bro-auth 0.1.3 → 0.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/dist/browser.cjs +76 -0
  2. package/dist/browser.js +54 -0
  3. package/dist/index.cjs +124 -45
  4. package/dist/index.js +99 -41
  5. package/package.json +3 -7
package/dist/browser.cjs ADDED
@@ -0,0 +1,76 @@
1
+ var __defProp = Object.defineProperty;
2
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
3
+ var __getOwnPropNames = Object.getOwnPropertyNames;
4
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
5
+ var __export = (target, all) => {
6
+ for (var name in all)
7
+ __defProp(target, name, { get: all[name], enumerable: true });
8
+ };
9
+ var __copyProps = (to, from, except, desc) => {
10
+ if (from && typeof from === "object" || typeof from === "function") {
11
+ for (let key of __getOwnPropNames(from))
12
+ if (!__hasOwnProp.call(to, key) && key !== except)
13
+ __defProp(to, key, { get: () => from[key], enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable });
14
+ }
15
+ return to;
16
+ };
17
+ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
18
+
19
+ // src/browser/index.js
20
+ var browser_exports = {};
21
+ __export(browser_exports, {
22
+ getFingerprint: () => getFingerprint
23
+ });
24
+ module.exports = __toCommonJS(browser_exports);
25
+
26
+ // src/browser/fingerprint.js
27
+ var import_crypto_es = require("crypto-es");
28
+ async function getCanvasFingerprint() {
29
+ try {
30
+ const canvas = document.createElement("canvas");
31
+ const ctx = canvas.getContext("2d");
32
+ ctx.textBaseline = "top";
33
+ ctx.font = "14px 'Arial'";
34
+ ctx.fillStyle = "#f60";
35
+ ctx.fillRect(0, 0, 100, 20);
36
+ ctx.fillStyle = "#000";
37
+ ctx.fillText("bro-auth-fingerprint", 2, 15);
38
+ return canvas.toDataURL();
39
+ } catch {
40
+ return "no-canvas";
41
+ }
42
+ }
43
+ function getGPUFingerprint() {
44
+ try {
45
+ const canvas = document.createElement("canvas");
46
+ const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
47
+ if (!gl) return "no-webgl";
48
+ const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
49
+ return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
50
+ } catch {
51
+ return "no-webgl";
52
+ }
53
+ }
54
+ async function getFingerprint() {
55
+ const components = {
56
+ userAgent: navigator.userAgent,
57
+ platform: navigator.platform,
58
+ language: navigator.language,
59
+ languages: navigator.languages.join(","),
60
+ screen: `${screen.width}x${screen.height}`,
61
+ colorDepth: screen.colorDepth,
62
+ timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
63
+ timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
64
+ cpuCores: navigator.hardwareConcurrency || "unknown",
65
+ deviceMemory: navigator.deviceMemory || "unknown",
66
+ gpu: getGPUFingerprint(),
67
+ canvas: await getCanvasFingerprint()
68
+ };
69
+ const rawString = Object.values(components).join("|");
70
+ const fpHash = (0, import_crypto_es.SHA256)(rawString).toString();
71
+ return {
72
+ raw: rawString,
73
+ hash: fpHash,
74
+ components
75
+ };
76
+ }
package/dist/browser.js ADDED
@@ -0,0 +1,54 @@
1
+ // src/browser/fingerprint.js
2
+ import { SHA256 } from "crypto-es";
3
+ async function getCanvasFingerprint() {
4
+ try {
5
+ const canvas = document.createElement("canvas");
6
+ const ctx = canvas.getContext("2d");
7
+ ctx.textBaseline = "top";
8
+ ctx.font = "14px 'Arial'";
9
+ ctx.fillStyle = "#f60";
10
+ ctx.fillRect(0, 0, 100, 20);
11
+ ctx.fillStyle = "#000";
12
+ ctx.fillText("bro-auth-fingerprint", 2, 15);
