npm - bro-auth - Versions diffs - 0.1.2 → 0.1.4 - Mend

bro-auth 0.1.2 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (6) hide show

package/README.md CHANGED Viewed

@@ -2,8 +2,8 @@
 ```
 ┌──────────────────────────────────────────────────────────────┐
-│  █▄▄ █▀█ █▀█   ▄▀█ █░█ ▀█▀ █░█      bro-auth                │
-│  █▄█ █▀▄ █▄█   █▀█ █▀█ ░█░ █▀█                              │
+│  █▄▄ █▀█ █▀█   █▀█ █ █ ▀█▀ █ █      bro-auth                 │
+│  █▄█ █▀▄ █▄█   █▀█ █▄█  █  █▀█                               │
 ├──────────────────────────────────────────────────────────────┤
 │     Stateless JWT · Device Fingerprinting · Zero Replay      │
 └──────────────────────────────────────────────────────────────┘

package/dist/browser.cjs ADDED Viewed

@@ -0,0 +1,76 @@
+var __defProp = Object.defineProperty;
+var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
+var __getOwnPropNames = Object.getOwnPropertyNames;
+var __hasOwnProp = Object.prototype.hasOwnProperty;
+var __export = (target, all) => {
+  for (var name in all)
+    __defProp(target, name, { get: all[name], enumerable: true });
+};
+var __copyProps = (to, from, except, desc) => {
+  if (from && typeof from === "object" || typeof from === "function") {
+    for (let key of __getOwnPropNames(from))
+      if (!__hasOwnProp.call(to, key) && key !== except)
+        __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
+  }
+  return to;
+};
+var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
+// src/browser/index.js
+var browser_exports = {};
+__export(browser_exports, {
+  getFingerprint: () => getFingerprint
+});
+module.exports = __toCommonJS(browser_exports);
+// src/browser/fingerprint.js
+var import_crypto_es = require("crypto-es");
+async function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const ctx = canvas.getContext("2d");
+    ctx.textBaseline = "top";
+    ctx.font = "14px 'Arial'";
+    ctx.fillStyle = "#f60";
+    ctx.fillRect(0, 0, 100, 20);
+    ctx.fillStyle = "#000";
+    ctx.fillText("bro-auth-fingerprint", 2, 15);
+    return canvas.toDataURL();
+  } catch {
+    return "no-canvas";
+  }
+}
+function getGPUFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+    if (!gl) return "no-webgl";
+    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
+  } catch {
+    return "no-webgl";
+  }
+}
+async function getFingerprint() {
+  const components = {
+    userAgent: navigator.userAgent,
+    platform: navigator.platform,
+    language: navigator.language,
+    languages: navigator.languages.join(","),
+    screen: `${screen.width}x${screen.height}`,
+    colorDepth: screen.colorDepth,
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    cpuCores: navigator.hardwareConcurrency || "unknown",
+    deviceMemory: navigator.deviceMemory || "unknown",
+    gpu: getGPUFingerprint(),
+    canvas: await getCanvasFingerprint()
+  };
+  const rawString = Object.values(components).join("|");
+  const fpHash = (0, import_crypto_es.SHA256)(rawString).toString();
+  return {
+    raw: rawString,
+    hash: fpHash,
+    components
+  };
+}

package/dist/browser.js ADDED Viewed

@@ -0,0 +1,54 @@
+// src/browser/fingerprint.js
+import { SHA256 } from "crypto-es";
+async function getCanvasFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const ctx = canvas.getContext("2d");
+    ctx.textBaseline = "top";
+    ctx.font = "14px 'Arial'";
+    ctx.fillStyle = "#f60";
+    ctx.fillRect(0, 0, 100, 20);
+    ctx.fillStyle = "#000";
+    ctx.fillText("bro-auth-fingerprint", 2, 15);
+    return canvas.toDataURL();
+  } catch {
+    return "no-canvas";
+  }
+}
+function getGPUFingerprint() {
+  try {
+    const canvas = document.createElement("canvas");
+    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
+    if (!gl) return "no-webgl";
+    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
+    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
+  } catch {
+    return "no-webgl";
+  }
+}
+async function getFingerprint() {
+  const components = {
+    userAgent: navigator.userAgent,
+    platform: navigator.platform,
+    language: navigator.language,
+    languages: navigator.languages.join(","),
+    screen: `${screen.width}x${screen.height}`,
+    colorDepth: screen.colorDepth,
+    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
+    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
+    cpuCores: navigator.hardwareConcurrency || "unknown",
+    deviceMemory: navigator.deviceMemory || "unknown",
+    gpu: getGPUFingerprint(),
+    canvas: await getCanvasFingerprint()
+  };
+  const rawString = Object.values(components).join("|");
+  const fpHash = SHA256(rawString).toString();
+  return {
+    raw: rawString,
+    hash: fpHash,
+    components
+  };
+}
+export {
+  getFingerprint
+};

package/dist/index.cjs CHANGED Viewed

@@ -1,6 +1,8 @@
+var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
+var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -14,63 +16,140 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
+var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
+  // If the importer is in node compatibility mode or this is not an ESM
+  // file that has been converted to a CommonJS file using a Babel-
+  // compatible transform (i.e. "__esModule" has not been set), then set
+  // "default" to the CommonJS "module.exports" for node compatibility.
