cipher-kit 2.1.0 → 2.1.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +1 -1
- package/dist/{chunk-HMTHK2IY.cjs → chunk-56PVVFVM.cjs} +145 -145
- package/dist/chunk-56PVVFVM.cjs.map +1 -0
- package/dist/{chunk-RUTGDMVR.js → chunk-6C4NIWQ4.js} +9 -8
- package/dist/chunk-6C4NIWQ4.js.map +1 -0
- package/dist/{chunk-CRTOKS3Q.js → chunk-FSEA3UXJ.js} +7 -7
- package/dist/chunk-FSEA3UXJ.js.map +1 -0
- package/dist/{chunk-UVEMRK5F.cjs → chunk-LTVOIZP5.cjs} +150 -150
- package/dist/chunk-LTVOIZP5.cjs.map +1 -0
- package/dist/{chunk-RAEBT46G.js → chunk-PWTFVMW6.js} +7 -7
- package/dist/chunk-PWTFVMW6.js.map +1 -0
- package/dist/{chunk-BHG5RSUV.cjs → chunk-X4CS7UXE.cjs} +9 -8
- package/dist/chunk-X4CS7UXE.cjs.map +1 -0
- package/dist/{export-w8sBcKXw.d.ts → export-C4DbO5zM.d.ts} +7 -7
- package/dist/{export-DVERZibl.d.cts → export-CpZ7s25O.d.cts} +7 -7
- package/dist/{export-5hmOiU0J.d.cts → export-DO9n7Np-.d.cts} +7 -7
- package/dist/{export-BF9wW56f.d.ts → export-DUgIcobC.d.ts} +7 -7
- package/dist/index.cjs +11 -11
- package/dist/index.d.cts +3 -3
- package/dist/index.d.ts +3 -3
- package/dist/index.js +3 -3
- package/dist/node.cjs +32 -32
- package/dist/node.d.cts +2 -2
- package/dist/node.d.ts +2 -2
- package/dist/node.js +2 -2
- package/dist/{validate-B3uHoP8n.d.cts → validate-cJEdGlj1.d.cts} +34 -35
- package/dist/{validate-B3uHoP8n.d.ts → validate-cJEdGlj1.d.ts} +34 -35
- package/dist/web-api.cjs +32 -32
- package/dist/web-api.d.cts +2 -2
- package/dist/web-api.d.ts +2 -2
- package/dist/web-api.js +2 -2
- package/package.json +1 -1
- package/dist/chunk-BHG5RSUV.cjs.map +0 -1
- package/dist/chunk-CRTOKS3Q.js.map +0 -1
- package/dist/chunk-HMTHK2IY.cjs.map +0 -1
- package/dist/chunk-RAEBT46G.js.map +0 -1
- package/dist/chunk-RUTGDMVR.js.map +0 -1
- package/dist/chunk-UVEMRK5F.cjs.map +0 -1
|
@@ -1,10 +1,10 @@
|
|
|
1
1
|
'use strict';
|
|
2
2
|
|
|
3
|
-
var
|
|
3
|
+
var chunkX4CS7UXE_cjs = require('./chunk-X4CS7UXE.cjs');
|
|
4
4
|
|
|
5
5
|
// src/web/kit.ts
|
|
6
6
|
var kit_exports = {};
|
|
7
|
-
|
|
7
|
+
chunkX4CS7UXE_cjs.__export(kit_exports, {
|
|
8
8
|
convertBytesToStr: () => convertBytesToStr,
|
|
9
9
|
convertEncoding: () => convertEncoding,
|
|
10
10
|
convertStrToBytes: () => convertStrToBytes,
|
|
@@ -35,34 +35,34 @@ chunkBHG5RSUV_cjs.__export(kit_exports, {
|
|
|
35
35
|
var textEncoder = new TextEncoder();
|
|
36
36
|
var textDecoder = new TextDecoder();
|
|
37
37
|
function $convertStrToBytes(data, inputEncoding = "utf8") {
|
|
38
|
-
if (!
|
|
39
|
-
return
|
|
38
|
+
if (!chunkX4CS7UXE_cjs.$isStr(data)) {
|
|
39
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
40
40
|
msg: "Crypto Web API - String to Bytes: Empty data",
|
|
41
41
|
desc: "Data must be a non-empty string"
|
|
42
42
|
});
|
|
43
43
|
}
|
|
44
|
-
if (!
