altcha-lib 0.1.5 → 0.3.0

package/README.md

@@ -4,11 +4,12 @@ ALTCHA JS Library is a lightweight, zero-dependency library designed for creatin
 
 ## Compatibility
 
-This library utilizes [Web Crypto](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto) and is intended for server-side use.
+This library utilizes [Web Crypto](https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto).
 
 - Node.js 16+
 - Bun 1+
 - Deno 1+
+- All modern browsers
 
 ## Usage
 
@@ -37,15 +38,27 @@ Parameters:
 
 - `options: ChallengeOptions`:
   - `algorithm?: string`: Algorithm to use (`SHA-1`, `SHA-256`, `SHA-512`, default: `SHA-256`).
+  - `expires?: Date`: Optional `expires` time (as `Date` set into the future date).
   - `hmacKey: string` (required): Signature HMAC key.
-  - `maxNumber?: number` Optional maximum number for the random number generator (defaults to 1,000,000).
+  - `maxnumber?: number`: Optional maximum number for the random number generator (defaults to 1,000,000).
   - `number?: number`: Optional number to use. If not provided, a random number will be generated.
+  - `params?: Record<string, string>`: Optional parameters to be added to the salt as URL-encoded query string. Use `extractParams()` to read them.
   - `salt?: string`: Optional salt string. If not provided, a random salt will be generated.
-  - `saltLength?: number` Optional maximum lenght of the random salt (in bytes, defaults to 12).
+  - `saltLength?: number`: Optional maximum lenght of the random salt (in bytes, defaults to 12).
 
 Returns: `Promise<Challenge>`
 
-### `verifySolution(payload, hmacKey)`
+### `extractParams(payload)`
+
+Extracts optional parameters from the challenge or payload.
+
+Parameters:
+
+- `payload: string | Payload | Challenge`
+
+Returns: `Record<string, string>`
+
+### `verifySolution(payload, hmacKey, checkExpires = true)`
 
 Verifies an ALTCHA solution. The payload can be a Base64-encoded JSON payload (as submitted by the widget) or an object.
 
@@ -53,6 +66,7 @@ Parameters:
 
 - `payload: string | Payload`
 - `hmacKey: string`
+- `checkExpires: boolean = true`: Whether to perform a check on the optional `expires` parameter. Will return `false` if challenge expired.
 
 Returns: `Promise<boolean>`
 
@@ -65,11 +79,22 @@ Parameters:
 - `challenge: string` (required): The challenge hash.
 - `salt: string` (required): The challenge salt.
 - `algorithm?: string`: Optional algorithm (default: `SHA-256`).
-- `max?: string`: Optional `maxnumber` to iterate to (default: 1e6).
+- `maxnumber?: string`: Optional `maxnumber` to iterate to (default: 1e6).
 - `start?: string`: Optional starting number (default: 0).
 
 Returns: `{ controller: AbortController, promise: Promise<Solution | null> }`
 
+### `verifyServerSignature(payload, hmacKey)`
+
+Verifies the server signature returned by the API. The payload can be a Base64-encoded JSON payload or an object.
+
+Parameters:
+
+- `payload: string | ServerSignaturePayload`
+- `hmacKey: string`
+
+Returns: `Promise<{ verificationData: ServerSignatureVerificationData | null, verified: boolean }>`
+
 ### `solveChallengeWorkers(workerScript, concurrency, challenge, salt, algorithm?, max?, start?)`
 
 Finds a solution to the given challenge with [Web Workers](https://developer.mozilla.org/en-US/docs/Web/API/Worker/Worker) running concurrently. 
@@ -81,7 +106,7 @@ Parameters:
 - `challenge: string` (required): The challenge hash.
 - `salt: string` (required): The challenge salt.
 - `algorithm?: string`: Optional algorithm (default: `SHA-256`).
-- `max?: string`: Optional `maxnumber` to iterate to (default: 1e6).
+- `maxnumber?: string`: Optional `maxnumber` to iterate to (default: 1e6).
 - `start?: string`: Optional starting number (default: 0).
 
