dbsc-toolkit 1.0.1 → 1.1.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +56 -0
- package/dist/express/index.d.ts +2 -1
- package/dist/express/index.d.ts.map +1 -1
- package/dist/express/index.js +3 -2
- package/dist/express/index.js.map +1 -1
- package/dist/fastify/index.d.ts +2 -1
- package/dist/fastify/index.d.ts.map +1 -1
- package/dist/fastify/index.js +38 -8
- package/dist/fastify/index.js.map +1 -1
- package/dist/hono/index.d.ts +2 -1
- package/dist/hono/index.d.ts.map +1 -1
- package/dist/hono/index.js +37 -8
- package/dist/hono/index.js.map +1 -1
- package/dist/nextjs/index.d.ts +2 -1
- package/dist/nextjs/index.d.ts.map +1 -1
- package/dist/nextjs/index.js +41 -7
- package/dist/nextjs/index.js.map +1 -1
- package/package.json +37 -23
package/README.md
CHANGED
|
@@ -84,6 +84,62 @@ Tree-shaking eliminates anything you don't import.
|
|
|
84
84
|
|
|
85
85
|
`tier` on `res.locals.dbsc` reads `"dbsc"` once registration completes.
|
|
86
86
|
|
|
87
|
+
## Using the tier to actually defend
|
|
88
|
+
|
|
89
|
+
Setting up the middleware does not protect anything on its own. The library does the negotiation and gives you a tier; **enforcing it is your responsibility**. The pattern:
|
|
90
|
+
|
|
91
|
+
```ts
|
|
92
|
+
app.get("/payment", (req, res) => {
|
|
93
|
+
if (res.locals.dbsc.tier !== "dbsc") {
|
|
94
|
+
return res.status(403).json({ error: "hardware-bound session required" });
|
|
95
|
+
}
|
|
96
|
+
// safe to process payment
|
|
97
|
+
});
|
|
98
|
+
```
|
|
99
|
+
|
|
100
|
+
If you skip the tier check, a stolen cookie still works. The cookie reaches your server, the session record exists, your code happily proceeds — DBSC bought you nothing. The whole point is the demotion: when a cookie is replayed without the TPM proof, tier drops to `"none"` (or stays at the lower fallback tier) and your gate refuses the request.
|
|
101
|
+
|
|
102
|
+
Suggested handling per tier in a real application:
|
|
103
|
+
|
|
104
|
+
- `tier === "dbsc"`: full access. Payments, account changes, anything sensitive.
|
|
105
|
+
- `tier === "webauthn"`: most access. Hardware-bound via platform authenticator.
|
|
106
|
+
- `tier === "hmac"`: read-only or low-risk actions. The binding is best-effort.
|
|
107
|
+
- `tier === "none"`: treat as unauthenticated. Force re-login, revoke the session, log a `session_stolen` candidate, depending on context.
|
|
108
|
+
|
|
109
|
+
Putting this in a single middleware keeps it consistent:
|
|
110
|
+
|
|
111
|
+
```ts
|
|
112
|
+
function requireDbsc(req, res, next) {
|
|
113
|
+
if (res.locals.dbsc.tier !== "dbsc") {
|
|
114
|
+
return res.status(401).json({ error: "re-authenticate" });
|
|
115
|
+
}
|
|
116
|
+
next();
|
|
117
|
+
}
|
|
118
|
+
|
|
119
|
+
app.post("/payment", requireDbsc, handler);
|
|
120
|
+
app.post("/account/email", requireDbsc, handler);
|
|
121
|
+
```
|
|
122
|
+
|
|
123
|
+
See [docs/security/best-practices.md](./docs/security/best-practices.md) for the full tier-policy guidance.
|
|
124
|
+
|
|
125
|
+
## Pairing with your existing app session
|
|
126
|
+
|
|
127
|
+
By default the middleware reads the session id from the bound `__Host-dbsc-session` cookie. That cookie is short-lived and Chrome-managed, so it disappears between refresh cycles and during failures. If your application has its own session cookie (it almost certainly does — DBSC is a binding layer, not an authentication system), pass a resolver so the middleware can look up the right DBSC session from your auth state:
|
|
128
|
+
|
|
129
|
+
```ts
|
|
130
|
+
app.use(dbsc({
|
|
131
|
+
storage,
|
|
132
|
+
resolveSessionId: (req) => {
|
|
133
|
+
const appSession = getMyAppSession(req); // your existing auth lookup
|
|
134
|
+
return appSession?.dbscSessionId ?? null;
|
|
135
|
+
},
|
|
136
|
+
}));
|
|
137
|
+
```
|
|
138
|
+
|
|
139
|
+
This is the recommended setup. Authentication identity lives in your app's session cookie. DBSC tier negotiation lives in the bound cookie. The two are intentionally separate so an attacker who steals one cookie still cannot reach the privileged tier.
