@sudhi_s_developer_123/communicate-server 0.0.1

package/README.md

@@ -0,0 +1,102 @@
+# @sudhi_s_developer_123/communicate-server
+
+Official SDK for communicating with Our API. Modern, lightweight, and zero-dependency, featuring a **Secret Hashing** architecture for enhanced security.
+
+## Installation
+
+```bash
+npm install @sudhi_s_developer_123/communicate-server
+```
+
+## Key Management
+
+The SDK provides a utility to generate secure API credentials. In this model, the **Server** only needs to store a **hash** of the secret, while the **Client** uses the **raw** secret.
+
+```typescript
+import { generateKeyPair } from "@sudhi_s_developer_123/communicate-server";
+
+const { apiKey, apiSecret, secretHash } = generateKeyPair();
+
+console.log(`API Key (Public): ${apiKey}`); // e.g. sk_...
+console.log(`API Secret (Client-side usage): ${apiSecret}`); // e.g. ss_...
+console.log(`Secret Hash (Server-side storage): ${secretHash}`);
+```
+
+---
+
+## Client Usage
+
+The `ApiClient` is used to make secure, signed requests. It uses the raw `apiSecret` and automatically derives the HMAC key for signing.
+
+### Initializing the Client
+
+```typescript
+import { 
+  ApiClient, 
+  asApiKey, 
+  asApiSecret, 
+  asBaseURL 
+} from "@sudhi_s_developer_123/communicate-server";
+
+const client = new ApiClient({
+  apiKey: asApiKey("sk_your-api-key"),
+  apiSecret: asApiSecret("ss_your-raw-api-secret"),
+  baseURL: asBaseURL("https://api.yourcompany.com"),
+  serverSecret: asServerSecret("optional-server-side-secret"),
+  timeout: 5000,
+});
+```
+
+### Making Requests
+
+```typescript
+// GET Request
+const user = await client.get("/users/me");
+
+// POST Request
+const newItem = await client.post("/items", { name: "New Product" });
+```
+
+---
+
+## Server Usage
+
+The `ApiServer` is used to verify incoming requests. For maximum security, the server initialized with the **Secret Hash**, never needing to know the original raw secret.
+
+### Initializing the Server
+
+```typescript
+import { ApiServer, asSecretHash } from "@sudhi_s_developer_123/communicate-server";
+
+const server = new ApiServer({
+  serverSecret: asServerSecret("optional-server-side-secret"),
+  tolerance: 300000, // 5 minutes drift allowed (default)
+});
+```
+
+### Verifying a Request
+
+```typescript
+const verification = server.verifyRequest({
+  signature: req.headers["x-signature"],
+  timestamp: req.headers["x-timestamp"],
+  requestId: req.headers["x-request-id"],
+  body: JSON.stringify(req.body),
+  secretHash: asSecretHash("your-stored-secret-hash"),
+});
+
+if (verification.isValid) {
+  console.log("Request verified! Securely authenticated.");
+} else {
+  console.error(`Verification failed: ${verification.error}`);
+}
+```
+
+## Features
+
+- **🛡️ Secret Hashing**: Server-side storage of secrets is limited to SHA-256 hashes.
+- **🛡️ Type-Safe**: Branded types prevent mixing up sensitive strings like keys and secrets.
+- **🚀 Lightweight**: Zero runtime dependencies, utilizing native `fetch` and `crypto`.
+- **💻 Modern**: Built with TypeScript and supports ESM and CJS.
+
+

package/dist/client.d.ts

@@ -0,0 +1,22 @@
+import type { ApiClientOptions, ApiHeaders, ApiPath, RequestData } from "./types.js";
+export declare class ApiClient {
+    #private;
+    constructor(options: ApiClientOptions);
+    /**
+     * Send a GET request
+     */
+    get<T>(path: ApiPath, headers?: ApiHeaders): Promise<T>;
+    /**
+     * Send a POST request
+     */
+    post<T>(path: ApiPath, data?: RequestData, headers?: ApiHeaders): Promise<T>;
+    /**
+     * Send a PUT request
+     */
+    put<T>(path: ApiPath, data?: RequestData, headers?: ApiHeaders): Promise<T>;
+    /**
+     * Send a DELETE request
+     */
+    delete<T>(path: ApiPath, headers?: ApiHeaders): Promise<T>;
+}
+//# sourceMappingURL=client.d.ts.map

