@tozielinski/next-upstash-nonce 1.2.3 → 1.3.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/CHANGELOG.md +14 -0
  2. package/README.md +19 -0
  3. package/dist/index.d.ts +53 -0
  4. package/dist/index.d.ts.map +1 -0
  5. package/dist/index.js +72 -14
  6. package/package.json +1 -2
package/CHANGELOG.md CHANGED
@@ -1,5 +1,19 @@
1
1
  # Changelog
2
2
 
3
+ ## [1.3.1](https://github.com/tozielinski/next-upstash-nonce/compare/v1.3.0...v1.3.1) (2025-11-22)
4
+
5
+
6
+ ### Bug Fixes
7
+
8
+ * enable type generation ([6df83aa](https://github.com/tozielinski/next-upstash-nonce/commit/6df83aa769f367481231b21f7cac0d3c0297af40))
9
+
10
+ ## [1.3.0](https://github.com/tozielinski/next-upstash-nonce/compare/v1.2.3...v1.3.0) (2025-11-22)
11
+
12
+
13
+ ### Features
14
+
15
+ * create two new methods, to check nonces in the header of a request [verifyNonceFromRequest(), verifyAndDeleteNonceFromRequest()] ([a768479](https://github.com/tozielinski/next-upstash-nonce/commit/a76847993bb7fe66bf21900d83eb1ca5760d8afa))
16
+
3
17
  ## [1.2.3](https://github.com/tozielinski/next-upstash-nonce/compare/v1.2.2...v1.2.3) (2025-11-21)
4
18
 
5
19
 
package/README.md CHANGED
@@ -52,9 +52,28 @@ export async function POST(req: Request) {
52
52
 
