@tegis/server 0.1.0 → 0.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +10 -1
- package/dist/index.js +39 -0
- package/package.json +3 -3
package/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,16 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to `@tegis/server` are documented here. This project follows [semver](https://semver.org).
|
|
4
4
|
|
|
5
|
-
## [0.1.
|
|
5
|
+
## [0.1.2]
|
|
6
|
+
|
|
7
|
+
- First release from the public `tegisio/tegis-js` repo, published with GitHub build provenance. No API changes.
|
|
8
|
+
|
|
9
|
+
## [0.1.1]
|
|
10
|
+
|
|
11
|
+
- First working publish. (`0.1.0` did not persist to the registry — a concurrent first-publish race on the
|
|
12
|
+
brand-new `@tegis` scope.) CI now serializes publishes and verifies the bundle is self-contained first.
|
|
13
|
+
|
|
14
|
+
## [0.1.0]
|
|
6
15
|
|
|
7
16
|
Initial extraction from the Tegis reference SDK (formerly the private `@aegis/sdk`).
|
|
8
17
|
|
package/dist/index.js
CHANGED
|
@@ -1,3 +1,42 @@
|
|
|
1
|
+
// src/crypto/ed25519.ts
|
|
2
|
+
import { createPrivateKey, createPublicKey, sign as nodeSign, verify as nodeVerify } from "node:crypto";
|
|
3
|
+
var PKCS8_ED25519_PREFIX = Buffer.from("302e020100300506032b657004220420", "hex");
|
|
4
|
+
function privateKeyFromSeed(seed) {
|
|
5
|
+
if (seed.length !== 32)
|
|
6
|
+
throw new Error(`seed must be 32 bytes, got ${seed.length}`);
|
|
7
|
+
return createPrivateKey({ key: Buffer.concat([PKCS8_ED25519_PREFIX, seed]), format: "der", type: "pkcs8" });
|
|
8
|
+
}
|
|
9
|
+
function signEd25519(seed, msg) {
|
|
10
|
+
return nodeSign(null, msg, privateKeyFromSeed(seed));
|
|
11
|
+
}
|
|
12
|
+
var b64u = (b) => Buffer.from(b).toString("base64url");
|
|
13
|
+
var utf8 = (s) => Buffer.from(s, "utf8");
|
|
14
|
+
|
|
15
|
+
// src/crypto/jose.ts
|
|
16
|
+
function jwsSign(header, payload, seed) {
|
|
17
|
+
const signingInput = `${b64u(utf8(JSON.stringify({ alg: "EdDSA", ...header })))}.${b64u(utf8(JSON.stringify(payload)))}`;
|
|
18
|
+
return `${signingInput}.${b64u(signEd25519(seed, utf8(signingInput)))}`;
|
|
19
|
+
}
|
|
20
|
+
|
|
21
|
+
// src/server.ts
|
|
22
|
+
class TegisServer {
|
|
23
|
+
cfg;
|
|
24
|
+
constructor(cfg) {
|
|
25
|
+
this.cfg = cfg;
|
|
26
|
+
}
|
|
27
|
+
mintEntitlement(sub, assetId, opts) {
|
|
28
|
+
const now = Math.floor(Date.now() / 1000);
|
|
29
|
+
return jwsSign({ typ: "JWT", kid: this.cfg.jwksKid }, {
|
|
30
|
+
iss: this.cfg.issuer,
|
|
31
|
+
tid: this.cfg.tid,
|
|
32
|
+
sub,
|
|
33
|
+
aud: assetId,
|
|
34
|
+
ent: { maxRes: opts?.maxRes ?? "1080p", drm: opts?.drm ?? "none" },
|
|
35
|
+
iat: now,
|
|
36
|
+
exp: now + (this.cfg.ttlSeconds ?? 300)
|
|
37
|
+
}, this.cfg.signSeed);
|
|
38
|
+
}
|
|
39
|
+
}
|
|
1
40
|
export {
|
|
2
41
|
TegisServer
|
|
3
42
|
};
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tegis/server",
|
|
3
|
-
"version": "0.1.
|
|
3
|
+
"version": "0.1.2",
|
|
4
4
|
"description": "Tegis backend SDK — mint short-lived, EdDSA-signed entitlement grants. The tenant signing key never leaves your server.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"license": "MIT",
|
|
@@ -8,8 +8,8 @@
|
|
|
8
8
|
"homepage": "https://tegis.io",
|
|
9
9
|
"repository": {
|
|
10
10
|
"type": "git",
|
|
11
|
-
"url": "git+https://github.com/
|
|
12
|
-
"directory": "
|
|
11
|
+
"url": "git+https://github.com/tegisio/tegis-js.git",
|
|
12
|
+
"directory": "packages/server"
|
|
13
13
|
},
|
|
14
14
|
"keywords": [
|
|
15
15
|
"tegis",
|