npm - altcha-lib - Versions diffs - 2.0.0 → 2.0.2 - Mend

altcha-lib 2.0.0 → 2.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

package/README.md +236 -1
package/bin/cli.mjs +276 -21
package/dist/cjs/v2/pow.js +4 -2
package/dist/esm/v2/pow.js +4 -2
package/dist/tsconfig.build.tsbuildinfo +1 -0
package/dist/tsconfig.cjs.tsbuildinfo +1 -0
package/package.json +2 -2
package/dist/cjs/tsconfig.cjs.tsbuildinfo +0 -1
package/dist/esm/tsconfig.build.tsbuildinfo +0 -1

package/README.md CHANGED Viewed

@@ -2,6 +2,45 @@
 ALTCHA TS/JS Library is a lightweight library for creating and verifying [ALTCHA](https://altcha.org) challenges on the server.
+## Installation
+```sh
+npm install altcha-lib
+```
+## Usage
+```ts
+import { createChallenge, deriveHmacKeySecret, randomInt, verifySolution } from 'altcha-lib';
+import { deriveKey } from 'altcha-lib/algorithms/pbkdf2';
+const HMAC_SECRET = 'your-secret-key';
+const HMAC_KEY_SECRET = 'your-other-secret-key';
+// On the server: create a challenge and send it to the client
+const challenge = await createChallenge({
+  algorithm: 'PBKDF2/SHA-256',
+  cost: 5_000,
+	counter: randomInt(5_000, 10_000),
+  deriveKey,
+  hmacSignatureSecret: HMAC_SECRET,
+	hmacKeySignatureSecret: HMAC_KEY_SECRET,
+});
+// On the server: verify the solution submitted by the client
+const result = await verifySolution({
+  challenge: payload.challenge,
+  solution: payload.solution,
+  deriveKey,
+  hmacSignatureSecret: HMAC_SECRET,
+	hmacKeySignatureSecret: HMAC_KEY_SECRET,
+});
+if (result.verified) {
+  // challenge passed
+}
+```
 ## Get Started
 The library includes plugins for several popular frameworks to simplify integration.
@@ -20,6 +59,7 @@ If your framework is not listed, see the [Advanced Usage](/docs/advanced-usage.m
 - Advanced Usage: [`/docs/advanced-usage.md`](/docs/advanced-usage.md)
 - Algorithms: [`/docs/algorithms.md`](/docs/algorithms.md)
+- CLI Usage: [`/docs/cli.md`](/docs/cli.md)
 - Configuration Options: [`/docs/configuration-options.md`](/docs/configuration-options.md)
 - Obfuscation: [`/docs/obfuscation.md`](/docs/obfuscation.md)
 - Store: [`/docs/store.md`](/docs/store.md)
@@ -36,7 +76,7 @@ If your framework is not listed, see the [Advanced Usage](/docs/advanced-usage.m
 | Deno              |      2+ | Argon2 not available natively                   |
 | WinterCG runtimes |       — | Use WebCrypto [algorithms](/docs/algorithms.md) |
-### Run examples
+## Run Examples
 **Express example (Node.js with `tsx`):**
@@ -70,6 +110,201 @@ The API for the previous PoW version (v1) remains available under the `altcha-li
 import { createChallenge } from 'altcha-lib/v1';
 ```
+## API Reference
+The default import path (`altcha-lib`) uses the v2 API. The v1 API is available at `altcha-lib/v1`.
+### v2 (`altcha-lib`)
+#### `createChallenge(options: CreateChallengeOptions): Promise<Challenge>`
+Creates a new proof-of-work challenge. Generates a random nonce and salt, optionally pre-computes a key prefix from a known counter value, and optionally signs the challenge with HMAC.