|
|
140
|
+
|
|
141
|
+
The resolver is supported on the Express, Fastify, Hono, and Next.js adapters with the same signature (the `req` / `c` argument is whatever the framework normally passes to a route handler).
|
|
142
|
+
|
|
87
143
|
## Local testing
|
|
88
144
|
|
|
89
145
|
You need HTTPS — `__Host-` cookies require it and Chrome rejects DBSC on plain HTTP. Two options:
|
package/dist/express/index.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import type { RequestHandler } from "express";
|
|
1
|
+
import type { Request, RequestHandler } from "express";
|
|
2
2
|
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
3
3
|
export interface DbscExpressOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
|
+
resolveSessionId?: (req: Request) => string | null | Promise<string | null>;
|
|
5
6
|
}
|
|
6
7
|
export interface DbscLocals {
|
|
7
8
|
sessionId: string | null;
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAA0B,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,EAgBL,KAAK,WAAW,EAEhB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAW1B,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC7E;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AAED,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,IAAI,EAAE,UAAU,CAAC;SAClB;KACF;CACF;AAsBD,wBAAgB,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAsO7D"}
|
package/dist/express/index.js
CHANGED
|
@@ -27,7 +27,7 @@ function serializeCookie(name, value, opts) {
|
|
|
27
27
|
return parts.join("; ");
|
|
28
28
|
}
|
|
29
29
|
export function dbsc(opts) {
|
|
30
|
-
const { storage, fallback = "webauthn", registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL, registrationCookieTtl = DEFAULT_REG_TTL, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
|
|
30
|
+
const { storage, fallback = "webauthn", registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL, registrationCookieTtl = DEFAULT_REG_TTL, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, resolveSessionId, } = opts;
|
|
31
31
|
const hmacSecret = nodeRandomBytes(32);
|
|
32
32
|
const COOKIES = cookieNames(secure);
|
|
33
33
|
async function handleRegistrationRoute(req, res) {
|
|
@@ -187,7 +187,8 @@ export function dbsc(opts) {
|
|
|
187
187
|
await handleRefreshRoute(req, res);
|
|
188
188
|
return;
|
|
189
189
|
}
|
|
190
|
-
const
|
|
190
|
+
const resolvedId = resolveSessionId ? await resolveSessionId(req) : null;
|
|
191
|
+
const sessionId = resolvedId ?? req.cookies?.[COOKIES.bound];
|
|
191
192
|
res.locals.dbsc = {
|
|
192
193
|
sessionId: sessionId ?? null,
|
|
193
194
|
tier: "none",
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAsB5C,SAAS,UAAU,CAAC,KAAa,EAAE,MAAe;IAChD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,KAAK,GAAG,IAAI;QACpB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,IAAmC;IACvF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAwB;IAC3C,MAAM,EACJ,OAAO,EACP,QAAQ,GAAG,UAAU,EACrB,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,EAClC,qBAAqB,GAAG,eAAe,EACvC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,EACb,gBAAgB,GACjB,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAuB,CAAC;QACnE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAE3E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI;oBAChB,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;eACnF,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAC3E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAG,GAA6B,CAAC,IAAI;oBAC3C,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC3D,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACtD,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,MAAM,SAAS,GAAG,UAAU,IAAK,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAErF,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG;YAChB,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;oBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;YACD,YAAY,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC3D,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/fastify/index.d.ts
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import type { FastifyPluginAsync } from "fastify";
|
|
1
|
+
import type { FastifyPluginAsync, FastifyRequest } from "fastify";
|
|
2
2
|
import "@fastify/cookie";
|
|
3
3
|
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
4
4
|