 Returns: `Promise<Solution | null>`
@@ -103,16 +128,18 @@ const solution = await solveChallengeWorkers(
 
 ```
 > solveChallenge()
-- n = 1,000...............................        317 ops/s ±2.63%
-- n = 10,000..............................         32 ops/s ±1.88%
-- n = 100,000.............................          3 ops/s ±0.34%
-- n = 500,000.............................          0 ops/s ±0.32%
+- n = 1,000...............................        312 ops/s ±2.90%
+- n = 10,000..............................         31 ops/s ±1.50%
+- n = 50,000..............................          6 ops/s ±0.82%
+- n = 100,000.............................          3 ops/s ±0.37%
+- n = 500,000.............................          0 ops/s ±0.31%
 
 > solveChallengeWorkers() (8 workers)
-- n = 1,000...............................         66 ops/s ±3.44%
-- n = 10,000..............................         31 ops/s ±4.28%
-- n = 100,000.............................          7 ops/s ±4.40%
-- n = 500,000.............................          1 ops/s ±2.49%
+- n = 1,000...............................         62 ops/s ±3.99%
+- n = 10,000..............................         31 ops/s ±6.83%
+- n = 50,000..............................         11 ops/s ±4.00%
+- n = 100,000.............................          7 ops/s ±2.32%
+- n = 500,000.............................          1 ops/s ±1.89%
 ```
 
 Run with Bun on MacBook Pro M3-Pro. See [/benchmark](/benchmark/) folder for more details.

package/cjs/dist/helpers.d.ts

@@ -2,7 +2,9 @@ import './crypto.js';
 import type { Algorithm } from './types.js';
 export declare const encoder: TextEncoder;
 export declare function ab2hex(ab: ArrayBuffer | Uint8Array): string;
-export declare function hash(algorithm: Algorithm, str: string): Promise<string>;
-export declare function hmac(algorithm: Algorithm, str: string, secret: string): Promise<string>;
+export declare function hash(algorithm: Algorithm, data: ArrayBuffer | string): Promise<ArrayBuffer>;
+export declare function hashHex(algorithm: Algorithm, data: ArrayBuffer | string): Promise<string>;
+export declare function hmac(algorithm: Algorithm, data: ArrayBuffer | string, secret: string): Promise<ArrayBuffer>;
+export declare function hmacHex(algorithm: Algorithm, data: ArrayBuffer | string, secret: string): Promise<string>;
 export declare function randomBytes(length: number): Uint8Array;
 export declare function randomInt(max: number): number;

package/cjs/dist/helpers.js

@@ -1,6 +1,6 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.randomInt = exports.randomBytes = exports.hmac = exports.hash = exports.ab2hex = exports.encoder = void 0;
+exports.randomInt = exports.randomBytes = exports.hmacHex = exports.hmac = exports.hashHex = exports.hash = exports.ab2hex = exports.encoder = void 0;
 // @denoify-line-ignore
 require("./crypto.js");
 exports.encoder = new TextEncoder();
@@ -10,18 +10,26 @@ function ab2hex(ab) {
         .join('');
 }
 exports.ab2hex = ab2hex;
-async function hash(algorithm, str) {
-    return ab2hex(await crypto.subtle.digest(algorithm.toUpperCase(), exports.encoder.encode(str)));
+async function hash(algorithm, data) {
+    return crypto.subtle.digest(algorithm.toUpperCase(), typeof data === 'string' ? exports.encoder.encode(data) : new Uint8Array(data));
 }
 exports.hash = hash;
-async function hmac(algorithm, str, secret) {
+async function hashHex(algorithm, data) {
+    return ab2hex(await hash(algorithm, data));
+}
+exports.hashHex = hashHex;
+async function hmac(algorithm, data, secret) {
     const key = await crypto.subtle.importKey('raw', exports.encoder.encode(secret), {
         name: 'HMAC',
         hash: algorithm,
     }, false, ['sign', 'verify']);
-    return ab2hex(await crypto.subtle.sign('HMAC', key, exports.encoder.encode(str)));
+    return crypto.subtle.sign('HMAC', key, typeof data === 'string' ? exports.encoder.encode(data) : new Uint8Array(data));
 }
 exports.hmac = hmac;
+async function hmacHex(algorithm, data, secret) {
+    return ab2hex(await hmac(algorithm, data, secret));
+}
+exports.hmacHex = hmacHex;
 function randomBytes(length) {
     const ab = new Uint8Array(length);
     crypto.getRandomValues(ab);

