npm - @sigma-auth/better-auth-plugin - Versions diffs - 0.0.46 → 0.0.47 - Mend

@sigma-auth/better-auth-plugin 0.0.46 → 0.0.47

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/dist/server/local.d.ts.map +1 -1
package/dist/server/local.js +19 -1
package/dist/server/local.js.map +1 -1
package/package.json +2 -1

package/dist/server/local.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../src/server/local.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;~~AAEH~~,OAAO,EAAE,KAAK,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;~~AAE~~/E;;GAEG;AACH,MAAM,WAAW,0BAA0B;IAC1C,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC;QAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KAClB,GAAG,IAAI,CAAC,CAAC;IACV,iCAAiC;IACjC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,mBAAmB,CACxC,OAAO,EAAE,0BAA0B,GACjC,OAAO,CAAC,qBAAqB,CAAC,CAoDhC;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAG3E;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAClC,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,MAAM,GACX,gBAAgB,CAMlB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,IAAI,CAAC;CACd;AAGD,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,KAAK,SAAS,EAAE,CAAC"}
1	+ {"version":3,"file":"local.d.ts","sourceRoot":"","sources":["../../src/server/local.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAGH,OAAO,EAAE,KAAK,SAAS,EAAE,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAuB/E;;GAEG;AACH,MAAM,WAAW,0BAA0B;IAC1C,iDAAiD;IACjD,WAAW,EAAE,MAAM,CAAC;IACpB,oDAAoD;IACpD,SAAS,EAAE,CAAC,WAAW,EAAE,MAAM,KAAK,OAAO,CAAC;QAC3C,WAAW,CAAC,EAAE,MAAM,CAAC;QACrB,UAAU,CAAC,EAAE,MAAM,CAAC;QACpB,IAAI,CAAC,EAAE,MAAM,CAAC;QACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;KAClB,GAAG,IAAI,CAAC,CAAC;IACV,iCAAiC;IACjC,cAAc,CAAC,EAAE,MAAM,EAAE,CAAC;CAC1B;AAED;;GAEG;AACH,MAAM,WAAW,qBAAqB;IACrC,KAAK,EAAE,OAAO,CAAC;IACf,KAAK,CAAC,EAAE,MAAM,CAAC;IACf,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC;CAClB;AAED;;;;;;;;;;;;;;;;;;;GAmBG;AACH,wBAAsB,mBAAmB,CACxC,OAAO,EAAE,0BAA0B,GACjC,OAAO,CAAC,qBAAqB,CAAC,CAoDhC;AAED;;;GAGG;AACH,wBAAgB,kBAAkB,CAAC,UAAU,EAAE,MAAM,GAAG,IAAI,GAAG,MAAM,GAAG,IAAI,CAG3E;AAED;;GAEG;AACH,MAAM,WAAW,gBAAgB;IAChC,KAAK,EAAE,MAAM,CAAC;IACd,IAAI,CAAC,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,KAAK,CAAC;CACf;AAED;;GAEG;AACH,wBAAgB,mBAAmB,CAClC,KAAK,EAAE,MAAM,EACb,IAAI,CAAC,EAAE,MAAM,GACX,gBAAgB,CAMlB;AAED;;GAEG;AACH,MAAM,WAAW,YAAY;IAC5B,KAAK,EAAE,MAAM,CAAC;IACd,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,SAAS,EAAE,MAAM,EAAE,CAAC;IACpB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,UAAU,EAAE,MAAM,CAAC;IACnB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,eAAe;IAC/B,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,oBAAoB;IACpC,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,YAAY;IAC5B,WAAW,EAAE,MAAM,CAAC;IACpB,UAAU,EAAE,MAAM,CAAC;IACnB,IAAI,EAAE,MAAM,CAAC;IACb,OAAO,EAAE,IAAI,CAAC;CACd;AAED,MAAM,WAAW,cAAc;IAC9B,QAAQ,EAAE,OAAO,CAAC;IAClB,OAAO,EAAE,IAAI,CAAC;CACd;AAGD,OAAO,EAAE,eAAe,EAAE,cAAc,EAAE,KAAK,SAAS,EAAE,CAAC"}

package/dist/server/local.js CHANGED Viewed

@@ -4,7 +4,25 @@
  * Utilities for building a local sigma-auth server that LocalServerSigner can connect to.
  * Use these to create consistent API responses and validate access tokens.
  */
+import { timingSafeEqual } from "node:crypto";
 import { parseAuthToken, verifyAuthToken } from "bitcoin-auth";
+/**
+ * Constant-time string comparison to prevent timing attacks.
+ * Uses TextEncoder (no Buffer) for byte conversion.
+ */
+function safeCompare(a, b) {
+    if (!a || !b)
+        return false;
+    if (a.length !== b.length)
+        return false;
+    const encoder = new TextEncoder();
+    const aBytes = encoder.encode(a);
+    const bBytes = encoder.encode(b);
+    // timingSafeEqual requires equal-length typed arrays
+    if (aBytes.length !== bBytes.length)
+        return false;
+    return timingSafeEqual(aBytes, bBytes);
+}
 /**
  * Validate an access token from Authorization header
  *
@@ -35,7 +53,7 @@ export async function validateAccessToken(options) {
         };
     }
     const state = await findState(accessToken);
-    if (!state?.accessToken || state.accessToken !== accessToken) {
+    if (!state?.accessToken || !safeCompare(state.accessToken, accessToken)) {
         return {
             valid: false,
             error: "Invalid access token.",