+| Option | Type | Description |
+|---|---|---|
+| `algorithm` | `string` | Key derivation algorithm (e.g. `'PBKDF2/SHA-256'`, `'ARGON2ID'`, `'SCRYPT'`). |
+| `cost` | `number` | Algorithm-specific cost controlling computational difficulty. |
+| `deriveKey` | `DeriveKeyFunction` | Key derivation function. |
+| `counter` | `number?` | Known counter value for deterministic mode. |
+| `counterMode` | `'uint32' \| 'string'` | Counter encoding format. Defaults to `'uint32'`. |
+| `data` | `Record<string, ...>?` | Arbitrary metadata embedded in the challenge. |
+| `expiresAt` | `number \| Date?` | Expiry timestamp (seconds) or Date. |
+| `hmacAlgorithm` | `HmacAlgorithm?` | HMAC digest algorithm. Defaults to `'SHA-256'`. |
+| `hmacKeySignatureSecret` | `string?` | HMAC secret for signing derived keys (deterministic mode). |
+| `hmacSignatureSecret` | `string?` | HMAC secret for signing the challenge payload. |
+| `keyLength` | `number?` | Derived key length in bytes. Defaults to `32`. |
+| `keyPrefix` | `string?` | Required prefix the derived key must match. |
+| `keyPrefixLength` | `number?` | Number of bytes used as prefix in deterministic mode. Defaults to `keyLength / 2`. |
+| `memoryCost` | `number?` | Memory cost in KiB (Argon2id/scrypt only). |
+| `parallelism` | `number?` | Parallelism setting (Argon2id/scrypt only). |
+#### `solveChallenge(options: SolveChallengeOptions): Promise<Solution | null>`
+Solves a challenge by brute-forcing counter values until the derived key starts with the required prefix. Returns `null` on timeout or abort.
+| Option | Type | Description |
+|---|---|---|
+| `challenge` | `Challenge` | The challenge to solve. |
+| `deriveKey` | `DeriveKeyFunction` | Key derivation function. |
+| `controller` | `AbortController?` | For cancelling the solve operation. |
+| `counterStart` | `number?` | Initial counter value. Defaults to `0`. |
+| `counterStep` | `number?` | Increment between attempts. Defaults to `1`. |
+| `counterMode` | `'uint32' \| 'string'?` | Counter encoding format. Defaults to `'uint32'`. |
+| `timeout` | `number?` | Timeout in milliseconds. Defaults to `90000`. |
+#### `solveChallengeWorkers(options): Promise<Solution | null>`
+Solves a challenge using multiple Web Workers in parallel. Each worker tests a different interleaved subset of counter values. Automatically retries with fewer workers on out-of-memory errors.
+| Option | Type | Description |
+|---|---|---|
+| `challenge` | `Challenge` | The challenge to solve. |
+| `concurrency` | `number` | Number of workers to use (max 16). |
+| `createWorker` | `(algorithm: string) => Worker \| Promise<Worker>` | Factory function to create a worker. |
+| `controller` | `AbortController?` | For cancelling the solve operation. |
+| `counterMode` | `'uint32' \| 'string'?` | Counter encoding format. |
+| `onOutOfMemory` | `(concurrency: number) => number \| void?` | Called on OOM; return new concurrency to retry or falsy to abort. |
+| `timeout` | `number?` | Timeout in milliseconds. |
+#### `verifySolution(options: VerifySolutionOptions): Promise<VerifySolutionResult>`
+Verifies a submitted solution against a challenge. Checks expiration, challenge signature integrity, and that the derived key matches the solution.
