@zeroad.network/token 0.13.6 → 0.13.8

package/dist/index.cjs

@@ -1,33 +1,37 @@
 'use strict';
 
-var browser = require('./browser-C2zgnAdK.cjs');
+var browser = require('./browser-CMCq-bkd.cjs');
 var node_buffer = require('node:buffer');
 var node_crypto = require('node:crypto');
 
+const keyCache = /* @__PURE__ */ new Map();
 const importPrivateKey = (privateKeyBase64) => {
-  const keyBuffer = node_buffer.Buffer.from(privateKeyBase64, "base64");
-  return node_crypto.createPrivateKey({
-    key: keyBuffer,
+  if (keyCache.has(privateKeyBase64)) return keyCache.get(privateKeyBase64);
+  const key = node_crypto.createPrivateKey({
+    key: node_buffer.Buffer.from(privateKeyBase64, "base64"),
     format: "der",
     type: "pkcs8"
   });
+  keyCache.set(privateKeyBase64, key);
+  return key;
 };
 const importPublicKey = (publicKeyBase64) => {
-  const keyBuffer = node_buffer.Buffer.from(publicKeyBase64, "base64");
-  return node_crypto.createPublicKey({
-    key: keyBuffer,
+  if (keyCache.has(publicKeyBase64)) return keyCache.get(publicKeyBase64);
+  const key = node_crypto.createPublicKey({
+    key: node_buffer.Buffer.from(publicKeyBase64, "base64"),
     format: "der",
     type: "spki"
   });
+  keyCache.set(publicKeyBase64, key);
+  return key;
 };
 const sign = (data, privateKey) => {
-  const buffer = node_buffer.Buffer.from(data);
-  return node_crypto.sign(null, buffer, privateKey);
+  const key = importPrivateKey(privateKey);
+  return node_crypto.sign(null, node_buffer.Buffer.from(data), key);
 };
 const verify = (data, signature, publicKey) => {
-  const dataBuffer = node_buffer.Buffer.from(data);
-  const sigBuffer = node_buffer.Buffer.from(signature);
-  return node_crypto.verify(null, dataBuffer, publicKey, sigBuffer);
+  const key = importPublicKey(publicKey);
+  return node_crypto.verify(null, node_buffer.Buffer.from(data), key, node_buffer.Buffer.from(signature));
 };
 const nonce = (size) => new Uint8Array(node_crypto.randomBytes(size));
 