package/cjs/dist/index.d.ts

@@ -1,6 +1,13 @@
-import type { Challenge, ChallengeOptions, Payload, Solution } from './types.js';
+import type { Challenge, ChallengeOptions, Payload, ServerSignaturePayload, ServerSignatureVerificationData, Solution } from './types.js';
 export declare function createChallenge(options: ChallengeOptions): Promise<Challenge>;
-export declare function verifySolution(payload: string | Payload, hmacKey: string): Promise<boolean>;
+export declare function extractParams(payload: string | Payload | Challenge): {
+    [k: string]: string;
+};
+export declare function verifySolution(payload: string | Payload, hmacKey: string, checkExpires?: boolean): Promise<boolean>;
+export declare function verifyServerSignature(payload: string | ServerSignaturePayload, hmacKey: string): Promise<{
+    verificationData: ServerSignatureVerificationData | null;
+    verified: boolean | null;
+}>;
 export declare function solveChallenge(challenge: string, salt: string, algorithm?: string, max?: number, start?: number): {
     promise: Promise<Solution | null>;
     controller: AbortController;
@@ -8,8 +15,10 @@ export declare function solveChallenge(challenge: string, salt: string, algorith
 export declare function solveChallengeWorkers(workerScript: string | URL | (() => Worker), concurrency: number, challenge: string, salt: string, algorithm?: string, max?: number, startNumber?: number): Promise<Solution | null>;
 declare const _default: {
     createChallenge: typeof createChallenge;
-    verifySolution: typeof verifySolution;
+    extractParams: typeof extractParams;
     solveChallenge: typeof solveChallenge;
     solveChallengeWorkers: typeof solveChallengeWorkers;
+    verifyServerSignature: typeof verifyServerSignature;
+    verifySolution: typeof verifySolution;
 };
 export default _default;

