@tanakayuto/intmax402-core 0.2.2 → 0.2.4

package/dist/index.d.ts

@@ -2,3 +2,4 @@ export * from "./types";
 export { generateNonce } from "./nonce";
 export { verifyNonce } from "./verify";
 export { parseWWWAuthenticate, parseAuthorization } from "./parse";
+export { buildWWWAuthenticate } from "./www-authenticate";

package/dist/index.js

@@ -14,7 +14,7 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.parseAuthorization = exports.parseWWWAuthenticate = exports.verifyNonce = exports.generateNonce = void 0;
+exports.buildWWWAuthenticate = exports.parseAuthorization = exports.parseWWWAuthenticate = exports.verifyNonce = exports.generateNonce = void 0;
 __exportStar(require("./types"), exports);
 var nonce_1 = require("./nonce");
 Object.defineProperty(exports, "generateNonce", { enumerable: true, get: function () { return nonce_1.generateNonce; } });
@@ -23,3 +23,5 @@ Object.defineProperty(exports, "verifyNonce", { enumerable: true, get: function
 var parse_1 = require("./parse");
 Object.defineProperty(exports, "parseWWWAuthenticate", { enumerable: true, get: function () { return parse_1.parseWWWAuthenticate; } });
 Object.defineProperty(exports, "parseAuthorization", { enumerable: true, get: function () { return parse_1.parseAuthorization; } });
+var www_authenticate_1 = require("./www-authenticate");
+Object.defineProperty(exports, "buildWWWAuthenticate", { enumerable: true, get: function () { return www_authenticate_1.buildWWWAuthenticate; } });

package/dist/parse.js

@@ -42,10 +42,16 @@ function parseAuthorization(header) {
     // address: 42 chars (0x + 40 hex), nonce: 64 chars (sha256 hex), signature: 132 chars (0x + 130 hex)
     if (result.address.length !== 42)
         return null;
+    if (!/^0[xX][0-9a-fA-F]{40}$/.test(result.address))
+        return null;
     if (result.nonce.length !== 64)
         return null;
+    if (!/^[0-9a-f]{64}$/.test(result.nonce))
+        return null;
     if (result.signature.length !== 132)
         return null;
+    if (!/^0x[0-9a-fA-F]{130}$/.test(result.signature))
+        return null;
     if (result.txHash && result.txHash.length > 128)
         return null;
     return {

package/dist/www-authenticate.d.ts

@@ -0,0 +1,2 @@
+import { INTMAX402Config } from "./types";
+export declare function buildWWWAuthenticate(nonce: string, config: INTMAX402Config): string;

package/dist/www-authenticate.js

@@ -0,0 +1,19 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.buildWWWAuthenticate = buildWWWAuthenticate;
+// Remove characters that could break the WWW-Authenticate header format
+function sanitize(value) {
+    return value.replace(/["\\r\n]/g, "");
+}
+function buildWWWAuthenticate(nonce, config) {
+    let header = `INTMAX402 realm="intmax402", nonce="${nonce}", mode="${config.mode}"`;
+    if (config.serverAddress)
+        header += `, serverAddress="${sanitize(config.serverAddress)}"`;
+    if (config.amount)
+        header += `, amount="${sanitize(config.amount)}"`;
+    if (config.tokenAddress)
+        header += `, tokenAddress="${sanitize(config.tokenAddress)}"`;
+    if (config.chainId)
+        header += `, chainId="${sanitize(config.chainId)}"`;
+    return header;
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@tanakayuto/intmax402-core",
-  "version": "0.2.2",
+  "version": "0.2.4",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "dependencies": {},