@@ -35,70 +39,59 @@ const VERSION_BYTES = 1;
 const NONCE_BYTES = 4;
 const SEPARATOR = ".";
 const SITE_FEATURES_NATIVE = browser.getSiteFeaturesNative();
-const as32BitNumber = (byteArray, begin) => {
-  const bytes = byteArray.subarray(begin, begin + Uint32Array.BYTES_PER_ELEMENT);
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  return view.getUint32(0, true);
-};
-class ClientHeader {
-  cryptoPublicKey;
-  cryptoPrivateKey;
-  publicKey;
-  privateKey;
-  NAME = browser.CLIENT_HEADERS.HELLO;
-  constructor(publicKey, privateKey) {
-    this.publicKey = publicKey;
-    this.privateKey = privateKey;
-  }
-  parseToken(headerValue) {
-    const headerValueAsString = Array.isArray(headerValue) ? headerValue[0] : headerValue;
-    const data = this.decode(headerValueAsString);
-    const result = {};
-    if (!data || data.expiresAt.getTime() < Date.now()) {
-      for (const [feature] of SITE_FEATURES_NATIVE) {
-        result[feature] = false;
-      }
-      return result;
-    }
-    for (const [feature, shift] of SITE_FEATURES_NATIVE) {
-      result[feature] = browser.hasFeature(data.flags, shift);
+function parseClientToken(headerValue, clientId, publicKey) {
+  const headerValueAsString = Array.isArray(headerValue) ? headerValue[0] : headerValue;
+  const data = decodeClientHeader(headerValueAsString, publicKey);
+  let flags = 0;
+  if (data && data.expiresAt.getTime() >= Date.now()) flags = data.flags;
+  if (flags && data?.clientId && data.clientId !== clientId) flags = 0;
+  const features = SITE_FEATURES_NATIVE.map(([feature, shift]) => browser.hasFlag(flags, shift) && feature).filter((e) => !!e);
+  const hasCleanWeb = features.includes("CLEAN_WEB");
+  const hasOnePass = features.includes("ONE_PASS");
+  return {
+    HIDE_ADVERTISEMENTS: hasCleanWeb,
+    HIDE_COOKIE_CONSENT_SCREEN: hasCleanWeb,
+    HIDE_MARKETING_DIALOGS: hasCleanWeb,
+    DISABLE_NON_FUNCTIONAL_TRACKING: hasCleanWeb,
+    DISABLE_CONTENT_PAYWALL: hasOnePass,
+    ENABLE_SUBSCRIPTION_ACCESS: hasOnePass
+  };
+}
+function decodeClientHeader(headerValue, publicKey) {
+  if (!headerValue?.length) return;
+  try {
+    const [data, signature] = headerValue.split(SEPARATOR);
+    const dataBytes = browser.fromBase64(data);
+    const signatureBytes = browser.fromBase64(signature);
+    if (!verify(dataBytes.buffer, signatureBytes.buffer, publicKey)) {
+      throw new Error("Forged header value is provided");
     }
-    return result;
-  }
-  decode(headerValue) {
-    if (!headerValue?.length) return;
-    if (!this.cryptoPublicKey) this.cryptoPublicKey = importPublicKey(this.publicKey);
-    try {
-      const [data, signature] = headerValue.split(SEPARATOR);
-      const dataBytes = browser.fromBase64(data);
-      const signatureBytes = browser.fromBase64(signature);
-      if (!verify(dataBytes.buffer, signatureBytes.buffer, this.cryptoPublicKey)) {
-        throw new Error("Forged header value is provided");
-      }
-      const version = dataBytes[0];
-      if (version === browser.PROTOCOL_VERSION.V_1) {
-        const expiresAt = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES);
-        const flags = as32BitNumber(dataBytes, dataBytes.length - Uint32Array.BYTES_PER_ELEMENT);
-        return { version, expiresAt: new Date(expiresAt * 1e3), flags };
+    const version = dataBytes[0];
+    let clientId;
+    if (version === browser.PROTOCOL_VERSION.V_1) {
+      const expiresAt = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES);
+      const flags = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES + Uint32Array.BYTES_PER_ELEMENT);
+      const expectedByteLength = VERSION_BYTES + NONCE_BYTES + Uint32Array.BYTES_PER_ELEMENT * 2;
+      if (dataBytes.byteLength > expectedByteLength) {
+        clientId = new TextDecoder().decode(dataBytes.subarray(expectedByteLength));
       }
-    } catch (err) {
-      browser.log("warn", "Could not decode client header value", { reason: err?.message });
+      return { version, expiresAt: new Date(expiresAt * 1e3), flags, ...clientId && { clientId } };
     }
-  }
-  encode(version, expiresAt, features) {
-    if (!this.privateKey) throw new Error("Private key is required");
-    const data = mergeByteArrays([
-      new Uint8Array([version]),
-      new Uint8Array(nonce(NONCE_BYTES)),
-      new Uint32Array([Math.floor(expiresAt.getTime() / 1e3)]),
-      new Uint32Array([browser.setFeatures(0, features)])
-    ]);
-    if (!this.cryptoPrivateKey) this.cryptoPrivateKey = importPrivateKey(this.privateKey);
-    const signature = sign(data.buffer, this.cryptoPrivateKey);
-    return [browser.toBase64(data), browser.toBase64(new Uint8Array(signature))].join(SEPARATOR);
+  } catch (err) {
+    browser.log("warn", "Could not decode client header value", { reason: err?.message });
   }
 }
-const mergeByteArrays = (arrays) => {
+function encodeClientHeader(data, privateKey) {
+  const payload = mergeByteArrays([
+    new Uint8Array([data.version]),
+    new Uint8Array(nonce(NONCE_BYTES)),
+    new Uint32Array([Math.floor(data.expiresAt.getTime() / 1e3)]),
+    new Uint32Array([browser.setFlags(data.features)]),
+    ...data.clientId?.length ? [new Uint8Array(new TextEncoder().encode(data.clientId))] : []
+  ]);
+  return [browser.toBase64(payload), browser.toBase64(new Uint8Array(sign(payload.buffer, privateKey)))].join(SEPARATOR);
+}
+function mergeByteArrays(arrays) {
   const totalLength = arrays.reduce((sum, a) => sum + a.byteLength, 0);
   const data = new Uint8Array(totalLength);
   let offset = 0;
@@ -111,17 +104,20 @@ const mergeByteArrays = (arrays) => {
     offset += bytes.byteLength;
   }
   return data;
-};
+}
+function as32BitNumber(byteArray, begin) {
+  const bytes = byteArray.subarray(begin, begin + Uint32Array.BYTES_PER_ELEMENT);
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  return view.getUint32(0, true);
+}
 