package/cjs/dist/index.js

@@ -1,30 +1,53 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.solveChallengeWorkers = exports.solveChallenge = exports.verifySolution = exports.createChallenge = void 0;
+exports.solveChallengeWorkers = exports.solveChallenge = exports.verifyServerSignature = exports.verifySolution = exports.extractParams = exports.createChallenge = void 0;
 const helpers_js_1 = require("./helpers.js");
 const DEFAULT_MAX_NUMBER = 1e6;
 const DEFAULT_SALT_LEN = 12;
 const DEFAULT_ALG = 'SHA-256';
 async function createChallenge(options) {
     const algorithm = options.algorithm || DEFAULT_ALG;
-    const max = options.maxNumber || DEFAULT_MAX_NUMBER;
+    const maxnumber = options.maxnumber || options.maxNumber || DEFAULT_MAX_NUMBER;
     const saltLength = options.saltLength || DEFAULT_SALT_LEN;
-    const salt = options.salt || (0, helpers_js_1.ab2hex)((0, helpers_js_1.randomBytes)(saltLength));
-    const number = options.number === void 0 ? (0, helpers_js_1.randomInt)(max) : options.number;
-    const challenge = await (0, helpers_js_1.hash)(algorithm, salt + number);
+    const params = new URLSearchParams(options.params);
+    if (options.expires) {
+        params.set('expires', String(Math.floor(options.expires.getTime() / 1000)));
+    }
+    let salt = options.salt || (0, helpers_js_1.ab2hex)((0, helpers_js_1.randomBytes)(saltLength));
+    // params.size doesn't work with Node 16
+    if (Object.keys(Object.fromEntries(params)).length) {
+        salt = salt + '?' + params.toString();
+    }
+    const number = options.number === void 0 ? (0, helpers_js_1.randomInt)(maxnumber) : options.number;
+    const challenge = await (0, helpers_js_1.hashHex)(algorithm, salt + number);
     return {
         algorithm,
         challenge,
-        max,
+        maxnumber,
         salt,
-        signature: await (0, helpers_js_1.hmac)(algorithm, challenge, options.hmacKey),
+        signature: await (0, helpers_js_1.hmacHex)(algorithm, challenge, options.hmacKey),
     };
 }
 exports.createChallenge = createChallenge;
-async function verifySolution(payload, hmacKey) {
+function extractParams(payload) {
     if (typeof payload === 'string') {
         payload = JSON.parse(atob(payload));
     }
+    return Object.fromEntries(new URLSearchParams(payload.salt.split('?')?.[1] || ''));
+}
+exports.extractParams = extractParams;
+async function verifySolution(payload, hmacKey, checkExpires = true) {
+    if (typeof payload === 'string') {
+        payload = JSON.parse(atob(payload));
+    }
+    const params = extractParams(payload);
+    const expires = params.expires || params.expire;
+    if (checkExpires && expires) {
+        const date = new Date(parseInt(expires, 10) * 1000);
+        if (!isNaN(date.getTime()) && date.getTime() < Date.now()) {
+            return false;
+        }
+    }
     const check = await createChallenge({
         algorithm: payload.algorithm,
         hmacKey,
@@ -35,34 +58,59 @@ async function verifySolution(payload, hmacKey) {
         check.signature === payload.signature);
 }
 exports.verifySolution = verifySolution;
+async function verifyServerSignature(payload, hmacKey) {
+    if (typeof payload === 'string') {
+        payload = JSON.parse(atob(payload));
+    }
+    const signature = await (0, helpers_js_1.hmacHex)(payload.algorithm, await (0, helpers_js_1.hash)(payload.algorithm, payload.verificationData), hmacKey);
+    let verificationData = null;
+    try {
+        const params = new URLSearchParams(payload.verificationData);
+        verificationData = {
+            ...Object.fromEntries(params),
+            expire: parseInt(params.get('expire') || '0', 10),
+            fields: params.get('fields')?.split(','),
+            reasons: params.get('reasons')?.split(','),
+            score: params.get('score')
+                ? parseFloat(params.get('score') || '0')
+                : void 0,
+            time: parseInt(params.get('time') || '0', 10),
+            verified: params.get('verified') === 'true',
+        };
+    }
+    catch {
+        // noop
+    }
+    return {
+        verificationData,
+        verified: payload.verified === true &&
+            verificationData &&
+            verificationData.verified === true &&
+            verificationData.expire > Math.floor(Date.now() / 1000) &&
+            payload.signature === signature,
+    };
+}
+exports.verifyServerSignature = verifyServerSignature;
 function solveChallenge(challenge, salt, algorithm = 'SHA-256', max = 1e6, start = 0) {
     const controller = new AbortController();
-    const promise = new Promise((resolve, reject) => {
-        const startTime = Date.now();
-        const next = (n) => {
-            if (controller.signal.aborted || n > max) {
-                resolve(null);
+    const startTime = Date.now();
+    const fn = async () => {
+        for (let n = start; n <= max; n += 1) {
+            if (controller.signal.aborted) {
+                return null;
             }
-            else {
-                hashChallenge(salt, n, algorithm)
-                    .then((t) => {
-                    if (t === challenge) {
-                        resolve({
-                            number: n,
-                            took: Date.now() - startTime,
-                        });
-                    }
-                    else {
-                        next(n + 1);
-                    }
-                })
-                    .catch(reject);
+            const t = await (0, helpers_js_1.hashHex)(algorithm, salt + n);
+            if (t === challenge) {
+                return {
+                    number: n,
+                    took: Date.now() - startTime,
+                };
             }
-        };
-        next(start);
-    });
+        }
+        return null;
+    };
     return {
-        promise,
+        promise: fn(),
         controller,
     };
 }
@@ -117,12 +165,11 @@ async function solveChallengeWorkers(workerScript, concurrency, challenge, salt,
     return solutions.find((solution) => !!solution) || null;
 }
 exports.solveChallengeWorkers = solveChallengeWorkers;
-async function hashChallenge(salt, num, algorithm) {
-    return (0, helpers_js_1.ab2hex)(await crypto.subtle.digest(algorithm.toUpperCase(), helpers_js_1.encoder.encode(salt + num)));
-}
 exports.default = {
     createChallenge,
-    verifySolution,
+    extractParams,
     solveChallenge,
     solveChallengeWorkers,
+    verifyServerSignature,
+    verifySolution,
 };

