@sekyuriti/attest 0.2.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +99 -0
- package/bin/attest.js +1033 -0
- package/dist/index.d.mts +99 -0
- package/dist/index.d.ts +99 -0
- package/dist/index.js +96 -0
- package/dist/index.js.map +1 -0
- package/dist/index.mjs +68 -0
- package/dist/index.mjs.map +1 -0
- package/dist/middleware.d.mts +102 -0
- package/dist/middleware.d.ts +102 -0
- package/dist/middleware.js +237 -0
- package/dist/middleware.js.map +1 -0
- package/dist/middleware.mjs +211 -0
- package/dist/middleware.mjs.map +1 -0
- package/package.json +52 -0
package/README.md
ADDED
|
@@ -0,0 +1,99 @@
|
|
|
1
|
+
# @sekyuriti/attest
|
|
2
|
+
|
|
3
|
+
API protection for Next.js applications. Verify that requests come from real browsers, not bots or scripts.
|
|
4
|
+
|
|
5
|
+
## Quick Start
|
|
6
|
+
|
|
7
|
+
One command setup:
|
|
8
|
+
|
|
9
|
+
```bash
|
|
10
|
+
npx @sekyuriti/attest login
|
|
11
|
+
```
|
|
12
|
+
|
|
13
|
+
This will:
|
|
14
|
+
1. Open browser for authentication
|
|
15
|
+
2. Let you select your project
|
|
16
|
+
3. Auto-add environment variables to `.env.local`
|
|
17
|
+
4. Auto-inject the ATTEST script into `layout.tsx`
|
|
18
|
+
|
|
19
|
+
Done. Your API is protected.
|
|
20
|
+
|
|
21
|
+
## What It Does
|
|
22
|
+
|
|
23
|
+
- **Frontend script** automatically signs all `fetch()` and `XMLHttpRequest` calls
|
|
24
|
+
- **Backend verification** validates signatures with SEKYURITI's API
|
|
25
|
+
- **Bots and scripts** can't generate valid signatures without running in a real browser
|
|
26
|
+
|
|
27
|
+
## Optional: Middleware
|
|
28
|
+
|
|
29
|
+
Add server-side verification for all API routes:
|
|
30
|
+
|
|
31
|
+
```ts
|
|
32
|
+
// middleware.ts
|
|
33
|
+
import { createAttestMiddleware } from "@sekyuriti/attest/middleware";
|
|
34
|
+
|
|
35
|
+
export const middleware = createAttestMiddleware({
|
|
36
|
+
projectId: process.env.NEXT_PUBLIC_ATTEST_KEY!,
|
|
37
|
+
apiKey: process.env.ATTEST_SECRET_KEY!,
|
|
38
|
+
});
|
|
39
|
+
|
|
40
|
+
export const config = {
|
|
41
|
+
matcher: "/api/:path*",
|
|
42
|
+
};
|
|
43
|
+
```
|
|
44
|
+
|
|
45
|
+
## Optional: Per-Route Verification
|
|
46
|
+
|
|
47
|
+
```ts
|
|
48
|
+
// app/api/protected/route.ts
|
|
49
|
+
import { verifyAttest } from "@sekyuriti/attest";
|
|
50
|
+
|
|
51
|
+
export async function POST(request: Request) {
|
|
52
|
+
const result = await verifyAttest(request, {
|
|
53
|
+
projectId: process.env.NEXT_PUBLIC_ATTEST_KEY!,
|
|
54
|
+
apiKey: process.env.ATTEST_SECRET_KEY!,
|
|
55
|
+
});
|
|
56
|
+
|
|
57
|
+
if (!result.attested) {
|
|
58
|
+
return Response.json({ error: "Not attested" }, { status: 403 });
|
|
59
|
+
}
|
|
60
|
+
|
|
61
|
+
// Handle request...
|
|
62
|
+
}
|
|
63
|
+
```
|
|
64
|
+
|
|
65
|
+
## CLI Commands
|
|
66
|
+
|
|
67
|
+
```bash
|
|
68
|
+
attest login # Authenticate and setup project
|
|
69
|
+
attest logout # Sign out
|
|
70
|
+
attest status # Show account and usage info
|
|
71
|
+
attest init # Re-run setup in current project
|
|
72
|
+
attest whoami # Print current user email
|
|
73
|
+
attest help # Show help
|
|
74
|
+
```
|
|
75
|
+
|
|
76
|
+
## Environment Variables
|
|
77
|
+
|
|
78
|
+
Auto-generated by `attest login`:
|
|
79
|
+
|
|
80
|
+
```env
|
|
81
|
+
NEXT_PUBLIC_ATTEST_KEY=your_public_key
|
|
82
|
+
ATTEST_SECRET_KEY=your_secret_key
|
|
83
|
+
```
|
|
84
|
+
|
|
85
|
+
## Protection Features
|
|
86
|
+
|
|
87
|
+
- DevTools detection
|
|
88
|
+
- Bot/headless browser detection
|
|
89
|
+
- Request signing with HMAC-SHA256
|
|
90
|
+
- Browser fingerprinting
|
|
91
|
+
- Timestamp validation
|
|
92
|
+
|
|
93
|
+
## Documentation
|
|
94
|
+
|
|
95
|
+
https://sekyuriti.build/docs/attest
|
|
96
|
+
|
|
97
|
+
## License
|
|
98
|
+
|
|
99
|
+
MIT
|