|
|
45
|
-
return
|
|
44
|
+
if (!chunkX4CS7UXE_cjs.ENCODING.includes(inputEncoding)) {
|
|
45
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
46
46
|
msg: `Crypto Web API - String to Bytes: Unsupported encoding: ${inputEncoding}`,
|
|
47
47
|
desc: "Use base64, base64url, hex, utf8, or latin1"
|
|
48
48
|
});
|
|
49
49
|
}
|
|
50
50
|
try {
|
|
51
51
|
const bytes = strToBytes[inputEncoding](data);
|
|
52
|
-
return
|
|
52
|
+
return chunkX4CS7UXE_cjs.$ok({ result: bytes });
|
|
53
53
|
} catch (error) {
|
|
54
|
-
return
|
|
54
|
+
return chunkX4CS7UXE_cjs.$err({ msg: "Crypto Web API - String to Bytes: Failed to convert data", desc: chunkX4CS7UXE_cjs.$fmtError(error) });
|
|
55
55
|
}
|
|
56
56
|
}
|
|
57
57
|
function $convertBytesToStr(data, outputEncoding = "utf8") {
|
|
58
58
|
if (!(data instanceof ArrayBuffer || data instanceof Uint8Array)) {
|
|
59
|
-
return
|
|
59
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
60
60
|
msg: "Crypto Web API - Bytes to String: Invalid data type",
|
|
61
61
|
desc: "Data must be an ArrayBuffer or Uint8Array"
|
|
62
62
|
});
|
|
63
63
|
}
|
|
64
|
-
if (!
|
|
65
|
-
return
|
|
64
|
+
if (!chunkX4CS7UXE_cjs.ENCODING.includes(outputEncoding)) {
|
|
65
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
66
66
|
msg: `Crypto Web API - Bytes to String: Unsupported encoding: ${outputEncoding}`,
|
|
67
67
|
desc: "Use base64, base64url, hex, utf8, or latin1"
|
|
68
68
|
});
|
|
@@ -70,29 +70,29 @@ function $convertBytesToStr(data, outputEncoding = "utf8") {
|
|
|
70
70
|
try {
|
|
71
71
|
const bytes = data instanceof Uint8Array ? data : new Uint8Array(data);
|
|
72
72
|
const str = bytesToStr[outputEncoding](bytes);
|
|
73
|
-
return
|
|
73
|
+
return chunkX4CS7UXE_cjs.$ok(str);
|
|
74
74
|
} catch (error) {
|
|
75
|
-
return
|
|
75
|
+
return chunkX4CS7UXE_cjs.$err({ msg: "Crypto Web API - Bytes to String: Failed to convert data", desc: chunkX4CS7UXE_cjs.$fmtError(error) });
|
|
76
76
|
}
|
|
77
77
|
}
|
|
78
78
|
function $convertEncoding(data, from, to) {
|
|
79
|
-
if (!
|
|
80
|
-
return
|
|
79
|
+
if (!chunkX4CS7UXE_cjs.$isStr(data)) {
|
|
80
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
81
81
|
msg: "Crypto Web API - Convert Format: Empty data",
|
|
82
82
|
desc: "Data must be a non-empty string"
|
|
83
83
|
});
|
|
84
84
|
}
|
|
85
|
-
if (!
|
|
86
|
-
return
|
|
85
|
+
if (!chunkX4CS7UXE_cjs.ENCODING.includes(from) || !chunkX4CS7UXE_cjs.ENCODING.includes(to)) {
|
|
86
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
87
87
|
msg: `Crypto Web API - Convert Format: Unsupported encoding: from ${from} to ${to}`,
|
|
88
88
|
desc: "Use base64, base64url, hex, utf8, or latin1"
|
|
89
89
|
});
|
|
90
90
|
}
|
|
91
91
|
const bytes = $convertStrToBytes(data, from);
|
|
92
|
-
if (bytes.error) return
|
|
92
|
+
if (bytes.error) return chunkX4CS7UXE_cjs.$err({ msg: bytes.error.message, desc: bytes.error.description });
|
|
93
93
|
const str = $convertBytesToStr(bytes.result, to);
|
|
94
|
-
if (str.error) return
|
|
95
|
-
return
|
|
94
|
+
if (str.error) return chunkX4CS7UXE_cjs.$err({ msg: str.error.message, desc: str.error.description });
|
|
95
|
+
return chunkX4CS7UXE_cjs.$ok({ result: str.result });
|
|
96
96
|
}
|
|
97
97
|
var strToBytes = {
|
|
98
98
|
base64: $fromBase64,
|
|
@@ -158,54 +158,54 @@ function $fromHex(data) {
|
|
|
158
158
|
// src/web/web-encrypt.ts
|
|
159
159
|
function $generateUuid() {
|
|
160
160
|
try {
|
|
161
|
-
return
|
|
161
|
+
return chunkX4CS7UXE_cjs.$ok(crypto.randomUUID());
|
|
162
162
|
} catch (error) {
|
|
163
|
-
return
|
|
163
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "UUID Generation")}: Failed to generate UUID`, desc: chunkX4CS7UXE_cjs.$fmtError(error) });
|
|
164
164
|
}
|
|
165
165
|
}
|
|
166
166
|
async function $createSecretKey(secret, options) {
|
|
167
|
-
if (!