package/cjs/dist/types.d.ts

@@ -2,15 +2,18 @@ export type Algorithm = 'SHA-1' | 'SHA-256' | 'SHA-512';
 export interface Challenge {
     algorithm: Algorithm;
     challenge: string;
-    max?: number;
+    maxnumber?: number;
     salt: string;
     signature: string;
 }
 export interface ChallengeOptions {
     algorithm?: Algorithm;
+    expires?: Date;
     hmacKey: string;
+    maxnumber?: number;
     maxNumber?: number;
     number?: number;
+    params?: Record<string, string>;
     salt?: string;
     saltLength?: number;
 }
@@ -21,6 +24,23 @@ export interface Payload {
     salt: string;
     signature: string;
 }
+export interface ServerSignaturePayload {
+    algorithm: Algorithm;
+    signature: string;
+    verificationData: string;
+    verified: boolean;
+}
+export interface ServerSignatureVerificationData {
+    classification?: string;
+    email?: string;
+    expire: number;
+    fields?: string[];
+    fieldsHash?: string;
+    reasons?: string[];
+    score?: number;
+    time: number;
+    verified: boolean;
+}
 export interface Solution {
     number: number;
     took: number;

package/dist/helpers.d.ts

@@ -2,7 +2,9 @@ import './crypto.js';
 import type { Algorithm } from './types.js';
 export declare const encoder: TextEncoder;
 export declare function ab2hex(ab: ArrayBuffer | Uint8Array): string;
-export declare function hash(algorithm: Algorithm, str: string): Promise<string>;
-export declare function hmac(algorithm: Algorithm, str: string, secret: string): Promise<string>;
+export declare function hash(algorithm: Algorithm, data: ArrayBuffer | string): Promise<ArrayBuffer>;
+export declare function hashHex(algorithm: Algorithm, data: ArrayBuffer | string): Promise<string>;
+export declare function hmac(algorithm: Algorithm, data: ArrayBuffer | string, secret: string): Promise<ArrayBuffer>;
+export declare function hmacHex(algorithm: Algorithm, data: ArrayBuffer | string, secret: string): Promise<string>;
 export declare function randomBytes(length: number): Uint8Array;
 export declare function randomInt(max: number): number;

package/dist/helpers.js

@@ -6,15 +6,21 @@ export function ab2hex(ab) {
         .map((x) => x.toString(16).padStart(2, '0'))
         .join('');
 }
-export async function hash(algorithm, str) {
-    return ab2hex(await crypto.subtle.digest(algorithm.toUpperCase(), encoder.encode(str)));
+export async function hash(algorithm, data) {
+    return crypto.subtle.digest(algorithm.toUpperCase(), typeof data === 'string' ? encoder.encode(data) : new Uint8Array(data));
 }
-export async function hmac(algorithm, str, secret) {
+export async function hashHex(algorithm, data) {
+    return ab2hex(await hash(algorithm, data));
+}
+export async function hmac(algorithm, data, secret) {
     const key = await crypto.subtle.importKey('raw', encoder.encode(secret), {
         name: 'HMAC',
         hash: algorithm,
     }, false, ['sign', 'verify']);
-    return ab2hex(await crypto.subtle.sign('HMAC', key, encoder.encode(str)));
+    return crypto.subtle.sign('HMAC', key, typeof data === 'string' ? encoder.encode(data) : new Uint8Array(data));
+}
+export async function hmacHex(algorithm, data, secret) {
+    return ab2hex(await hmac(algorithm, data, secret));
 }
 export function randomBytes(length) {
     const ab = new Uint8Array(length);