package/dist/client.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAGA,OAAO,KAAK,EACV,gBAAgB,EAMhB,UAAU,EACV,OAAO,EAMP,WAAW,EAIZ,MAAM,YAAY,CAAC;AAEpB,qBAAa,SAAS;;gBAQR,OAAO,EAAE,gBAAgB;IAWrC;;OAEG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC;IAIpE;;OAEG;IACU,IAAI,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC;IAIzF;;OAEG;IACU,GAAG,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,IAAI,CAAC,EAAE,WAAW,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC;IAIxF;;OAEG;IACU,MAAM,CAAC,CAAC,EAAE,IAAI,EAAE,OAAO,EAAE,OAAO,CAAC,EAAE,UAAU,GAAG,OAAO,CAAC,CAAC,CAAC;CAkExE"}

package/dist/index.cjs

@@ -0,0 +1,250 @@
+"use strict";
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+
+// src/index.ts
+var index_exports = {};
+__export(index_exports, {
+  ApiClient: () => ApiClient,
+  ApiServer: () => ApiServer,
+  asApiKey: () => asApiKey,
+  asApiPath: () => asApiPath,
+  asApiSecret: () => asApiSecret,
+  asBaseURL: () => asBaseURL,
+  asSecretHash: () => asSecretHash,
+  asServerSecret: () => asServerSecret,
+  asTimeout: () => asTimeout,
+  deriveSecretHash: () => deriveSecretHash,
+  generateKeyPair: () => generateKeyPair
+});
+module.exports = __toCommonJS(index_exports);
+
+// src/client.ts
+var import_node_crypto3 = require("crypto");
+
+// src/signer.ts
+var import_node_crypto = require("crypto");
+function generateSignature({
+  hashKey,
+  timestamp,
+  requestId,
+  body,
+  serverSecret
+}) {
+  const payload = serverSecret ? `${timestamp}.${requestId}.${body}.${serverSecret}` : `${timestamp}.${requestId}.${body}`;
+  return (0, import_node_crypto.createHmac)("sha256", hashKey).update(payload).digest("hex");
+}
+function verifySignature(received, options) {
+  const computed = generateSignature(options);
+  const receivedBuffer = Buffer.from(received, "hex");
+  const computedBuffer = Buffer.from(computed, "hex");
+  if (receivedBuffer.length !== computedBuffer.length) {
+    return false;
+  }
+  return (0, import_node_crypto.timingSafeEqual)(receivedBuffer, computedBuffer);
+}
+
+// src/utils.ts
+var import_node_crypto2 = require("crypto");
+
+// src/types.ts
+var asApiKey = (v) => v;
+var asApiSecret = (v) => v;
+var asBaseURL = (v) => v;
+var asTimeout = (v) => v;
+var asApiPath = (v) => v;
+var asSecretHash = (v) => v;
+var asServerSecret = (v) => v;
+
+// src/utils.ts
+function generateKeyPair() {
+  const apiKey = asApiKey(`sk_${(0, import_node_crypto2.randomUUID)().replace(/-/g, "")}`);
+  const apiSecret = asApiSecret(`ss_${(0, import_node_crypto2.randomBytes)(32).toString("hex")}`);
+  const secretHash = deriveSecretHash(apiSecret);
+  return { apiKey, apiSecret, secretHash };
+}
+function deriveSecretHash(apiSecret) {
+  return asSecretHash(
+    (0, import_node_crypto2.createHash)("sha256").update(apiSecret).digest("hex")
+  );
+}
+
+// src/client.ts
+var ApiClient = class {
+  #apiKey;
+  #apiSecret;
+  #baseURL;
+  #timeout;
+  #headers;
+  #serverSecret;
+  constructor(options) {
+    this.#apiKey = options.apiKey;
+    this.#apiSecret = options.apiSecret;
+    this.#baseURL = options.baseURL.endsWith("/") ? options.baseURL.slice(0, -1) : options.baseURL;
+    this.#timeout = options.timeout ?? 1e4;
+    this.#headers = options.headers ?? {};
+    this.#serverSecret = options.serverSecret;
+  }
+  /**
+   * Send a GET request
+   */
+  async get(path, headers) {
+    return this.#request("GET", path, void 0, headers);
+  }
+  /**
+   * Send a POST request
+   */
+  async post(path, data, headers) {
+    return this.#request("POST", path, data, headers);
+  }
+  /**
+   * Send a PUT request
+   */
+  async put(path, data, headers) {
+    return this.#request("PUT", path, data, headers);
+  }
+  /**
+   * Send a DELETE request