 function Site(options) {
-  const serverHeader = new browser.ServerHeader(options);
-  const clientHeader = new ClientHeader(browser.ZEROAD_NETWORK_PUBLIC_KEY);
+  const serverHeaderValue = browser.encodeServerHeader(options.clientId, options.features);
   return {
-    setLogLevel: browser.setLogLevel,
-    parseToken: clientHeader.parseToken.bind(clientHeader),
-    CLIENT_HEADER_NAME: clientHeader.NAME,
-    SERVER_HEADER_NAME: serverHeader.NAME,
-    SERVER_HEADER_VALUE: serverHeader.VALUE
+    parseClientToken: (headerValue) => parseClientToken(headerValue, options.clientId, browser.ZEROAD_NETWORK_PUBLIC_KEY),
+    CLIENT_HEADER_NAME: browser.CLIENT_HEADERS.HELLO,
+    SERVER_HEADER_NAME: browser.SERVER_HEADERS.WELCOME,
+    SERVER_HEADER_VALUE: serverHeaderValue
   };
 }
 
@@ -130,8 +126,11 @@ exports.CURRENT_PROTOCOL_VERSION = browser.CURRENT_PROTOCOL_VERSION;
 exports.FEATURES = browser.FEATURES;
 exports.PROTOCOL_VERSION = browser.PROTOCOL_VERSION;
 exports.SERVER_HEADERS = browser.SERVER_HEADERS;
-exports.ServerHeader = browser.ServerHeader;
 exports.ZEROAD_NETWORK_PUBLIC_KEY = browser.ZEROAD_NETWORK_PUBLIC_KEY;
+exports.decodeServerHeader = browser.decodeServerHeader;
+exports.encodeServerHeader = browser.encodeServerHeader;
 exports.setLogLevel = browser.setLogLevel;
-exports.ClientHeader = ClientHeader;
 exports.Site = Site;
+exports.decodeClientHeader = decodeClientHeader;
+exports.encodeClientHeader = encodeClientHeader;
+exports.parseClientToken = parseClientToken;