package/dist/index.d.ts

@@ -1,6 +1,13 @@
-import type { Challenge, ChallengeOptions, Payload, Solution } from './types.js';
+import type { Challenge, ChallengeOptions, Payload, ServerSignaturePayload, ServerSignatureVerificationData, Solution } from './types.js';
 export declare function createChallenge(options: ChallengeOptions): Promise<Challenge>;
-export declare function verifySolution(payload: string | Payload, hmacKey: string): Promise<boolean>;
+export declare function extractParams(payload: string | Payload | Challenge): {
+    [k: string]: string;
+};
+export declare function verifySolution(payload: string | Payload, hmacKey: string, checkExpires?: boolean): Promise<boolean>;
+export declare function verifyServerSignature(payload: string | ServerSignaturePayload, hmacKey: string): Promise<{
+    verificationData: ServerSignatureVerificationData | null;
+    verified: boolean | null;
+}>;
 export declare function solveChallenge(challenge: string, salt: string, algorithm?: string, max?: number, start?: number): {
     promise: Promise<Solution | null>;
     controller: AbortController;
@@ -8,8 +15,10 @@ export declare function solveChallenge(challenge: string, salt: string, algorith
 export declare function solveChallengeWorkers(workerScript: string | URL | (() => Worker), concurrency: number, challenge: string, salt: string, algorithm?: string, max?: number, startNumber?: number): Promise<Solution | null>;
 declare const _default: {
     createChallenge: typeof createChallenge;
-    verifySolution: typeof verifySolution;
+    extractParams: typeof extractParams;
     solveChallenge: typeof solveChallenge;
     solveChallengeWorkers: typeof solveChallengeWorkers;
+    verifyServerSignature: typeof verifyServerSignature;
+    verifySolution: typeof verifySolution;
 };
 export default _default;

package/dist/index.js

@@ -1,26 +1,48 @@
-import { ab2hex, encoder, hash, hmac, randomBytes, randomInt, } from './helpers.js';
+import { ab2hex, hash, hashHex, hmacHex, randomBytes, randomInt, } from './helpers.js';
 const DEFAULT_MAX_NUMBER = 1e6;
 const DEFAULT_SALT_LEN = 12;
 const DEFAULT_ALG = 'SHA-256';
 export async function createChallenge(options) {
     const algorithm = options.algorithm || DEFAULT_ALG;
-    const max = options.maxNumber || DEFAULT_MAX_NUMBER;
+    const maxnumber = options.maxnumber || options.maxNumber || DEFAULT_MAX_NUMBER;
     const saltLength = options.saltLength || DEFAULT_SALT_LEN;
-    const salt = options.salt || ab2hex(randomBytes(saltLength));
-    const number = options.number === void 0 ? randomInt(max) : options.number;
-    const challenge = await hash(algorithm, salt + number);
+    const params = new URLSearchParams(options.params);
+    if (options.expires) {
+        params.set('expires', String(Math.floor(options.expires.getTime() / 1000)));
+    }
+    let salt = options.salt || ab2hex(randomBytes(saltLength));
+    // params.size doesn't work with Node 16
+    if (Object.keys(Object.fromEntries(params)).length) {
+        salt = salt + '?' + params.toString();
+    }
+    const number = options.number === void 0 ? randomInt(maxnumber) : options.number;
+    const challenge = await hashHex(algorithm, salt + number);
     return {
         algorithm,
         challenge,
-        max,
+        maxnumber,
         salt,
-        signature: await hmac(algorithm, challenge, options.hmacKey),
+        signature: await hmacHex(algorithm, challenge, options.hmacKey),
     };
 }
-export async function verifySolution(payload, hmacKey) {
+export function extractParams(payload) {
     if (typeof payload === 'string') {
         payload = JSON.parse(atob(payload));
     }
+    return Object.fromEntries(new URLSearchParams(payload.salt.split('?')?.[1] || ''));
+}
+export async function verifySolution(payload, hmacKey, checkExpires = true) {
+    if (typeof payload === 'string') {
+        payload = JSON.parse(atob(payload));
+    }
+    const params = extractParams(payload);
+    const expires = params.expires || params.expire;
+    if (checkExpires && expires) {
+        const date = new Date(parseInt(expires, 10) * 1000);
+        if (!isNaN(date.getTime()) && date.getTime() < Date.now()) {
+            return false;
+        }
+    }
     const check = await createChallenge({
         algorithm: payload.algorithm,
         hmacKey,
@@ -30,34 +52,58 @@ export async function verifySolution(payload, hmacKey) {
     return (check.challenge === payload.challenge &&
         check.signature === payload.signature);
 }
+export async function verifyServerSignature(payload, hmacKey) {
+    if (typeof payload === 'string') {
+        payload = JSON.parse(atob(payload));
+    }
+    const signature = await hmacHex(payload.algorithm, await hash(payload.algorithm, payload.verificationData), hmacKey);
+    let verificationData = null;
+    try {
+        const params = new URLSearchParams(payload.verificationData);
+        verificationData = {
+            ...Object.fromEntries(params),
+            expire: parseInt(params.get('expire') || '0', 10),
+            fields: params.get('fields')?.split(','),
+            reasons: params.get('reasons')?.split(','),
+            score: params.get('score')
+                ? parseFloat(params.get('score') || '0')
+                : void 0,
+            time: parseInt(params.get('time') || '0', 10),
+            verified: params.get('verified') === 'true',
+        };
+    }
+    catch {
+        // noop
+    }
+    return {
+        verificationData,
+        verified: payload.verified === true &&
+            verificationData &&
+            verificationData.verified === true &&
+            verificationData.expire > Math.floor(Date.now() / 1000) &&
+            payload.signature === signature,
+    };
+}
 export function solveChallenge(challenge, salt, algorithm = 'SHA-256', max = 1e6, start = 0) {
     const controller = new AbortController();
-    const promise = new Promise((resolve, reject) => {
-        const startTime = Date.now();
-        const next = (n) => {
-            if (controller.signal.aborted || n > max) {
-                resolve(null);
+    const startTime = Date.now();
+    const fn = async () => {
+        for (let n = start; n <= max; n += 1) {
+            if (controller.signal.aborted) {
+                return null;
             }
-            else {
-                hashChallenge(salt, n, algorithm)
-                    .then((t) => {
-                    if (t === challenge) {
-                        resolve({
-                            number: n,
-                            took: Date.now() - startTime,
-                        });
-                    }
-                    else {
-                        next(n + 1);
-                    }
-                })
-                    .catch(reject);
+            const t = await hashHex(algorithm, salt + n);
+            if (t === challenge) {
+                return {
+                    number: n,
+                    took: Date.now() - startTime,
+                };
             }
-        };
-        next(start);
-    });
+        }
+        return null;
+    };
     return {
-        promise,
+        promise: fn(),
         controller,
     };
 }
@@ -110,12 +156,11 @@ export async function solveChallengeWorkers(workerScript, concurrency, challenge
     }
     return solutions.find((solution) => !!solution) || null;
 }
-async function hashChallenge(salt, num, algorithm) {
-    return ab2hex(await crypto.subtle.digest(algorithm.toUpperCase(), encoder.encode(salt + num)));
-}
 export default {
     createChallenge,
-    verifySolution,
+    extractParams,
     solveChallenge,
     solveChallengeWorkers,
+    verifyServerSignature,
+    verifySolution,
 };

