npm - altcha-lib - Versions diffs - 1.4.1 → 2.0.0-beta.2 - Mend

altcha-lib 1.4.1 → 2.0.0-beta.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (133) hide show

package/LICENSE.txt +1 -1
package/README.md +45 -149
package/bin/cli.mjs +35 -0
package/dist/cjs/tsconfig.cjs.tsbuildinfo +1 -0
package/dist/cjs/v2/algorithms/argon2id.d.ts +2 -0
package/dist/cjs/v2/algorithms/argon2id.js +26 -0
package/dist/cjs/v2/algorithms/pbkdf2.d.ts +2 -0
package/dist/cjs/v2/algorithms/pbkdf2.js +23 -0
package/dist/cjs/v2/algorithms/scrypt.d.ts +2 -0
package/dist/cjs/v2/algorithms/scrypt.js +17 -0
package/dist/cjs/v2/algorithms/sha.d.ts +2 -0
package/dist/cjs/v2/algorithms/sha.js +35 -0
package/dist/cjs/v2/algorithms/web/pbkdf2.d.ts +2 -0
package/dist/cjs/v2/algorithms/web/pbkdf2.js +19 -0
package/dist/cjs/v2/algorithms/web/sha.d.ts +2 -0
package/dist/cjs/v2/algorithms/web/sha.js +23 -0
package/dist/cjs/v2/capped-map.d.ts +7 -0
package/dist/cjs/v2/capped-map.js +18 -0
package/dist/cjs/v2/frameworks/express.d.ts +21 -0
package/dist/cjs/v2/frameworks/express.js +77 -0
package/dist/cjs/v2/frameworks/fastify.d.ts +26 -0
package/dist/cjs/v2/frameworks/fastify.js +88 -0
package/dist/cjs/v2/frameworks/h3.d.ts +37 -0
package/dist/cjs/v2/frameworks/h3.js +89 -0
package/dist/cjs/v2/frameworks/hono.d.ts +99 -0
package/dist/cjs/v2/frameworks/hono.js +86 -0
package/dist/cjs/v2/frameworks/nestjs.d.ts +79 -0
package/dist/cjs/v2/frameworks/nestjs.js +198 -0
package/dist/cjs/v2/frameworks/nextjs.d.ts +21 -0
package/dist/cjs/v2/frameworks/nextjs.js +112 -0
package/dist/cjs/v2/frameworks/shared.d.ts +8 -0
package/dist/cjs/v2/frameworks/shared.js +121 -0
package/dist/cjs/v2/frameworks/sveltekit.d.ts +29 -0
package/dist/cjs/v2/frameworks/sveltekit.js +101 -0
package/dist/cjs/v2/frameworks/types.d.ts +47 -0
package/dist/cjs/v2/frameworks/types.js +2 -0
package/dist/cjs/v2/helpers.d.ts +27 -0
package/dist/cjs/v2/helpers.js +127 -0
package/dist/cjs/v2/index.d.ts +19 -0
package/dist/cjs/v2/index.js +28 -0
package/dist/cjs/v2/obfuscation.d.ts +11 -0
package/dist/cjs/v2/obfuscation.js +74 -0
package/dist/cjs/v2/pow.d.ts +60 -0
package/dist/cjs/v2/pow.js +287 -0
package/dist/cjs/v2/server-signature.d.ts +12 -0
package/dist/cjs/v2/server-signature.js +68 -0
package/dist/cjs/v2/types.d.ts +277 -0
package/dist/cjs/v2/types.js +18 -0
package/dist/cjs/v2/workers/argon2id.js +7 -0
package/dist/cjs/v2/workers/pbkdf2.js +7 -0
package/dist/cjs/v2/workers/scrypt.d.ts +1 -0
package/dist/cjs/v2/workers/scrypt.js +7 -0
package/dist/cjs/v2/workers/sha.d.ts +1 -0
package/dist/cjs/v2/workers/sha.js +7 -0
package/dist/cjs/v2/workers/shared.d.ts +4 -0
package/dist/cjs/v2/workers/shared.js +33 -0
package/dist/esm/tsconfig.build.tsbuildinfo +1 -0
package/dist/esm/v1/types.js +1 -0
package/dist/esm/v1/worker.d.ts +1 -0
package/dist/esm/v2/algorithms/argon2id.d.ts +2 -0
package/dist/esm/v2/algorithms/argon2id.js +20 -0
package/dist/esm/v2/algorithms/pbkdf2.d.ts +2 -0
package/dist/esm/v2/algorithms/pbkdf2.js +20 -0
package/dist/esm/v2/algorithms/scrypt.d.ts +2 -0
package/dist/esm/v2/algorithms/scrypt.js +14 -0
package/dist/esm/v2/algorithms/sha.d.ts +2 -0
package/dist/esm/v2/algorithms/sha.js +32 -0
package/dist/esm/v2/algorithms/web/pbkdf2.d.ts +2 -0