+   */
+  async delete(path, headers) {
+    return this.#request("DELETE", path, void 0, headers);
+  }
+  /**
+   * Internal request handler using native fetch
+   */
+  async #request(method, path, data, headers) {
+    const timestamp = Date.now().toString();
+    const requestId = (0, import_node_crypto3.randomUUID)();
+    const body = data ? JSON.stringify(data) : "";
+    const url = path.startsWith("/") ? `${this.#baseURL}${path}` : `${this.#baseURL}/${path}`;
+    const hashKey = deriveSecretHash(this.#apiSecret);
+    const signature = generateSignature({
+      hashKey,
+      timestamp,
+      requestId,
+      body,
+      serverSecret: this.#serverSecret
+    });
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.#timeout);
+    try {
+      const response = await fetch(url, {
+        method,
+        headers: {
+          ...this.#headers,
+          ...headers,
+          "Content-Type": "application/json",
+          "Accept": "application/json",
+          "x-api-key": this.#apiKey,
+          "x-signature": signature,
+          "x-timestamp": timestamp,
+          "x-request-id": requestId
+        },
+        body: method !== "GET" && method !== "HEAD" && body ? body : void 0,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        const status = response.status;
+        const message = errorData.message || response.statusText;
+        throw new Error(`API Request failed (${status}): ${message}`);
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof Error && error.name === "AbortError") {
+        const timeoutMsg = `API Request timed out after ${this.#timeout}ms`;
+        throw new Error(timeoutMsg);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/server.ts
+var ApiServer = class {
+  #serverSecret;
+  #tolerance;
+  constructor(options) {
+    this.#serverSecret = options.serverSecret;
+    this.#tolerance = options.tolerance ?? 3e5;
+  }
+  /**
+   * Verify an incoming request's signature and timestamp.
+   * 
+   * @param options - The extracted headers and body from the request
+   * @returns VerificationResult - object containing isValid and details
+   */
+  verifyRequest(options) {
+    const { signature, timestamp, requestId, body, secretHash } = options;
+    if (!signature || !timestamp || !requestId) {
+      return {
+        isValid: false,
+        error: "MISSING_HEADERS",
+        message: "Missing one or more required auth headers (x-signature, x-timestamp, x-request-id)"
+      };
+    }
+    const now = Date.now();
+    const requestTime = parseInt(timestamp, 10);
+    if (isNaN(requestTime)) {
+      return {
+        isValid: false,
+        error: "TIMESTAMP_OUT_OF_RANGE",
+        message: "Invalid timestamp format"
+      };
+    }
+    const diff = Math.abs(now - requestTime);
+    if (diff > this.#tolerance) {
+      return {
+        isValid: false,
+        error: "TIMESTAMP_OUT_OF_RANGE",
+        message: `Request timestamp is outside the allowed drift window (drift: ${diff}ms, tolerance: ${this.#tolerance}ms)`
+      };
+    }
+    const isSignatureValid = verifySignature(signature, {
+      hashKey: secretHash,
+      timestamp,
+      requestId,
+      body,
+      serverSecret: this.#serverSecret
+    });
+    if (!isSignatureValid) {
+      return {
+        isValid: false,
+        error: "SIGNATURE_MISMATCH",
+        message: "The provided signature does not match the computed one"
+      };
+    }
+    return { isValid: true };
+  }
+};
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  ApiClient,
+  ApiServer,
+  asApiKey,
+  asApiPath,
+  asApiSecret,
+  asBaseURL,
+  asSecretHash,
+  asServerSecret,
+  asTimeout,
+  deriveSecretHash,
+  generateKeyPair
+});