|
|
168
|
-
return
|
|
169
|
-
msg: `${
|
|
167
|
+
if (!chunkX4CS7UXE_cjs.$isStr(secret, 8)) {
|
|
168
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
169
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Empty Secret`,
|
|
170
170
|
desc: "Secret must be a non-empty string with at least 8 characters"
|
|
171
171
|
});
|
|
172
172
|
}
|
|
173
|
-
if (!
|
|
174
|
-
return
|
|
175
|
-
msg: `${
|
|
173
|
+
if (!chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
174
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
175
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Invalid options`,
|
|
176
176
|
desc: "Options must be an object"
|
|
177
177
|
});
|
|
178
178
|
}
|
|
179
179
|
const algorithm = options.algorithm ?? "aes256gcm";
|
|
180
|
-
if (!(algorithm in
|
|
181
|
-
return
|
|
182
|
-
msg: `${
|
|
183
|
-
desc: `Supported algorithms are: ${Object.keys(
|
|
180
|
+
if (!(algorithm in chunkX4CS7UXE_cjs.ENCRYPTION_ALGORITHMS)) {
|
|
181
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
182
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Unsupported algorithm: ${algorithm}`,
|
|
183
|
+
desc: `Supported algorithms are: ${Object.keys(chunkX4CS7UXE_cjs.ENCRYPTION_ALGORITHMS).join(", ")}`
|
|
184
184
|
});
|
|
185
185
|
}
|
|
186
186
|
const digest = options.digest ?? "sha256";
|
|
187
|
-
if (!(digest in
|
|
188
|
-
return
|
|
189
|
-
msg: `${
|
|
190
|
-
desc: `Supported digests are: ${Object.keys(
|
|
187
|
+
if (!(digest in chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS)) {
|
|
188
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
189
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Unsupported digest: ${digest}`,
|
|
190
|
+
desc: `Supported digests are: ${Object.keys(chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS).join(", ")}`
|
|
191
191
|
});
|
|
192
192
|
}
|
|
193
193
|
const salt = options.salt ?? "cipher-kit-salt";
|
|
194
|
-
if (!
|
|
195
|
-
return
|
|
196
|
-
msg: `${
|
|
194
|
+
if (!chunkX4CS7UXE_cjs.$isStr(salt, 8)) {
|
|
195
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
196
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Weak salt`,
|
|
197
197
|
desc: "Salt must be a non-empty string with at least 8 characters"
|
|
198
198
|
});
|
|
199
199
|
}
|
|
200
200
|
const info = options.info ?? "cipher-kit";
|
|
201
|
-
if (!
|
|
202
|
-
return
|
|
203
|
-
msg: `${
|
|
201
|
+
if (!chunkX4CS7UXE_cjs.$isStr(info)) {
|
|
202
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
203
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Invalid info`,
|
|
204
204
|
desc: "Info must be a non-empty string"
|
|
205
205
|
});
|
|
206
206
|
}
|
|
207
|
-
const encryptAlgo =
|
|
208
|
-
const digestAlgo =
|
|
207
|
+
const encryptAlgo = chunkX4CS7UXE_cjs.ENCRYPTION_ALGORITHMS[algorithm];
|
|
208
|
+
const digestAlgo = chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS[digest];
|
|
209
209
|
try {
|
|
210
210
|
const ikm = await crypto.subtle.importKey("raw", textEncoder.encode(secret.normalize("NFKC")), "HKDF", false, [
|
|
211
211
|
"deriveKey"
|
|
@@ -228,43 +228,43 @@ async function $createSecretKey(secret, options) {
|
|
|
228
228
|
algorithm,
|
|
229
229
|
key
|
|
230
230
|
});
|
|
231
|
-
return
|
|
231
|
+
return chunkX4CS7UXE_cjs.$ok({ result: secretKey });
|
|
232
232
|
} catch (error) {
|
|
233
|
-
return
|
|
234
|
-
msg: `${
|
|
235
|
-
desc:
|
|
233
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
234
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Key Generation")}: Failed to create secret key`,
|
|
235
|
+
desc: chunkX4CS7UXE_cjs.$fmtError(error)
|
|
236
236
|
});
|
|
237
237
|
}
|
|
238
238
|
}
|
|
239
239
|
async function $encrypt(data, secretKey, options) {
|
|
240
|
-
if (!