package/dist/esm/v2/algorithms/web/pbkdf2.js +16 -0
package/dist/esm/v2/algorithms/web/sha.d.ts +2 -0
package/dist/esm/v2/algorithms/web/sha.js +20 -0
package/dist/esm/v2/capped-map.d.ts +7 -0
package/dist/esm/v2/capped-map.js +15 -0
package/dist/esm/v2/frameworks/express.d.ts +21 -0
package/dist/esm/v2/frameworks/express.js +71 -0
package/dist/esm/v2/frameworks/fastify.d.ts +26 -0
package/dist/esm/v2/frameworks/fastify.js +82 -0
package/dist/esm/v2/frameworks/h3.d.ts +37 -0
package/dist/esm/v2/frameworks/h3.js +83 -0
package/dist/esm/v2/frameworks/hono.d.ts +99 -0
package/dist/esm/v2/frameworks/hono.js +80 -0
package/dist/esm/v2/frameworks/nestjs.d.ts +79 -0
package/dist/esm/v2/frameworks/nestjs.js +202 -0
package/dist/esm/v2/frameworks/nextjs.d.ts +21 -0
package/dist/esm/v2/frameworks/nextjs.js +106 -0
package/dist/esm/v2/frameworks/shared.d.ts +8 -0
package/dist/esm/v2/frameworks/shared.js +117 -0
package/dist/esm/v2/frameworks/sveltekit.d.ts +29 -0
package/dist/esm/v2/frameworks/sveltekit.js +95 -0
package/dist/esm/v2/frameworks/types.d.ts +47 -0
package/dist/esm/v2/frameworks/types.js +1 -0
package/dist/esm/v2/helpers.d.ts +27 -0
package/dist/esm/v2/helpers.js +112 -0
package/dist/esm/v2/index.d.ts +19 -0
package/dist/esm/v2/index.js +17 -0
package/dist/esm/v2/obfuscation.d.ts +11 -0
package/dist/esm/v2/obfuscation.js +70 -0
package/dist/esm/v2/pow.d.ts +60 -0
package/dist/esm/v2/pow.js +282 -0
package/dist/esm/v2/server-signature.d.ts +12 -0
package/dist/esm/v2/server-signature.js +63 -0
package/dist/esm/v2/types.d.ts +277 -0
package/dist/esm/v2/types.js +15 -0
package/dist/esm/v2/workers/argon2id.d.ts +1 -0
package/dist/esm/v2/workers/argon2id.js +5 -0
package/dist/esm/v2/workers/pbkdf2.d.ts +1 -0
package/dist/esm/v2/workers/pbkdf2.js +5 -0
package/dist/esm/v2/workers/scrypt.d.ts +1 -0
package/dist/esm/v2/workers/scrypt.js +5 -0
package/dist/esm/v2/workers/sha.d.ts +1 -0
package/dist/esm/v2/workers/sha.js +5 -0
package/dist/esm/v2/workers/shared.d.ts +4 -0
package/dist/esm/v2/workers/shared.js +30 -0
package/package.json +139 -27
package/cjs/dist/tsconfig.cjs.tsbuildinfo +0 -1
package/cjs/package.json +0 -3
package/dist/tsconfig.build.tsbuildinfo +0 -1
/package/{cjs/dist → dist/cjs/v1}/helpers.d.ts +0 -0
/package/{cjs/dist → dist/cjs/v1}/helpers.js +0 -0
/package/{cjs/dist → dist/cjs/v1}/index.d.ts +0 -0
/package/{cjs/dist → dist/cjs/v1}/index.js +0 -0
/package/{cjs/dist → dist/cjs/v1}/types.d.ts +0 -0
/package/{cjs/dist → dist/cjs/v1}/types.js +0 -0
/package/{cjs/dist → dist/cjs/v1}/worker.d.ts +0 -0
/package/{cjs/dist → dist/cjs/v1}/worker.js +0 -0
/package/dist/{types.js → cjs/v2/workers/argon2id.d.ts} +0 -0
/package/dist/{worker.d.ts → cjs/v2/workers/pbkdf2.d.ts} +0 -0
/package/dist/{helpers.d.ts → esm/v1/helpers.d.ts} +0 -0
/package/dist/{helpers.js → esm/v1/helpers.js} +0 -0
/package/dist/{index.d.ts → esm/v1/index.d.ts} +0 -0
/package/dist/{index.js → esm/v1/index.js} +0 -0
/package/dist/{types.d.ts → esm/v1/types.d.ts} +0 -0
/package/dist/{worker.js → esm/v1/worker.js} +0 -0

package/dist/cjs/v2/obfuscation.js ADDED Viewed

@@ -0,0 +1,74 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.deobfuscate = deobfuscate;