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+export * from "./client.js";
+export * from "./server.js";
+export * from "./types.js";
+export * from "./utils.js";
+//# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,cAAc,aAAa,CAAA;AAC3B,cAAc,aAAa,CAAA;AAC3B,cAAc,YAAY,CAAA;AAC1B,cAAc,YAAY,CAAA"}

package/dist/index.js

@@ -0,0 +1,213 @@
+// src/client.ts
+import { randomUUID as randomUUID2 } from "crypto";
+
+// src/signer.ts
+import { createHmac, timingSafeEqual } from "crypto";
+function generateSignature({
+  hashKey,
+  timestamp,
+  requestId,
+  body,
+  serverSecret
+}) {
+  const payload = serverSecret ? `${timestamp}.${requestId}.${body}.${serverSecret}` : `${timestamp}.${requestId}.${body}`;
+  return createHmac("sha256", hashKey).update(payload).digest("hex");
+}
+function verifySignature(received, options) {
+  const computed = generateSignature(options);
+  const receivedBuffer = Buffer.from(received, "hex");
+  const computedBuffer = Buffer.from(computed, "hex");
+  if (receivedBuffer.length !== computedBuffer.length) {
+    return false;
+  }
+  return timingSafeEqual(receivedBuffer, computedBuffer);
+}
+
+// src/utils.ts
+import { randomUUID, randomBytes, createHash } from "crypto";
+
+// src/types.ts
+var asApiKey = (v) => v;
+var asApiSecret = (v) => v;
+var asBaseURL = (v) => v;
+var asTimeout = (v) => v;
+var asApiPath = (v) => v;
+var asSecretHash = (v) => v;
+var asServerSecret = (v) => v;
+
+// src/utils.ts
+function generateKeyPair() {
+  const apiKey = asApiKey(`sk_${randomUUID().replace(/-/g, "")}`);
+  const apiSecret = asApiSecret(`ss_${randomBytes(32).toString("hex")}`);
+  const secretHash = deriveSecretHash(apiSecret);
+  return { apiKey, apiSecret, secretHash };
+}
+function deriveSecretHash(apiSecret) {
+  return asSecretHash(
+    createHash("sha256").update(apiSecret).digest("hex")
+  );
+}
+
+// src/client.ts
+var ApiClient = class {
+  #apiKey;
+  #apiSecret;
+  #baseURL;
+  #timeout;
+  #headers;
+  #serverSecret;
+  constructor(options) {
+    this.#apiKey = options.apiKey;
+    this.#apiSecret = options.apiSecret;
+    this.#baseURL = options.baseURL.endsWith("/") ? options.baseURL.slice(0, -1) : options.baseURL;
+    this.#timeout = options.timeout ?? 1e4;
+    this.#headers = options.headers ?? {};
+    this.#serverSecret = options.serverSecret;
+  }
+  /**
+   * Send a GET request
+   */
+  async get(path, headers) {
+    return this.#request("GET", path, void 0, headers);
+  }
+  /**
+   * Send a POST request
+   */
+  async post(path, data, headers) {
+    return this.#request("POST", path, data, headers);
+  }
+  /**
+   * Send a PUT request
+   */
+  async put(path, data, headers) {
+    return this.#request("PUT", path, data, headers);
+  }
+  /**
+   * Send a DELETE request
+   */
+  async delete(path, headers) {
+    return this.#request("DELETE", path, void 0, headers);
+  }
+  /**
+   * Internal request handler using native fetch
+   */
+  async #request(method, path, data, headers) {
+    const timestamp = Date.now().toString();
+    const requestId = randomUUID2();
+    const body = data ? JSON.stringify(data) : "";
+    const url = path.startsWith("/") ? `${this.#baseURL}${path}` : `${this.#baseURL}/${path}`;
+    const hashKey = deriveSecretHash(this.#apiSecret);
+    const signature = generateSignature({
+      hashKey,