53
53
  const valid = await nonceManager.verifyAndDelete(nonce);
54
54
 
55
+ // valid will be true if nonce was found and deleted
56
+ // false if nonce was not found or expired
57
+
55
58
  return NextResponse.json({nonce: nonce, valid: valid});
56
59
  }
57
60
  ```
61
+ or more simple
62
+ ```typescript
63
+ 'use server'
64
+ mport {NextResponse} from "next/server";
65
+ import {nonceManager} from "@/[wherever you store your nonceManager instance]";
66
+
67
+ export async function POST(req: Request) {
68
+ const result = await nonceManager.verifyAndDeleteNonceFromRequest(req);
69
+
70
+ // result will be {nonce: string, valid: true} or
71
+ // {valid false, reason: string, response: NextResponse}
72
+ // if nonce was not found or expired
73
+
74
+ return NextResponse.json({nonce: result.nonce, valid: result.valid});
75
+ }
76
+ ```
58
77
  ### Use it in your client side
59
78
  ```typescript
60
79
  'use client'
package/dist/index.d.ts ADDED
@@ -0,0 +1,53 @@
1
+ import { Redis } from "@upstash/redis";
2
+ export type NonceOptions = {
3
+ length?: number;
4
+ ttlSeconds?: number;
5
+ prefix?: string;
6
+ };
7
+ export type NonceCheckResult = {
8
+ valid: true;
9
+ nonce: string;
10
+ } | {
11
+ valid: false;
12
+ reason: "missing-header" | "invalid-or-expired";
13
+ response: Response;
14
+ };
15
+ export declare class NonceManager {
16
+ private redis;
17
+ private length;
18
+ private ttlSeconds;
19
+ private prefix;
20
+ constructor(redis: Redis, opts?: NonceOptions);
21
+ /**
22
+ * generates a new, secure nonce,
23
+ * inserts it into Redis with a TTL,
24
+ * and returns the nonce string.
25
+ */
26
+ create(): Promise<string>;
27
+ /**
28
+ * verifies a nonce and deletes it from Redis,
29
+ * returning true if the nonce exists and has not expired.
30
+ */
31
+ verify(nonce: string): Promise<boolean>;
32
+ /**
33
+ * verifies a nonce and deletes it from Redis,
34
+ * returning true if the nonce exists and has not expired.
35
+ */
36
+ verifyAndDelete(nonce: string): Promise<boolean>;
37
+ /**
38
+ * verifies a nonce from the Header of a request
39
+ * returns a NonceCheckResult if the nonce exists and has not expired.
40
+ */
41
+ verifyNonceFromRequest(req: Request): Promise<NonceCheckResult>;
42
+ /**
43
+ * verifies a nonce from the Header of a request and deletes it from Redis
44
+ * returns a NonceCheckResult if the nonce exists and has not expired.
45
+ */
46
+ verifyAndDeleteNonceFromRequest(req: Request): Promise<NonceCheckResult>;
47
+ /**
48
+ * Optional: delete a nonce from Redis manually
49
+ */
50
+ delete(nonce: string): Promise<void>;
51
+ }
52
+ export default NonceManager;
53
+ //# sourceMappingURL=index.d.ts.map
package/dist/index.d.ts.map ADDED
@@ -0,0 +1 @@
1
+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,KAAK,EAAE,MAAM,gBAAgB,CAAC;AAGvC,MAAM,MAAM,YAAY,GAAG;IACvB,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,MAAM,CAAC,EAAE,MAAM,CAAC;CACnB,CAAC;AAEF,MAAM,MAAM,gBAAgB,GAAK;IAC7B,KAAK,EAAE,IAAI,CAAC;IACZ,KAAK,EAAE,MAAM,CAAA;CAChB,GAAG;IACA,KAAK,EAAE,KAAK,CAAC;IACb,MAAM,EAAE,gBAAgB,GAAG,oBAAoB,CAAC;IAChD,QAAQ,EAAE,QAAQ,CAAA;CACrB,CAAC;AAEF,qBAAa,YAAY;IACrB,OAAO,CAAC,KAAK,CAAQ;IACrB,OAAO,CAAC,MAAM,CAAS;IACvB,OAAO,CAAC,UAAU,CAAS;IAC3B,OAAO,CAAC,MAAM,CAAS;gBAGX,KAAK,EAAE,KAAK,EAAE,IAAI,GAAE,YAAiB;IAQjD;;;;OAIG;IACG,MAAM,IAAI,OAAO,CAAC,MAAM,CAAC;IAS/B;;;OAGG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAa7C;;;OAGG;IACG,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC;IAetD;;;OAGG;IACG,sBAAsB,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAoCrE;;;OAGG;IACG,+BAA+B,CAAC,GAAG,EAAE,OAAO,GAAG,OAAO,CAAC,gBAAgB,CAAC;IAoC9E;;OAEG;IACG,MAAM,CAAC,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC;CAI7C;AAGD,eAAe,YAAY,CAAC"}
package/dist/index.js CHANGED
@@ -20,15 +20,27 @@ class NonceManager {
20
20
  * and returns the nonce string.
21
21
  */
22
22
  async create() {
23
- // const buffer = crypto.randomBytes(this.length);
24
- // const nonce = buffer.toString("hex");
25
23
  const nonce = (0, uuid_1.v4)();
26
24
  const key = this.prefix + nonce;
27
- // console.log("creating nonce:", nonce);
28
- // set with ttl (nx not required — collisions extremely unlikely)
29
25
  await this.redis.set(key, "1", { ex: this.ttlSeconds });
30
26
  return nonce;
31
27
  }
28
+ /**
29
+ * verifies a nonce and deletes it from Redis,
30
+ * returning true if the nonce exists and has not expired.
31
+ */
32
+ async verify(nonce) {
33
+ if (!nonce)
34
+ return false;
35
+ try {
36
+ const res = await this.redis.get(`nonce:${nonce}`);
37
+ return res !== null;
38
+ }
39
+ catch (err) {
40
+ console.error("verify error:", err);
41
+ return false;
42
+ }
43
+ }
32
44
  /**
33
45
  * verifies a nonce and deletes it from Redis,
34
46
  * returning true if the nonce exists and has not expired.
@@ -36,16 +48,6 @@ class NonceManager {
36
48
  async verifyAndDelete(nonce) {
37
49
  if (!nonce)
38
50
  return false;
39
- // const key = this.prefix + nonce;
40
- //
41
- // const script = `
42
- // local v = redis.call('GET', KEYS[1])
43
- // if v then
44
- // redis.call('DEL', KEYS[1])
45
- // return v
46
- // end
47
- // return nil
48
- // `;
49
51
  try {
50
52
  const res = await this.redis.get(`nonce:${nonce}`);
51
53
  // const res = await (this.redis as any).eval(script, { keys: [key] });
@@ -58,6 +60,62 @@ class NonceManager {
58
60
  return false;
59
61
  }
60
62
  }
63
+ /**
64
+ * verifies a nonce from the Header of a request
65
+ * returns a NonceCheckResult if the nonce exists and has not expired.
66
+ */
67
+ async verifyNonceFromRequest(req) {
68
+ const nonce = req.headers.get("x-api-nonce");
69
+ if (!nonce) {
70
+ const response = Response.json({ error: "Missing x-api-nonce header" }, { status: 403 });
71
+ return {
72
+ valid: false,
73
+ reason: "missing-header",
74
+ response,
75
+ };
76
+ }
77
+ const valid = await this.verify(nonce);
78
+ if (!valid) {
79
+ const response = Response.json({ error: "Invalid or expired nonce" }, { status: 403 });
80
+ return {
81
+ valid: false,
82
+ reason: "invalid-or-expired",
83
+ response,
84
+ };
85
+ }
86
+ return {
87
+ valid: true,
88
+ nonce,
89
+ };
90
+ }
91
+ /**
92
+ * verifies a nonce from the Header of a request and deletes it from Redis
93
+ * returns a NonceCheckResult if the nonce exists and has not expired.
94
+ */
95
+ async verifyAndDeleteNonceFromRequest(req) {
96
+ const nonce = req.headers.get("x-api-nonce");
97
+ if (!nonce) {
98
+ const response = Response.json({ error: "Missing x-api-nonce header" }, { status: 403 });
99
+ return {
100
+ valid: false,
101
+ reason: "missing-header",
102
+ response,
103
+ };
104
+ }
105
+ const valid = await this.verifyAndDelete(nonce);
106
+ if (!valid) {
107
+ const response = Response.json({ error: "Invalid or expired nonce" }, { status: 403 });
108
+ return {
109
+ valid: false,
110
+ reason: "invalid-or-expired",
111
+ response,
112
+ };
113
+ }
114
+ return {
115
+ valid: true,
116
+ nonce,
117
+ };
118
+ }
61
119
  /**
62
120
  * Optional: delete a nonce from Redis manually
63
121
  */
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@tozielinski/next-upstash-nonce",
3
- "version": "1.2.3",
3
+ "version": "1.3.1",
4
4
  "description": "Create, store, verify and delete nonces in Redis by Upstash for Next.js",
5
5
  "main": "./dist/index.js",
6
6
  "types": "./dist/index.d.ts",
@@ -32,7 +32,6 @@
32
32
  "homepage": "https://github.com/tozielinski/next-upstash-nonce#readme",
33
33
  "dependencies": {
34
34
  "@upstash/redis": "1.22.0",
35
- "crypto": "^1.0.1",
36
35
  "uuid": "^13.0.0"
37
36
  },
38
37
  "devDependencies": {