+exports.obfuscate = obfuscate;
+const pbkdf2_js_1 = require("./algorithms/pbkdf2.js");
+const pow_js_1 = require("./pow.js");
+const helpers_js_1 = require("./helpers.js");
+async function deobfuscate(obfuscatedData, options = {}) {
+    const { concurrency = Math.max(1, Math.min(4, typeof navigator !== 'undefined' ? navigator.hardwareConcurrency : 1)), createWorker, deriveKey = pbkdf2_js_1.deriveKey, } = options;
+    let challenge = null;
+    try {
+        challenge = JSON.parse(atob(obfuscatedData));
+    }
+    catch {
+        throw new Error(`Unable to parse obfuscated data.`);
+    }
+    if (!challenge ||
+        typeof challenge !== 'object' ||
+        !('parameters' in challenge) ||
+        !('cipher' in challenge)) {
+        throw new Error(`Invalid obfuscated data format.`);
+    }
+    const cipher = challenge.cipher;
+    let solution = null;
+    if (createWorker) {
+        solution = await (0, pow_js_1.solveChallengeWorkers)({
+            challenge,
+            concurrency,
+            createWorker,
+        });
+    }
+    else {
+        solution = await (0, pow_js_1.solveChallenge)({
+            challenge,
+            deriveKey,
+        });
+    }
+    if (!solution) {
+        throw new Error('Unable to find solution.');
+    }
+    const key = await crypto.subtle.importKey('raw', (0, helpers_js_1.hexToBuffer)(solution.derivedKey), { name: 'AES-GCM' }, false, ['decrypt']);
+    const result = await crypto.subtle.decrypt({
+        name: 'AES-GCM',
+        iv: (0, helpers_js_1.hexToBuffer)(cipher.iv),
+    }, key, (0, helpers_js_1.hexToBuffer)(cipher.data));
+    return new TextDecoder().decode(result);
+}
+async function obfuscate(str, options = {}) {
+    const { deriveKey = pbkdf2_js_1.deriveKey } = options;
+    const counterMin = options?.counterMin || 20;
+    const counterMax = options?.counterMax || 200;
+    const { parameters } = await (0, pow_js_1.createChallenge)({
+        algorithm: 'PBKDF2/SHA-256',
+        cost: 5000,
+        deriveKey,
+        counter: Math.floor(Math.random() * (counterMax - counterMin + 1)) + counterMin,
+        keyPrefixLength: 32,
+        ...options,
+    });
+    const key = await crypto.subtle.importKey('raw', (0, helpers_js_1.hexToBuffer)(parameters.keyPrefix), { name: 'AES-GCM' }, false, ['encrypt']);
+    const iv = crypto.getRandomValues(new Uint8Array(12));
+    const data = await crypto.subtle.encrypt({ name: 'AES-GCM', iv: iv }, key, new TextEncoder().encode(str));
+    return btoa(JSON.stringify({
+        parameters: {
+            ...parameters,
+            // Return only half the derived key
+            keyPrefix: parameters.keyPrefix.slice(0, parameters.keyLength || 32),
+        },
+        cipher: {
+            iv: (0, helpers_js_1.bufferToHex)(iv),
+            data: (0, helpers_js_1.bufferToHex)(data),
+        },
+    }));
+}

package/dist/cjs/v2/pow.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+import { type CreateChallengeOptions, type Challenge, type ChallengeParameters, type SolveChallengeOptions, type Solution, type VerifySolutionOptions, type VerifySolutionResult, HmacAlgorithm } from './types.js';
+/**
+ * Manages a buffer that combines a nonce with a counter value.