+| Option | Type | Description |
+|---|---|---|
+| `challenge` | `Challenge` | The original challenge. |
+| `solution` | `Solution` | The solution to verify. |
+| `hmacSignatureSecret` | `string` | HMAC secret used when the challenge was created. |
+| `deriveKey` | `DeriveKeyFunction` | Key derivation function. |
+| `counterMode` | `'uint32' \| 'string'?` | Counter encoding format. |
+| `hmacAlgorithm` | `HmacAlgorithm?` | HMAC digest algorithm. Defaults to `'SHA-256'`. |
+| `hmacKeySignatureSecret` | `string?` | HMAC secret for verifying derived-key signatures. |
+Returns `VerifySolutionResult`:
+| Field | Type | Description |
+|---|---|---|
+| `verified` | `boolean` | Whether the solution is valid. |
+| `expired` | `boolean` | Whether the challenge has expired. |
+| `invalidSignature` | `boolean \| null` | Whether the challenge signature is invalid. |
+| `invalidSolution` | `boolean \| null` | Whether the solution is incorrect. |
+| `time` | `number` | Time taken to verify in milliseconds. |
+#### `verifyFieldsHash(options): Promise<boolean>`
+Verifies the SHA hash of specified form fields.
+| Option | Type | Description |
+|---|---|---|
+| `formData` | `FormData \| Record<string, unknown>` | The form data to verify. |
+| `fields` | `string[]` | Field names to include in the hash. |
+| `fieldsHash` | `string` | The expected hash value. |
+| `algorithm` | `string?` | Hash algorithm. Defaults to `'SHA-256'`. |
+#### `verifyServerSignature(options): Promise<VerifyServerSignatureResult>`
+Verifies a server signature payload from ALTCHA Sentinel.
+| Option | Type | Description |
+|---|---|---|
+| `payload` | `ServerSignaturePayload` | The payload to verify. |
+| `hmacSecret` | `string` | The HMAC secret. |
+Returns `VerifyServerSignatureResult` (extends `VerifySolutionResult`):
+| Field | Type | Description |
+|---|---|---|
+| `verified` | `boolean` | Whether the signature is valid. |
+| `verificationData` | `ServerSignatureVerificationData \| null` | Parsed verification data. |
+#### `obfuscate(str: string, options?): Promise<string>`
+> Import from `altcha-lib/obfuscation`
+Encrypts a string using AES-GCM, with the key derived from a PoW challenge. Returns a base64-encoded payload.
+| Option | Type | Description |
+|---|---|---|
+| `counterMin` | `number?` | Minimum counter value. Defaults to `20`. |
+| `counterMax` | `number?` | Maximum counter value. Defaults to `200`. |
+| `deriveKey` | `DeriveKeyFunction?` | Key derivation function. Defaults to PBKDF2. |
+| `...` | | Any `CreateChallengeOptions` fields. |
+#### `deobfuscate(obfuscatedData: string, options?): Promise<string>`
+> Import from `altcha-lib/obfuscation`
+Decrypts an obfuscated string by solving the embedded PoW challenge and using the derived key.
+| Option | Type | Description |
+|---|---|---|
+| `concurrency` | `number?` | Worker concurrency. Defaults to up to 4. |
+| `createWorker` | `(algorithm: string) => Worker?` | Factory to create a worker for solving. |
+| `deriveKey` | `DeriveKeyFunction?` | Key derivation function. Defaults to PBKDF2. |
+#### `randomInt(max: number, min?: number): number`
+Returns a cryptographically random integer between `min` (default `1`) and `max`.
+#### `class CappedMap<K, V>`
+A `Map` subclass with a fixed maximum size. When full, the oldest entry is evicted on insertion.
+```ts
+new CappedMap({ maxSize: number })
+```
+#### `enum HmacAlgorithm`
+| Value | String |
+|---|---|
+| `HmacAlgorithm.SHA_256` | `'SHA-256'` |
+| `HmacAlgorithm.SHA_384` | `'SHA-384'` |
+| `HmacAlgorithm.SHA_512` | `'SHA-512'` |
+---
+### v1 (`altcha-lib/v1`)
+#### `createChallenge(options: ChallengeOptions): Promise<Challenge>`
+Creates a v1 SHA-based proof-of-work challenge.