declare module "fastify" {
|
|
@@ -12,6 +12,7 @@ declare module "fastify" {
|
|
|
12
12
|
}
|
|
13
13
|
export interface DbscFastifyOptions extends DbscOptions {
|
|
14
14
|
secure?: boolean;
|
|
15
|
+
resolveSessionId?: (req: FastifyRequest) => string | null | Promise<string | null>;
|
|
15
16
|
}
|
|
16
17
|
export declare const dbsc: FastifyPluginAsync<DbscFastifyOptions>;
|
|
17
18
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAE,cAAc,EAAgB,MAAM,SAAS,CAAC;AAEhF,OAAO,iBAAiB,CAAC;AACzB,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,EAAE;YACJ,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;YACzB,IAAI,EAAE,cAAc,CAAC;YACrB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;SACzB,CAAC;KACH;CACF;AAQD,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,cAAc,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACpF;AAqKD,eAAO,MAAM,IAAI,wCAA2D,CAAC"}
|
package/dist/fastify/index.js
CHANGED
|
@@ -6,7 +6,7 @@ const REGISTRATION_COOKIE = "__Host-dbsc-reg";
|
|
|
6
6
|
const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
|
|
7
7
|
const DEFAULT_BOUND_TTL = 10 * 60;
|
|
8
8
|
const dbscPlugin = async (fastify, opts) => {
|
|
9
|
-
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
|
|
9
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, resolveSessionId, } = opts;
|
|
10
10
|
const cookieOpts = {
|
|
11
11
|
httpOnly: true,
|
|
12
12
|
secure,
|
|
@@ -15,7 +15,8 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
15
15
|
};
|
|
16
16
|
fastify.decorateRequest("dbsc", null);
|
|
17
17
|
fastify.addHook("onRequest", async (req, reply) => {
|
|
18
|
-
const
|
|
18
|
+
const resolvedId = resolveSessionId ? await resolveSessionId(req) : null;
|
|
19
|
+
const sessionId = resolvedId ?? req.cookies?.[BOUND_COOKIE] ?? null;
|
|
19
20
|
req.dbsc = {
|
|
20
21
|
sessionId,
|
|
21
22
|
tier: "none",
|
|
@@ -60,7 +61,18 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
60
61
|
maxAge: boundCookieTtl / 1000,
|
|
61
62
|
});
|
|
62
63
|
reply.clearCookie(CHALLENGE_COOKIE, cookieOpts);
|
|
63
|
-
return reply.status(
|
|
64
|
+
return reply.status(200).send({
|
|
65
|
+
session_identifier: sessionId,
|
|
66
|
+
refresh_url: refreshPath,
|
|
67
|
+
scope: { include_site: true },
|
|
68
|
+
credentials: [
|
|
69
|
+
{
|
|
70
|
+
type: "cookie",
|
|
71
|
+
name: BOUND_COOKIE,
|
|
72
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
73
|
+
},
|
|
74
|
+
],
|
|
75
|
+
});
|
|
64
76
|
}
|
|
65
77
|
catch (err) {
|
|
66
78
|
await rateLimiter.recordFailure(ip, sessionId);
|
|
@@ -72,9 +84,11 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
72
84
|
});
|
|
73
85
|
fastify.post(refreshPath, async (req, reply) => {
|
|
74
86
|
const ip = req.ip;
|
|
75
|
-
const
|
|
87
|
+
const sessionIdHeader = req.headers["sec-secure-session-id"];
|
|
88
|
+
const sessionId = (Array.isArray(sessionIdHeader) ? sessionIdHeader[0] : sessionIdHeader) ??
|
|
89
|
+
req.cookies?.[BOUND_COOKIE];
|
|
76
90
|
if (!sessionId)
|
|
77
|
-
return reply.status(
|
|
91
|
+
return reply.status(403).send();
|
|
78
92
|
const allowed = await rateLimiter.checkRefresh(ip, sessionId);
|
|
79
93
|
if (!allowed)
|
|
80
94
|
return reply.status(429).send({ error: "rate limited" });
|
|
@@ -87,8 +101,13 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
87
101
|
return reply.status(403).send();
|
|
88
102
|
}
|
|
89
103
|
const expectedJti = req.cookies?.[CHALLENGE_COOKIE];
|
|
90
|
-
if (!expectedJti)
|
|
91
|
-
|
|
104
|
+
if (!expectedJti) {
|
|
105
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
106
|
+
reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
107
|
+
reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
108
|
+
reply.setCookie(CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
109
|
+
return reply.status(403).send();
|
|
110
|
+
}
|
|
92
111
|
try {
|
|
93
112
|
await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
|
|
94
113
|
emit(onEvent, {
|
|
@@ -100,7 +119,18 @@ const dbscPlugin = async (fastify, opts) => {
|
|
|
100
119
|
});
|
|
101
120
|
reply.setCookie(BOUND_COOKIE, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
|
|
102
121
|
reply.clearCookie(CHALLENGE_COOKIE, cookieOpts);
|
|
103
|
-
return reply.status(
|
|
122
|
+
return reply.status(200).send({
|
|
123
|
+
session_identifier: sessionId,
|
|
124
|
+
refresh_url: refreshPath,