+ * Used to generate unique passwords for each iteration of the challenge solver.
+ */
+export declare class PasswordBuffer {
+    readonly nonce: Uint8Array;
+    readonly mode: 'uint32' | 'string';
+    readonly COUNTER_BYTES = 4;
+    readonly buffer: Uint8Array;
+    readonly dataView: DataView;
+    readonly encoder: TextEncoder;
+    constructor(nonce: Uint8Array, mode?: 'uint32' | 'string');
+    /**
+     * Appends the counter to the nonce buffer.
+     * In 'string' mode, encodes the counter as a UTF-8 string.
+     * In 'uint32' mode, writes the counter as a big-endian 32-bit integer.
+     */
+    setCounter(n: number): Uint8Array<ArrayBufferLike>;
+}
+/**
+ * Creates a new proof-of-work challenge.
+ *
+ * Generates random nonce and salt, optionally pre-computes a key prefix
+ * from a known counter value, and optionally signs the challenge with HMAC.
+ */
+export declare function createChallenge(options: CreateChallengeOptions): Promise<Challenge>;
+/**
+ * Solves a challenge by brute-forcing counter values until the derived key
+ * starts with the required prefix. Returns the solution or null on timeout/abort.
+ */
+export declare function solveChallenge(options: SolveChallengeOptions): Promise<Solution | null>;
+/**
+ * Solves a challenge using multiple Web Workers in parallel.
+ * Each worker tests a different subset of counter values (interleaved by concurrency).
+ * Automatically retries with fewer workers on out-of-memory errors.
+ */
+export declare function solveChallengeWorkers(options: Omit<SolveChallengeOptions, 'deriveKey'> & {
+    concurrency: number;
+    createWorker: (algorithm: string) => Worker | Promise<Worker>;
+    onOutOfMemory?: (concurrency: number) => number | void;
+}): Promise<Solution | null>;
+/**
+ * Signs challenge parameters with HMAC.
+ * Optionally also signs the derived key separately for additional verification.
+ */
+export declare function signChallenge(algorithm: HmacAlgorithm, parameters: ChallengeParameters, derivedKey: Uint8Array | null | undefined, hmacSignatureSecret: string, hmacKeySignatureSecret?: string): Promise<{
+    parameters: ChallengeParameters;
+    signature: string;
+}>;
+/**
+ * Verifies a submitted solution against a challenge.
+ *
+ * Checks (in order):
+ * 1. Whether the challenge has expired.
+ * 2. Whether the challenge has signature parameter.
+ * 3. Whether the challenge signature is valid (tamper check).
+ * 4. Whether the derived key matches — either via key signature or by re-deriving.
