npm - daku - Versions diffs - 0.0.1 - Mend

daku 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/README.md ADDED Viewed

@@ -0,0 +1,199 @@
+# daku
+> Leave no trace. Just authenticate.
+Cryptographic authentication library with built-in proof-of-work spam protection. No emails, no passwords, no personal data.
+## Installation
+```bash
+npm install daku
+```
+## Quick Start
+### 1. Generate a Keypair
+```javascript
+import { generateKeyPair } from 'daku';
+// Generate once and store securely (localStorage, secure storage, etc.)
+const { privateKey, publicKey } = generateKeyPair();
+```
+### 2. Client-Side: Create Authentication Request
+```javascript
+import { createAuth } from 'daku';
+// Create authentication token (includes timestamp, nonce, signature, and POW)
+const token = await createAuth(privateKey);
+// Send to your server
+fetch('/api/login', {
+  method: 'POST',
+  headers: {
+    'Content-Type': 'application/json',
+    'daku': token
+  }
+});
+```
+### 3. Server-Side: Verify Authentication
+```javascript
+import { verifyAuth } from 'daku';
+const publicKey = await verifyAuth(req.headers['daku']);
+if (publicKey) {
+  // ✅ Authenticated! Use publicKey as unique user ID
+  console.log(`User ${publicKey} authenticated`);
+} else {
+  // ❌ Invalid or expired authentication
+  res.status(401).json({ error: 'Unauthorized' });
+}
+```
+## ExpressJS Middleware
+```javascript
+import express from 'express';
+import { verifyAuth } from 'daku';
+const app = express();
+// Reusable authentication middleware
+const daku = (powDifficulty = 2) => {
+  return async (req, res, next) => {
+    const token = req.headers['daku'];
+    if (!token) {
+      return res.status(401).json({ error: 'Unauthorized' });
+    }
+    const publicKey = await verifyAuth(token, powDifficulty);
+    if (!publicKey) {
+      return res.status(401).json({ error: 'Unauthorized' });
+    }
+    // Attach user's public key to request
+    req.userId = publicKey;
+    next();
+  };
+};
+// Use on protected routes
+app.post('/api/protected', daku(), (req, res) => {
+  res.json({
+    message: 'Access granted',
+    userId: req.userId
+  });
+});
+// Use with custom POW difficulty
+app.post('/api/high-security', daku(4), (req, res) => {
+  res.json({ message: 'High security endpoint' });
+});
+app.listen(3000);
+```
+## Key Features
+- **🕵️ Anonymous**: No email, phone, or personal data required
+- **🛡️ Spam Protection**: Built-in proof-of-work (default: 2 leading zeros)
+- **🔐 Secure**: secp256k1 cryptographic signatures (same as Bitcoin/Ethereum)
+- **⚡ Lightweight**: Minimal dependencies (@noble/secp256k1, @noble/hashes)
+- **🌐 Cross-Platform**: Works in Node.js and browsers
+- **⏱️ Time-Limited**: Auth requests expire after 1 minute
+## API Reference
+### Authentication Functions
+#### `createAuth(privateKey, pow = 2)`
+Creates a complete authentication token with timestamp, nonce, signature, and proof-of-work.
+**Returns:** String (base64-encoded token)
+**Example:**
+```javascript
+const token = await createAuth(privateKey);
+// "eyJwdWJsaWNrZXkiOiIwMmE..."
+```
+#### `verifyAuth(token, pow = 2)`
+Verifies authentication token. Checks signature validity, proof-of-work, and timestamp (must be within 1 minute).
+**Returns:** `publicKey` string on success, `null` on failure
+**Example:**
+```javascript
+const publicKey = await verifyAuth(token);
+```
+---
+### General Signing Functions
+Use these for signing arbitrary messages (not authentication).
+#### `sign(message, privateKey, pow = 2)`
+Signs any message with proof-of-work.
+**Returns:** Object with `{ signature, pow }`
+**Example:**
+```javascript
+const result = await sign('Hello World', privateKey);
+// { signature: 'a1b2c3...', pow: 42 }
+```
+#### `verify(message, signatureData, publicKey, pow = 2)`
+Verifies a signed message.
+**Returns:** `true` if valid, `false` otherwise
+**Example:**
+```javascript
+const isValid = await verify('Hello World', { signature: 'a1b2...', pow: 42 }, publicKey);
+```
+---
+### Utility Functions
+#### `generateKeyPair()`
+Generates a new secp256k1 keypair.
+**Returns:** `{ privateKey: string, publicKey: string }`
+#### `getPublicKey(privateKey)`
+Derives the public key from a private key.
+**Returns:** `string` (compressed public key in hex)
+#### `sha256(message)`
+SHA-256 hash helper.
+**Returns:** `Uint8Array`
+## Use Cases
+- **Authentication**: Use `createAuth()` + `verifyAuth()` for login flows
+- **Message Signing**: Use `sign()` + `verify()` for arbitrary data signatures
+- **Spam Prevention**: POW difficulty prevents automated abuse
+- **Privacy-First Apps**: No PII required, just cryptographic proofs
+## License
+ISC