package/dist/types.d.ts

@@ -2,15 +2,18 @@ export type Algorithm = 'SHA-1' | 'SHA-256' | 'SHA-512';
 export interface Challenge {
     algorithm: Algorithm;
     challenge: string;
-    max?: number;
+    maxnumber?: number;
     salt: string;
     signature: string;
 }
 export interface ChallengeOptions {
     algorithm?: Algorithm;
+    expires?: Date;
     hmacKey: string;
+    maxnumber?: number;
     maxNumber?: number;
     number?: number;
+    params?: Record<string, string>;
     salt?: string;
     saltLength?: number;
 }
@@ -21,6 +24,23 @@ export interface Payload {
     salt: string;
     signature: string;
 }
+export interface ServerSignaturePayload {
+    algorithm: Algorithm;
+    signature: string;
+    verificationData: string;
+    verified: boolean;
+}
+export interface ServerSignatureVerificationData {
+    classification?: string;
+    email?: string;
+    expire: number;
+    fields?: string[];
+    fieldsHash?: string;
+    reasons?: string[];
+    score?: number;
+    time: number;
+    verified: boolean;
+}
 export interface Solution {
     number: number;
     took: number;

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "altcha-lib",
-  "version": "0.1.5",
+  "version": "0.3.0",
   "description": "A library for creating and verifying ALTCHA challenges for Node.js, Bun and Deno.",
   "author": "Daniel Regeci",
   "license": "MIT",