "next/script"');
+      if (!hasScriptImport) {
+        // Add Script import after the first import line
+        layoutContent = layoutContent.replace(
+          /(import .+ from ['"][^'"]+['"];?\n)/,
+          `$1import Script from "next/script";\n`
+        );
+      }
+      // Add script tag after <body> or <body className=...>
+      if (layoutContent.includes("<body")) {
+        layoutContent = layoutContent.replace(
+          /(<body[^>]*>)/,
+          `$1\n      ${scriptTag}`
+        );
+        fs.writeFileSync(layoutPath, layoutContent);
+        steps.push(`Added ATTEST script to ${path.basename(layoutPath)}`);
+      } else {
+        steps.push("Could not find <body> tag in layout");
+      }
+    }
+  } else {
+    steps.push("No layout.tsx found - add script manually");
+  }
+  // Print results
+  for (const step of steps) {
+    log(`  ${c.bold}✓${c.reset} ${step}`);
+  }
+  log("");
+  log("  Documentation: https://sekyuriti.build/docs/attest");
   log("");
 }
@@ -211,6 +313,11 @@ async function cmdLogin() {
             apiKey: data.apiKey,
           });
+          // Auto-run init after successful login
+          log("  Setting up your project...");
+          log("");
+          await runInit(data.publicKey, data.apiKey);
           return;
         }
       }
@@ -334,132 +441,9 @@ async function cmdInit() {
     return;
   }
-  let steps = [];
-  // Step 1: Add .env variables
-  const envPath = path.join(process.cwd(), ".env");
-  const envLocalPath = path.join(process.cwd(), ".env.local");
-  let targetEnvPath = envLocalPath;
-  if (fs.existsSync(envLocalPath)) {
-    targetEnvPath = envLocalPath;
-  } else if (fs.existsSync(envPath)) {
-    targetEnvPath = envPath;
-  }
-  const envVars = `
-# ATTEST Configuration
-NEXT_PUBLIC_ATTEST_KEY=${config.publicKey}
-ATTEST_SECRET_KEY=${config.apiKey}
-`.trim();
-  if (fs.existsSync(targetEnvPath)) {
-    let content = fs.readFileSync(targetEnvPath, "utf-8");
-    if (!content.includes("ATTEST_KEY")) {
-      content += "\n\n" + envVars + "\n";
-      fs.writeFileSync(targetEnvPath, content);
-      steps.push(`Added ATTEST config to ${path.basename(targetEnvPath)}`);
-    } else {
-      steps.push(`ATTEST config already in ${path.basename(targetEnvPath)}`);
-    }
-  } else {
-    fs.writeFileSync(envLocalPath, envVars + "\n");
-    steps.push("Created .env.local with ATTEST config");
-  }
-  // Step 2: Find and update layout.tsx
-  const layoutPaths = [
-    path.join(process.cwd(), "src/app/layout.tsx"),
-    path.join(process.cwd(), "app/layout.tsx"),
-    path.join(process.cwd(), "src/app/layout.js"),
-    path.join(process.cwd(), "app/layout.js"),
-  ];
-  let layoutPath = null;
-  for (const p of layoutPaths) {
-    if (fs.existsSync(p)) {
-      layoutPath = p;
-      break;
-    }
-  }
-  const scriptTag = `<Script
-        src="https://sekyuriti.build/api/v2/attest/script/${config.publicKey}"
-        strategy="beforeInteractive"
-      />`;
-  if (layoutPath) {
-    let layoutContent = fs.readFileSync(layoutPath, "utf-8");
-    if (layoutContent.includes("sekyuriti.build/api/v2/attest/script")) {
-      steps.push("ATTEST script already in layout");
-    } else {
-      // Check if Script is already imported
-      const hasScriptImport = layoutContent.includes("from 'next/script'") || layoutContent.includes('from "next/script"');
-      if (!hasScriptImport) {
-        // Add Script import after the first import line
-        layoutContent = layoutContent.replace(
-          /(import .+ from ['"][^'"]+['"];?\n)/,
-          `$1import Script from "next/script";\n`
-        );
-      }
-      // Add script tag after <body> or <body className=...>
-      if (layoutContent.includes("<body")) {
-        layoutContent = layoutContent.replace(
-          /(<body[^>]*>)/,
-          `$1\n      ${scriptTag}`
-        );
-        fs.writeFileSync(layoutPath, layoutContent);
-        steps.push(`Added ATTEST script to ${path.basename(layoutPath)}`);
-      } else {
-        steps.push("Could not find <body> tag in layout");
-      }
-    }
-  } else {
-    steps.push("No layout.tsx found - add script manually");
-  }
-  // Step 3: Check for middleware.ts and offer to add verification
-  const middlewarePaths = [
-    path.join(process.cwd(), "middleware.ts"),
-    path.join(process.cwd(), "src/middleware.ts"),
-    path.join(process.cwd(), "middleware.js"),
-    path.join(process.cwd(), "src/middleware.js"),
-  ];
-  let hasMiddleware = false;
-  for (const p of middlewarePaths) {
-    if (fs.existsSync(p)) {
-      hasMiddleware = true;
-      break;
-    }
-  }
-  // Print results
-  log("  SETUP COMPLETE");
-  log("");
-  for (const step of steps) {
-    log(`  ${c.bold}✓${c.reset} ${step}`);
-  }
-  log("");
-  if (!hasMiddleware) {
-    log("  Optional: Add middleware for server-side verification:");
-    log("");
-    log(`  ${c.dim}// middleware.ts${c.reset}`);
-    log(`  ${c.dim}import { createAttestMiddleware } from '@sekyuriti/attest/middleware';${c.reset}`);
-    log(`  ${c.dim}export default createAttestMiddleware({${c.reset}`);
-    log(`  ${c.dim}  protectedPaths: ['/api/'],${c.reset}`);
-    log(`  ${c.dim}});${c.reset}`);
-    log("");
-  }
-  log("  Documentation: https://sekyuriti.build/docs/attest");
+  log("  Setting up ATTEST...");
   log("");
+  await runInit(config.publicKey, config.apiKey);
 }
 // ═══════════════════════════════════════════════════════════════════

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@sekyuriti/attest",
-  "version": "0.2.1",
+  "version": "0.2.3",
   "description": "API protection middleware for Next.js - verify requests with ATTEST",
   "main": "dist/index.js",
   "module": "dist/index.mjs",