package/index.js ADDED Viewed

@@ -0,0 +1,256 @@
+// Signature-Login: Cross-platform cryptographic login/verify module
+import * as secp from "@noble/secp256k1";
+import { hmac } from "@noble/hashes/hmac";
+import { sha256 as nobleSha256 } from "@noble/hashes/sha2";
+// Set up HMAC for secp256k1
+secp.etc.hmacSha256Sync = (key, ...msgs) => hmac(nobleSha256, key, secp.etc.concatBytes(...msgs));
+// Browser compatibility helper for TextEncoder
+async function getTextEncoder() {
+  if (typeof window !== "undefined") {
+    return new window.TextEncoder();
+  } else {
+    // Dynamic import for Node.js only
+    const util = await import("node:util");
+    return new util.TextEncoder();
+  }
+}
+// Helper function to convert bytes to hex
+function bytesToHex(bytes) {
+  return Array.from(bytes, byte => byte.toString(16).padStart(2, '0')).join('');
+}
+// Helper function to convert hex to bytes
+function hexToBytes(hex) {
+  return new Uint8Array(hex.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
+}
+// Helper function to generate random bytes
+async function randomBytes(length) {
+  if (typeof window !== "undefined" && window.crypto) {
+    const bytes = new Uint8Array(length);
+    window.crypto.getRandomValues(bytes);
+    return bytes;
+  } else {
+    // Dynamic import for Node.js only
+    const crypto = await import("node:crypto");
+    return new Uint8Array(crypto.randomBytes(length));
+  }
+}
+// --- Base64 Encoding/Decoding Helpers ---
+// Browser-safe base64 encode
+function base64Encode(obj) {
+  const json = JSON.stringify(obj);
+  if (typeof window !== "undefined") {
+    return btoa(json);
+  } else {
+    return Buffer.from(json).toString('base64');
+  }
+}
+// Browser-safe base64 decode
+function base64Decode(str) {
+  if (typeof window !== "undefined") {
+    return JSON.parse(atob(str));
+  } else {
+    return JSON.parse(Buffer.from(str, 'base64').toString());
+  }
+}
+// --- Key Generation ---
+export function generateKeyPair() {
+  const privateKey = secp.utils.randomPrivateKey();
+  const publicKey = secp.getPublicKey(privateKey, true); // compressed
+  return {
+    privateKey: bytesToHex(privateKey),
+    publicKey: bytesToHex(publicKey),
+  };
+}
+// --- Get Public Key from Private Key ---
+export function getPublicKey(privateKeyHex) {
+  const privateKeyBytes = hexToBytes(privateKeyHex);
+  const publicKeyBytes = secp.getPublicKey(privateKeyBytes, true); // compressed
+  return bytesToHex(publicKeyBytes);
+}
+// --- Hashing (SHA-256) ---
+export async function sha256(msg) {
+  const encoder = await getTextEncoder();
+  const encoded = encoder.encode(msg);
+  if (typeof window === "undefined") {
+    // Node.js - dynamic import
+    const crypto = await import("node:crypto");
+    return new Uint8Array(crypto.createHash("sha256").update(encoded).digest());
+  } else {
+    // Browser
+    const hash = await window.crypto.subtle.digest("SHA-256", encoded);
+    return new Uint8Array(hash);
+  }
+}
+// --- Proof of Work Helper ---
+async function solveProofOfWork(message, difficulty = 2) {
+  if (difficulty < 1) {
+    difficulty = 1; // Minimum POW is 1
+  }
+  const target = '0'.repeat(difficulty);
+  let nonce = 0;
+  while (true) {
+    const combined = message + nonce;
+    const hash = await sha256(combined);
+    const hexHash = bytesToHex(hash);
+    if (hexHash.startsWith(target)) {
+      return nonce;
+    }
+    nonce++;
+    // Yield to event loop every 1000 attempts to avoid blocking
+    if (nonce % 1000 === 0) {
+      await new Promise(resolve => setTimeout(resolve, 0));
+    }
+  }
+}
+// --- Verify Proof of Work ---
+async function verifyProofOfWork(message, powNonce, difficulty = 2) {
+  if (difficulty < 1) {
+    difficulty = 1; // Minimum POW is 1
+  }
+  if (powNonce === null || powNonce === undefined) {
+    return false;
+  }
+  const target = '0'.repeat(difficulty);
+  const combined = message + powNonce;
+  const hash = await sha256(combined);
+  const hexHash = bytesToHex(hash);
+  return hexHash.startsWith(target);
+}
+// --- Sign Message ---