package/dist/index.d.cts

@@ -1,27 +1,38 @@
-import { CLIENT_HEADERS, ClientParsedHeader, PROTOCOL_VERSION, FEATURES, ServerHeaderOptions, SERVER_HEADERS } from './browser.cjs';
-export { CURRENT_PROTOCOL_VERSION, ServerHeader, ServerHeaderExtendedOptions, UUID, WelcomeHeader, ZEROAD_NETWORK_PUBLIC_KEY } from './browser.cjs';
-
-declare class ClientHeader {
-    private cryptoPublicKey;
-    private cryptoPrivateKey;
-    private publicKey;
-    private privateKey;
-    NAME: CLIENT_HEADERS;
-    constructor(publicKey: string, privateKey?: string);
-    parseToken(headerValue: string | string[] | undefined): Record<"ADS_OFF" | "COOKIE_CONSENT_OFF" | "MARKETING_DIALOG_OFF" | "CONTENT_PAYWALL_OFF" | "SUBSCRIPTION_ACCESS_ON", boolean>;
-    decode(headerValue: string | undefined): ClientParsedHeader | undefined;
-    encode(version: PROTOCOL_VERSION, expiresAt: Date, features: FEATURES[]): string;
-}
+import { P as PROTOCOL_VERSION, F as FEATURES, C as CLIENT_HEADERS, S as SERVER_HEADERS } from './browser-BiNZ2c6t.cjs';
+export { a as CURRENT_PROTOCOL_VERSION, W as WelcomeHeader, Z as ZEROAD_NETWORK_PUBLIC_KEY, d as decodeServerHeader, e as encodeServerHeader } from './browser-BiNZ2c6t.cjs';
 
 type LogLevel = "error" | "warn" | "info" | "debug";
 declare function setLogLevel(level: LogLevel): void;
 
-declare function Site(options: ServerHeaderOptions): {
-    setLogLevel: typeof setLogLevel;
-    parseToken: (headerValue: string | string[] | undefined) => Record<"ADS_OFF" | "COOKIE_CONSENT_OFF" | "MARKETING_DIALOG_OFF" | "CONTENT_PAYWALL_OFF" | "SUBSCRIPTION_ACCESS_ON", boolean>;
+type FEATURE_FLAG = "HIDE_ADVERTISEMENTS" | "HIDE_COOKIE_CONSENT_SCREEN" | "HIDE_MARKETING_DIALOGS" | "DISABLE_NON_FUNCTIONAL_TRACKING" | "DISABLE_CONTENT_PAYWALL" | "ENABLE_SUBSCRIPTION_ACCESS";
+type ClientHeaderValue = string | string[] | undefined;
+type FeatureFlags = Record<FEATURE_FLAG, boolean>;
+declare function parseClientToken(headerValue: ClientHeaderValue, clientId: string, publicKey: string): FeatureFlags;
+type DecodedClientHeader = {
+    version: PROTOCOL_VERSION;
+    expiresAt: Date;
+    flags: number;
+    clientId?: string;
+};
+declare function decodeClientHeader(headerValue: string | null | undefined, publicKey: string): DecodedClientHeader | undefined;
+type EncodeData = {
+    version: PROTOCOL_VERSION;
+    expiresAt: Date;
+    features: FEATURES[];
+    clientId?: string;
+};
+declare function encodeClientHeader(data: EncodeData, privateKey: string): string;
+
+type SiteOptions = {
+    clientId: string;
+    features: FEATURES[];
+};
+declare function Site(options: SiteOptions): {
+    parseClientToken: (headerValue: ClientHeaderValue) => FeatureFlags;
     CLIENT_HEADER_NAME: CLIENT_HEADERS;
     SERVER_HEADER_NAME: SERVER_HEADERS;
     SERVER_HEADER_VALUE: string;
 };
 
-export { CLIENT_HEADERS, ClientHeader, ClientParsedHeader, FEATURES, PROTOCOL_VERSION, SERVER_HEADERS, ServerHeaderOptions, Site, setLogLevel };
+export { CLIENT_HEADERS, FEATURES, PROTOCOL_VERSION, SERVER_HEADERS, Site, decodeClientHeader, encodeClientHeader, parseClientToken, setLogLevel };
+export type { ClientHeaderValue, DecodedClientHeader, FEATURE_FLAG, FeatureFlags };