|
|
241
|
-
return
|
|
242
|
-
msg: `${
|
|
240
|
+
if (!chunkX4CS7UXE_cjs.$isStr(data)) {
|
|
241
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
242
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Empty data for encryption`,
|
|
243
243
|
desc: "Data must be a non-empty string"
|
|
244
244
|
});
|
|
245
245
|
}
|
|
246
|
-
if (!
|
|
247
|
-
return
|
|
248
|
-
msg: `${
|
|
246
|
+
if (!chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
247
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
248
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Invalid options`,
|
|
249
249
|
desc: "Options must be an object"
|
|
250
250
|
});
|
|
251
251
|
}
|
|
252
252
|
const outputEncoding = options.outputEncoding ?? "base64url";
|
|
253
|
-
if (!
|
|
254
|
-
return
|
|
255
|
-
msg: `${
|
|
253
|
+
if (!chunkX4CS7UXE_cjs.CIPHER_ENCODING.includes(outputEncoding)) {
|
|
254
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
255
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Unsupported output encoding: ${outputEncoding}`,
|
|
256
256
|
desc: "Use base64, base64url, or hex"
|
|
257
257
|
});
|
|
258
258
|
}
|
|
259
|
-
const injectedKey =
|
|
259
|
+
const injectedKey = chunkX4CS7UXE_cjs.$isSecretKey(secretKey, "web");
|
|
260
260
|
if (!injectedKey) {
|
|
261
|
-
return
|
|
262
|
-
msg: `${
|
|
261
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
262
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Invalid Secret Key`,
|
|
263
263
|
desc: "Expected a Web SecretKey"
|
|
264
264
|
});
|
|
265
265
|
}
|
|
266
266
|
const { result, error } = $convertStrToBytes(data, "utf8");
|
|
267
|
-
if (error) return
|
|
267
|
+
if (error) return chunkX4CS7UXE_cjs.$err(error);
|
|
268
268
|
try {
|
|
269
269
|
const iv = crypto.getRandomValues(new Uint8Array(injectedKey.injected.ivLength));
|
|
270
270
|
const cipherWithTag = await crypto.subtle.encrypt(
|
|
@@ -275,56 +275,56 @@ async function $encrypt(data, secretKey, options) {
|
|
|
275
275
|
const ivStr = $convertBytesToStr(iv, outputEncoding);
|
|
276
276
|
const cipherStr = $convertBytesToStr(cipherWithTag, outputEncoding);
|
|
277
277
|
if (ivStr.error || cipherStr.error) {
|
|
278
|
-
return
|
|
279
|
-
msg: `${
|
|
280
|
-
desc: `Conversion error: ${
|
|
278
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
279
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Failed to convert IV or encrypted data`,
|
|
280
|
+
desc: `Conversion error: ${chunkX4CS7UXE_cjs.$fmtResultErr(ivStr.error || cipherStr.error)}`
|
|
281
281
|
});
|
|
282
282
|
}
|
|
283
|
-
return
|
|
283
|
+
return chunkX4CS7UXE_cjs.$ok(`${ivStr.result}.${cipherStr.result}.`);
|
|
284
284
|
} catch (error2) {
|
|
285
|
-
return
|
|
285
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "Encryption")}: Failed to encrypt data`, desc: chunkX4CS7UXE_cjs.$fmtError(error2) });
|
|
286
286
|
}
|
|
287
287
|
}
|
|
288
288
|
async function $decrypt(encrypted, secretKey, options) {
|
|
289
|
-
if (!
|
|
290
|
-
return
|
|
291
|
-
msg: `${
|
|
289
|
+
if (!chunkX4CS7UXE_cjs.matchEncryptedPattern(encrypted, "web")) {
|
|
290
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
291
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Invalid encrypted data format`,
|
|
292
292
|
desc: 'Encrypted data must be in the format "iv.cipherWithTag."'
|
|
293
293
|
});
|
|
294
294
|
}
|
|
295
|
-
if (!
|
|
296
|
-
return
|
|
297
|
-
msg: `${
|
|
295
|
+
if (!chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
296
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
297
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Invalid options`,
|
|
298
298
|
desc: "Options must be an object"
|
|
299
299
|
});
|
|
300
300
|
}
|
|
301
301
|
const inputEncoding = options.inputEncoding ?? "base64url";
|
|
302
|
-
if (!
|
|
303
|
-
return
|
|
304
|
-
msg: `${
|
|
302
|
+
if (!chunkX4CS7UXE_cjs.CIPHER_ENCODING.includes(inputEncoding)) {
|
|
303
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
304
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Unsupported input encoding: ${inputEncoding}`,
|
|
305
305
|
desc: "Use base64, base64url, or hex"
|
|
306
306
|
});
|
|
307
307
|
}
|
|
308
308
|
const [iv, encryptedWithTag] = encrypted.split(".", 3);
|
|
309
|
-
if (!