+| Option | Type | Description |
+|---|---|---|
+| `hmacKey` | `string` | **Required.** HMAC key for signing. |
+| `algorithm` | `'SHA-1' \| 'SHA-256' \| 'SHA-512'?` | Hash algorithm. Defaults to `'SHA-256'`. |
+| `expires` | `Date?` | Expiry date embedded in the salt. |
+| `maxNumber` | `number?` | Maximum random number. Defaults to `1000000`. |
+| `number` | `number?` | Fixed number (skips random selection). |
+| `params` | `Record<string, string>?` | Extra parameters embedded in the salt. |
+| `salt` | `string?` | Custom salt value. |
+| `saltLength` | `number?` | Random salt length in bytes. Defaults to `12`. |
+#### `verifySolution(payload: string | Payload, hmacKey: string, checkExpires?: boolean): Promise<boolean>`
+Verifies a v1 solution payload.
+#### `verifyFieldsHash(formData, fields, fieldsHash, algorithm?): Promise<boolean>`
+Verifies the hash of specified form fields.
+#### `verifyServerSignature(payload: string | ServerSignaturePayload, hmacKey: string): Promise<{ verified: boolean, verificationData: ServerSignatureVerificationData | null }>`
+Verifies a v1 server signature.
+#### `solveChallenge(challenge, salt, algorithm?, max?, start?): { promise: Promise<Solution | null>, controller: AbortController }`
+Solves a v1 challenge by brute force.
+#### `solveChallengeWorkers(workerScript, concurrency, challenge, salt, algorithm?, max?, startNumber?): Promise<Solution | null>`
+Solves a v1 challenge using Web Workers.
+#### `extractParams(payload: string | Payload | Challenge): Record<string, string>`
+Extracts URL parameters embedded in a challenge salt.
 ## License
 MIT

package/bin/cli.mjs CHANGED Viewed

@@ -1,35 +1,290 @@
 #!/usr/bin/env node
+import { readFile } from 'node:fs/promises';
+import { Worker as NodeWorker } from 'node:worker_threads';
 import { obfuscate, deobfuscate } from 'altcha-lib/obfuscation';
+import { createChallenge, solveChallengeWorkers, verifySolution } from 'altcha-lib';
+const ALGORITHMS = [
+	'PBKDF2/SHA-256',
+	'PBKDF2/SHA-384',
+	'PBKDF2/SHA-512',
+	'SCRYPT',
+	'ARGON2ID',
+	'SHA-256',
+	'SHA-384',
+	'SHA-512',
+];
+const USAGE = `Usage: altcha-lib <command> [options]
+Commands:
+  obfuscate [data]       Obfuscate a string
+  deobfuscate [data]     Deobfuscate a string
+  create                 Create a new challenge
+  solve [challenge]      Solve a challenge (JSON)
+                         --workers <n>          Number of worker threads (default: 1)
+  verify [challenge] [solution]  Verify a challenge solution (JSON files or inline JSON)
+Options for create:
+  --algorithm <algo>         Algorithm (default: PBKDF2/SHA-256)
+                             Supported: ${ALGORITHMS.join(', ')}
+  --cost <n>                 Cost parameter (default: 5000 for SHA/PBKDF2, 16384 for SCRYPT, 3 for ARGON2ID)
+  --hmac-secret <secret>     HMAC secret for signing the challenge
+  --hmac-key-secret <secret> HMAC secret for signing the derived key (deterministic mode)
+  --counter <n>              Known counter value for deterministic mode
+  --expires <seconds>        Seconds until the challenge expires
+  --key-prefix <prefix>      Key prefix override