+  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
+  mod
+));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
-// src/browser/index.js
-var index_exports = {};
-__export(index_exports, {
-  getFingerprint: () => getFingerprint
+// src/core/index.js
+var core_exports = {};
+__export(core_exports, {
+  buildClearRefreshCookie: () => buildClearRefreshCookie,
+  buildRefreshCookie: () => buildRefreshCookie,
+  generateAccessToken: () => generateAccessToken,
+  generateFingerprintHash: () => generateFingerprintHash,
+  generateRefreshToken: () => generateRefreshToken,
+  generateTokens: () => generateTokens,
+  verifyAccessToken: () => verifyAccessToken,
+  verifyRefreshToken: () => verifyRefreshToken
 });
-module.exports = __toCommonJS(index_exports);
+module.exports = __toCommonJS(core_exports);
-// src/browser/fingerprint.js
+// src/core/fingerprint.js
 var import_crypto_es = require("crypto-es");
-async function getCanvasFingerprint() {
+function generateFingerprintHash(rawString) {
+  return (0, import_crypto_es.SHA256)(rawString).toString();
+}
+// src/core/tokens.js
+var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
+function generateAccessToken(userId, fpHash, secret, expiresIn = "15m") {
+  return import_jsonwebtoken.default.sign(
+    {
+      sub: userId,
+      fp: fpHash,
+      type: "access"
+    },
+    secret,
+    { expiresIn }
+  );
+}
+function generateRefreshToken(userId, fpHash, secret, expiresIn = "7d") {
+  return import_jsonwebtoken.default.sign(
+    {
+      sub: userId,
+      fp: fpHash,
+      type: "refresh"
+    },
+    secret,
+    { expiresIn }
+  );
+}
+function generateTokens(userId, fpHash, accessSecret, refreshSecret) {
+  const accessToken = generateAccessToken(userId, fpHash, accessSecret);
+  const refreshToken = generateRefreshToken(userId, fpHash, refreshSecret);
+  return { accessToken, refreshToken };
+}
+// src/core/verify.js
+var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"), 1);
+function safeCompare(a = "", b = "") {
+  if (a.length !== b.length) return false;
+  let mismatch = 0;
+  for (let i = 0; i < a.length; i++) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+function verifyAccessToken(token, fpHash, secret) {
   try {
-    const canvas = document.createElement("canvas");
-    const ctx = canvas.getContext("2d");
-    ctx.textBaseline = "top";
-    ctx.font = "14px 'Arial'";
-    ctx.fillStyle = "#f60";
-    ctx.fillRect(0, 0, 100, 20);
-    ctx.fillStyle = "#000";
-    ctx.fillText("bro-auth-fingerprint", 2, 15);
-    return canvas.toDataURL();
-  } catch {
-    return "no-canvas";
+    const decoded = import_jsonwebtoken2.default.verify(token, secret);
+    if (decoded.type !== "access") {
+      return { valid: false, error: "Invalid token type" };
+    }
+    if (!safeCompare(decoded.fp, fpHash)) {
+      return { valid: false, error: "Fingerprint mismatch" };
+    }
+    return { valid: true, payload: decoded };
+  } catch (err) {
+    return { valid: false, error: err.message };
   }
 }
-function getGPUFingerprint() {
+function verifyRefreshToken(token, fpHash, secret) {
   try {
-    const canvas = document.createElement("canvas");
-    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
-    if (!gl) return "no-webgl";
-    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
-    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
-  } catch {
-    return "no-webgl";
+    const decoded = import_jsonwebtoken2.default.verify(token, secret);
+    if (decoded.type !== "refresh") {
+      return { valid: false, error: "Invalid token type" };
+    }
+    if (!safeCompare(decoded.fp, fpHash)) {