13
+ return canvas.toDataURL();
14
+ } catch {
15
+ return "no-canvas";
16
+ }
17
+ }
18
+ function getGPUFingerprint() {
19
+ try {
20
+ const canvas = document.createElement("canvas");
21
+ const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
22
+ if (!gl) return "no-webgl";
23
+ const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
24
+ return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
25
+ } catch {
26
+ return "no-webgl";
27
+ }
28
+ }
29
+ async function getFingerprint() {
30
+ const components = {
31
+ userAgent: navigator.userAgent,
32
+ platform: navigator.platform,
33
+ language: navigator.language,
34
+ languages: navigator.languages.join(","),
35
+ screen: `${screen.width}x${screen.height}`,
36
+ colorDepth: screen.colorDepth,
37
+ timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
38
+ timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
39
+ cpuCores: navigator.hardwareConcurrency || "unknown",
40
+ deviceMemory: navigator.deviceMemory || "unknown",
41
+ gpu: getGPUFingerprint(),
42
+ canvas: await getCanvasFingerprint()
43
+ };
44
+ const rawString = Object.values(components).join("|");
45
+ const fpHash = SHA256(rawString).toString();
46
+ return {
47
+ raw: rawString,
48
+ hash: fpHash,
49
+ components
50
+ };
51
+ }
52
+ export {
53
+ getFingerprint
54
+ };
package/dist/index.cjs CHANGED
@@ -1,6 +1,8 @@
1
+ var __create = Object.create;
1
2
  var __defProp = Object.defineProperty;
2
3
  var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
3
4
  var __getOwnPropNames = Object.getOwnPropertyNames;
5
+ var __getProtoOf = Object.getPrototypeOf;
4
6
  var __hasOwnProp = Object.prototype.hasOwnProperty;
5
7
  var __export = (target, all) => {
6
8
  for (var name in all)
@@ -14,63 +16,140 @@ var __copyProps = (to, from, except, desc) => {
14
16
  }
15
17
  return to;
16
18
  };
19
+ var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
20
+ // If the importer is in node compatibility mode or this is not an ESM
21
+ // file that has been converted to a CommonJS file using a Babel-
22
+ // compatible transform (i.e. "__esModule" has not been set), then set
23
+ // "default" to the CommonJS "module.exports" for node compatibility.
24
+ isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
25
+ mod
26
+ ));
17
27
  var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
18
28
 
19
- // src/browser/index.js
20
- var index_exports = {};
21
- __export(index_exports, {
22
- getFingerprint: () => getFingerprint
29
+ // src/core/index.js
30
+ var core_exports = {};
31
+ __export(core_exports, {
32
+ buildClearRefreshCookie: () => buildClearRefreshCookie,
33
+ buildRefreshCookie: () => buildRefreshCookie,
34
+ generateAccessToken: () => generateAccessToken,
35
+ generateFingerprintHash: () => generateFingerprintHash,
36
+ generateRefreshToken: () => generateRefreshToken,
37
+ generateTokens: () => generateTokens,
38
+ verifyAccessToken: () => verifyAccessToken,
39
+ verifyRefreshToken: () => verifyRefreshToken
23
40
  });
24
- module.exports = __toCommonJS(index_exports);
41
+ module.exports = __toCommonJS(core_exports);
25
42
 
26
- // src/browser/fingerprint.js
43
+ // src/core/fingerprint.js
27
44
  var import_crypto_es = require("crypto-es");
28
- async function getCanvasFingerprint() {
45
+ function generateFingerprintHash(rawString) {
46
+ return (0, import_crypto_es.SHA256)(rawString).toString();
47
+ }
48
+
49
+ // src/core/tokens.js
50
+ var import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