package/dist/index.d.mts

@@ -1,27 +1,38 @@
-import { CLIENT_HEADERS, ClientParsedHeader, PROTOCOL_VERSION, FEATURES, ServerHeaderOptions, SERVER_HEADERS } from './browser.mjs';
-export { CURRENT_PROTOCOL_VERSION, ServerHeader, ServerHeaderExtendedOptions, UUID, WelcomeHeader, ZEROAD_NETWORK_PUBLIC_KEY } from './browser.mjs';
-
-declare class ClientHeader {
-    private cryptoPublicKey;
-    private cryptoPrivateKey;
-    private publicKey;
-    private privateKey;
-    NAME: CLIENT_HEADERS;
-    constructor(publicKey: string, privateKey?: string);
-    parseToken(headerValue: string | string[] | undefined): Record<"ADS_OFF" | "COOKIE_CONSENT_OFF" | "MARKETING_DIALOG_OFF" | "CONTENT_PAYWALL_OFF" | "SUBSCRIPTION_ACCESS_ON", boolean>;
-    decode(headerValue: string | undefined): ClientParsedHeader | undefined;
-    encode(version: PROTOCOL_VERSION, expiresAt: Date, features: FEATURES[]): string;
-}
+import { P as PROTOCOL_VERSION, F as FEATURES, C as CLIENT_HEADERS, S as SERVER_HEADERS } from './browser-BiNZ2c6t.mjs';
+export { a as CURRENT_PROTOCOL_VERSION, W as WelcomeHeader, Z as ZEROAD_NETWORK_PUBLIC_KEY, d as decodeServerHeader, e as encodeServerHeader } from './browser-BiNZ2c6t.mjs';
 
 type LogLevel = "error" | "warn" | "info" | "debug";
 declare function setLogLevel(level: LogLevel): void;
 
-declare function Site(options: ServerHeaderOptions): {
-    setLogLevel: typeof setLogLevel;
-    parseToken: (headerValue: string | string[] | undefined) => Record<"ADS_OFF" | "COOKIE_CONSENT_OFF" | "MARKETING_DIALOG_OFF" | "CONTENT_PAYWALL_OFF" | "SUBSCRIPTION_ACCESS_ON", boolean>;
+type FEATURE_FLAG = "HIDE_ADVERTISEMENTS" | "HIDE_COOKIE_CONSENT_SCREEN" | "HIDE_MARKETING_DIALOGS" | "DISABLE_NON_FUNCTIONAL_TRACKING" | "DISABLE_CONTENT_PAYWALL" | "ENABLE_SUBSCRIPTION_ACCESS";
+type ClientHeaderValue = string | string[] | undefined;
+type FeatureFlags = Record<FEATURE_FLAG, boolean>;
+declare function parseClientToken(headerValue: ClientHeaderValue, clientId: string, publicKey: string): FeatureFlags;
+type DecodedClientHeader = {
+    version: PROTOCOL_VERSION;
+    expiresAt: Date;
+    flags: number;
+    clientId?: string;
+};
+declare function decodeClientHeader(headerValue: string | null | undefined, publicKey: string): DecodedClientHeader | undefined;
+type EncodeData = {
+    version: PROTOCOL_VERSION;
+    expiresAt: Date;
+    features: FEATURES[];
+    clientId?: string;
+};
+declare function encodeClientHeader(data: EncodeData, privateKey: string): string;
+
+type SiteOptions = {
+    clientId: string;
+    features: FEATURES[];
+};
+declare function Site(options: SiteOptions): {
+    parseClientToken: (headerValue: ClientHeaderValue) => FeatureFlags;
     CLIENT_HEADER_NAME: CLIENT_HEADERS;
     SERVER_HEADER_NAME: SERVER_HEADERS;
     SERVER_HEADER_VALUE: string;
 };
 