|
|
125
|
+
scope: { include_site: true },
|
|
126
|
+
credentials: [
|
|
127
|
+
{
|
|
128
|
+
type: "cookie",
|
|
129
|
+
name: BOUND_COOKIE,
|
|
130
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
131
|
+
},
|
|
132
|
+
],
|
|
133
|
+
});
|
|
104
134
|
}
|
|
105
135
|
catch (err) {
|
|
106
136
|
await rateLimiter.recordFailure(ip, sessionId);
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAOlC,MAAM,UAAU,GAA2C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,EACb,gBAAgB,GACjB,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,CAAC,eAAe,CAAgC,MAAM,EAAE,IAAI,CAAC,CAAC;IAErE,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC9E,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACzE,MAAM,SAAS,GAAG,UAAU,IAAI,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC;QAEpE,GAAG,CAAC,IAAI,GAAG;YACT,SAAS;YACT,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO;gBAAE,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC5C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAChF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAEpD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE;gBACvC,GAAG,UAAU;gBACb,MAAM,EAAE,cAAc,GAAG,IAAI;aAC9B,CAAC,CAAC;YACH,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,YAAY;wBAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GACb,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;YACvE,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;QAE9B,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAEhD,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACpE,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC3E,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACpE,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC3E,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;YAC3F,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBAC5B,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,YAAY;wBAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC"}
|
package/dist/hono/index.d.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
|
-
import type { MiddlewareHandler } from "hono";
|
|
1
|
+
import type { Context, MiddlewareHandler } from "hono";
|
|
2
2
|
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
3
3
|
export interface DbscHonoOptions extends DbscOptions {
|
|
4
4
|
secure?: boolean;
|
|
5
|
+
resolveSessionId?: (c: Context) => string | null | Promise<string | null>;
|
|
5
6
|
}
|
|
6
7
|
declare module "hono" {
|
|
7
8
|
interface ContextVariableMap {
|
package/dist/hono/index.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,OAAO,EAAE,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,CAAC,CAAC,EAAE,OAAO,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CAC3E;AAED,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,QAAQ,EAAE,cAAc,CAAC;KAC1B;CACF;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,iBAAiB,CAgK7D"}
|
package/dist/hono/index.js
CHANGED
|
@@ -5,7 +5,7 @@ const REGISTRATION_COOKIE = "__Host-dbsc-reg";
|
|
|
5
5
|
const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
|
|
6
6
|
const DEFAULT_BOUND_TTL = 10 * 60;
|
|
7
7
|
export function dbsc(opts) {
|
|
8
|
-
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
|
|
8
|
+
const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, resolveSessionId, } = opts;
|
|
9
9
|
const cookieOpts = {
|
|
10
10
|
httpOnly: true,
|
|
11
11
|
secure,
|
|
@@ -44,7 +44,18 @@ export function dbsc(opts) {
|
|
|
44
44
|
maxAge: boundCookieTtl / 1000,
|
|
45
45
|
});
|
|
46
46
|
deleteCookie(c, CHALLENGE_COOKIE);
|
|
47
|
-
return c.
|
|
47
|
+
return c.json({
|
|
48
|
+
session_identifier: sessionId,
|
|
49
|
+
refresh_url: refreshPath,
|
|
50
|
+
scope: { include_site: true },
|
|
51
|
+
credentials: [
|
|
52
|
+
{
|
|
53
|
+
type: "cookie",
|
|
54
|
+
name: BOUND_COOKIE,
|
|
55
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
}, 200);
|
|
48
59
|
}
|
|
49
60
|
catch (err) {
|
|
50
61
|
await rateLimiter.recordFailure(ip, sessionId);
|
|
@@ -55,9 +66,10 @@ export function dbsc(opts) {
|
|
|
55
66
|
}
|
|
56
67
|
}
|
|
57
68
|
if (c.req.method === "POST" && url.pathname === refreshPath) {
|
|
58
|
-
const
|
|
69
|
+
const sessionIdHeader = c.req.header("sec-secure-session-id");
|
|
70
|
+
const sessionId = sessionIdHeader ?? getCookie(c, BOUND_COOKIE);
|
|
59
71
|
if (!sessionId)
|
|
60
|
-
return c.