+      timestamp,
+      requestId,
+      body,
+      serverSecret: this.#serverSecret
+    });
+    const controller = new AbortController();
+    const timeoutId = setTimeout(() => controller.abort(), this.#timeout);
+    try {
+      const response = await fetch(url, {
+        method,
+        headers: {
+          ...this.#headers,
+          ...headers,
+          "Content-Type": "application/json",
+          "Accept": "application/json",
+          "x-api-key": this.#apiKey,
+          "x-signature": signature,
+          "x-timestamp": timestamp,
+          "x-request-id": requestId
+        },
+        body: method !== "GET" && method !== "HEAD" && body ? body : void 0,
+        signal: controller.signal
+      });
+      clearTimeout(timeoutId);
+      if (!response.ok) {
+        const errorData = await response.json().catch(() => ({}));
+        const status = response.status;
+        const message = errorData.message || response.statusText;
+        throw new Error(`API Request failed (${status}): ${message}`);
+      }
+      return await response.json();
+    } catch (error) {
+      clearTimeout(timeoutId);
+      if (error instanceof Error && error.name === "AbortError") {
+        const timeoutMsg = `API Request timed out after ${this.#timeout}ms`;
+        throw new Error(timeoutMsg);
+      }
+      throw error;
+    }
+  }
+};
+
+// src/server.ts
+var ApiServer = class {
+  #serverSecret;
+  #tolerance;
+  constructor(options) {
+    this.#serverSecret = options.serverSecret;
+    this.#tolerance = options.tolerance ?? 3e5;
+  }
+  /**
+   * Verify an incoming request's signature and timestamp.
+   * 
+   * @param options - The extracted headers and body from the request
+   * @returns VerificationResult - object containing isValid and details
+   */
+  verifyRequest(options) {
+    const { signature, timestamp, requestId, body, secretHash } = options;
+    if (!signature || !timestamp || !requestId) {
+      return {
+        isValid: false,
+        error: "MISSING_HEADERS",
+        message: "Missing one or more required auth headers (x-signature, x-timestamp, x-request-id)"
+      };
+    }
+    const now = Date.now();
+    const requestTime = parseInt(timestamp, 10);
+    if (isNaN(requestTime)) {
+      return {
+        isValid: false,
+        error: "TIMESTAMP_OUT_OF_RANGE",
+        message: "Invalid timestamp format"
+      };
+    }
+    const diff = Math.abs(now - requestTime);
+    if (diff > this.#tolerance) {
+      return {
+        isValid: false,
+        error: "TIMESTAMP_OUT_OF_RANGE",
+        message: `Request timestamp is outside the allowed drift window (drift: ${diff}ms, tolerance: ${this.#tolerance}ms)`
+      };
+    }
+    const isSignatureValid = verifySignature(signature, {
+      hashKey: secretHash,
+      timestamp,
+      requestId,
+      body,
+      serverSecret: this.#serverSecret
+    });
+    if (!isSignatureValid) {
+      return {
+        isValid: false,
+        error: "SIGNATURE_MISMATCH",
+        message: "The provided signature does not match the computed one"
+      };
+    }
+    return { isValid: true };
+  }
+};
+export {
+  ApiClient,
+  ApiServer,
+  asApiKey,
+  asApiPath,
+  asApiSecret,
+  asBaseURL,
+  asSecretHash,
+  asServerSecret,
+  asTimeout,
+  deriveSecretHash,
+  generateKeyPair
+};