-export { CLIENT_HEADERS, ClientHeader, ClientParsedHeader, FEATURES, PROTOCOL_VERSION, SERVER_HEADERS, ServerHeaderOptions, Site, setLogLevel };
+export { CLIENT_HEADERS, FEATURES, PROTOCOL_VERSION, SERVER_HEADERS, Site, decodeClientHeader, encodeClientHeader, parseClientToken, setLogLevel };
+export type { ClientHeaderValue, DecodedClientHeader, FEATURE_FLAG, FeatureFlags };

package/dist/index.mjs

@@ -1,32 +1,36 @@
-import { g as getSiteFeaturesNative, C as CLIENT_HEADERS, h as hasFeature, f as fromBase64, P as PROTOCOL_VERSION, l as log, s as setFeatures, t as toBase64, S as ServerHeader, a as setLogLevel, Z as ZEROAD_NETWORK_PUBLIC_KEY } from './browser-DDeUUPbU.mjs';
-export { c as CURRENT_PROTOCOL_VERSION, F as FEATURES, b as SERVER_HEADERS } from './browser-DDeUUPbU.mjs';
+import { g as getSiteFeaturesNative, h as hasFlag, f as fromBase64, P as PROTOCOL_VERSION, l as log, s as setFlags, t as toBase64, e as encodeServerHeader, S as SERVER_HEADERS, C as CLIENT_HEADERS, Z as ZEROAD_NETWORK_PUBLIC_KEY } from './browser-Citg0bh9.mjs';
+export { b as CURRENT_PROTOCOL_VERSION, F as FEATURES, d as decodeServerHeader, a as setLogLevel } from './browser-Citg0bh9.mjs';
 import { Buffer } from 'node:buffer';
-import { createPublicKey, verify as verify$1, randomBytes, createPrivateKey, sign as sign$1 } from 'node:crypto';
+import { verify as verify$1, randomBytes, sign as sign$1, createPublicKey, createPrivateKey } from 'node:crypto';
 
+const keyCache = /* @__PURE__ */ new Map();
 const importPrivateKey = (privateKeyBase64) => {
-  const keyBuffer = Buffer.from(privateKeyBase64, "base64");
-  return createPrivateKey({
-    key: keyBuffer,
+  if (keyCache.has(privateKeyBase64)) return keyCache.get(privateKeyBase64);
+  const key = createPrivateKey({
+    key: Buffer.from(privateKeyBase64, "base64"),
     format: "der",
     type: "pkcs8"
   });
+  keyCache.set(privateKeyBase64, key);
+  return key;
 };
 const importPublicKey = (publicKeyBase64) => {
-  const keyBuffer = Buffer.from(publicKeyBase64, "base64");
-  return createPublicKey({
-    key: keyBuffer,
+  if (keyCache.has(publicKeyBase64)) return keyCache.get(publicKeyBase64);
+  const key = createPublicKey({
+    key: Buffer.from(publicKeyBase64, "base64"),
     format: "der",
     type: "spki"
   });
+  keyCache.set(publicKeyBase64, key);
+  return key;
 };
 const sign = (data, privateKey) => {
-  const buffer = Buffer.from(data);
-  return sign$1(null, buffer, privateKey);
+  const key = importPrivateKey(privateKey);
+  return sign$1(null, Buffer.from(data), key);
 };
 const verify = (data, signature, publicKey) => {
-  const dataBuffer = Buffer.from(data);
-  const sigBuffer = Buffer.from(signature);
-  return verify$1(null, dataBuffer, publicKey, sigBuffer);
+  const key = importPublicKey(publicKey);
+  return verify$1(null, Buffer.from(data), key, Buffer.from(signature));
 };
 const nonce = (size) => new Uint8Array(randomBytes(size));
 
