@trustsig/sdk 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (6) hide show
  1. package/README.md +49 -0
  2. package/dist/index.d.mts +23 -0
  3. package/dist/index.d.ts +23 -0
  4. package/dist/index.js +1 -0
  5. package/dist/index.mjs +1 -0
  6. package/package.json +34 -0
package/README.md ADDED
@@ -0,0 +1,49 @@
1
+ # TrustSig Enterprise SDK
2
+
3
+ TrustSig Node.js and Edge SDK for integrating TrustSig token verification in your backend services.
4
+
5
+ ## Features
6
+
7
+ - Universal Compatibility (Node.js, Next.js Edge, Cloudflare Workers, Deno)
8
+ - Zero-Dependency Core Cryptography (via `@noble/ciphers`)
9
+ - Local Decryption (Zero Latency)
10
+ - Remote API Verification
11
+
12
+ ## Installation
13
+
14
+ ```bash
15
+ npm install @trustsig/sdk
16
+ ```
17
+
18
+ ## Usage
19
+
20
+ ```typescript
21
+ import { TrustSig } from '@trustsig/sdk';
22
+
23
+ const trustsig = new TrustSig({
24
+ secretKey: process.env.TRUSTSIG_SECRET_KEY
25
+ });
26
+
27
+ const token = req.body['trustsig-response'];
28
+
29
+ const resultRemote = await trustsig.verifyRemote(token);
30
+ if (resultRemote.action === 'BLOCK') {
31
+ throw new Error("Access Denied");
32
+ }
33
+
34
+ const resultLocal = trustsig.verifyLocal(token);
35
+ if (resultLocal.action === 'BLOCK') {
36
+ throw new Error("Access Denied");
37
+ }
38
+ ```
39
+
40
+ ## Verification Modes
41
+
42
+ ### Remote Verification (`verifyRemote`)
43
+ Sends the token to the TrustSig Edge API for validation. Recommended for standard integrations.
44
+
45
+ ### Local Verification (`verifyLocal`)
46
+ Decrypts the token locally using your Project Secret Key. Requires no outbound network requests. Recommended for high-throughput Edge environments.
47
+
48
+ ## Requirements
49
+ - Node.js 18+ or standard Web Crypto API support.
package/dist/index.d.mts ADDED
@@ -0,0 +1,23 @@
1
+ interface TrustSigOptions {
2
+ secretKey: string;
3
+ endpoint?: string;
4
+ }
5
+ interface BotAnalysisResponse {
6
+ is_bot: boolean;
7
+ score: number;
8
+ action: string;
9
+ request_id: string;
10
+ factors: string[];
11
+ evidence: Record<string, any>;
12
+ site_key: string;
13
+ }
14
+
15
+ declare class TrustSig {
16
+ private secretKey;
17
+ private endpoint;
18
+ constructor(options: TrustSigOptions);
19
+ verifyLocal(token: string): BotAnalysisResponse;
20
+ verifyRemote(token: string): Promise<BotAnalysisResponse>;
21
+ }
22
+
23
+ export { type BotAnalysisResponse, TrustSig, type TrustSigOptions };
package/dist/index.d.ts ADDED
@@ -0,0 +1,23 @@
1
+ interface TrustSigOptions {
2
+ secretKey: string;
3
+ endpoint?: string;
4
+ }
5
+ interface BotAnalysisResponse {
6
+ is_bot: boolean;
7
+ score: number;
8
+ action: string;
9
+ request_id: string;
10
+ factors: string[];
11
+ evidence: Record<string, any>;
12
+ site_key: string;
13
+ }
14
+
15
+ declare class TrustSig {
16
+ private secretKey;
17
+ private endpoint;
18
+ constructor(options: TrustSigOptions);
19
+ verifyLocal(token: string): BotAnalysisResponse;
20
+ verifyRemote(token: string): Promise<BotAnalysisResponse>;
21
+ }
22
+
23
+ export { type BotAnalysisResponse, TrustSig, type TrustSigOptions };
package/dist/index.js ADDED
@@ -0,0 +1 @@
1