+ */
+export declare function verifySolution(options: VerifySolutionOptions): Promise<VerifySolutionResult>;

package/dist/cjs/v2/pow.js ADDED Viewed

@@ -0,0 +1,287 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PasswordBuffer = void 0;
+exports.createChallenge = createChallenge;
+exports.solveChallenge = solveChallenge;
+exports.solveChallengeWorkers = solveChallengeWorkers;
+exports.signChallenge = signChallenge;
+exports.verifySolution = verifySolution;
+const helpers_js_1 = require("./helpers.js");
+const types_js_1 = require("./types.js");
+/**
+ * Manages a buffer that combines a nonce with a counter value.
+ * Used to generate unique passwords for each iteration of the challenge solver.
+ */
+class PasswordBuffer {
+    constructor(nonce, mode = 'uint32') {
+        this.nonce = nonce;
+        this.mode = mode;
+        this.COUNTER_BYTES = 4;
+        this.encoder = new TextEncoder();
+        this.buffer = new Uint8Array(this.nonce.length + this.COUNTER_BYTES);
+        this.buffer.set(this.nonce, 0);
+        this.dataView = new DataView(this.buffer.buffer);
+    }
+    /**
+     * Appends the counter to the nonce buffer.
+     * In 'string' mode, encodes the counter as a UTF-8 string.
+     * In 'uint32' mode, writes the counter as a big-endian 32-bit integer.
+     */
+    setCounter(n) {
+        if (this.mode === 'string') {
+            return (0, helpers_js_1.concatBuffers)(this.nonce, this.encoder.encode(n.toString()));
+        }
+        this.dataView.setUint32(this.nonce.length, n, false);
+        return this.buffer;
+    }
+}
+exports.PasswordBuffer = PasswordBuffer;
+/**
+ * Creates a new proof-of-work challenge.
+ *
+ * Generates random nonce and salt, optionally pre-computes a key prefix
+ * from a known counter value, and optionally signs the challenge with HMAC.
+ */
+async function createChallenge(options) {
+    const { algorithm, counter, counterMode = 'uint32', cost, deriveKey, data, expiresAt, hmacAlgorithm = types_js_1.HmacAlgorithm.SHA_256, hmacKeySignatureSecret, hmacSignatureSecret, keyLength = 32, keyPrefix = '00', keyPrefixLength = keyLength / 2, memoryCost, parallelism, } = options;
+    const parameters = {
+        algorithm,
+        nonce: (0, helpers_js_1.bufferToHex)(crypto.getRandomValues(new Uint8Array(16))),
+        salt: (0, helpers_js_1.bufferToHex)(crypto.getRandomValues(new Uint8Array(16))),
+        cost,
+        keyLength,
+        memoryCost,
+        parallelism,
+        keyPrefix,
+        expiresAt: expiresAt instanceof Date
+            ? Math.floor(expiresAt.getTime() / 1_000)
+            : expiresAt,
+        data,
+    };
+    // If a counter is provided, derive the key and extract the prefix the solver must match.
+    let deriveKeyResult = null;
+    if (counter !== undefined) {
+        const nonceBuf = (0, helpers_js_1.hexToBuffer)(parameters.nonce);
+        deriveKeyResult = await deriveKey(parameters, (0, helpers_js_1.hexToBuffer)(parameters.salt), new PasswordBuffer(nonceBuf, counterMode).setCounter(counter));
+        if (deriveKeyResult.parameters) {
+            Object.assign(parameters, deriveKeyResult.parameters);
+        }
+        parameters.keyPrefix = (0, helpers_js_1.bufferToHex)(deriveKeyResult.derivedKey.slice(0, keyPrefixLength));
+    }
+    // Return unsigned challenge if no HMAC secret is provided.
+    if (!hmacSignatureSecret) {
+        return {
+            parameters: (0, helpers_js_1.sortKeys)(parameters),
+        };
+    }
+    return signChallenge(hmacAlgorithm, parameters, deriveKeyResult?.derivedKey, hmacSignatureSecret, hmacKeySignatureSecret);
+}
+/**
+ * Solves a challenge by brute-forcing counter values until the derived key
+ * starts with the required prefix. Returns the solution or null on timeout/abort.