51
+ function generateAccessToken(userId, fpHash, secret, expiresIn = "15m") {
52
+ return import_jsonwebtoken.default.sign(
53
+ {
54
+ sub: userId,
55
+ fp: fpHash,
56
+ type: "access"
57
+ },
58
+ secret,
59
+ { expiresIn }
60
+ );
61
+ }
62
+ function generateRefreshToken(userId, fpHash, secret, expiresIn = "7d") {
63
+ return import_jsonwebtoken.default.sign(
64
+ {
65
+ sub: userId,
66
+ fp: fpHash,
67
+ type: "refresh"
68
+ },
69
+ secret,
70
+ { expiresIn }
71
+ );
72
+ }
73
+ function generateTokens(userId, fpHash, accessSecret, refreshSecret) {
74
+ const accessToken = generateAccessToken(userId, fpHash, accessSecret);
75
+ const refreshToken = generateRefreshToken(userId, fpHash, refreshSecret);
76
+ return { accessToken, refreshToken };
77
+ }
78
+
79
+ // src/core/verify.js
80
+ var import_jsonwebtoken2 = __toESM(require("jsonwebtoken"), 1);
81
+ function safeCompare(a = "", b = "") {
82
+ if (a.length !== b.length) return false;
83
+ let mismatch = 0;
84
+ for (let i = 0; i < a.length; i++) {
85
+ mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
86
+ }
87
+ return mismatch === 0;
88
+ }
89
+ function verifyAccessToken(token, fpHash, secret) {
29
90
  try {
30
- const canvas = document.createElement("canvas");
31
- const ctx = canvas.getContext("2d");
32
- ctx.textBaseline = "top";
33
- ctx.font = "14px 'Arial'";
34
- ctx.fillStyle = "#f60";
35
- ctx.fillRect(0, 0, 100, 20);
36
- ctx.fillStyle = "#000";
37
- ctx.fillText("bro-auth-fingerprint", 2, 15);
38
- return canvas.toDataURL();
39
- } catch {
40
- return "no-canvas";
91
+ const decoded = import_jsonwebtoken2.default.verify(token, secret);
92
+ if (decoded.type !== "access") {
93
+ return { valid: false, error: "Invalid token type" };
94
+ }
95
+ if (!safeCompare(decoded.fp, fpHash)) {
96
+ return { valid: false, error: "Fingerprint mismatch" };
97
+ }
98
+ return { valid: true, payload: decoded };
99
+ } catch (err) {
100
+ return { valid: false, error: err.message };
41
101
  }
42
102
  }
43
- function getGPUFingerprint() {
103
+ function verifyRefreshToken(token, fpHash, secret) {
44
104
  try {
45
- const canvas = document.createElement("canvas");
46
- const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
47
- if (!gl) return "no-webgl";
48
- const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
49
- return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
50
- } catch {
51
- return "no-webgl";
105
+ const decoded = import_jsonwebtoken2.default.verify(token, secret);
106
+ if (decoded.type !== "refresh") {
107
+ return { valid: false, error: "Invalid token type" };
108
+ }
109
+ if (!safeCompare(decoded.fp, fpHash)) {
110
+ return { valid: false, error: "Fingerprint mismatch" };
111
+ }
112
+ return { valid: true, payload: decoded };
113
+ } catch (err) {
114
+ return { valid: false, error: err.message };
52
115
  }
53
116
  }
54
- async function getFingerprint() {
55
- const components = {
56
- userAgent: navigator.userAgent,
57
- platform: navigator.platform,
58
- language: navigator.language,
59
- languages: navigator.languages.join(","),
60
- screen: `${screen.width}x${screen.height}`,
61
- colorDepth: screen.colorDepth,
62
- timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
63
- timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
64
- cpuCores: navigator.hardwareConcurrency || "unknown",
65
- deviceMemory: navigator.deviceMemory || "unknown",
66
- gpu: getGPUFingerprint(),
67