+ "use strict";var i=Object.defineProperty;var u=Object.getOwnPropertyDescriptor;var f=Object.getOwnPropertyNames;var l=Object.prototype.hasOwnProperty;var O=(r,t)=>{for(var e in t)i(r,e,{get:t[e],enumerable:!0})},R=(r,t,e,n)=>{if(t&&typeof t=="object"||typeof t=="function")for(let s of f(t))!l.call(r,s)&&s!==e&&i(r,s,{get:()=>t[s],enumerable:!(n=u(t,s))||n.enumerable});return r};var T=r=>R(i({},"__esModule",{value:!0}),r);var g={};O(g,{TrustSig:()=>c});module.exports=T(g);var a=require("@noble/ciphers/chacha");function A(r){let t=atob(r),e=t.length,n=new Uint8Array(e);for(let s=0;s<e;s++)n[s]=t.charCodeAt(s);return n}function y(r,t){let e=new Uint8Array(32),n=new TextEncoder().encode(r),s=Math.min(n.length,32);e.set(n.slice(0,s));let o=A(t);if(o.length<12)throw new Error("TOKEN_TOO_SHORT");let p=o.slice(0,12),d=o.slice(12),_=(0,a.chacha20poly1305)(e,p).decrypt(d),h=new TextDecoder().decode(_);return JSON.parse(h)}var c=class{secretKey;endpoint;constructor(t){if(!t.secretKey)throw new Error("SECRET_KEY_REQUIRED");this.secretKey=t.secretKey,this.endpoint=t.endpoint||"https://api.trustsig.com"}verifyLocal(t){try{let e=y(this.secretKey,t);return{is_bot:e.is_bot??!0,score:e.score??100,action:e.action??"BLOCK_MALFORMED_VERDICT",request_id:e.request_id??"",factors:e.factors??[],evidence:e.evidence??{},site_key:e.site_key??""}}catch{return{is_bot:!0,score:100,action:"BLOCK_CRYPTO_FAIL",request_id:"",factors:["CRYPTO_FAIL"],evidence:{},site_key:""}}}async verifyRemote(t){try{let e=await fetch(`${this.endpoint}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({secret:this.secretKey,response:t})});if(!e.ok)throw new Error("HTTP_ERROR");return await e.json()}catch{return{is_bot:!0,score:100,action:"BLOCK_API_FAIL",request_id:"",factors:["API_FAIL"],evidence:{},site_key:""}}}};0&&(module.exports={TrustSig});
package/dist/index.mjs ADDED
@@ -0,0 +1 @@
1
+ import{chacha20poly1305 as _}from"@noble/ciphers/chacha";function h(n){let t=atob(n),e=t.length,r=new Uint8Array(e);for(let s=0;s<e;s++)r[s]=t.charCodeAt(s);return r}function i(n,t){let e=new Uint8Array(32),r=new TextEncoder().encode(n),s=Math.min(r.length,32);e.set(r.slice(0,s));let o=h(t);if(o.length<12)throw new Error("TOKEN_TOO_SHORT");let a=o.slice(0,12),y=o.slice(12),p=_(e,a).decrypt(y),d=new TextDecoder().decode(p);return JSON.parse(d)}var c=class{secretKey;endpoint;constructor(t){if(!t.secretKey)throw new Error("SECRET_KEY_REQUIRED");this.secretKey=t.secretKey,this.endpoint=t.endpoint||"https://api.trustsig.com"}verifyLocal(t){try{let e=i(this.secretKey,t);return{is_bot:e.is_bot??!0,score:e.score??100,action:e.action??"BLOCK_MALFORMED_VERDICT",request_id:e.request_id??"",factors:e.factors??[],evidence:e.evidence??{},site_key:e.site_key??""}}catch{return{is_bot:!0,score:100,action:"BLOCK_CRYPTO_FAIL",request_id:"",factors:["CRYPTO_FAIL"],evidence:{},site_key:""}}}async verifyRemote(t){try{let e=await fetch(`${this.endpoint}/verify`,{method:"POST",headers:{"Content-Type":"application/json"},body:JSON.stringify({secret:this.secretKey,response:t})});if(!e.ok)throw new Error("HTTP_ERROR");return await e.json()}catch{return{is_bot:!0,score:100,action:"BLOCK_API_FAIL",request_id:"",factors:["API_FAIL"],evidence:{},site_key:""}}}};export{c as TrustSig};
package/package.json ADDED
@@ -0,0 +1,34 @@
1
+ {
2
+ "name": "@trustsig/sdk",
3
+ "version": "1.0.0",
4
+ "description": "TrustSig Enterprise SDK for Node.js and Edge environments",
5
+ "main": "./dist/index.js",
6
+ "module": "./dist/index.mjs",
7
+ "types": "./dist/index.d.ts",
8
+ "scripts": {
9
+ "build": "tsup",
10
+ "test": "vitest run"
11
+ },
12
+ "dependencies": {
13
+ "@noble/ciphers": "^1.1.0"
14
+ },
15
+ "devDependencies": {
16
+ "typescript": "^5.0.0",
17
+ "tsup": "^8.0.0",
18
+ "vitest": "^1.0.0"
19
+ },
20
+ "files": [
21
+ "dist"
22
+ ],
23
+ "keywords": [
24
+ "trustsig",
25
+ "security",
26
+ "bot-protection"
27
+ ],
28
+ "author": "TrustSig",
29
+ "license": "MIT",
30
+ "repository": {
31
+ "type": "git",
32
+ "url": "git+https://github.com/TrustSig/TrustSigJS.git"
33
+ }
34
+ }