+export async function sign(message, privateKeyHex, pow = 2) {
+  // Enforce minimum POW of 1
+  if (pow < 1) {
+    pow = 1;
+  }
+  const hash = await sha256(message);
+  const privateKeyBytes = hexToBytes(privateKeyHex);
+  const sig = secp.sign(hash, privateKeyBytes);
+  const signature = bytesToHex(sig.toCompactRawBytes());
+  // Always generate POW and return object format
+  const powNonce = await solveProofOfWork(message, pow);
+  return { signature, pow: powNonce };
+}
+// --- Verify Signature ---
+export async function verify(message, signatureData, publicKeyHex, pow = 2) {
+  try {
+    // Enforce minimum POW of 1
+    if (pow < 1) {
+      pow = 1;
+    }
+    // Always expect object format { signature, pow }
+    const signatureHex = signatureData.signature;
+    const powNonce = signatureData.pow;
+    if (!signatureHex || powNonce === undefined || powNonce === null) {
+      return false;
+    }
+    // Verify POW
+    const powValid = await verifyProofOfWork(message, powNonce, pow);
+    if (!powValid) {
+      return false;
+    }
+    // Verify signature
+    const hash = await sha256(message);
+    const signatureBytes = hexToBytes(signatureHex);
+    const publicKeyBytes = hexToBytes(publicKeyHex);
+    return secp.verify(signatureBytes, hash, publicKeyBytes);
+  } catch {
+    return false;
+  }
+}
+// --- Auth Header Helper ---
+export async function createAuth(privateKeyHex, pow = 2) {
+  // Enforce minimum POW of 1
+  if (pow < 1) {
+    pow = 1;
+  }
+  const publicKeyHex = getPublicKey(privateKeyHex);
+  const timestamp = Date.now();
+  const nonceBytes = await randomBytes(16);
+  const nonce = bytesToHex(nonceBytes);
+  const message = `${timestamp}:${nonce}`;
+  const signatureData = await sign(message, privateKeyHex, pow);
+  const authPayload = {
+    publickey: publicKeyHex,
+    signature: signatureData.signature,
+    pow: signatureData.pow,
+    message,
+    timestamp,
+    nonce
+  };
+  return base64Encode(authPayload);
+}
+// --- Verify Auth Token ---
+export async function verifyAuth(token, pow = 2) {
+  try {
+    // Enforce minimum POW of 1
+    if (pow < 1) {
+      pow = 1;
+    }
+    // Decode token
+    const authData = base64Decode(token);
+    const publicKeyHex = authData.publickey;
+    const { signature, message, pow: powNonce } = authData;
+    if (!publicKeyHex || !signature || !message || powNonce === undefined || powNonce === null) {
+      return null;
+    }
+    // Extract timestamp from message
+    const timestamp = Number(message.split(':')[0]);
+    // Check timestamp is within 1 minute
+    const maxAgeMs = 1 * 60 * 1000; // Hardcoded to 1 minute
+    const now = Date.now();
+    if (isNaN(timestamp) || Math.abs(now - timestamp) > maxAgeMs) {
+      return null;
+    }
+    // Verify signature and POW
+    const signatureData = { signature, pow: powNonce };
+    const isValid = await verify(message, signatureData, publicKeyHex, pow);
+    if (!isValid) {
+      return null;
+    }
+    return publicKeyHex;
+  } catch {
+    return null;
+  }
+}

package/package.json ADDED Viewed

@@ -0,0 +1,50 @@
+{
+  "name": "daku",
+  "version": "0.0.1",
+  "description": "Leave no trace. Just authenticate.",
+  "homepage": "https://github.com/besoeasy/daku#readme",
+  "keywords": [
+    "authentication",
+    "anonymous",
+    "privacy",
+    "passwordless",
+    "no-email",
+    "cryptographic",
+    "signature",
+    "secp256k1",
+    "proof-of-work",
+    "pow",
+    "spam-protection",
+    "login",
+    "auth",
+    "crypto",
+    "keypair",
+    "bitcoin",
+    "ethereum",
+    "web3",
+    "zero-knowledge",
+    "gdpr",
+    "no-pii",
+    "anonymous-auth",
+    "private-auth",
+    "ghost"
+  ],
+  "bugs": {
+    "url": "https://github.com/besoeasy/daku/issues"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/besoeasy/daku.git"
+  },
+  "dependencies": {
+    "@noble/hashes": "^1.8.0",
+    "@noble/secp256k1": "^2.3.0"
+  },
+  "license": "ISC",
+  "author": "besoeasy",
+  "type": "module",
+  "main": "index.js",
+  "scripts": {
+    "test": "node test.js"
+  }
+}