|
|
72
|
+
return c.body(null, 403);
|
|
61
73
|
const allowed = await rateLimiter.checkRefresh(ip, sessionId);
|
|
62
74
|
if (!allowed)
|
|
63
75
|
return c.json({ error: "rate limited" }, 429);
|
|
@@ -70,8 +82,13 @@ export function dbsc(opts) {
|
|
|
70
82
|
return c.body(null, 403);
|
|
71
83
|
}
|
|
72
84
|
const expectedJti = getCookie(c, CHALLENGE_COOKIE);
|
|
73
|
-
if (!expectedJti)
|
|
74
|
-
|
|
85
|
+
if (!expectedJti) {
|
|
86
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
87
|
+
c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
88
|
+
c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
89
|
+
setCookie(c, CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
|
|
90
|
+
return c.body(null, 403);
|
|
91
|
+
}
|
|
75
92
|
try {
|
|
76
93
|
await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
|
|
77
94
|
emit(onEvent, {
|
|
@@ -83,7 +100,18 @@ export function dbsc(opts) {
|
|
|
83
100
|
});
|
|
84
101
|
setCookie(c, BOUND_COOKIE, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
|
|
85
102
|
deleteCookie(c, CHALLENGE_COOKIE);
|
|
86
|
-
return c.
|
|
103
|
+
return c.json({
|
|
104
|
+
session_identifier: sessionId,
|
|
105
|
+
refresh_url: refreshPath,
|
|
106
|
+
scope: { include_site: true },
|
|
107
|
+
credentials: [
|
|
108
|
+
{
|
|
109
|
+
type: "cookie",
|
|
110
|
+
name: BOUND_COOKIE,
|
|
111
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
112
|
+
},
|
|
113
|
+
],
|
|
114
|
+
}, 200);
|
|
87
115
|
}
|
|
88
116
|
catch (err) {
|
|
89
117
|
await rateLimiter.recordFailure(ip, sessionId);
|
|
@@ -93,7 +121,8 @@ export function dbsc(opts) {
|
|
|
93
121
|
throw err;
|
|
94
122
|
}
|
|
95
123
|
}
|
|
96
|
-
const
|
|
124
|
+
const resolvedId = resolveSessionId ? await resolveSessionId(c) : null;
|
|
125
|
+
const sessionId = resolvedId ?? getCookie(c, BOUND_COOKIE) ?? null;
|
|
97
126
|
c.set("dbscSessionId", sessionId);
|
|
98
127
|
c.set("dbscTier", "none");
|
|
99
128
|
if (sessionId) {
|
package/dist/hono/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EAEpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EAEpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAclC,MAAM,UAAU,IAAI,CAAC,IAAqB;IACxC,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,EACb,gBAAgB,GACjB,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAExD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YACjE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;YACpD,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YAEnD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;gBAChG,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EAAE,OAAO;oBACjC,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;oBACpC,GAAG,UAAU;oBACb,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;oBAC7B,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;yBACnG;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC5D,MAAM,eAAe,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,uBAAuB,CAAC,CAAC;YAC9D,MAAM,SAAS,GAAG,eAAe,IAAI,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;YAEhE,IAAI,CAAC,SAAS;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAEzC,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEvG,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,SAAS,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YACnD,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,SAAS,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;gBACxF,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CACX;oBACE,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;oBAC7B,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;yBACnG;qBACF;iBACF,EACD,GAAG,CACJ,CAAC;YACJ,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;QACvE,MAAM,SAAS,GAAG,UAAU,IAAI,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC;QACnE,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAE1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO;gBAAE,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}