package/dist/server/local.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/server/local.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAkB,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;~~AA8B~~/E;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACxC,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE3D,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6DAA6D;YACpE,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,WAAW,IAAI,KAAK,CAAC,WAAW,~~KAAK~~,WAAW,EAAE,CAAC;~~QAC9D~~,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,uBAAuB;YAC9B,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IACC,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,UAAU,KAAK,CAAC;QACtB,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,EAC5B,CAAC;QACF,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,2BAA2B;YAClC,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,cAAc,EAAE,MAAM,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACnD,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,OAAO;gBACN,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,4BAA4B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9D,IAAI,EAAE,CAAC;aACP,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO;QACN,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,MAAM,EAAE,KAAK,CAAC,MAAM;KACpB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAyB;IAC3D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;AAC7D,CAAC;AAWD;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAClC,KAAa,EACb,IAAa;IAEb,OAAO;QACN,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,KAAK;KACd,CAAC;AACH,CAAC;AA0CD,mDAAmD;AACnD,OAAO,EAAE,eAAe,EAAE,cAAc,EAAkB,CAAC"}
1	+ {"version":3,"file":"local.js","sourceRoot":"","sources":["../../src/server/local.ts"],"names":[],"mappings":"AAAA;;;;;GAKG;AAEH,OAAO,EAAE,eAAe,EAAE,MAAM,aAAa,CAAC;AAC9C,OAAO,EAAkB,cAAc,EAAE,eAAe,EAAE,MAAM,cAAc,CAAC;AAE/E;;;GAGG;AACH,SAAS,WAAW,CACnB,CAA4B,EAC5B,CAA4B;IAE5B,IAAI,CAAC,CAAC,IAAI,CAAC,CAAC;QAAE,OAAO,KAAK,CAAC;IAC3B,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAExC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAC;IAClC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IACjC,MAAM,MAAM,GAAG,OAAO,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC;IAEjC,qDAAqD;IACrD,IAAI,MAAM,CAAC,MAAM,KAAK,MAAM,CAAC,MAAM;QAAE,OAAO,KAAK,CAAC;IAElD,OAAO,eAAe,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AACxC,CAAC;AA8BD;;;;;;;;;;;;;;;;;;;GAmBG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACxC,OAAmC;IAEnC,MAAM,EAAE,WAAW,EAAE,SAAS,EAAE,cAAc,EAAE,GAAG,OAAO,CAAC;IAE3D,IAAI,CAAC,WAAW,EAAE,CAAC;QAClB,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,6DAA6D;YACpE,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,MAAM,KAAK,GAAG,MAAM,SAAS,CAAC,WAAW,CAAC,CAAC;IAC3C,IAAI,CAAC,KAAK,EAAE,WAAW,IAAI,CAAC,WAAW,CAAC,KAAK,CAAC,WAAW,EAAE,WAAW,CAAC,EAAE,CAAC;QACzE,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,uBAAuB;YAC9B,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,2CAA2C;IAC3C,IACC,KAAK,CAAC,UAAU;QAChB,KAAK,CAAC,UAAU,KAAK,CAAC;QACtB,KAAK,CAAC,UAAU,GAAG,IAAI,CAAC,GAAG,EAAE,EAC5B,CAAC;QACF,OAAO;YACN,KAAK,EAAE,KAAK;YACZ,KAAK,EAAE,2BAA2B;YAClC,IAAI,EAAE,CAAC;SACP,CAAC;IACH,CAAC;IAED,wBAAwB;IACxB,IAAI,cAAc,EAAE,MAAM,EAAE,CAAC;QAC5B,MAAM,YAAY,GAAG,cAAc,CAAC,KAAK,CAAC,CAAC,KAAK,EAAE,EAAE,CACnD,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,KAAK,CAAC,CAC7B,CAAC;QACF,IAAI,CAAC,YAAY,EAAE,CAAC;YACnB,OAAO;gBACN,KAAK,EAAE,KAAK;gBACZ,KAAK,EAAE,4BAA4B,cAAc,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE;gBAC9D,IAAI,EAAE,CAAC;aACP,CAAC;QACH,CAAC;IACF,CAAC;IAED,OAAO;QACN,KAAK,EAAE,IAAI;QACX,IAAI,EAAE,KAAK,CAAC,IAAI;QAChB,MAAM,EAAE,KAAK,CAAC,MAAM;KACpB,CAAC;AACH,CAAC;AAED;;;GAGG;AACH,MAAM,UAAU,kBAAkB,CAAC,UAAyB;IAC3D,IAAI,CAAC,UAAU;QAAE,OAAO,IAAI,CAAC;IAC7B,OAAO,UAAU,CAAC,OAAO,CAAC,aAAa,EAAE,EAAE,CAAC,CAAC,IAAI,EAAE,IAAI,IAAI,CAAC;AAC7D,CAAC;AAWD;;GAEG;AACH,MAAM,UAAU,mBAAmB,CAClC,KAAa,EACb,IAAa;IAEb,OAAO;QACN,KAAK;QACL,IAAI;QACJ,OAAO,EAAE,KAAK;KACd,CAAC;AACH,CAAC;AA0CD,mDAAmD;AACnD,OAAO,EAAE,eAAe,EAAE,cAAc,EAAkB,CAAC"}

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
 	"name": "@sigma-auth/better-auth-plugin",
-	"version": "0.0.46",
+	"version": "0.0.47",
 	"description": "Better Auth plugins for Sigma Identity - client, server, and provider integrations",
 	"type": "module",
 	"main": "./dist/types/index.js",
@@ -92,6 +92,7 @@
 		}
 	},
 	"dependencies": {
+		"@sigma-auth/better-auth-plugin": "^0.0.46",
 		"bitcoin-auth": "^0.0.5"
 	},
 	"devDependencies": {