|
|
310
|
-
return
|
|
311
|
-
msg: `${
|
|
309
|
+
if (!chunkX4CS7UXE_cjs.$isStr(iv) || !chunkX4CS7UXE_cjs.$isStr(encryptedWithTag)) {
|
|
310
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
311
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Invalid encrypted data`,
|
|
312
312
|
desc: "Encrypted data must contain valid IV, encrypted and tag components"
|
|
313
313
|
});
|
|
314
314
|
}
|
|
315
|
-
const injectedKey =
|
|
315
|
+
const injectedKey = chunkX4CS7UXE_cjs.$isSecretKey(secretKey, "web");
|
|
316
316
|
if (!injectedKey) {
|
|
317
|
-
return
|
|
318
|
-
msg: `${
|
|
317
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
318
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Invalid Secret Key`,
|
|
319
319
|
desc: "Expected a Web SecretKey"
|
|
320
320
|
});
|
|
321
321
|
}
|
|
322
322
|
const ivBytes = $convertStrToBytes(iv, inputEncoding);
|
|
323
323
|
const cipherWithTagBytes = $convertStrToBytes(encryptedWithTag, inputEncoding);
|
|
324
324
|
if (ivBytes.error || cipherWithTagBytes.error) {
|
|
325
|
-
return
|
|
326
|
-
msg: `${
|
|
327
|
-
desc: `Conversion error: ${
|
|
325
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
326
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Failed to convert IV or encrypted data`,
|
|
327
|
+
desc: `Conversion error: ${chunkX4CS7UXE_cjs.$fmtResultErr(ivBytes.error || cipherWithTagBytes.error)}`
|
|
328
328
|
});
|
|
329
329
|
}
|
|
330
330
|
try {
|
|
@@ -335,99 +335,99 @@ async function $decrypt(encrypted, secretKey, options) {
|
|
|
335
335
|
);
|
|
336
336
|
return $convertBytesToStr(decrypted, "utf8");
|
|
337
337
|
} catch (error) {
|
|
338
|
-
return
|
|
338
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "Decryption")}: Failed to decrypt data`, desc: chunkX4CS7UXE_cjs.$fmtError(error) });
|
|
339
339
|
}
|
|
340
340
|
}
|
|
341
341
|
async function $encryptObj(data, secretKey, options) {
|
|
342
|
-
const { result, error } =
|
|
343
|
-
if (error) return
|
|
342
|
+
const { result, error } = chunkX4CS7UXE_cjs.$stringifyObj(data);
|
|
343
|
+
if (error) return chunkX4CS7UXE_cjs.$err(error);
|
|
344
344
|
return await $encrypt(result, secretKey, options);
|
|
345
345
|
}
|
|
346
346
|
async function $decryptObj(encrypted, secretKey, options) {
|
|
347
347
|
const { result, error } = await $decrypt(encrypted, secretKey, options);
|
|
348
|
-
if (error) return
|
|
349
|
-
return
|
|
348
|
+
if (error) return chunkX4CS7UXE_cjs.$err(error);
|
|
349
|
+
return chunkX4CS7UXE_cjs.$parseToObj(result);
|
|
350
350
|
}
|
|
351
351
|
async function $hash(data, options) {
|
|
352
|
-
if (!
|
|
353
|
-
return
|
|
352
|
+
if (!chunkX4CS7UXE_cjs.$isStr(data)) {
|
|
353
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "Hashing")}: Empty data for hashing`, desc: "Data must be a non-empty string" });
|
|
354
354
|
}
|
|
355
|
-
if (!
|
|
356
|
-
return
|
|
357
|
-
msg: `${
|
|
355
|
+
if (!chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
356
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
357
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Hashing")}: Invalid options`,
|
|
358
358
|
desc: "Options must be an object"
|
|
359
359
|
});
|
|
360
360
|
}
|
|
361
361
|
const outputEncoding = options.outputEncoding ?? "base64url";
|
|
362
|
-
if (!