package/dist/server.d.ts

@@ -0,0 +1,13 @@
+import type { ApiServerOptions, VerificationResult, VerifyRequestOptions } from "./types.js";
+export declare class ApiServer {
+    #private;
+    constructor(options: ApiServerOptions);
+    /**
+     * Verify an incoming request's signature and timestamp.
+     *
+     * @param options - The extracted headers and body from the request
+     * @returns VerificationResult - object containing isValid and details
+     */
+    verifyRequest(options: VerifyRequestOptions): VerificationResult;
+}
+//# sourceMappingURL=server.d.ts.map

package/dist/server.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"server.d.ts","sourceRoot":"","sources":["../src/server.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EACV,gBAAgB,EAChB,kBAAkB,EAClB,oBAAoB,EAIrB,MAAM,YAAY,CAAC;AAEpB,qBAAa,SAAS;;gBAIR,OAAO,EAAE,gBAAgB;IAKrC;;;;;OAKG;IACI,aAAa,CAAC,OAAO,EAAE,oBAAoB,GAAG,kBAAkB;CAoDxE"}

package/dist/signer.d.ts

@@ -0,0 +1,10 @@
+import type { SignerOptions, Signature } from "./types.js";
+/**
+ * Generate a signature using the derived HMAC key (the secret hash).
+ */
+export declare function generateSignature({ hashKey, timestamp, requestId, body, serverSecret, }: SignerOptions): Signature;
+/**
+ * Verify a received signature matches the computed one
+ */
+export declare function verifySignature(received: Signature, options: SignerOptions): boolean;
+//# sourceMappingURL=signer.d.ts.map

package/dist/signer.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"signer.d.ts","sourceRoot":"","sources":["../src/signer.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,aAAa,EAAE,SAAS,EAAiB,MAAM,YAAY,CAAC;AAE1E;;GAEG;AACH,wBAAgB,iBAAiB,CAAC,EAChC,OAAO,EACP,SAAS,EACT,SAAS,EACT,IAAI,EACJ,YAAY,GACb,EAAE,aAAa,GAAG,SAAS,CAQ3B;AAED;;GAEG;AACH,wBAAgB,eAAe,CAAC,QAAQ,EAAE,SAAS,EAAE,OAAO,EAAE,aAAa,GAAG,OAAO,CAWpF"}

package/dist/types.d.ts

@@ -0,0 +1,89 @@
+declare const brand: unique symbol;
+/**
+ * Utility for creating branded types.
+ * Makes it impossible to use one string in place of another (nominal typing).
+ */
+export type Brand<T, TBrand extends string> = T & {
+    [brand]: TBrand;
+};
+/** HTTP configuration */
+export type HttpMethod = "GET" | "POST" | "PUT" | "PATCH" | "DELETE" | "HEAD";
+/** Identity and Secret types (Branded) */
+export type ApiKey = Brand<string, "ApiKey">;
+export type ApiSecret = Brand<string, "ApiSecret">;
+/** Network and Timing types (Branded) */
+export type BaseURL = Brand<string, "BaseURL">;
+export type Timeout = Brand<number, "Timeout">;
+export type ApiHeaders = Record<string, string>;
+export type ApiPath = Brand<string, "ApiPath">;
+export type RequestURL = Brand<string, "RequestURL">;
+/** Signature and Auth types (Branded) */
+export type Timestamp = Brand<string, "Timestamp">;
+export type RequestId = Brand<string, "RequestId">;
+export type RequestBody = Brand<string, "RequestBody">;
+export type Signature = Brand<string, "Signature">;
+export type SecretHash = Brand<string, "SecretHash">;
+export type ServerSecret = Brand<string, "ServerSecret">;
+export type SignerPayload = Brand<string, "SignerPayload">;
+/** Data and Error types (Branded) */
+export type RequestData = unknown;
+export type StatusCode = Brand<number, "StatusCode">;
+export type ErrorMessage = Brand<string, "ErrorMessage">;
+export type StatusText = Brand<string, "StatusText">;
+/** Casting helpers for creating branded types safely */
+export declare const asApiKey: (v: string) => ApiKey;
+export declare const asApiSecret: (v: string) => ApiSecret;
+export declare const asBaseURL: (v: string) => BaseURL;
+export declare const asTimeout: (v: number) => Timeout;
+export declare const asApiPath: (v: string) => ApiPath;
+export declare const asSecretHash: (v: string) => SecretHash;
+export declare const asServerSecret: (v: string) => ServerSecret;
+/** Client Configuration */
+export interface ApiClientOptions {
+    apiKey: ApiKey;
+    apiSecret: ApiSecret;
+    baseURL: BaseURL;
+    /** Optional server-side secret for extra security layer */
+    serverSecret?: ServerSecret;
+    timeout?: Timeout;
+    headers?: ApiHeaders;
+}
+/** Server Configuration */
+export interface ApiServerOptions {
+    /** Optional server-side secret for extra security layer */
+    serverSecret?: ServerSecret;
+    /** Max allowed clock drift in milliseconds. Defaults to 300,000 (5 mins). */
+    tolerance?: number;
+}
+/** Request Verification inputs */
+export interface VerifyRequestOptions {
+    signature: Signature;
+    timestamp: Timestamp;
+    requestId: RequestId;
+    body: RequestBody;
+    /** The SHA-256 hash of the API secret for the user/client making the request */
+    secretHash: SecretHash;
+}
+/** Verification Success Result */
+export interface VerificationSuccess {
+    isValid: true;
+}
+/** Verification Error Result */
+export interface VerificationFailure {
+    isValid: false;
+    error: "SIGNATURE_MISMATCH" | "TIMESTAMP_OUT_OF_RANGE" | "MISSING_HEADERS";
+    message: ErrorMessage;
+}
+export type VerificationResult = VerificationSuccess | VerificationFailure;
+/** Signature Engine inputs */
+export interface SignerOptions {
+    /** The derived key for HMAC (the secret hash) */
+    hashKey: SecretHash;
+    timestamp: Timestamp;
+    requestId: RequestId;
+    body: RequestBody;
+    /** Optional server-side secret for extra security layer */
+    serverSecret?: ServerSecret;
+}
+export {};
+//# sourceMappingURL=types.d.ts.map