|
package/dist/nextjs/index.d.ts
CHANGED
|
@@ -3,11 +3,12 @@ import { NextResponse } from "next/server.js";
|
|
|
3
3
|
import { type DbscOptions, type ProtectionTier } from "../core/index.js";
|
|
4
4
|
export interface DbscNextOptions extends DbscOptions {
|
|
5
5
|
secure?: boolean;
|
|
6
|
+
resolveSessionId?: (req: NextRequest) => string | null | Promise<string | null>;
|
|
6
7
|
}
|
|
7
8
|
export declare function createDbscMiddleware(opts: DbscNextOptions): (req: NextRequest) => Promise<NextResponse>;
|
|
8
9
|
export interface DbscSessionInfo {
|
|
9
10
|
sessionId: string | null;
|
|
10
11
|
tier: ProtectionTier;
|
|
11
12
|
}
|
|
12
|
-
export declare function getDbscSession(req: NextRequest, storage: DbscOptions["storage"]): Promise<DbscSessionInfo>;
|
|
13
|
+
export declare function getDbscSession(req: NextRequest, storage: DbscOptions["storage"], resolveSessionId?: (req: NextRequest) => string | null | Promise<string | null>): Promise<DbscSessionInfo>;
|
|
13
14
|
//# sourceMappingURL=index.d.ts.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAS1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AACA,OAAO,KAAK,EAAE,WAAW,EAAE,MAAM,gBAAgB,CAAC;AAClD,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAS1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;IACjB,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,WAAW,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,CAAC;CACjF;AAWD,wBAAgB,oBAAoB,CAAC,IAAI,EAAE,eAAe,IAYvB,KAAK,WAAW,KAAG,OAAO,CAAC,YAAY,CAAC,CAsJ1E;AAED,MAAM,WAAW,eAAe;IAC9B,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;CACtB;AAED,wBAAsB,cAAc,CAClC,GAAG,EAAE,WAAW,EAChB,OAAO,EAAE,WAAW,CAAC,SAAS,CAAC,EAC/B,gBAAgB,CAAC,EAAE,CAAC,GAAG,EAAE,WAAW,KAAK,MAAM,GAAG,IAAI,GAAG,OAAO,CAAC,MAAM,GAAG,IAAI,CAAC,GAC9E,OAAO,CAAC,eAAe,CAAC,CAS1B"}
|
package/dist/nextjs/index.js
CHANGED
|
@@ -44,7 +44,19 @@ export function createDbscMiddleware(opts) {
|
|
|
44
44
|
algorithm: "ES256",
|
|
45
45
|
ip,
|
|
46
46
|
});
|
|
47
|
-
const
|
|
47
|
+
const body = {
|
|
48
|
+
session_identifier: sessionId,
|
|
49
|
+
refresh_url: refreshPath,
|
|
50
|
+
scope: { include_site: true },
|
|
51
|
+
credentials: [
|
|
52
|
+
{
|
|
53
|
+
type: "cookie",
|
|
54
|
+
name: BOUND_COOKIE,
|
|
55
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
56
|
+
},
|
|
57
|
+
],
|
|
58
|
+
};
|
|
59
|
+
const res = NextResponse.json(body, { status: 200 });
|
|
48
60
|
res.cookies.set(BOUND_COOKIE, sessionId, {
|
|
49
61
|
...cookieBase(secure),
|
|
50
62
|
maxAge: boundCookieTtl / 1000,
|
|
@@ -61,9 +73,10 @@ export function createDbscMiddleware(opts) {
|
|
|
61
73
|
}
|
|
62
74
|
}
|
|
63
75
|
if (req.method === "POST" && url === refreshPath) {
|
|
64
|
-
const
|
|
76
|
+
const sessionIdHeader = req.headers.get("sec-secure-session-id");
|
|
77
|
+
const sessionId = sessionIdHeader ?? req.cookies.get(BOUND_COOKIE)?.value;
|
|
65
78
|
if (!sessionId) {
|
|
66
|
-
return NextResponse
|
|
79
|
+
return new NextResponse(null, { status: 403 });
|
|
67
80
|
}
|
|
68
81
|
const allowed = await rateLimiter.checkRefresh(ip, sessionId);
|
|
69
82
|
if (!allowed) {
|
|
@@ -84,7 +97,15 @@ export function createDbscMiddleware(opts) {
|
|
|
84
97
|
}
|
|
85
98
|
const expectedJti = req.cookies.get(CHALLENGE_COOKIE)?.value;
|
|
86
99
|
if (!expectedJti) {
|
|
87
|
-
|
|
100
|
+
const challenge = await issueChallenge(sessionId, storage);
|
|
101
|
+
const res = new NextResponse(null, { status: 403 });
|
|
102
|
+
res.headers.set(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
103
|
+
res.headers.set(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
|
|
104
|
+
res.cookies.set(CHALLENGE_COOKIE, challenge.jti, {
|
|
105
|
+
...cookieBase(secure),
|
|
106
|
+
maxAge: 5 * 60,
|
|
107
|
+
});
|
|
108
|
+
return res;
|
|
88
109
|
}
|
|
89
110
|
try {
|
|
90
111
|
await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