+  --memory-cost <n>          Memory cost (SCRYPT/ARGON2ID only)
+  --parallelism <n>          Parallelism (SCRYPT/ARGON2ID only)
+Options for verify:
+  --hmac-secret <secret>     HMAC secret used when creating the challenge
+  --hmac-key-secret <secret> HMAC key secret used when creating the challenge (deterministic mode)
+`;
 const [command, ...rest] = process.argv.slice(2);
-if (!command || !['obfuscate', 'deobfuscate'].includes(command)) {
-  console.error('Usage: altcha-lib <obfuscate|deobfuscate> [data]');
-  process.exit(1);
+const COMMANDS = ['obfuscate', 'deobfuscate', 'create', 'solve', 'verify'];
+if (!command || !COMMANDS.includes(command)) {
+	process.stderr.write(USAGE);
+	process.exit(1);
 }
 function readStdin() {
-  return new Promise((resolve, reject) => {
-    let buf = '';
-    process.stdin.setEncoding('utf-8');
-    process.stdin.on('data', (chunk) => buf += chunk);
-    process.stdin.on('end', () => resolve(buf.trim()));
-    process.stdin.on('error', reject);
-  });
+	return new Promise((resolve, reject) => {
+		let buf = '';
+		process.stdin.setEncoding('utf-8');
+		process.stdin.on('data', (chunk) => (buf += chunk));
+		process.stdin.on('end', () => resolve(buf.trim()));
+		process.stdin.on('error', reject);
+	});
 }
-try {
-  const data = rest.length ? rest.join(' ') : await readStdin();
+async function readInput(arg, label) {
+	let raw;
+	if (arg) {
+		try {
+			raw = (await readFile(arg, 'utf-8')).trim();
+		} catch {
+			// Not a readable file — treat as inline JSON string
+			raw = arg;
+		}
+	} else {
+		raw = await readStdin();
+	}
+	if (!raw) {
+		console.error(`Error: No ${label} provided`);
+		process.exit(1);
+	}
+	return raw;
+}
+function parseArgs(args) {
+	const opts = {};
+	const positional = [];
+	for (let i = 0; i < args.length; i++) {
+		if (args[i].startsWith('--')) {
+			const key = args[i].slice(2);
+			if (i + 1 < args.length && !args[i + 1].startsWith('--')) {
+				opts[key] = args[++i];
+			} else {
+				opts[key] = true;
+			}
+		} else {
+			positional.push(args[i]);
+		}
+	}
+	return { opts, positional };
+}
+function getWorkerName(algorithm) {
+	const algo = (algorithm || '').toUpperCase();
+	if (algo.startsWith('PBKDF2')) return 'pbkdf2';
+	if (algo === 'SCRYPT') return 'scrypt';
+	if (algo === 'ARGON2ID') return 'argon2id';
+	return 'sha';
+}
+function createWorker(algorithm) {
+	const workerModuleUrl = new URL(
+		`../dist/esm/v2/workers/${getWorkerName(algorithm)}.js`,
+		import.meta.url
+	).href;
+	// Shim Web Worker globals (self.onmessage / self.postMessage) so the
+	// existing dist worker modules work inside a node:worker_threads context.
+	const shim = `
+import { parentPort } from 'node:worker_threads';
+const self = { onmessage: null, postMessage(d) { parentPort.postMessage(d); } };
+globalThis.self = self;
+parentPort.on('message', (data) => { if (typeof self.onmessage === 'function') self.onmessage({ data }); });
+await import(${JSON.stringify(workerModuleUrl)});
+`;
+	const worker = new NodeWorker(
+		new URL(`data:text/javascript,${encodeURIComponent(shim)}`),
+		{ type: 'module' }
+	);
+	// Adapt EventEmitter API to the EventTarget API expected by solveChallengeWorkers.