|
|
363
|
-
return
|
|
364
|
-
msg: `${
|
|
362
|
+
if (!chunkX4CS7UXE_cjs.CIPHER_ENCODING.includes(outputEncoding)) {
|
|
363
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
364
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Hashing")}: Unsupported output encoding: ${outputEncoding}`,
|
|
365
365
|
desc: "Use base64, base64url, or hex"
|
|
366
366
|
});
|
|
367
367
|
}
|
|
368
368
|
const digest = options.digest ?? "sha256";
|
|
369
|
-
if (!(digest in
|
|
370
|
-
return
|
|
371
|
-
msg: `${
|
|
372
|
-
desc: `Supported digests are: ${Object.keys(
|
|
369
|
+
if (!(digest in chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS)) {
|
|
370
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
371
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Hashing")}: Unsupported digest: ${digest}`,
|
|
372
|
+
desc: `Supported digests are: ${Object.keys(chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS).join(", ")}`
|
|
373
373
|
});
|
|
374
374
|
}
|
|
375
|
-
const digestAlgo =
|
|
375
|
+
const digestAlgo = chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS[digest];
|
|
376
376
|
const { result, error } = $convertStrToBytes(data, "utf8");
|
|
377
|
-
if (error) return
|
|
377
|
+
if (error) return chunkX4CS7UXE_cjs.$err(error);
|
|
378
378
|
try {
|
|
379
379
|
const hashed = await crypto.subtle.digest(digestAlgo.web, result);
|
|
380
380
|
return $convertBytesToStr(hashed, outputEncoding);
|
|
381
381
|
} catch (error2) {
|
|
382
|
-
return
|
|
382
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "Hashing")}: Failed to hash data`, desc: chunkX4CS7UXE_cjs.$fmtError(error2) });
|
|
383
383
|
}
|
|
384
384
|
}
|
|
385
385
|
async function $hashPassword(password, options) {
|
|
386
|
-
if (!
|
|
387
|
-
return
|
|
388
|
-
msg: `${
|
|
386
|
+
if (!chunkX4CS7UXE_cjs.$isStr(password)) {
|
|
387
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
388
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Empty password`,
|
|
389
389
|
desc: "Password must be a non-empty string"
|
|
390
390
|
});
|
|
391
391
|
}
|
|
392
|
-
if (!
|
|
393
|
-
return
|
|
394
|
-
msg: `${
|
|
392
|
+
if (!chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
393
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
394
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Invalid options`,
|
|
395
395
|
desc: "Options must be an object"
|
|
396
396
|
});
|
|
397
397
|
}
|
|
398
398
|
const digest = options.digest ?? "sha512";
|
|
399
|
-
if (!(digest in
|
|
400
|
-
return
|
|
401
|
-
msg: `${
|
|
402
|
-
desc: `Supported digests are: ${Object.keys(
|
|
399
|
+
if (!(digest in chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS)) {
|
|
400
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
401
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Unsupported digest: ${digest}`,
|
|
402
|
+
desc: `Supported digests are: ${Object.keys(chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS).join(", ")}`
|
|
403
403
|
});
|
|
404
404
|
}
|
|
405
|
-
const digestAlgo =
|
|
405
|
+
const digestAlgo = chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS[digest];
|
|
406
406
|
const outputEncoding = options.outputEncoding ?? "base64url";
|
|
407
|
-
if (!
|
|
408
|
-
return
|
|
409
|
-
msg: `${
|
|
407
|
+
if (!chunkX4CS7UXE_cjs.CIPHER_ENCODING.includes(outputEncoding)) {
|
|
408
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
409
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Unsupported output encoding: ${outputEncoding}`,
|
|
410
410
|
desc: "Use base64, base64url, or hex"
|
|
411
411
|
});
|
|
412
412
|
}
|
|
413
413
|
const saltLength = options.saltLength ?? 16;
|
|
414
414
|
if (typeof saltLength !== "number" || saltLength < 8) {
|
|
415
|
-
return
|
|
416
|
-
msg: `${
|
|
415
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
416
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Weak salt length`,
|
|
417
417
|
desc: "Salt length must be a number and at least 8 bytes (recommended 16)"
|
|
418
418
|
});
|
|
419
419
|
}
|
|
420
420
|
const iterations = options.iterations ?? 32e4;
|
|
421
421
|
if (typeof iterations !== "number" || iterations < 1e3) {
|
|
422
|
-
return
|
|
423
|
-
msg: `${
|
|
422
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
423
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Weak iteration count`,
|
|
424
424
|
desc: "Iterations must be a number and at least 1000 (recommended 320,000 or more)"
|
|
425
425
|
});
|
|
426
426
|
}
|
|
427
427
|
const keyLength = options.keyLength ?? 64;
|
|
428
428
|
if (typeof keyLength !== "number" || keyLength < 16) {
|
|
429
|
-
return
|
|
430
|
-
msg: `${
|
|
429
|
+
return chunkX4CS7UXE_cjs.$err({
|
|
430
|
+
msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Weak key length`,
|
|
431
431
|
desc: "Key length must be a number and at least 16 bytes (recommended 64)"
|
|
432
432
|
});
|
|
433
433
|
}
|
|
@@ -446,23 +446,23 @@ async function $hashPassword(password, options) {
|
|
|
446
446
|
keyLength * 8
|
|
447
447
|
);
|
|
448
448
|
const saltStr = $convertBytesToStr(salt, outputEncoding);
|
|
449
|
-
if (saltStr.error) return
|
|
449
|
+
if (saltStr.error) return chunkX4CS7UXE_cjs.$err(saltStr.error);
|
|
450
450
|
const hashedPasswordStr = $convertBytesToStr(bits, outputEncoding);
|
|
451
|
-
if (hashedPasswordStr.error) return
|
|
452
|
-
return
|
|
451
|
+
if (hashedPasswordStr.error) return chunkX4CS7UXE_cjs.$err(hashedPasswordStr.error);
|
|
452
|
+
return chunkX4CS7UXE_cjs.$ok({ result: hashedPasswordStr.result, salt: saltStr.result });
|
|
453
453
|
} catch (error) {
|
|
454
|
-
return
|
|
454
|
+
return chunkX4CS7UXE_cjs.$err({ msg: `${chunkX4CS7UXE_cjs.title("web", "Password Hashing")}: Failed to hash password`, desc: chunkX4CS7UXE_cjs.$fmtError(error) });
|
|
455
455
|
}
|
|
456
456
|
}
|
|
457
457
|
async function $verifyPassword(password, hashedPassword, salt, options) {
|
|
458
|
-
if (!