package/dist/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../src/types.ts"],"names":[],"mappings":"AAAA,OAAO,CAAC,MAAM,KAAK,EAAE,OAAO,MAAM,CAAC;AAEnC;;;GAGG;AACH,MAAM,MAAM,KAAK,CAAC,CAAC,EAAE,MAAM,SAAS,MAAM,IAAI,CAAC,GAAG;IAAE,CAAC,KAAK,CAAC,EAAE,MAAM,CAAA;CAAE,CAAC;AAEtE,yBAAyB;AACzB,MAAM,MAAM,UAAU,GAAG,KAAK,GAAG,MAAM,GAAG,KAAK,GAAG,OAAO,GAAG,QAAQ,GAAG,MAAM,CAAC;AAE9E,0CAA0C;AAC1C,MAAM,MAAM,MAAM,GAAG,KAAK,CAAC,MAAM,EAAE,QAAQ,CAAC,CAAC;AAC7C,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AAEnD,yCAAyC;AACzC,MAAM,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAC/C,MAAM,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAC/C,MAAM,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAChD,MAAM,MAAM,OAAO,GAAG,KAAK,CAAC,MAAM,EAAE,SAAS,CAAC,CAAC;AAC/C,MAAM,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AAErD,yCAAyC;AACzC,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,WAAW,GAAG,KAAK,CAAC,MAAM,EAAE,aAAa,CAAC,CAAC;AACvD,MAAM,MAAM,SAAS,GAAG,KAAK,CAAC,MAAM,EAAE,WAAW,CAAC,CAAC;AACnD,MAAM,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AACrD,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACzD,MAAM,MAAM,aAAa,GAAG,KAAK,CAAC,MAAM,EAAE,eAAe,CAAC,CAAC;AAE3D,qCAAqC;AACrC,MAAM,MAAM,WAAW,GAAG,OAAO,CAAC;AAClC,MAAM,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AACrD,MAAM,MAAM,YAAY,GAAG,KAAK,CAAC,MAAM,EAAE,cAAc,CAAC,CAAC;AACzD,MAAM,MAAM,UAAU,GAAG,KAAK,CAAC,MAAM,EAAE,YAAY,CAAC,CAAC;AAErD,wDAAwD;AACxD,eAAO,MAAM,QAAQ,GAAI,GAAG,MAAM,KAAU,MAAM,CAAC;AACnD,eAAO,MAAM,WAAW,GAAI,GAAG,MAAM,KAAU,SAAS,CAAC;AACzD,eAAO,MAAM,SAAS,GAAI,GAAG,MAAM,KAAU,OAAO,CAAC;AACrD,eAAO,MAAM,SAAS,GAAI,GAAG,MAAM,KAAU,OAAO,CAAC;AACrD,eAAO,MAAM,SAAS,GAAI,GAAG,MAAM,KAAU,OAAO,CAAC;AACrD,eAAO,MAAM,YAAY,GAAI,GAAG,MAAM,KAAU,UAAU,CAAC;AAC3D,eAAO,MAAM,cAAc,GAAI,GAAG,MAAM,KAAU,YAAY,CAAC;AAE/D,2BAA2B;AAC3B,MAAM,WAAW,gBAAgB;IAC/B,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,SAAS,CAAC;IACrB,OAAO,EAAE,OAAO,CAAC;IACjB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,OAAO,CAAC,EAAE,OAAO,CAAC;IAClB,OAAO,CAAC,EAAE,UAAU,CAAC;CACtB;AAED,2BAA2B;AAC3B,MAAM,WAAW,gBAAgB;IAC/B,2DAA2D;IAC3D,YAAY,CAAC,EAAE,YAAY,CAAC;IAC5B,6EAA6E;IAC7E,SAAS,CAAC,EAAE,MAAM,CAAC;CACpB;AAED,kCAAkC;AAClC,MAAM,WAAW,oBAAoB;IACnC,SAAS,EAAE,SAAS,CAAC;IACrB,SAAS,EAAE,SAAS,CAAC;IACrB,SAAS,EAAE,SAAS,CAAC;IACrB,IAAI,EAAE,WAAW,CAAC;IAClB,gFAAgF;IAChF,UAAU,EAAE,UAAU,CAAC;CACxB;AAED,kCAAkC;AAClC,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,IAAI,CAAC;CACf;AAED,gCAAgC;AAChC,MAAM,WAAW,mBAAmB;IAClC,OAAO,EAAE,KAAK,CAAC;IACf,KAAK,EAAE,oBAAoB,GAAG,wBAAwB,GAAG,iBAAiB,CAAC;IAC3E,OAAO,EAAE,YAAY,CAAC;CACvB;AAED,MAAM,MAAM,kBAAkB,GAAG,mBAAmB,GAAG,mBAAmB,CAAC;AAE3E,8BAA8B;AAC9B,MAAM,WAAW,aAAa;IAC5B,iDAAiD;IACjD,OAAO,EAAE,UAAU,CAAC;IACpB,SAAS,EAAE,SAAS,CAAC;IACrB,SAAS,EAAE,SAAS,CAAC;IACrB,IAAI,EAAE,WAAW,CAAC;IAClB,2DAA2D;IAC3D,YAAY,CAAC,EAAE,YAAY,CAAC;CAC7B"}