|
|
@@ -95,7 +116,19 @@ export function createDbscMiddleware(opts) {
|
|
|
95
116
|
timestamp: Date.now(),
|
|
96
117
|
ip,
|
|
97
118
|
});
|
|
98
|
-
const
|
|
119
|
+
const body = {
|
|
120
|
+
session_identifier: sessionId,
|
|
121
|
+
refresh_url: refreshPath,
|
|
122
|
+
scope: { include_site: true },
|
|
123
|
+
credentials: [
|
|
124
|
+
{
|
|
125
|
+
type: "cookie",
|
|
126
|
+
name: BOUND_COOKIE,
|
|
127
|
+
attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
|
|
128
|
+
},
|
|
129
|
+
],
|
|
130
|
+
};
|
|
131
|
+
const res = NextResponse.json(body, { status: 200 });
|
|
99
132
|
res.cookies.set(BOUND_COOKIE, sessionId, {
|
|
100
133
|
...cookieBase(secure),
|
|
101
134
|
maxAge: boundCookieTtl / 1000,
|
|
@@ -114,8 +147,9 @@ export function createDbscMiddleware(opts) {
|
|
|
114
147
|
return NextResponse.next();
|
|
115
148
|
};
|
|
116
149
|
}
|
|
117
|
-
export async function getDbscSession(req, storage) {
|
|
118
|
-
const
|
|
150
|
+
export async function getDbscSession(req, storage, resolveSessionId) {
|
|
151
|
+
const resolvedId = resolveSessionId ? await resolveSessionId(req) : null;
|
|
152
|
+
const sessionId = resolvedId ?? req.cookies.get(BOUND_COOKIE)?.value ?? null;
|
|
119
153
|
if (!sessionId)
|
|
120
154
|
return { sessionId: null, tier: "none" };
|
|
121
155
|
const session = await storage.getSession(sessionId);
|
package/dist/nextjs/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/nextjs/index.ts"],"names":[],"mappings":"AAEA,OAAO,EAAE,YAAY,EAAE,MAAM,gBAAgB,CAAC;AAC9C,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAClC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,CAAC;AAOrC,SAAS,UAAU,CAAC,MAAe;IACjC,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,MAAM,UAAU,oBAAoB,CAAC,IAAqB;IACxD,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,qBAAqB,GAAG,eAAe,GAAG,IAAI,EAC9C,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,OAAO,KAAK,UAAU,UAAU,CAAC,GAAgB;QAC/C,MAAM,GAAG,GAAG,GAAG,CAAC,OAAO,CAAC,QAAQ,CAAC;QACjC,MAAM,EAAE,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAE3D,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,gBAAgB,EAAE,CAAC;YACtD,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,mBAAmB,CAAC,EAAE,KAAK,CAAC;YAC9D,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC;YAE7D,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YAC9F,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EACtB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;wBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC;wBACvC,SAAS;oBACX,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;oBAC7B,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;yBACnG;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE;oBACvC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACrC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,KAAK,WAAW,EAAE,CAAC;YACjD,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,CAAC,CAAC;YACjE,MAAM,SAAS,GAAG,eAAe,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,CAAC;YAE1E,IAAI,CAAC,SAAS,EAAE,CAAC;gBACf,OAAO,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACjD,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;gBACb,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,cAAc,GAClB,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,yBAAyB,CAAC;gBAC1C,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,sBAAsB,CAAC,CAAC;YAE1C,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9E,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE;oBAC/C,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,CAAC,EAAE,KAAK,CAAC;YAC7D,IAAI,CAAC,WAAW,EAAE,CAAC;gBACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,MAAM,GAAG,GAAG,IAAI,YAAY,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAC9E,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE;oBAC/C,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,CAAC,GAAG,EAAE;iBACf,CAAC,CAAC;gBACH,OAAO,GAAG,CAAC;YACb,CAAC;YAED,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,MAAM,IAAI,GAAG;oBACX,kBAAkB,EAAE,SAAS;oBAC7B,WAAW,EAAE,WAAW;oBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;oBAC7B,WAAW,EAAE;wBACX;4BACE,IAAI,EAAE,QAAQ;4BACd,IAAI,EAAE,YAAY;4BAClB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;yBACnG;qBACF;iBACF,CAAC;gBACF,MAAM,GAAG,GAAG,YAAY,CAAC,IAAI,CAAC,IAAI,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACrD,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,EAAE,SAAS,EAAE;oBACvC,GAAG,UAAU,CAAC,MAAM,CAAC;oBACrB,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,GAAG,CAAC,OAAO,CAAC,MAAM,CAAC,gBAAgB,CAAC,CAAC;gBACrC,OAAO,GAAG,CAAC;YACb,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,YAAY,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,EAAE,MAAM,EAAE,GAAG,EAAE,CAAC,CAAC;gBACpE,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,OAAO,YAAY,CAAC,IAAI,EAAE,CAAC;IAC7B,CAAC,CAAC;AACJ,CAAC;AAOD,MAAM,CAAC,KAAK,UAAU,cAAc,CAClC,GAAgB,EAChB,OAA+B,EAC/B,gBAA+E;IAE/E,MAAM,UAAU,GAAG,gBAAgB,CAAC,CAAC,CAAC,MAAM,gBAAgB,CAAC,GAAG,CAAC,CAAC,CAAC,CAAC,IAAI,CAAC;IACzE,MAAM,SAAS,GAAG,UAAU,IAAI,GAAG,CAAC,OAAO,CAAC,GAAG,CAAC,YAAY,CAAC,EAAE,KAAK,IAAI,IAAI,CAAC;IAC7E,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAEzD,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;IACpD,IAAI,CAAC,OAAO;QAAE,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;IAEvD,OAAO,EAAE,SAAS,EAAE,IAAI,EAAE,OAAO,CAAC,IAAI,EAAE,CAAC;AAC3C,CAAC"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "dbsc-toolkit",
|
|
3
|
-
"version": "1.0
|
|
3
|
+
"version": "1.1.0",
|
|
4
4
|
"description": "Server-side Device Bound Session Credentials (DBSC) for Node.js. Verified against Chrome 147.",
|
|
5
5
|
"license": "Apache-2.0",
|
|
6
6
|
"type": "module",
|
|
@@ -56,42 +56,56 @@
|
|
|
56
56
|
"clean": "rimraf dist"
|
|
57
57
|
},
|
|
58
58
|
"dependencies": {
|
|
59
|
-
"@simplewebauthn/server": "^
|
|
60
|
-
"jose": "^
|
|
59
|
+
"@simplewebauthn/server": "^13.3.0",
|
|
60
|
+
"jose": "^6.2.3"
|
|
61
61
|
},
|
|
62
62
|
"peerDependencies": {
|
|
63
|
-
"
|
|
64
|
-
"
|
|
65
|
-
"
|
|
63
|
+
"@fastify/cookie": ">=11.0.0",
|
|
64
|
+
"express": ">=5.0.0",
|
|
65
|
+
"fastify": ">=5.0.0",
|
|
66
66
|
"hono": ">=4.0.0",
|
|
67
|
-
"next": ">=14.0.0",
|
|
68
67
|
"ioredis": ">=5.0.0",
|
|
68
|
+
"next": ">=15.0.0",
|
|
69
69
|
"pg": ">=8.0.0"
|
|
70
70
|
},
|
|
71
71
|
"peerDependenciesMeta": {
|
|
72
|
-
"express": {
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
"
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
"
|
|
72
|
+
"express": {
|
|
73
|
+
"optional": true
|
|
74
|
+
},
|
|
75
|
+
"fastify": {
|
|
76
|
+
"optional": true
|
|
77
|
+
},
|
|
78
|
+
"@fastify/cookie": {
|
|
79
|
+
"optional": true
|
|
80
|
+
},
|
|
81
|
+
"hono": {
|
|
82
|
+
"optional": true
|
|
83
|
+
},
|
|
84
|
+
"next": {
|
|
85
|
+
"optional": true
|
|
86
|
+
},
|
|
87
|
+
"ioredis": {
|
|
88
|
+
"optional": true
|
|
89
|
+
},
|
|
90
|
+
"pg": {
|
|
91
|
+
"optional": true
|
|
92
|
+
}
|
|
79
93
|
},
|
|
80
94
|
"devDependencies": {
|
|
81
|
-
"@fastify/cookie": "^
|
|
82
|
-
"@simplewebauthn/browser": "^
|
|
83
|
-
"@types/express": "^
|
|
95
|
+
"@fastify/cookie": "^11.0.2",
|
|
96
|
+
"@simplewebauthn/browser": "^13.3.0",
|
|
97
|
+
"@types/express": "^5.0.6",
|
|
84
98
|
"@types/node": "^20.0.0",
|
|
85
99
|
"@types/pg": "^8.0.0",
|
|
86
|
-
"express": "^
|
|
87
|
-
"fastify": "^
|
|
100
|
+
"express": "^5.2.1",
|
|
101
|
+
"fastify": "^5.8.5",
|
|
88
102
|
"hono": "^4.0.0",
|
|
89
103
|
"ioredis": "^5.3.0",
|
|
90
|
-
"next": "^
|
|
104
|
+
"next": "^16.2.6",
|
|
91
105
|
"pg": "^8.11.0",
|
|
92
|
-
"rimraf": "^
|
|
93
|
-
"typescript": "^
|
|
94
|
-
"vitest": "^1.6
|
|
106
|
+
"rimraf": "^6.1.3",
|
|
107
|
+
"typescript": "^6.0.3",
|
|
108
|
+
"vitest": "^4.1.6"
|
|
95
109
|
},
|
|
96
110
|
"keywords": [
|
|
97
111
|
"dbsc",
|