+	worker.addEventListener = (event, handler) => {
+		worker.on(event === 'message' ? 'message' : event, (data) =>
+			event === 'message' ? handler({ data }) : handler(data)
+		);
+	};
+	return worker;
+}
-  if (!data) {
-    console.error(`Error: No data provided for ${command}`);
-    process.exit(1);
-  }
+async function getDeriveKey(algorithm) {
+	const algo = (algorithm || 'PBKDF2/SHA-256').toUpperCase();
+	if (algo.startsWith('PBKDF2')) {
+		const mod = await import('altcha-lib/algorithms/pbkdf2');
+		return mod.deriveKey;
+	} else if (algo === 'SCRYPT') {
+		const mod = await import('altcha-lib/algorithms/scrypt');
+		return mod.deriveKey;
+	} else if (algo === 'ARGON2ID') {
+		const mod = await import('altcha-lib/algorithms/argon2id');
+		return mod.deriveKey;
+	} else {
+		const mod = await import('altcha-lib/algorithms/sha');
+		return mod.deriveKey;
+	}
+}
+function getDefaultCost(algorithm) {
+	const algo = (algorithm || 'SHA-256').toUpperCase();
+	if (algo === 'SCRYPT') return 16384;
+	if (algo === 'ARGON2ID') return 3;
+	return 5000;
+}
-  const result = command === 'obfuscate' ? await obfuscate(data) : await deobfuscate(data);
-  console.log(result);
+function getDefaultMemoryCost(algorithm) {
+	const algo = (algorithm || '').toUpperCase();
+	if (algo === 'SCRYPT') return 8;
+	if (algo === 'ARGON2ID') return 65536;
+	return undefined;
+}
+try {
+	if (command === 'obfuscate' || command === 'deobfuscate') {
+		const data = rest.length ? rest.join(' ') : await readStdin();
+		if (!data) {
+			console.error(`Error: No data provided for ${command}`);
+			process.exit(1);
+		}
+		const result =
+			command === 'obfuscate' ? await obfuscate(data) : await deobfuscate(data);
+		console.log(result);
+	} else if (command === 'create') {
+		const { opts } = parseArgs(rest);
+		const algorithm = opts['algorithm'] || 'SHA-256';
+		const cost = opts['cost']
+			? parseInt(opts['cost'], 10)
+			: getDefaultCost(algorithm);
+		const hmacSecret = opts['hmac-secret'];
+		const hmacKeySecret = opts['hmac-key-secret'];
+		const counter = opts['counter'] !== undefined ? parseInt(opts['counter'], 10) : undefined;
+		const expires = opts['expires'] ? parseInt(opts['expires'], 10) : undefined;
+		const keyPrefix = opts['key-prefix'];
+		const memoryCost = opts['memory-cost']
+			? parseInt(opts['memory-cost'], 10)
+			: getDefaultMemoryCost(algorithm);
+		const parallelism = opts['parallelism']
+			? parseInt(opts['parallelism'], 10)
+			: undefined;
+		const deriveKey = await getDeriveKey(algorithm);
+		const challenge = await createChallenge({
+			algorithm,
+			cost,
+			counter,
+			deriveKey,
+			expiresAt: expires ? new Date(Date.now() + expires * 1000) : undefined,
+			hmacSignatureSecret: hmacSecret,
+			hmacKeySignatureSecret: hmacKeySecret,
+			keyPrefix,
+			memoryCost,
+			parallelism,
+		});
+		console.log(JSON.stringify(challenge, null, 2));
+	} else if (command === 'solve') {
+		const { opts, positional } = parseArgs(rest);
+		const workers = opts['workers'] ? parseInt(opts['workers'], 10) : undefined;
+		const raw = await readInput(positional.length ? positional[0] : null, 'challenge JSON');
+		let challenge;
+		try {
+			challenge = JSON.parse(raw);
+		} catch {
+			console.error('Error: Invalid JSON for challenge');
+			process.exit(1);
+		}
+		const algorithm = challenge?.parameters?.algorithm;
+		const solution = await solveChallengeWorkers({
+			challenge,
+			concurrency: workers ?? 1,
+			createWorker: () => createWorker(algorithm),
+		});
+		if (!solution) {
+			console.error('Error: Failed to solve challenge (timeout or aborted)');
+			process.exit(1);
+		}
+		console.log(JSON.stringify(solution, null, 2));
+	} else if (command === 'verify') {
+		const { opts, positional } = parseArgs(rest);
+		const hmacSecret = opts['hmac-secret'];