+ */
+async function solveChallenge(options) {
+    const { challenge, controller, counterMode = 'uint32', counterStart = 0, counterStep = 1, deriveKey, timeout = 90_000, } = options;
+    const { nonce, keyPrefix, salt } = challenge.parameters;
+    const nonceBuf = (0, helpers_js_1.hexToBuffer)(nonce);
+    const saltBuf = (0, helpers_js_1.hexToBuffer)(salt);
+    const keyPrefixBuf = keyPrefix.length % 2 === 0 ? (0, helpers_js_1.hexToBuffer)(keyPrefix) : null;
+    const password = new PasswordBuffer(nonceBuf, counterMode);
+    const start = performance.now();
+    let counter = counterStart;
+    let derivedKeyHex = '';
+    let lastYield = start;
+    while (true) {
+        // Check for abort signal or timeout every 10 iterations.
+        if (controller?.signal.aborted ||
+            (timeout && counter % 10 === 0 && performance.now() - start > timeout)) {
+            return null;
+        }
+        const { derivedKey } = await deriveKey(challenge.parameters, saltBuf, password.setCounter(counter));
+        // Yield to the event loop periodically.
+        if (counter % 10 === 0 && performance.now() - lastYield > 200) {
+            await (0, helpers_js_1.delay)(0);
+            lastYield = performance.now();
+        }
+        // Check if the derived key matches the required prefix.
+        if (keyPrefixBuf
+            ? (0, helpers_js_1.bufferStartsWith)(derivedKey, keyPrefixBuf)
+            : (0, helpers_js_1.bufferToHex)(derivedKey).startsWith(keyPrefix)) {
+            derivedKeyHex = (0, helpers_js_1.bufferToHex)(derivedKey);
+            break;
+        }
+        counter = counter + counterStep;
+    }
+    return {
+        counter,
+        derivedKey: derivedKeyHex,
+        time: (0, helpers_js_1.timeDuration)(start),
+    };
+}
+/**
+ * Solves a challenge using multiple Web Workers in parallel.
+ * Each worker tests a different subset of counter values (interleaved by concurrency).
+ * Automatically retries with fewer workers on out-of-memory errors.
+ */
+async function solveChallengeWorkers(options) {
+    const { challenge, concurrency = navigator.hardwareConcurrency, controller = new AbortController(), createWorker, onOutOfMemory = (c) => (c > 1 ? Math.floor(c / 2) : 0), counterMode, timeout, } = options;
+    const workersConcurrency = Math.min(16, Math.max(1, concurrency));
+    const workersInstances = [];
+    const terminate = () => {
+        for (const worker of workersInstances) {
+            worker.terminate();
+        }
+    };
+    for (let i = 0; i < workersConcurrency; i++) {
+        workersInstances.push(await createWorker(challenge.parameters.algorithm));
+    }
+    let solution = null;
+    try {
+        // Race all workers — first one to find a solution wins.
+        solution = await Promise.race(workersInstances.map((worker, i) => {
+            controller.signal.addEventListener('abort', () => {
+                worker.postMessage({ type: 'abort' });
+            });
+            return new Promise((resolve, reject) => {
+                worker.addEventListener('error', (err) => {
+                    reject(err);
+                });
+                worker.addEventListener('message', (message) => {
+                    if (message.data) {
+                        // Tell other workers to stop once one finds the answer.
+                        for (const w of workersInstances) {
+                            if (w !== worker) {
+                                w.postMessage({ type: 'abort' });
+                            }
+                        }
+                        if (message.data.error) {
+                            return reject(new Error(message.data.error));
+                        }
+                    }
+                    resolve(message.data);
+                });
+                // Each worker starts at a different offset and steps by concurrency count.
+                worker.postMessage({
+                    challenge,
+                    counterMode,
+                    counterStart: i,
+                    counterStep: workersConcurrency,
+                    timeout,
+                    type: 'work',
+                });
+            });
+        }));
+    }
+    catch (err) {
+        // On OOM, retry with fewer workers if the callback allows it.