@@ -34,70 +38,59 @@ const VERSION_BYTES = 1;
 const NONCE_BYTES = 4;
 const SEPARATOR = ".";
 const SITE_FEATURES_NATIVE = getSiteFeaturesNative();
-const as32BitNumber = (byteArray, begin) => {
-  const bytes = byteArray.subarray(begin, begin + Uint32Array.BYTES_PER_ELEMENT);
-  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
-  return view.getUint32(0, true);
-};
-class ClientHeader {
-  cryptoPublicKey;
-  cryptoPrivateKey;
-  publicKey;
-  privateKey;
-  NAME = CLIENT_HEADERS.HELLO;
-  constructor(publicKey, privateKey) {
-    this.publicKey = publicKey;
-    this.privateKey = privateKey;
-  }
-  parseToken(headerValue) {
-    const headerValueAsString = Array.isArray(headerValue) ? headerValue[0] : headerValue;
-    const data = this.decode(headerValueAsString);
-    const result = {};
-    if (!data || data.expiresAt.getTime() < Date.now()) {
-      for (const [feature] of SITE_FEATURES_NATIVE) {
-        result[feature] = false;
-      }
-      return result;
-    }
-    for (const [feature, shift] of SITE_FEATURES_NATIVE) {
-      result[feature] = hasFeature(data.flags, shift);
+function parseClientToken(headerValue, clientId, publicKey) {
+  const headerValueAsString = Array.isArray(headerValue) ? headerValue[0] : headerValue;
+  const data = decodeClientHeader(headerValueAsString, publicKey);
+  let flags = 0;
+  if (data && data.expiresAt.getTime() >= Date.now()) flags = data.flags;
+  if (flags && data?.clientId && data.clientId !== clientId) flags = 0;
+  const features = SITE_FEATURES_NATIVE.map(([feature, shift]) => hasFlag(flags, shift) && feature).filter((e) => !!e);
+  const hasCleanWeb = features.includes("CLEAN_WEB");
+  const hasOnePass = features.includes("ONE_PASS");
+  return {
+    HIDE_ADVERTISEMENTS: hasCleanWeb,
+    HIDE_COOKIE_CONSENT_SCREEN: hasCleanWeb,
+    HIDE_MARKETING_DIALOGS: hasCleanWeb,
+    DISABLE_NON_FUNCTIONAL_TRACKING: hasCleanWeb,
+    DISABLE_CONTENT_PAYWALL: hasOnePass,
+    ENABLE_SUBSCRIPTION_ACCESS: hasOnePass
+  };
+}
+function decodeClientHeader(headerValue, publicKey) {
+  if (!headerValue?.length) return;
+  try {
+    const [data, signature] = headerValue.split(SEPARATOR);
+    const dataBytes = fromBase64(data);
+    const signatureBytes = fromBase64(signature);
+    if (!verify(dataBytes.buffer, signatureBytes.buffer, publicKey)) {
+      throw new Error("Forged header value is provided");
     }
-    return result;
-  }
-  decode(headerValue) {
-    if (!headerValue?.length) return;
-    if (!this.cryptoPublicKey) this.cryptoPublicKey = importPublicKey(this.publicKey);
-    try {
-      const [data, signature] = headerValue.split(SEPARATOR);
-      const dataBytes = fromBase64(data);
-      const signatureBytes = fromBase64(signature);
-      if (!verify(dataBytes.buffer, signatureBytes.buffer, this.cryptoPublicKey)) {
-        throw new Error("Forged header value is provided");
-      }
-      const version = dataBytes[0];
-      if (version === PROTOCOL_VERSION.V_1) {
-        const expiresAt = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES);
-        const flags = as32BitNumber(dataBytes, dataBytes.length - Uint32Array.BYTES_PER_ELEMENT);
-        return { version, expiresAt: new Date(expiresAt * 1e3), flags };
+    const version = dataBytes[0];
+    let clientId;
+    if (version === PROTOCOL_VERSION.V_1) {
+      const expiresAt = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES);
+      const flags = as32BitNumber(dataBytes, VERSION_BYTES + NONCE_BYTES + Uint32Array.BYTES_PER_ELEMENT);
+      const expectedByteLength = VERSION_BYTES + NONCE_BYTES + Uint32Array.BYTES_PER_ELEMENT * 2;
+      if (dataBytes.byteLength > expectedByteLength) {
+        clientId = new TextDecoder().decode(dataBytes.subarray(expectedByteLength));
       }
-    } catch (err) {
-      log("warn", "Could not decode client header value", { reason: err?.message });
+      return { version, expiresAt: new Date(expiresAt * 1e3), flags, ...clientId && { clientId } };
     }
-  }
-  encode(version, expiresAt, features) {
-    if (!this.privateKey) throw new Error("Private key is required");
-    const data = mergeByteArrays([
-      new Uint8Array([version]),
-      new Uint8Array(nonce(NONCE_BYTES)),
-      new Uint32Array([Math.floor(expiresAt.getTime() / 1e3)]),
-      new Uint32Array([setFeatures(0, features)])
-    ]);
-    if (!this.cryptoPrivateKey) this.cryptoPrivateKey = importPrivateKey(this.privateKey);
-    const signature = sign(data.buffer, this.cryptoPrivateKey);
-    return [toBase64(data), toBase64(new Uint8Array(signature))].join(SEPARATOR);
+  } catch (err) {
+    log("warn", "Could not decode client header value", { reason: err?.message });
   }
 }
-const mergeByteArrays = (arrays) => {
+function encodeClientHeader(data, privateKey) {
+  const payload = mergeByteArrays([
+    new Uint8Array([data.version]),
+    new Uint8Array(nonce(NONCE_BYTES)),
+    new Uint32Array([Math.floor(data.expiresAt.getTime() / 1e3)]),
+    new Uint32Array([setFlags(data.features)]),
+    ...data.clientId?.length ? [new Uint8Array(new TextEncoder().encode(data.clientId))] : []
+  ]);
+  return [toBase64(payload), toBase64(new Uint8Array(sign(payload.buffer, privateKey)))].join(SEPARATOR);
+}
+function mergeByteArrays(arrays) {
   const totalLength = arrays.reduce((sum, a) => sum + a.byteLength, 0);
   const data = new Uint8Array(totalLength);
   let offset = 0;
@@ -110,18 +103,21 @@ const mergeByteArrays = (arrays) => {
     offset += bytes.byteLength;
   }
   return data;
-};
+}
+function as32BitNumber(byteArray, begin) {
+  const bytes = byteArray.subarray(begin, begin + Uint32Array.BYTES_PER_ELEMENT);
+  const view = new DataView(bytes.buffer, bytes.byteOffset, bytes.byteLength);
+  return view.getUint32(0, true);
+}
 
