@voyantjs/utils 0.4.5 → 0.6.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/session-claims.d.ts
CHANGED
|
@@ -10,7 +10,8 @@
|
|
|
10
10
|
* - 5-minute expiration ensures quick revocation
|
|
11
11
|
* - HttpOnly, Secure, SameSite cookies
|
|
12
12
|
*
|
|
13
|
-
* Compatible with
|
|
13
|
+
* Compatible with environments that expose the standard Web Crypto API,
|
|
14
|
+
* including Node.js, browsers, and Cloudflare Workers.
|
|
14
15
|
*/
|
|
15
16
|
export interface SessionClaims {
|
|
16
17
|
userId: string;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-claims.d.ts","sourceRoot":"","sources":["../src/session-claims.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"session-claims.d.ts","sourceRoot":"","sources":["../src/session-claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAUH,MAAM,WAAW,aAAa;IAC5B,MAAM,EAAE,MAAM,CAAA;IACd,SAAS,EAAE,MAAM,CAAA;IACjB,GAAG,EAAE,MAAM,CAAA;IACX,GAAG,EAAE,MAAM,CAAA;CACZ;AAsBD;;;;;;;;;GASG;AACH,wBAAsB,iBAAiB,CACrC,MAAM,EAAE,MAAM,EACd,SAAS,EAAE,MAAM,EACjB,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,MAAM,CAAC,CA4CjB;AAED;;;;;;GAMG;AACH,wBAAsB,mBAAmB,CACvC,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,GACb,OAAO,CAAC,aAAa,GAAG,IAAI,CAAC,CA4D/B"}
|
package/dist/session-claims.js
CHANGED
|
@@ -10,25 +10,13 @@
|
|
|
10
10
|
* - 5-minute expiration ensures quick revocation
|
|
11
11
|
* - HttpOnly, Secure, SameSite cookies
|
|
12
12
|
*
|
|
13
|
-
* Compatible with
|
|
13
|
+
* Compatible with environments that expose the standard Web Crypto API,
|
|
14
|
+
* including Node.js, browsers, and Cloudflare Workers.
|
|
14
15
|
*/
|
|
15
|
-
// Use Node crypto when available (Next.js middleware, Node.js environments)
|
|
16
|
-
// Falls back to Web Crypto API for Cloudflare Workers
|
|
17
|
-
let nodeCrypto = null;
|
|
18
|
-
try {
|
|
19
|
-
// eslint-disable-next-line @typescript-eslint/no-require-imports
|
|
20
|
-
nodeCrypto = require("node:crypto");
|
|
21
|
-
}
|
|
22
|
-
catch {
|
|
23
|
-
// Not in Node.js environment
|
|
24
|
-
}
|
|
25
16
|
function getWebCrypto() {
|
|
26
17
|
if (typeof globalThis.crypto !== "undefined" && globalThis.crypto.subtle) {
|
|
27
18
|
return globalThis.crypto;
|
|
28
19
|
}
|
|
29
|
-
if (nodeCrypto?.webcrypto) {
|
|
30
|
-
return nodeCrypto.webcrypto;
|
|
31
|
-
}
|
|
32
20
|
throw new Error("No crypto implementation available");
|
|
33
21
|
}
|
|
34
22
|
const CLAIMS_EXPIRY_SECONDS = 5 * 60; // 5 minutes
|
|
@@ -37,12 +25,6 @@ const CLAIMS_EXPIRY_SECONDS = 5 * 60; // 5 minutes
|
|
|
37
25
|
* Uses first 16 chars of base64url-encoded SHA-256 hash
|
|
38
26
|
*/
|
|
39
27
|
async function hashSessionId(sessionId) {
|
|
40
|
-
// Node.js crypto (preferred - synchronous)
|
|
41
|
-
if (nodeCrypto) {
|
|
42
|
-
const hash = nodeCrypto.createHash("sha256").update(sessionId).digest("base64url");
|
|
43
|
-
return hash.slice(0, 16);