+        const isOOM = err instanceof Error && !!err?.message?.includes('Out of memory');
+        if (isOOM) {
+            if (onOutOfMemory) {
+                terminate();
+                const retryConcurrency = onOutOfMemory(workersConcurrency);
+                if (retryConcurrency) {
+                    return solveChallengeWorkers({
+                        ...options,
+                        challenge,
+                        controller,
+                        concurrency: retryConcurrency,
+                        createWorker,
+                    });
+                }
+            }
+        }
+        throw err;
+    }
+    finally {
+        terminate();
+    }
+    if (controller.signal.aborted) {
+        return null;
+    }
+    return solution || null;
+}
+/**
+ * Signs challenge parameters with HMAC.
+ * Optionally also signs the derived key separately for additional verification.
+ */
+async function signChallenge(algorithm, parameters, derivedKey, hmacSignatureSecret, hmacKeySignatureSecret) {
+    if (derivedKey && hmacKeySignatureSecret) {
+        parameters.keySignature = (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hmac)(algorithm, derivedKey, hmacKeySignatureSecret));
+    }
+    parameters = (0, helpers_js_1.sortKeys)(parameters);
+    return {
+        parameters,
+        signature: (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hmac)(algorithm, JSON.stringify(parameters), hmacSignatureSecret)),
+    };
+}
+/**
+ * Verifies a submitted solution against a challenge.
+ *
+ * Checks (in order):
+ * 1. Whether the challenge has expired.
+ * 2. Whether the challenge has signature parameter.
+ * 3. Whether the challenge signature is valid (tamper check).
+ * 4. Whether the derived key matches — either via key signature or by re-deriving.
+ */
+async function verifySolution(options) {
+    const { challenge, counterMode, deriveKey, hmacAlgorithm = types_js_1.HmacAlgorithm.SHA_256, hmacKeySignatureSecret, hmacSignatureSecret, solution, } = options;
+    const start = performance.now();
+    // 1. Check expiration.
+    if (challenge.parameters.expiresAt &&
+        challenge.parameters.expiresAt < Date.now() / 1_000) {
+        return {
+            expired: true,
+            invalidSignature: null,
+            invalidSolution: null,
+            time: (0, helpers_js_1.timeDuration)(start),
+            verified: false,
+        };
+    }
+    // 2. Signature parameter check.
+    if (!challenge.signature) {
+        return {
+            expired: false,
+            invalidSignature: true,
+            invalidSolution: null,
+            time: (0, helpers_js_1.timeDuration)(start),
+            verified: false,
+        };
+    }
+    // 3. Verify challenge signature to ensure parameters haven't been tampered with.
+    const signatureCheck = (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hmac)(hmacAlgorithm, (0, helpers_js_1.canonicalJSON)(challenge.parameters), hmacSignatureSecret));
+    const signatureVerified = (0, helpers_js_1.constantTimeEqual)(challenge.signature, signatureCheck);
+    if (!signatureVerified) {
+        return {
+            expired: false,
+            invalidSignature: true,
+            invalidSolution: null,
+            time: (0, helpers_js_1.timeDuration)(start),
+            verified: false,
+        };
+    }
+    // 4a. If a key signature exists, verify the derived key against it (faster path).
+    if (challenge.parameters.keySignature && hmacKeySignatureSecret) {
+        const derivedKeySignatureCheck = (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hmac)(hmacAlgorithm, (0, helpers_js_1.hexToBuffer)(solution.derivedKey), hmacKeySignatureSecret));
+        const derivedKeySignatureValid = (0, helpers_js_1.constantTimeEqual)(challenge.parameters.keySignature, derivedKeySignatureCheck);
+        return {
+            expired: false,
+            invalidSignature: false,
+            invalidSolution: !derivedKeySignatureValid,
+            time: (0, helpers_js_1.timeDuration)(start),
+            verified: derivedKeySignatureValid,
+        };
+    }
+    // 4b. Otherwise, re-derive the key from the solution's counter and compare.