 function Site(options) {
-  const serverHeader = new ServerHeader(options);
-  const clientHeader = new ClientHeader(ZEROAD_NETWORK_PUBLIC_KEY);
+  const serverHeaderValue = encodeServerHeader(options.clientId, options.features);
   return {
-    setLogLevel,
-    parseToken: clientHeader.parseToken.bind(clientHeader),
-    CLIENT_HEADER_NAME: clientHeader.NAME,
-    SERVER_HEADER_NAME: serverHeader.NAME,
-    SERVER_HEADER_VALUE: serverHeader.VALUE
+    parseClientToken: (headerValue) => parseClientToken(headerValue, options.clientId, ZEROAD_NETWORK_PUBLIC_KEY),
+    CLIENT_HEADER_NAME: CLIENT_HEADERS.HELLO,
+    SERVER_HEADER_NAME: SERVER_HEADERS.WELCOME,
+    SERVER_HEADER_VALUE: serverHeaderValue
   };
 }
 
-export { CLIENT_HEADERS, ClientHeader, PROTOCOL_VERSION, ServerHeader, Site, ZEROAD_NETWORK_PUBLIC_KEY, setLogLevel };
+export { CLIENT_HEADERS, PROTOCOL_VERSION, SERVER_HEADERS, Site, ZEROAD_NETWORK_PUBLIC_KEY, decodeClientHeader, encodeClientHeader, encodeServerHeader, parseClientToken };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@zeroad.network/token",
-  "version": "0.13.6",
+  "version": "0.13.8",
   "license": "Apache-2.0",
   "repository": "github:laurynas-karvelis/zeroad-token-typescript",
   "homepage": "https://zeroad.network",
@@ -77,7 +77,7 @@
     "@types/bun": "^1.3.3",
     "@types/node": "^24.10.0",
     "pkgroll": "^2.21.4",
-    "prettier": "^3.7.2",
+    "prettier": "^3.7.4",
     "typescript": "^5.9.3"
   }
 }