|
|
44
|
-
}
|
|
45
|
-
// Web Crypto API (Cloudflare Workers)
|
|
46
28
|
const webCrypto = getWebCrypto();
|
|
47
29
|
const encoder = new TextEncoder();
|
|
48
30
|
const data = encoder.encode(sessionId);
|
|
@@ -87,24 +69,16 @@ export async function signSessionClaims(userId, sessionId, secret) {
|
|
|
87
69
|
.replace(/=/g, "");
|
|
88
70
|
// Create signature
|
|
89
71
|
const message = `${headerB64}.${payloadB64}`;
|
|
90
|
-
|
|
91
|
-
|
|
92
|
-
|
|
93
|
-
|
|
94
|
-
|
|
95
|
-
|
|
96
|
-
|
|
97
|
-
|
|
98
|
-
|
|
99
|
-
|
|
100
|
-
const key = await webCrypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
101
|
-
const sigBuffer = await webCrypto.subtle.sign("HMAC", key, encoder.encode(message));
|
|
102
|
-
const sigArray = Array.from(new Uint8Array(sigBuffer));
|
|
103
|
-
signature = btoa(String.fromCharCode(...sigArray))
|
|
104
|
-
.replace(/\+/g, "-")
|
|
105
|
-
.replace(/\//g, "_")
|
|
106
|
-
.replace(/=/g, "");
|
|
107
|
-
}
|
|
72
|
+
const webCrypto = getWebCrypto();
|
|
73
|
+
const encoder = new TextEncoder();
|
|
74
|
+
const keyData = encoder.encode(secret);
|
|
75
|
+
const key = await webCrypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
76
|
+
const sigBuffer = await webCrypto.subtle.sign("HMAC", key, encoder.encode(message));
|
|
77
|
+
const sigArray = Array.from(new Uint8Array(sigBuffer));
|
|
78
|
+
const signature = btoa(String.fromCharCode(...sigArray))
|
|
79
|
+
.replace(/\+/g, "-")
|
|
80
|
+
.replace(/\//g, "_")
|
|
81
|
+
.replace(/=/g, "");
|
|
108
82
|
return `${headerB64}.${payloadB64}.${signature}`;
|
|
109
83
|
}
|
|
110
84
|
/**
|
|
@@ -127,24 +101,16 @@ export async function verifySessionClaims(token, secret) {
|
|
|
127
101
|
}
|
|
128
102
|
// Verify signature
|
|
129
103
|
const message = `${headerB64}.${payloadB64}`;
|
|
130
|
-
|
|
131
|
-
|
|
132
|
-
|
|
133
|
-
|
|
134
|
-
|
|
135
|
-
|
|
136
|
-
|
|
137
|
-
|
|
138
|
-
|
|
139
|
-
|
|
140
|
-
const key = await webCrypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
141
|
-
const sigBuffer = await webCrypto.subtle.sign("HMAC", key, encoder.encode(message));
|
|
142
|
-
const sigArray = Array.from(new Uint8Array(sigBuffer));
|
|
143
|
-
expectedSig = btoa(String.fromCharCode(...sigArray))
|
|
144
|
-
.replace(/\+/g, "-")
|
|
145
|
-
.replace(/\//g, "_")
|
|
146
|
-
.replace(/=/g, "");
|
|
147
|
-
}
|
|
104
|
+
const webCrypto = getWebCrypto();
|
|
105
|
+
const encoder = new TextEncoder();
|
|
106
|
+
const keyData = encoder.encode(secret);
|
|
107
|
+
const key = await webCrypto.subtle.importKey("raw", keyData, { name: "HMAC", hash: "SHA-256" }, false, ["sign"]);
|
|
108
|
+
const sigBuffer = await webCrypto.subtle.sign("HMAC", key, encoder.encode(message));
|
|
109
|
+
const sigArray = Array.from(new Uint8Array(sigBuffer));
|
|
110
|
+
const expectedSig = btoa(String.fromCharCode(...sigArray))