+    const nonceBuf = (0, helpers_js_1.hexToBuffer)(challenge.parameters.nonce);
+    const saltBuf = (0, helpers_js_1.hexToBuffer)(challenge.parameters.salt);
+    const { derivedKey } = await deriveKey(challenge.parameters, saltBuf, new PasswordBuffer(nonceBuf, counterMode).setCounter(solution.counter));
+    const derivedKeyHex = (0, helpers_js_1.bufferToHex)(derivedKey);
+    const invalidSolution = !(0, helpers_js_1.constantTimeEqual)(derivedKeyHex, solution.derivedKey);
+    return {
+        expired: false,
+        invalidSignature: false,
+        invalidSolution,
+        time: (0, helpers_js_1.timeDuration)(start),
+        verified: !invalidSolution && signatureVerified,
+    };
+}

package/dist/cjs/v2/server-signature.d.ts ADDED Viewed

@@ -0,0 +1,12 @@
+import { type ServerSignaturePayload, type ServerSignatureVerificationData, type VerifyServerSignatureResult } from './types.js';
+export declare function parseVerificationData(data: string, convertToArray?: string[]): ServerSignatureVerificationData | null;
+export declare function verifyFieldsHash(options: {
+    formData: FormData | Record<string, unknown>;
+    fields: string[];
+    fieldsHash: string;
+    algorithm?: string;
+}): Promise<boolean>;
+export declare function verifyServerSignature(options: {
+    payload: ServerSignaturePayload;
+    hmacSecret: string;
+}): Promise<VerifyServerSignatureResult>;

package/dist/cjs/v2/server-signature.js ADDED Viewed

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.parseVerificationData = parseVerificationData;
+exports.verifyFieldsHash = verifyFieldsHash;
+exports.verifyServerSignature = verifyServerSignature;
+const helpers_js_1 = require("./helpers.js");
+function parseVerificationData(data, convertToArray = ['fields', 'reasons']) {
+    const verificationData = {};
+    try {
+        const params = new URLSearchParams(data);
+        for (const [key, value] of params.entries()) {
+            if (value === 'true' || value === 'false') {
+                // Boolean
+                verificationData[key] = value === 'true';
+            }
+            else if (value !== null && /^\d+?$/.test(value)) {
+                // Integer
+                verificationData[key] = parseInt(value, 10);
+            }
+            else if (value !== null && /^\d+\.\d+?$/.test(value)) {
+                // Float
+                verificationData[key] = parseFloat(value);
+            }
+            else if (value !== null) {
+                // String
+                verificationData[key] =
+                    convertToArray.includes(key) && value.length
+                        ? value.trim().split(',')
+                        : value.trim();
+            }
+        }
+    }
+    catch {
+        return null;
+    }
+    return verificationData;
+}
+async function verifyFieldsHash(options) {
+    const { algorithm = 'SHA-256', formData, fields, fieldsHash } = options;
+    const data = formData instanceof FormData ? Object.fromEntries(formData) : formData;
+    const lines = [];
+    for (const field of fields) {
+        lines.push(String(data[field] || ''));
+    }
+    return (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hash)(algorithm, lines.join('\n'))) === fieldsHash;
+}
+async function verifyServerSignature(options) {
+    const { hmacSecret, payload } = options;
+    const start = performance.now();
+    const signature = (0, helpers_js_1.bufferToHex)(await (0, helpers_js_1.hmac)(payload.algorithm, await (0, helpers_js_1.hash)(payload.algorithm, payload.verificationData), hmacSecret));
+    const verificationData = parseVerificationData(payload.verificationData);
+    const expired = !!verificationData &&
+        !!verificationData.expire &&
+        verificationData.expire < Math.floor(Date.now() / 1000);
+    const invalidSignature = !(0, helpers_js_1.constantTimeEqual)(payload.signature, signature);
+    const invalidSolution = !verificationData ||
+        verificationData.verified !== true ||
+        payload.verified !== true;
+    const verified = !expired && !invalidSignature && !invalidSolution;
+    return {
+        expired,
+        invalidSignature,
+        invalidSolution,
+        time: (0, helpers_js_1.timeDuration)(start),
+        verificationData,
+        verified,
+    };
+}