cipher-switch 1.0.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2025 Neeraj
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,116 @@
+# cipher-switch
+
+A lightweight TypeScript library for transparently encrypting and decrypting HTTP request/response bodies using [Fernet](https://github.com/fernet/spec/blob/master/Spec.md) symmetric encryption. Drop-in replacement for `fetch` that keeps your API traffic encrypted in transit.
+
+## Features
+
+- **Automatic encryption** – JSON request bodies are encrypted before sending
+- **Automatic decryption** – Responses with the `x-encrypted` header are decrypted transparently
+- **Drop-in fetch replacement** – Use `createCryptoFetch` instead of `fetch` with minimal code changes
+- **Path exclusions** – Skip encryption for specific URL paths (e.g. health checks, public endpoints)
+- **Fernet encryption** – Industry-standard symmetric encryption with built-in timestamp validation
+
+## Installation
+
+```bash
+bun add cipher-switch
+```
+
+Or with npm:
+
+```bash
+npm install cipher-switch
+```
+
+## Quick Start
+
+```typescript
+import { createCryptoFetch } from 'cipher-switch'
+
+// Create a fetch function with your Fernet secret key
+const cryptoFetch = createCryptoFetch({
+	key: 'your-base64-fernet-key-here',
+})
+
+// Use it exactly like fetch
+const response = await cryptoFetch('https://api.example.com/data', {
+	method: 'POST',
+	headers: { 'Content-Type': 'application/json' },
+	body: JSON.stringify({ email: 'user@example.com', password: 'secret' }),
+})
+
+const data = await response.json()
+// Data is automatically decrypted
+```
+
+## Configuration
+
+```typescript
+createCryptoFetch({
+  key: string;                    // Required: Fernet secret key (base64)
+  excludedPaths?: string[];       // Optional: URL paths to skip encryption
+  enableEncryption?: boolean;     // Optional: Toggle encryption (default: true)
+});
+```
+
+### Generating a Fernet Key
+
+Fernet keys must be 32 bytes, base64url encoded. Generate one with:
+
+```typescript
+import { CryptoClient } from 'cipher-switch'
+
+// Using Node.js crypto or Bun
+const key = Buffer.from(crypto.randomBytes(32)).toString('base64url')
+// Or: crypto.randomBytes(32).toString("base64url")
+```
+
+## API
+
+### `createCryptoFetch(config)`
+
+Returns an async function with the same signature as `fetch`. It:
+
+1. **Encrypts** JSON request bodies when `Content-Type: application/json` is set
+2. **Decrypts** responses that include the `x-encrypted` header
+3. **Skips** URLs matching any `excludedPaths`
+4. **Passes through** non-JSON requests and unencrypted responses unchanged
+
+### `CryptoClient`
+
+Lower-level API for direct encryption/decryption:
+
+```typescript
+import { CryptoClient } from 'cipher-switch'
+
+const crypto = new CryptoClient('your-fernet-key')
+
+// Encrypt any JSON-serializable data
+const encrypted = crypto.encrypt({ foo: 'bar' })
+
+// Decrypt a Fernet token
+const decrypted = crypto.decrypt(encrypted)
+```
+
+## Server-Side Requirements
+
+For end-to-end encryption, your API server must:
+
+1. **Encrypt responses** using the same Fernet key
+2. **Set the header** `x-encrypted: true` on encrypted responses
+3. **Decrypt request bodies** that come in the format `{ encrypted: "<fernet-token>" }`
+
+## Excluding Paths
+
+Skip encryption for specific endpoints:
+
+```typescript
+const cryptoFetch = createCryptoFetch({
+	key: process.env.FERNET_KEY!,
+	excludedPaths: ['/health', '/public', '/metrics'],
+})
+```
+
+## License
+
+MIT

package/dist/index.d.mts

@@ -0,0 +1,15 @@
+type Config = {
+    key: string;
+    excludedPaths?: string[];
+    enableEncryption?: boolean;
+};
+declare function createCryptoFetch(config: Config): (input: Request | string | URL, init?: RequestInit) => Promise<Response>;
+
+declare class CryptoClient {
+    private secret;
+    constructor(key: string);
+    encrypt(data: unknown): string;
+    decrypt(tokenStr: string): any;
+}
+
+export { CryptoClient, createCryptoFetch };

package/dist/index.d.ts

@@ -0,0 +1,15 @@
+type Config = {
+    key: string;
+    excludedPaths?: string[];
+    enableEncryption?: boolean;
+};
+declare function createCryptoFetch(config: Config): (input: Request | string | URL, init?: RequestInit) => Promise<Response>;
+
+declare class CryptoClient {
+    private secret;
+    constructor(key: string);
+    encrypt(data: unknown): string;
+    decrypt(tokenStr: string): any;
+}
+
+export { CryptoClient, createCryptoFetch };