|
|
111
|
+
.replace(/\+/g, "-")
|
|
112
|
+
.replace(/\//g, "_")
|
|
113
|
+
.replace(/=/g, "");
|
|
148
114
|
// Constant-time comparison
|
|
149
115
|
if (!constantTimeEqual(signature, expectedSig)) {
|
|
150
116
|
return null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"session-claims.js","sourceRoot":"","sources":["../src/session-claims.ts"],"names":[],"mappings":"AAAA
|
|
1
|
+
{"version":3,"file":"session-claims.js","sourceRoot":"","sources":["../src/session-claims.ts"],"names":[],"mappings":"AAAA;;;;;;;;;;;;;;GAcG;AAEH,SAAS,YAAY;IACnB,IAAI,OAAO,UAAU,CAAC,MAAM,KAAK,WAAW,IAAI,UAAU,CAAC,MAAM,CAAC,MAAM,EAAE,CAAC;QACzE,OAAO,UAAU,CAAC,MAAM,CAAA;IAC1B,CAAC;IAED,MAAM,IAAI,KAAK,CAAC,oCAAoC,CAAC,CAAA;AACvD,CAAC;AASD,MAAM,qBAAqB,GAAG,CAAC,GAAG,EAAE,CAAA,CAAC,YAAY;AAEjD;;;GAGG;AACH,KAAK,UAAU,aAAa,CAAC,SAAiB;IAC5C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAA;IAChC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,IAAI,GAAG,OAAO,CAAC,MAAM,CAAC,SAAS,CAAC,CAAA;IACtC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,MAAM,CAAC,SAAS,EAAE,IAAI,CAAC,CAAA;IACjE,MAAM,SAAS,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,UAAU,CAAC,CAAC,CAAA;IACxD,gCAAgC;IAChC,MAAM,OAAO,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,SAAS,CAAC,CAAC;SACpD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACpB,OAAO,OAAO,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA;AAC7B,CAAC;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,KAAK,UAAU,iBAAiB,CACrC,MAAc,EACd,SAAiB,EACjB,MAAc;IAEd,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;IACzC,MAAM,GAAG,GAAG,GAAG,GAAG,qBAAqB,CAAA;IAEvC,MAAM,aAAa,GAAG,MAAM,aAAa,CAAC,SAAS,CAAC,CAAA;IACpD,MAAM,MAAM,GAAkB;QAC5B,MAAM;QACN,SAAS,EAAE,aAAa;QACxB,GAAG,EAAE,GAAG;QACR,GAAG;KACJ,CAAA;IAED,8CAA8C;IAC9C,MAAM,MAAM,GAAG,EAAE,GAAG,EAAE,OAAO,EAAE,GAAG,EAAE,KAAK,EAAE,CAAA;IAC3C,MAAM,SAAS,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;SAC3C,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IACpB,MAAM,UAAU,GAAG,IAAI,CAAC,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;SAC5C,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAEpB,mBAAmB;IACnB,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;IAE5C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAA;IAChC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;IACjC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;IACtC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,SAAS,CAC1C,KAAK,EACL,OAAO,EACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAA;IACD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;IACnF,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;IACtD,MAAM,SAAS,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC;SACrD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;SACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;IAEpB,OAAO,GAAG,SAAS,IAAI,UAAU,IAAI,SAAS,EAAE,CAAA;AAClD,CAAC;AAED;;;;;;GAMG;AACH,MAAM,CAAC,KAAK,UAAU,mBAAmB,CACvC,KAAa,EACb,MAAc;IAEd,IAAI,CAAC;QACH,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAA;QAC9B,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE,CAAC;YACvB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,MAAM,CAAC,SAAS,EAAE,UAAU,EAAE,SAAS,CAAC,GAAG,KAAK,CAAA;QAEhD,+BAA+B;QAC/B,IAAI,CAAC,SAAS,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS,EAAE,CAAC;YAC5C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,mBAAmB;QACnB,MAAM,OAAO,GAAG,GAAG,SAAS,IAAI,UAAU,EAAE,CAAA;QAE5C,MAAM,SAAS,GAAG,YAAY,EAAE,CAAA;QAChC,MAAM,OAAO,GAAG,IAAI,WAAW,EAAE,CAAA;QACjC,MAAM,OAAO,GAAG,OAAO,CAAC,MAAM,CAAC,MAAM,CAAC,CAAA;QACtC,MAAM,GAAG,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,SAAS,CAC1C,KAAK,EACL,OAAO,EACP,EAAE,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,SAAS,EAAE,EACjC,KAAK,EACL,CAAC,MAAM,CAAC,CACT,CAAA;QACD,MAAM,SAAS,GAAG,MAAM,SAAS,CAAC,MAAM,CAAC,IAAI,CAAC,MAAM,EAAE,GAAG,EAAE,OAAO,CAAC,MAAM,CAAC,OAAO,CAAC,CAAC,CAAA;QACnF,MAAM,QAAQ,GAAG,KAAK,CAAC,IAAI,CAAC,IAAI,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;QACtD,MAAM,WAAW,GAAG,IAAI,CAAC,MAAM,CAAC,YAAY,CAAC,GAAG,QAAQ,CAAC,CAAC;aACvD,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,KAAK,EAAE,GAAG,CAAC;aACnB,OAAO,CAAC,IAAI,EAAE,EAAE,CAAC,CAAA;QAEpB,2BAA2B;QAC3B,IAAI,CAAC,iBAAiB,CAAC,SAAS,EAAE,WAAW,CAAC,EAAE,CAAC;YAC/C,OAAO,IAAI,CAAA;QACb,CAAC;QAED,8CAA8C;QAC9C,4DAA4D;QAC5D,MAAM,WAAW,GAAG,IAAI,CAAC,UAAU,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,OAAO,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC,CAAA;QAC1E,MAAM,OAAO,GAAG,IAAI,CAAC,KAAK,CAAC,WAAW,CAAkB,CAAA;QAExD,mBAAmB;QACnB,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,EAAE,GAAG,IAAI,CAAC,CAAA;QACzC,IAAI,OAAO,CAAC,GAAG,GAAG,GAAG,EAAE,CAAC;YACtB,OAAO,IAAI,CAAA;QACb,CAAC;QAED,qBAAqB;QACrB,IAAI,CAAC,OAAO,CAAC,MAAM,IAAI,CAAC,OAAO,CAAC,SAAS,IAAI,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,CAAC;YAC1E,OAAO,IAAI,CAAA;QACb,CAAC;QAED,OAAO,OAAO,CAAA;IAChB,CAAC;IAAC,OAAO,MAAM,EAAE,CAAC;QAChB,2CAA2C;QAC3C,OAAO,IAAI,CAAA;IACb,CAAC;AACH,CAAC;AAED;;GAEG;AACH,SAAS,iBAAiB,CAAC,CAAS,EAAE,CAAS;IAC7C,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IAEvC,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE,EAAE,CAAC;QAClC,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC7C,CAAC;IAED,OAAO,MAAM,KAAK,CAAC,CAAA;AACrB,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@voyantjs/utils",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.6.0",
|
|
4
4
|
"license": "FSL-1.1-Apache-2.0",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -82,7 +82,7 @@
|
|
|
82
82
|
"liquidjs": "^10.24.0",
|
|
83
83
|
"pdf-lib": "^1.17.1",
|
|
84
84
|
"zod": "^4.3.6",
|
|
85
|
-
"@voyantjs/types": "0.
|
|
85
|
+
"@voyantjs/types": "0.6.0"
|
|
86
86
|
},
|
|
87
87
|
"devDependencies": {
|
|
88
88
|
"@types/node": "^25.5.2",
|