- canvas: await getCanvasFingerprint()
117
+
118
+ // src/core/cookies.js
119
+ function buildRefreshCookie(token, maxAge = 60 * 60 * 24 * 7) {
120
+ return {
121
+ name: "bro_refresh",
122
+ value: token,
123
+ options: {
124
+ httpOnly: true,
125
+ secure: true,
126
+ sameSite: "strict",
127
+ path: "/",
128
+ maxAge
129
+ }
68
130
  };
69
- const rawString = Object.values(components).join("|");
70
- const fpHash = (0, import_crypto_es.SHA256)(rawString).toString();
131
+ }
132
+ function buildClearRefreshCookie() {
71
133
  return {
72
- raw: rawString,
73
- hash: fpHash,
74
- components
134
+ name: "bro_refresh",
135
+ value: "",
136
+ options: {
137
+ httpOnly: true,
138
+ secure: true,
139
+ sameSite: "strict",
140
+ path: "/",
141
+ maxAge: 0
142
+ }
75
143
  };
76
144
  }
145
+ // Annotate the CommonJS export names for ESM import in node:
146
+ 0 && (module.exports = {
147
+ buildClearRefreshCookie,
148
+ buildRefreshCookie,
149
+ generateAccessToken,
150
+ generateFingerprintHash,
151
+ generateRefreshToken,
152
+ generateTokens,
153
+ verifyAccessToken,
154
+ verifyRefreshToken
155
+ });
package/dist/index.js CHANGED
@@ -1,54 +1,112 @@
1
- // src/browser/fingerprint.js
1
+ // src/core/fingerprint.js
2
2
  import { SHA256 } from "crypto-es";
3
- async function getCanvasFingerprint() {
3
+ function generateFingerprintHash(rawString) {
4
+ return SHA256(rawString).toString();
5
+ }
6
+
7
+ // src/core/tokens.js
8
+ import jwt from "jsonwebtoken";
9
+ function generateAccessToken(userId, fpHash, secret, expiresIn = "15m") {
10
+ return jwt.sign(
11
+ {
12
+ sub: userId,
13
+ fp: fpHash,
14
+ type: "access"
15
+ },
16
+ secret,
17
+ { expiresIn }
18
+ );
19
+ }
20
+ function generateRefreshToken(userId, fpHash, secret, expiresIn = "7d") {
21
+ return jwt.sign(
22
+ {
23
+ sub: userId,
24
+ fp: fpHash,
25
+ type: "refresh"
26
+ },
27
+ secret,
28
+ { expiresIn }
29
+ );
30
+ }
31
+ function generateTokens(userId, fpHash, accessSecret, refreshSecret) {
32
+ const accessToken = generateAccessToken(userId, fpHash, accessSecret);
33
+ const refreshToken = generateRefreshToken(userId, fpHash, refreshSecret);
34
+ return { accessToken, refreshToken };
35
+ }
36
+
37
+ // src/core/verify.js
38
+ import jwt2 from "jsonwebtoken";
39
+ function safeCompare(a = "", b = "") {
40
+ if (a.length !== b.length) return false;
41
+ let mismatch = 0;
42
+ for (let i = 0; i < a.length; i++) {
43
+ mismatch |= a.charCodeAt(i) ^ b.charCodeAt(i);
44
+ }
45
+ return mismatch === 0;
46
+ }
47
+ function verifyAccessToken(token, fpHash, secret) {
4
48
  try {
5
- const canvas = document.createElement("canvas");
6
- const ctx = canvas.getContext("2d");
7
- ctx.textBaseline = "top";
8
- ctx.font = "14px 'Arial'";
9
- ctx.fillStyle = "#f60";
10
- ctx.fillRect(0, 0, 100, 20);
11
- ctx.fillStyle = "#000";
12
- ctx.fillText("bro-auth-fingerprint", 2, 15);
13
- return canvas.toDataURL();
14
- } catch {
15
- return "no-canvas";
49
+ const decoded = jwt2.verify(token, secret);
50
+ if (decoded.type !== "access") {
51
+ return { valid: false, error: "Invalid token type" };
52
+ }
53
+ if (!safeCompare(decoded.fp, fpHash)) {
54
+ return { valid: false, error: "Fingerprint mismatch" };
55
+ }
56
+ return { valid: true, payload: decoded };
57
+ } catch (err) {
58
+ return { valid: false, error: err.message };
16
59
  }
17
60
  }
18
- function getGPUFingerprint() {
61
+ function verifyRefreshToken(token, fpHash, secret) {
19
62
  try {
20
- const canvas = document.createElement("canvas");