+		const hmacKeySecret = opts['hmac-key-secret'];
+		if (!hmacSecret) {
+			console.error('Error: --hmac-secret is required for verify');
+			process.exit(1);
+		}
+		let challenge, solution;
+		if (positional.length >= 2) {
+			const rawChallenge = await readInput(positional[0], 'challenge JSON');
+			const rawSolution = await readInput(positional[1], 'solution JSON');
+			try {
+				challenge = JSON.parse(rawChallenge);
+			} catch {
+				console.error('Error: Invalid JSON for challenge');
+				process.exit(1);
+			}
+			try {
+				solution = JSON.parse(rawSolution);
+			} catch {
+				console.error('Error: Invalid JSON for solution');
+				process.exit(1);
+			}
+		} else {
+			const raw = await readInput(positional.length ? positional[0] : null, 'payload JSON');
+			let payload;
+			try {
+				payload = JSON.parse(raw);
+			} catch {
+				console.error('Error: Invalid JSON for payload');
+				process.exit(1);
+			}
+			({ challenge, solution } = payload);
+			if (!challenge || !solution) {
+				console.error(
+					'Error: Payload must contain "challenge" and "solution" fields'
+				);
+				process.exit(1);
+			}
+		}
+		const algorithm = challenge?.parameters?.algorithm;
+		const deriveKey = await getDeriveKey(algorithm);
+		const result = await verifySolution({
+			challenge,
+			solution,
+			deriveKey,
+			hmacSignatureSecret: hmacSecret,
+			hmacKeySignatureSecret: hmacKeySecret,
+		});
+		console.log(JSON.stringify(result, null, 2));
+		if (!result.verified) {
+			process.exit(1);
+		}
+	}
 } catch (err) {
-  console.error(`Error during ${command}: ${err.message}`);
-  process.exit(1);
-}
+	console.error(`Error: ${err.message}`);
+	process.exit(1);
+}

package/dist/cjs/v2/pow.js CHANGED Viewed

@@ -89,17 +89,18 @@ async function solveChallenge(options) {
     const password = new PasswordBuffer(nonceBuf, counterMode);
     const start = performance.now();
     let counter = counterStart;
+    let iterations = 0;
     let derivedKeyHex = '';
     let lastYield = start;
     while (true) {
         // Check for abort signal or timeout every 10 iterations.
         if (controller?.signal.aborted ||
-            (timeout && counter % 10 === 0 && performance.now() - start > timeout)) {
+            (timeout && iterations % 10 === 0 && performance.now() - start > timeout)) {
             return null;
         }
         const { derivedKey } = await deriveKey(challenge.parameters, saltBuf, password.setCounter(counter));
         // Yield to the event loop periodically.
-        if (counter % 10 === 0 && performance.now() - lastYield > 200) {
+        if (iterations % 10 === 0 && performance.now() - lastYield > 200) {
             await (0, helpers_js_1.delay)(0);
             lastYield = performance.now();
         }
@@ -111,6 +112,7 @@ async function solveChallenge(options) {
             break;
         }
         counter = counter + counterStep;
+        iterations = iterations + 1;
     }
     return {
         counter,

package/dist/esm/v2/pow.js CHANGED Viewed

@@ -84,17 +84,18 @@ export async function solveChallenge(options) {
     const password = new PasswordBuffer(nonceBuf, counterMode);
     const start = performance.now();
     let counter = counterStart;
+    let iterations = 0;
     let derivedKeyHex = '';
     let lastYield = start;
     while (true) {
         // Check for abort signal or timeout every 10 iterations.
         if (controller?.signal.aborted ||
-            (timeout && counter % 10 === 0 && performance.now() - start > timeout)) {
+            (timeout && iterations % 10 === 0 && performance.now() - start > timeout)) {
             return null;
         }
         const { derivedKey } = await deriveKey(challenge.parameters, saltBuf, password.setCounter(counter));
         // Yield to the event loop periodically.