+      return { valid: false, error: "Fingerprint mismatch" };
+    }
+    return { valid: true, payload: decoded };
+  } catch (err) {
+    return { valid: false, error: err.message };
   }
 }
-async function getFingerprint() {
-  const components = {
-    userAgent: navigator.userAgent,
-    platform: navigator.platform,
-    language: navigator.language,
-    languages: navigator.languages.join(","),
-    screen: `${screen.width}x${screen.height}`,
-    colorDepth: screen.colorDepth,
-    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
-    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
-    cpuCores: navigator.hardwareConcurrency || "unknown",
-    deviceMemory: navigator.deviceMemory || "unknown",
-    gpu: getGPUFingerprint(),
-    canvas: await getCanvasFingerprint()
+// src/core/cookies.js
+function buildRefreshCookie(token, maxAge = 60 * 60 * 24 * 7) {
+  return {
+    name: "bro_refresh",
+    value: token,
+    options: {
+      httpOnly: true,
+      secure: true,
+      sameSite: "strict",
+      path: "/",
+      maxAge
+    }
   };
-  const rawString = Object.values(components).join("|");
-  const fpHash = (0, import_crypto_es.SHA256)(rawString).toString();
+}
+function buildClearRefreshCookie() {
   return {
-    raw: rawString,
-    hash: fpHash,
-    components
+    name: "bro_refresh",
+    value: "",
+    options: {
+      httpOnly: true,
+      secure: true,
+      sameSite: "strict",
+      path: "/",
+      maxAge: 0
+    }
   };
 }
+// Annotate the CommonJS export names for ESM import in node:
+0 && (module.exports = {
+  buildClearRefreshCookie,
+  buildRefreshCookie,
+  generateAccessToken,
+  generateFingerprintHash,
+  generateRefreshToken,
+  generateTokens,
+  verifyAccessToken,
+  verifyRefreshToken
+});

package/dist/index.js CHANGED Viewed

@@ -1,54 +1,112 @@
-// src/browser/fingerprint.js
+// src/core/fingerprint.js
 import { SHA256 } from "crypto-es";
-async function getCanvasFingerprint() {
+function generateFingerprintHash(rawString) {
+  return SHA256(rawString).toString();
+}
+// src/core/tokens.js
+import jwt from "jsonwebtoken";
+function generateAccessToken(userId, fpHash, secret, expiresIn = "15m") {
+  return jwt.sign(
+    {
+      sub: userId,
+      fp: fpHash,
+      type: "access"
+    },
+    secret,
+    { expiresIn }
+  );
+}
+function generateRefreshToken(userId, fpHash, secret, expiresIn = "7d") {
+  return jwt.sign(
+    {
+      sub: userId,
+      fp: fpHash,
+      type: "refresh"
+    },
+    secret,
+    { expiresIn }
+  );
+}
+function generateTokens(userId, fpHash, accessSecret, refreshSecret) {
+  const accessToken = generateAccessToken(userId, fpHash, accessSecret);
+  const refreshToken = generateRefreshToken(userId, fpHash, refreshSecret);
+  return { accessToken, refreshToken };
+}
+// src/core/verify.js
+import jwt2 from "jsonwebtoken";
+function safeCompare(a = "", b = "") {
+  if (a.length !== b.length) return false;
+  let mismatch = 0;
+  for (let i = 0; i < a.length; i++) {
+    mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
+  }
+  return mismatch === 0;
+}
+function verifyAccessToken(token, fpHash, secret) {
   try {
-    const canvas = document.createElement("canvas");
-    const ctx = canvas.getContext("2d");
-    ctx.textBaseline = "top";
-    ctx.font = "14px 'Arial'";
-    ctx.fillStyle = "#f60";
-    ctx.fillRect(0, 0, 100, 20);
-    ctx.fillStyle = "#000";
-    ctx.fillText("bro-auth-fingerprint", 2, 15);
-    return canvas.toDataURL();
-  } catch {
-    return "no-canvas";
+    const decoded = jwt2.verify(token, secret);
+    if (decoded.type !== "access") {
+      return { valid: false, error: "Invalid token type" };