21
- const gl = canvas.getContext("webgl") || canvas.getContext("experimental-webgl");
22
- if (!gl) return "no-webgl";
23
- const debugInfo = gl.getExtension("WEBGL_debug_renderer_info");
24
- return debugInfo ? gl.getParameter(debugInfo.UNMASKED_RENDERER_WEBGL) : "no-renderer";
25
- } catch {
26
- return "no-webgl";
63
+ const decoded = jwt2.verify(token, secret);
64
+ if (decoded.type !== "refresh") {
65
+ return { valid: false, error: "Invalid token type" };
66
+ }
67
+ if (!safeCompare(decoded.fp, fpHash)) {
68
+ return { valid: false, error: "Fingerprint mismatch" };
69
+ }
70
+ return { valid: true, payload: decoded };
71
+ } catch (err) {
72
+ return { valid: false, error: err.message };
27
73
  }
28
74
  }
29
- async function getFingerprint() {
30
- const components = {
31
- userAgent: navigator.userAgent,
32
- platform: navigator.platform,
33
- language: navigator.language,
34
- languages: navigator.languages.join(","),
35
- screen: `${screen.width}x${screen.height}`,
36
- colorDepth: screen.colorDepth,
37
- timezone: Intl.DateTimeFormat().resolvedOptions().timeZone,
38
- timezoneOffset: (/* @__PURE__ */ new Date()).getTimezoneOffset(),
39
- cpuCores: navigator.hardwareConcurrency || "unknown",
40
- deviceMemory: navigator.deviceMemory || "unknown",
41
- gpu: getGPUFingerprint(),
42
- canvas: await getCanvasFingerprint()
75
+
76
+ // src/core/cookies.js
77
+ function buildRefreshCookie(token, maxAge = 60 * 60 * 24 * 7) {
78
+ return {
79
+ name: "bro_refresh",
80
+ value: token,
81
+ options: {
82
+ httpOnly: true,
83
+ secure: true,
84
+ sameSite: "strict",
85
+ path: "/",
86
+ maxAge
87
+ }
43
88
  };
44
- const rawString = Object.values(components).join("|");
45
- const fpHash = SHA256(rawString).toString();
89
+ }
90
+ function buildClearRefreshCookie() {
46
91
  return {
47
- raw: rawString,
48
- hash: fpHash,
49
- components
92
+ name: "bro_refresh",
93
+ value: "",
94
+ options: {
95
+ httpOnly: true,
96
+ secure: true,
97
+ sameSite: "strict",
98
+ path: "/",
99
+ maxAge: 0
100
+ }
50
101
  };
51
102
  }
52
103
  export {
53
- getFingerprint
104
+ buildClearRefreshCookie,
105
+ buildRefreshCookie,
106
+ generateAccessToken,
107
+ generateFingerprintHash,
108
+ generateRefreshToken,
109
+ generateTokens,
110
+ verifyAccessToken,
111
+ verifyRefreshToken
54
112
  };
package/package.json CHANGED
@@ -1,13 +1,13 @@
1
1
  {
2
2
  "name": "bro-auth",
3
- "version": "0.1.3",
3
+ "version": "0.1.4",
4
4
  "description": "bro-auth — Stateless, fingerprint-bound JWT authentication. Server utilities + browser fingerprinting module.",
5
5
  "type": "module",
6
6
  "main": "dist/index.cjs",
7
7
  "module": "dist/index.mjs",
8
8
  "browser": "dist/browser.mjs",
9
9
  "exports": {
10
- ".": {
10
+ "./core": {
11
11
  "import": "./dist/index.js",
12
12
  "require": "./dist/index.cjs"
13
13
  },
@@ -23,11 +23,7 @@
23
23
  ],
24
24
  "scripts": {
25
25
  "clean": "rimraf dist",
26
- "build:server": "tsup src/core/index.js --format cjs,esm --no-dts --out-dir dist",
27
- "build:browser": "tsup src/browser/index.js --format cjs,esm --no-dts --out-dir dist --platform browser",
28
- "build": "npm run clean && npm run build:server && npm run build:browser",
29
- "prepack": "npm run build",
30
- "test": "node --input-type=module -e \"import * as core from './dist/index.js'; console.log('core exports:', Object.keys(core));\""
26
+ "build": "npm run clean && tsup"
31
27
  },
32
28
  "keywords": [
33
29
  "jwt",