package/dist/index.js

@@ -0,0 +1 @@
+"use strict";var R=Object.create;var y=Object.defineProperty;var b=Object.getOwnPropertyDescriptor;var C=Object.getOwnPropertyNames;var S=Object.getPrototypeOf,T=Object.prototype.hasOwnProperty;var E=(t,e,n)=>e in t?y(t,e,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[e]=n;var J=(t,e)=>{for(var n in e)y(t,n,{get:e[n],enumerable:!0})},u=(t,e,n,r)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of C(e))!T.call(t,o)&&o!==n&&y(t,o,{get:()=>e[o],enumerable:!(r=b(e,o))||r.enumerable});return t};var N=(t,e,n)=>(n=t!=null?R(S(t)):{},u(e||!t||!t.__esModule?y(n,"default",{value:t,enumerable:!0}):n,t)),O=t=>u(y({},"__esModule",{value:!0}),t);var l=(t,e,n)=>E(t,typeof e!="symbol"?e+"":e,n);var q={};J(q,{CryptoClient:()=>a,createCryptoFetch:()=>g});module.exports=O(q);var d=N(require("fernet"));var a=class{constructor(e){l(this,"secret");this.secret=new d.Secret(e)}encrypt(e){return new d.Token({secret:this.secret,time:Date.now(),iv:void 0}).encode(JSON.stringify(e))}decrypt(e){let r=new d.Token({secret:this.secret,token:e,ttl:0}).decode();return JSON.parse(r)}};function g(t){let e=new a(t.key),n=t.excludedPaths??[],r=t.enableEncryption??!0;return async function(s,c={}){let h=typeof s=="string"?s:s instanceof URL?s.pathname:s.url;if(n.some(p=>h.includes(p)))return fetch(s,c);let f={...c};if(r){let p=c.headers?.["Content-Type"]||c.headers?.["content-type"];if(c.body&&p?.includes("application/json"))try{let w=JSON.parse(c.body),x=e.encrypt(w);f.body=JSON.stringify({encrypted:x})}catch{}}let i=await fetch(s,f);if(!r||!i.headers.get("x-encrypted"))return i;let k=await i.text(),m=e.decrypt(k);return new Response(JSON.stringify(m),{status:i.status,headers:{"Content-Type":"application/json"}})}}0&&(module.exports={CryptoClient,createCryptoFetch});

package/dist/index.mjs

@@ -0,0 +1 @@
+var k=Object.defineProperty;var m=(t,e,n)=>e in t?k(t,e,{enumerable:!0,configurable:!0,writable:!0,value:n}):t[e]=n;var p=(t,e,n)=>m(t,typeof e!="symbol"?e+"":e,n);import*as c from"fernet";var a=class{constructor(e){p(this,"secret");this.secret=new c.Secret(e)}encrypt(e){return new c.Token({secret:this.secret,time:Date.now(),iv:void 0}).encode(JSON.stringify(e))}decrypt(e){let i=new c.Token({secret:this.secret,token:e,ttl:0}).decode();return JSON.parse(i)}};function w(t){let e=new a(t.key),n=t.excludedPaths??[],i=t.enableEncryption??!0;return async function(r,s={}){let f=typeof r=="string"?r:r instanceof URL?r.pathname:r.url;if(n.some(y=>f.includes(y)))return fetch(r,s);let d={...s};if(i){let y=s.headers?.["Content-Type"]||s.headers?.["content-type"];if(s.body&&y?.includes("application/json"))try{let g=JSON.parse(s.body),h=e.encrypt(g);d.body=JSON.stringify({encrypted:h})}catch{}}let o=await fetch(r,d);if(!i||!o.headers.get("x-encrypted"))return o;let u=await o.text(),l=e.decrypt(u);return new Response(JSON.stringify(l),{status:o.status,headers:{"Content-Type":"application/json"}})}}export{a as CryptoClient,w as createCryptoFetch};

package/package.json

@@ -0,0 +1,56 @@
+{
+	"name": "cipher-switch",
+	"version": "1.0.1",
+	"description": "A lightweight TypeScript library for transparently encrypting and decrypting HTTP request/response bodies using Fernet symmetric encryption.",
+	"repository": {
+		"type": "git",
+		"url": "https://github.com/neeraj2713/cipher-switch.git"
+	},
+	"bugs": "https://github.com/neeraj2713/cipher-switch/issues",
+	"homepage": "https://github.com/neeraj2713/cipher-switch#readme",
+	"license": "MIT",
+	"main": "./dist/index.js",
+	"module": "./dist/index.mjs",
+	"types": "./dist/index.d.ts",
+	"exports": {
+		".": {
+			"types": "./dist/index.d.ts",
+			"import": "./dist/index.mjs",
+			"require": "./dist/index.js"
+		}
+	},
+	"files": [
+		"dist"
+	],
+	"scripts": {
+		"build": "tsup",
+		"format": "prettier --write .",
+		"format:check": "prettier --check .",
+		"test": "bun test test/",
+		"prepublishOnly": "bun run build",
+		"pack:dry": "bun run build && bun pm pack",
+		"publish:dry": "bun publish --dry-run"
+	},
+	"keywords": [
+		"nextjs",
+		"encryption",
+		"fernet",
+		"symmetric"
+	],
+	"engines": {
+		"node": ">=18"
+	},
+	"publishConfig": {
+		"access": "public"
+	},
+	"dependencies": {
+		"fernet": "^0.3.3"
+	},
+	"devDependencies": {
+		"@types/fernet": "^0.4.3",
+		"prettier": "^3.8.1",
+		"tsup": "^8.5.1",
+		"typescript": "^5"
+	},
+	"author": "Neeraj (https://github.com/neeraj2713)"
+}