+    }
+    if (!safeCompare(decoded.fp, fpHash)) {
+      return { valid: false, error: "Fingerprint mismatch" };
+    }
+    return { valid: true, payload: decoded };
+  } catch (err) {
+    return { valid: false, error: err.message };
   }
 }
-function getGPUFingerprint() {
+function verifyRefreshToken(token, fpHash, secret) {
   try {
-    const canvas = document.createElement("canvas");
-    const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
-    if (!gl) return "no-webgl";
-    const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
-    return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
-  } catch {
-    return "no-webgl";
+    const decoded = jwt2.verify(token, secret);
+    if (decoded.type !== "refresh") {
+      return { valid: false, error: "Invalid token type" };
+    }
+    if (!safeCompare(decoded.fp, fpHash)) {
+      return { valid: false, error: "Fingerprint mismatch" };
+    }
+    return { valid: true, payload: decoded };
+  } catch (err) {
+    return { valid: false, error: err.message };
   }
 }
-async function getFingerprint() {
-  const components = {
-    userAgent: navigator.userAgent,
-    platform: navigator.platform,
-    language: navigator.language,
-    languages: navigator.languages.join(","),
-    screen: `${screen.width}x${screen.height}`,
-    colorDepth: screen.colorDepth,
-    timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
-    timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
-    cpuCores: navigator.hardwareConcurrency || "unknown",
-    deviceMemory: navigator.deviceMemory || "unknown",
-    gpu: getGPUFingerprint(),
-    canvas: await getCanvasFingerprint()
+// src/core/cookies.js
+function buildRefreshCookie(token, maxAge = 60 * 60 * 24 * 7) {
+  return {
+    name: "bro_refresh",
+    value: token,
+    options: {
+      httpOnly: true,
+      secure: true,
+      sameSite: "strict",
+      path: "/",
+      maxAge
+    }
   };
-  const rawString = Object.values(components).join("|");
-  const fpHash = SHA256(rawString).toString();
+}
+function buildClearRefreshCookie() {
   return {
-    raw: rawString,
-    hash: fpHash,
-    components
+    name: "bro_refresh",
+    value: "",
+    options: {
+      httpOnly: true,
+      secure: true,
+      sameSite: "strict",
+      path: "/",
+      maxAge: 0
+    }
   };
 }
 export {
-  getFingerprint
+  buildClearRefreshCookie,
+  buildRefreshCookie,
+  generateAccessToken,
+  generateFingerprintHash,
+  generateRefreshToken,
+  generateTokens,
+  verifyAccessToken,
+  verifyRefreshToken
 };

package/package.json CHANGED Viewed

@@ -1,13 +1,13 @@
 {
   "name": "bro-auth",
-  "version": "0.1.2",
+  "version": "0.1.4",
   "description": "bro-auth — Stateless, fingerprint-bound JWT authentication. Server utilities + browser fingerprinting module.",
   "type": "module",
   "main": "dist/index.cjs",
   "module": "dist/index.mjs",
   "browser": "dist/browser.mjs",
   "exports": {
-    ".": {
+    "./core": {
       "import": "./dist/index.js",
       "require": "./dist/index.cjs"
     },
@@ -23,11 +23,7 @@
   ],
   "scripts": {
     "clean": "rimraf dist",
-    "build:server": "tsup src/core/index.js --format cjs,esm --no-dts --out-dir dist",
-    "build:browser": "tsup src/browser/index.js --format cjs,esm --no-dts --out-dir dist --platform browser",
-    "build": "npm run clean && npm run build:server && npm run build:browser",
-    "prepack": "npm run build",
-    "test": "node --input-type=module -e \"import * as core from './dist/index.js'; console.log('core exports:', Object.keys(core));\""
+    "build": "npm run clean && tsup"
   },
   "keywords": [
     "jwt",