package/dist/utils.d.ts

@@ -0,0 +1,19 @@
+import { type ApiKey, type ApiSecret, type SecretHash } from "./types.js";
+/**
+ * Generate a new API Key Pair.
+ *
+ * Returns:
+ * - apiKey: Public identifier
+ * - apiSecret: Private secret (should only be shown once)
+ * - secretHash: SHA-256 hash of the secret (stored on the server)
+ */
+export declare function generateKeyPair(): {
+    apiKey: ApiKey;
+    apiSecret: ApiSecret;
+    secretHash: SecretHash;
+};
+/**
+ * Derives a SecretHash from an ApiSecret using SHA-256
+ */
+export declare function deriveSecretHash(apiSecret: ApiSecret): SecretHash;
+//# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AACA,OAAO,EAKL,KAAK,MAAM,EACX,KAAK,SAAS,EACd,KAAK,UAAU,EAEhB,MAAM,YAAY,CAAC;AAEpB;;;;;;;GAOG;AACH,wBAAgB,eAAe,IAAI;IACjC,MAAM,EAAE,MAAM,CAAC;IACf,SAAS,EAAE,SAAS,CAAC;IACrB,UAAU,EAAE,UAAU,CAAC;CACxB,CAMA;AAED;;GAEG;AACH,wBAAgB,gBAAgB,CAAC,SAAS,EAAE,SAAS,GAAG,UAAU,CAMjE"}

package/package.json

@@ -0,0 +1,27 @@
+{
+  "name": "@sudhi_s_developer_123/communicate-server",
+  "version": "0.0.1",
+  "description": "Official SDK for communicating with Our API",
+  "type": "module",
+  "main": "./dist/index.cjs",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist/index.cjs"
+    }
+  },
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "build": "tsup src/index.ts --format esm,cjs --clean && tsc --emitDeclarationOnly"
+  },
+  "devDependencies": {
+    "@types/node": "^25.5.2",
+    "tsup": "^8.5.1",
+    "typescript": "^6.0.2"
+  }
+}