|
|
458
|
+
if (!chunkX4CS7UXE_cjs.$isStr(password) || !chunkX4CS7UXE_cjs.$isStr(hashedPassword) || !chunkX4CS7UXE_cjs.$isStr(salt) || !chunkX4CS7UXE_cjs.$isPlainObj(options)) {
|
|
459
459
|
return false;
|
|
460
460
|
}
|
|
461
461
|
const digest = options.digest ?? "sha512";
|
|
462
|
-
if (!(digest in
|
|
463
|
-
const digestAlgo =
|
|
462
|
+
if (!(digest in chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS)) return false;
|
|
463
|
+
const digestAlgo = chunkX4CS7UXE_cjs.DIGEST_ALGORITHMS[digest];
|
|
464
464
|
const inputEncoding = options.inputEncoding ?? "base64url";
|
|
465
|
-
if (!
|
|
465
|
+
if (!chunkX4CS7UXE_cjs.CIPHER_ENCODING.includes(inputEncoding)) return false;
|
|
466
466
|
const iterations = options.iterations ?? 32e4;
|
|
467
467
|
if (typeof iterations !== "number" || iterations < 1e3) return false;
|
|
468
468
|
const keyLength = options.keyLength ?? 64;
|
|
@@ -505,14 +505,14 @@ async function $verifyPassword(password, hashedPassword, salt, options) {
|
|
|
505
505
|
|
|
506
506
|
// src/web/kit.ts
|
|
507
507
|
function isWebSecretKey(x) {
|
|
508
|
-
return
|
|
508
|
+
return chunkX4CS7UXE_cjs.$isSecretKey(x, "web") !== null;
|
|
509
509
|
}
|
|
510
510
|
function tryGenerateUuid() {
|
|
511
511
|
return $generateUuid();
|
|
512
512
|
}
|
|
513
513
|
function generateUuid() {
|
|
514
514
|
const { result, error } = $generateUuid();
|
|
515
|
-
if (error) throw new Error(
|
|
515
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
516
516
|
return result;
|
|
517
517
|
}
|
|
518
518
|
async function tryCreateSecretKey(secret, options = {}) {
|
|
@@ -520,7 +520,7 @@ async function tryCreateSecretKey(secret, options = {}) {
|
|
|
520
520
|
}
|
|
521
521
|
async function createSecretKey(secret, options = {}) {
|
|
522
522
|
const { result, error } = await $createSecretKey(secret, options);
|
|
523
|
-
if (error) throw new Error(
|
|
523
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
524
524
|
return result;
|
|
525
525
|
}
|
|
526
526
|
async function tryEncrypt(data, secretKey, options = {}) {
|
|
@@ -528,7 +528,7 @@ async function tryEncrypt(data, secretKey, options = {}) {
|
|
|
528
528
|
}
|
|
529
529
|
async function encrypt(data, secretKey, options = {}) {
|
|
530
530
|
const { result, error } = await $encrypt(data, secretKey, options);
|
|
531
|
-
if (error) throw new Error(
|
|
531
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
532
532
|
return result;
|
|
533
533
|
}
|
|
534
534
|
async function tryDecrypt(encrypted, secretKey, options = {}) {
|
|
@@ -536,15 +536,15 @@ async function tryDecrypt(encrypted, secretKey, options = {}) {
|
|
|
536
536
|
}
|
|
537
537
|
async function decrypt(encrypted, secretKey, options = {}) {
|
|
538
538
|
const { result, error } = await $decrypt(encrypted, secretKey, options);
|
|
539
|
-
if (error) throw new Error(
|
|
539
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
540
540
|
return result;
|
|
541
541
|
}
|
|
542
|
-
async function tryEncryptObj(
|
|
543
|
-
return await $encryptObj(
|
|
542
|
+
async function tryEncryptObj(obj, secretKey, options = {}) {
|
|
543
|
+
return await $encryptObj(obj, secretKey, options);
|
|
544
544
|
}
|
|
545
|
-
async function encryptObj(
|
|
546
|
-
const { result, error } = await $encryptObj(
|
|
547
|
-
if (error) throw new Error(
|
|
545
|
+
async function encryptObj(obj, secretKey, options = {}) {
|
|
546
|
+