-        if (counter % 10 === 0 && performance.now() - lastYield > 200) {
+        if (iterations % 10 === 0 && performance.now() - lastYield > 200) {
             await delay(0);
             lastYield = performance.now();
         }
@@ -106,6 +107,7 @@ export async function solveChallenge(options) {
             break;
         }
         counter = counter + counterStep;
+        iterations = iterations + 1;
     }
     return {
         counter,

package/dist/tsconfig.build.tsbuildinfo ADDED Viewed

@@ -0,0 +1 @@

+ {"root":["../src/v1/helpers.ts","../src/v1/index.ts","../src/v1/types.ts","../src/v1/worker.ts","../src/v2/capped-map.ts","../src/v2/helpers.ts","../src/v2/index.ts","../src/v2/obfuscation.ts","../src/v2/pow.ts","../src/v2/server-signature.ts","../src/v2/types.ts","../src/v2/algorithms/argon2id.ts","../src/v2/algorithms/pbkdf2.ts","../src/v2/algorithms/scrypt.ts","../src/v2/algorithms/sha.ts","../src/v2/algorithms/web/pbkdf2.ts","../src/v2/algorithms/web/sha.ts","../src/v2/frameworks/express.ts","../src/v2/frameworks/fastify.ts","../src/v2/frameworks/h3.ts","../src/v2/frameworks/hono.ts","../src/v2/frameworks/nestjs.ts","../src/v2/frameworks/nextjs.ts","../src/v2/frameworks/shared.ts","../src/v2/frameworks/sveltekit.ts","../src/v2/frameworks/types.ts","../src/v2/workers/argon2id.ts","../src/v2/workers/pbkdf2.ts","../src/v2/workers/scrypt.ts","../src/v2/workers/sha.ts","../src/v2/workers/shared.ts"],"version":"5.9.3"}

package/dist/tsconfig.cjs.tsbuildinfo ADDED Viewed

@@ -0,0 +1 @@

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "altcha-lib",
-  "version": "2.0.0",
+  "version": "2.0.2",
   "description": "A lightweight library for creating and verifying ALTCHA challenges on the server.",
   "author": {
     "name": "Daniel Regeci",
@@ -114,7 +114,7 @@
     "fastify": "^5.8.2",
     "globals": "^17.4.0",
     "h3": "^2.0.1-rc.18",
-    "hono": "^4.12.5",
+    "hono": "^4.12.12",
     "husky": "^9.1.7",
     "prettier": "^3.8.1",
     "rimraf": "^6.1.3",

package/dist/cjs/tsconfig.cjs.tsbuildinfo DELETED Viewed

@@ -1 +0,0 @@

- {"root":["../../src/v1/helpers.ts","../../src/v1/index.ts","../../src/v1/types.ts","../../src/v1/worker.ts","../../src/v2/capped-map.ts","../../src/v2/helpers.ts","../../src/v2/index.ts","../../src/v2/obfuscation.ts","../../src/v2/pow.ts","../../src/v2/server-signature.ts","../../src/v2/types.ts","../../src/v2/algorithms/argon2id.ts","../../src/v2/algorithms/pbkdf2.ts","../../src/v2/algorithms/scrypt.ts","../../src/v2/algorithms/sha.ts","../../src/v2/algorithms/web/pbkdf2.ts","../../src/v2/algorithms/web/sha.ts","../../src/v2/frameworks/express.ts","../../src/v2/frameworks/fastify.ts","../../src/v2/frameworks/h3.ts","../../src/v2/frameworks/hono.ts","../../src/v2/frameworks/nestjs.ts","../../src/v2/frameworks/nextjs.ts","../../src/v2/frameworks/shared.ts","../../src/v2/frameworks/sveltekit.ts","../../src/v2/frameworks/types.ts","../../src/v2/workers/argon2id.ts","../../src/v2/workers/pbkdf2.ts","../../src/v2/workers/scrypt.ts","../../src/v2/workers/sha.ts","../../src/v2/workers/shared.ts"],"version":"5.9.3"}

package/dist/esm/tsconfig.build.tsbuildinfo DELETED Viewed

@@ -1 +0,0 @@