@tozielinski/next-upstash-nonce 1.2.3 → 1.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +7 -0
- package/dist/index.js +72 -14
- package/package.json +1 -2
package/CHANGELOG.md
CHANGED
|
@@ -1,5 +1,12 @@
|
|
|
1
1
|
# Changelog
|
|
2
2
|
|
|
3
|
+
## [1.3.0](https://github.com/tozielinski/next-upstash-nonce/compare/v1.2.3...v1.3.0) (2025-11-22)
|
|
4
|
+
|
|
5
|
+
|
|
6
|
+
### Features
|
|
7
|
+
|
|
8
|
+
* create two new methods, to check nonces in the header of a request [verifyNonceFromRequest(), verifyAndDeleteNonceFromRequest()] ([a768479](https://github.com/tozielinski/next-upstash-nonce/commit/a76847993bb7fe66bf21900d83eb1ca5760d8afa))
|
|
9
|
+
|
|
3
10
|
## [1.2.3](https://github.com/tozielinski/next-upstash-nonce/compare/v1.2.2...v1.2.3) (2025-11-21)
|
|
4
11
|
|
|
5
12
|
|
package/dist/index.js
CHANGED
|
@@ -20,15 +20,27 @@ class NonceManager {
|
|
|
20
20
|
* and returns the nonce string.
|
|
21
21
|
*/
|
|
22
22
|
async create() {
|
|
23
|
-
// const buffer = crypto.randomBytes(this.length);
|
|
24
|
-
// const nonce = buffer.toString("hex");
|
|
25
23
|
const nonce = (0, uuid_1.v4)();
|
|
26
24
|
const key = this.prefix + nonce;
|
|
27
|
-
// console.log("creating nonce:", nonce);
|
|
28
|
-
// set with ttl (nx not required — collisions extremely unlikely)
|
|
29
25
|
await this.redis.set(key, "1", { ex: this.ttlSeconds });
|
|
30
26
|
return nonce;
|
|
31
27
|
}
|
|
28
|
+
/**
|
|
29
|
+
* verifies a nonce and deletes it from Redis,
|
|
30
|
+
* returning true if the nonce exists and has not expired.
|
|
31
|
+
*/
|
|
32
|
+
async verify(nonce) {
|
|
33
|
+
if (!nonce)
|
|
34
|
+
return false;
|
|
35
|
+
try {
|
|
36
|
+
const res = await this.redis.get(`nonce:${nonce}`);
|
|
37
|
+
return res !== null;
|
|
38
|
+
}
|
|
39
|
+
catch (err) {
|
|
40
|
+
console.error("verify error:", err);
|
|
41
|
+
return false;
|
|
42
|
+
}
|
|
43
|
+
}
|
|
32
44
|
/**
|
|
33
45
|
* verifies a nonce and deletes it from Redis,
|
|
34
46
|
* returning true if the nonce exists and has not expired.
|
|
@@ -36,16 +48,6 @@ class NonceManager {
|
|
|
36
48
|
async verifyAndDelete(nonce) {
|
|
37
49
|
if (!nonce)
|
|
38
50
|
return false;
|
|
39
|
-
// const key = this.prefix + nonce;
|
|
40
|
-
//
|
|
41
|
-
// const script = `
|
|
42
|
-
// local v = redis.call('GET', KEYS[1])
|
|
43
|
-
// if v then
|
|
44
|
-
// redis.call('DEL', KEYS[1])
|
|
45
|
-
// return v
|
|
46
|
-
// end
|
|
47
|
-
// return nil
|
|
48
|
-
// `;
|
|
49
51
|
try {
|
|
50
52
|
const res = await this.redis.get(`nonce:${nonce}`);
|
|
51
53
|
// const res = await (this.redis as any).eval(script, { keys: [key] });
|
|
@@ -58,6 +60,62 @@ class NonceManager {
|
|
|
58
60
|
return false;
|
|
59
61
|
}
|
|
60
62
|
}
|
|
63
|
+
/**
|
|
64
|
+
* verifies a nonce from the Header of a request
|
|
65
|
+
* returns a NonceCheckResult if the nonce exists and has not expired.
|
|
66
|
+
*/
|
|
67
|
+
async verifyNonceFromRequest(req) {
|
|
68
|
+
const nonce = req.headers.get("x-api-nonce");
|
|
69
|
+
if (!nonce) {
|
|
70
|
+
const response = Response.json({ error: "Missing x-api-nonce header" }, { status: 403 });
|
|
71
|
+
return {
|
|
72
|
+
valid: false,
|
|
73
|
+
reason: "missing-header",
|
|
74
|
+
response,
|
|
75
|
+
};
|
|
76
|
+
}
|
|
77
|
+
const valid = await this.verify(nonce);
|
|
78
|
+
if (!valid) {
|
|
79
|
+
const response = Response.json({ error: "Invalid or expired nonce" }, { status: 403 });
|
|
80
|
+
return {
|
|
81
|
+
valid: false,
|
|
82
|
+
reason: "invalid-or-expired",
|
|
83
|
+
response,
|
|
84
|
+
};
|
|
85
|
+
}
|
|
86
|
+
return {
|
|
87
|
+
valid: true,
|
|
88
|
+
nonce,
|
|
89
|
+
};
|
|
90
|
+
}
|
|
91
|
+
/**
|
|
92
|
+
* verifies a nonce from the Header of a request and deletes it from Redis
|
|
93
|
+
* returns a NonceCheckResult if the nonce exists and has not expired.
|
|
94
|
+
*/
|
|
95
|
+
async verifyAndDeleteNonceFromRequest(req) {
|
|
96
|
+
const nonce = req.headers.get("x-api-nonce");
|
|
97
|
+
if (!nonce) {
|
|
98
|
+
const response = Response.json({ error: "Missing x-api-nonce header" }, { status: 403 });
|
|
99
|
+
return {
|
|
100
|
+
valid: false,
|
|
101
|
+
reason: "missing-header",
|
|
102
|
+
response,
|
|
103
|
+
};
|
|
104
|
+
}
|
|
105
|
+
const valid = await this.verifyAndDelete(nonce);
|
|
106
|
+
if (!valid) {
|
|
107
|
+
const response = Response.json({ error: "Invalid or expired nonce" }, { status: 403 });
|
|
108
|
+
return {
|
|
109
|
+
valid: false,
|
|
110
|
+
reason: "invalid-or-expired",
|
|
111
|
+
response,
|
|
112
|
+
};
|
|
113
|
+
}
|
|
114
|
+
return {
|
|
115
|
+
valid: true,
|
|
116
|
+
nonce,
|
|
117
|
+
};
|
|
118
|
+
}
|
|
61
119
|
/**
|
|
62
120
|
* Optional: delete a nonce from Redis manually
|
|
63
121
|
*/
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@tozielinski/next-upstash-nonce",
|
|
3
|
-
"version": "1.
|
|
3
|
+
"version": "1.3.0",
|
|
4
4
|
"description": "Create, store, verify and delete nonces in Redis by Upstash for Next.js",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"types": "./dist/index.d.ts",
|
|
@@ -32,7 +32,6 @@
|
|
|
32
32
|
"homepage": "https://github.com/tozielinski/next-upstash-nonce#readme",
|
|
33
33
|
"dependencies": {
|
|
34
34
|
"@upstash/redis": "1.22.0",
|
|
35
|
-
"crypto": "^1.0.1",
|
|
36
35
|
"uuid": "^13.0.0"
|
|
37
36
|
},
|
|
38
37
|
"devDependencies": {
|