const { result, error } = await $encryptObj(obj, secretKey, options);
|
|
547
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
548
548
|
return result;
|
|
549
549
|
}
|
|
550
550
|
async function tryDecryptObj(encrypted, secretKey, options = {}) {
|
|
@@ -552,7 +552,7 @@ async function tryDecryptObj(encrypted, secretKey, options = {}) {
|
|
|
552
552
|
}
|
|
553
553
|
async function decryptObj(encrypted, secretKey, options = {}) {
|
|
554
554
|
const { result, error } = await $decryptObj(encrypted, secretKey, options);
|
|
555
|
-
if (error) throw new Error(
|
|
555
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
556
556
|
return result;
|
|
557
557
|
}
|
|
558
558
|
async function tryHash(data, options = {}) {
|
|
@@ -560,7 +560,7 @@ async function tryHash(data, options = {}) {
|
|
|
560
560
|
}
|
|
561
561
|
async function hash(data, options = {}) {
|
|
562
562
|
const { result, error } = await $hash(data, options);
|
|
563
|
-
if (error) throw new Error(
|
|
563
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
564
564
|
return result;
|
|
565
565
|
}
|
|
566
566
|
async function tryHashPassword(password, options = {}) {
|
|
@@ -568,7 +568,7 @@ async function tryHashPassword(password, options = {}) {
|
|
|
568
568
|
}
|
|
569
569
|
async function hashPassword(password, options = {}) {
|
|
570
570
|
const { result, salt, error } = await $hashPassword(password, options);
|
|
571
|
-
if (error) throw new Error(
|
|
571
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
572
572
|
return { result, salt };
|
|
573
573
|
}
|
|
574
574
|
async function verifyPassword(password, hashedPassword, salt, options = {}) {
|
|
@@ -579,7 +579,7 @@ function tryConvertStrToBytes(data, inputEncoding = "utf8") {
|
|
|
579
579
|
}
|
|
580
580
|
function convertStrToBytes(data, inputEncoding = "utf8") {
|
|
581
581
|
const { result, error } = $convertStrToBytes(data, inputEncoding);
|
|
582
|
-
if (error) throw new Error(
|
|
582
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
583
583
|
return result;
|
|
584
584
|
}
|
|
585
585
|
function tryConvertBytesToStr(data, outputEncoding = "utf8") {
|
|
@@ -587,7 +587,7 @@ function tryConvertBytesToStr(data, outputEncoding = "utf8") {
|
|
|
587
587
|
}
|
|
588
588
|
function convertBytesToStr(data, outputEncoding = "utf8") {
|
|
589
589
|
const { result, error } = $convertBytesToStr(data, outputEncoding);
|
|
590
|
-
if (error) throw new Error(
|
|
590
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
591
591
|
return result;
|
|
592
592
|
}
|
|
593
593
|
function tryConvertEncoding(data, from, to) {
|
|
@@ -595,7 +595,7 @@ function tryConvertEncoding(data, from, to) {
|
|
|
595
595
|
}
|
|
596
596
|
function convertEncoding(data, from, to) {
|
|
597
597
|
const { result, error } = $convertEncoding(data, from, to);
|
|
598
|
-
if (error) throw new Error(
|
|
598
|
+
if (error) throw new Error(chunkX4CS7UXE_cjs.$fmtResultErr(error));
|
|
599
599
|
return result;
|
|
600
600
|
}
|
|
601
601
|
|
|
@@ -624,5 +624,5 @@ exports.tryGenerateUuid = tryGenerateUuid;
|
|
|
624
624
|
exports.tryHash = tryHash;
|
|
625
625
|
exports.tryHashPassword = tryHashPassword;
|
|
626
626
|
exports.verifyPassword = verifyPassword;
|
|
627
|
-
//# sourceMappingURL=chunk-
|
|
628
|
-
//# sourceMappingURL=chunk-
|
|
627
|
+
//# sourceMappingURL=chunk-LTVOIZP5.cjs.map
|
|
628
|
+
//# sourceMappingURL=chunk-LTVOIZP5.cjs.map
|