dbsc-toolkit 1.0.1

package/dist/core/types.d.ts

@@ -0,0 +1,92 @@
+export type ProtectionTier = "dbsc" | "webauthn" | "hmac" | "none";
+export interface BoundKey {
+    sessionId: string;
+    jwk: JsonWebKey;
+    createdAt: number;
+    algorithm: "ES256" | "RS256";
+}
+export interface Session {
+    id: string;
+    userId: string;
+    tier: ProtectionTier;
+    createdAt: number;
+    expiresAt: number;
+    lastRefreshAt: number;
+}
+export interface Challenge {
+    jti: string;
+    sessionId: string;
+    createdAt: number;
+    expiresAt: number;
+    consumed: boolean;
+}
+export interface RegistrationProof {
+    sessionId: string;
+    jwk: JsonWebKey;
+    algorithm: "ES256" | "RS256";
+    jti: string;
+}
+export interface RefreshProof {
+    sessionId: string;
+    jti: string;
+    verified: boolean;
+}
+export interface StorageAdapter {
+    getSession(id: string): Promise<Session | null>;
+    setSession(session: Session): Promise<void>;
+    deleteSession(id: string): Promise<void>;
+    getBoundKey(sessionId: string): Promise<BoundKey | null>;
+    setBoundKey(key: BoundKey): Promise<void>;
+    deleteBoundKey(sessionId: string): Promise<void>;
+    getChallenge(jti: string): Promise<Challenge | null>;
+    setChallenge(challenge: Challenge): Promise<void>;
+    consumeChallenge(jti: string): Promise<boolean>;
+    revokeSession(sessionId: string): Promise<void>;
+    revokeAllForUser(userId: string): Promise<void>;
+}
+export interface RateLimiter {
+    checkRegistration(ip: string): Promise<boolean>;
+    checkRefresh(ip: string, sessionId: string): Promise<boolean>;
+    recordFailure(ip: string, sessionId?: string): Promise<void>;
+}
+export interface TelemetryEvent {
+    sessionId: string;
+    tier: ProtectionTier;
+    timestamp: number;
+}
+export interface RegistrationEvent extends TelemetryEvent {
+    type: "registration";
+    algorithm: string;
+    ip: string;
+}
+export interface RefreshEvent extends TelemetryEvent {
+    type: "refresh";
+    ip: string;
+}
+export interface VerificationFailureEvent extends TelemetryEvent {
+    type: "verification_failure";
+    reason: string;
+    ip: string;
+}
+export interface SessionStolenEvent extends TelemetryEvent {
+    type: "session_stolen";
+    ip: string;
+}
+export interface FallbackTierEvent extends TelemetryEvent {
+    type: "fallback_tier";
+    from: ProtectionTier;
+    to: ProtectionTier;
+    reason: string;
+}
+export type AnyTelemetryEvent = RegistrationEvent | RefreshEvent | VerificationFailureEvent | SessionStolenEvent | FallbackTierEvent;
+export interface DbscOptions {
+    storage: StorageAdapter;
+    fallback?: "webauthn" | "hmac" | "none";
+    registrationPath?: string;
+    refreshPath?: string;
+    boundCookieTtl?: number;
+    registrationCookieTtl?: number;
+    rateLimiter?: RateLimiter;
+    onEvent?: (event: AnyTelemetryEvent) => void;
+}
+//# sourceMappingURL=types.d.ts.map

package/dist/core/types.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.d.ts","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":"AAAA,MAAM,MAAM,cAAc,GAAG,MAAM,GAAG,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;AAEnE,MAAM,WAAW,QAAQ;IACvB,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;CAC9B;AAED,MAAM,WAAW,OAAO;IACtB,EAAE,EAAE,MAAM,CAAC;IACX,MAAM,EAAE,MAAM,CAAC;IACf,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,aAAa,EAAE,MAAM,CAAC;CACvB;AAED,MAAM,WAAW,SAAS;IACxB,GAAG,EAAE,MAAM,CAAC;IACZ,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,iBAAiB;IAChC,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,UAAU,CAAC;IAChB,SAAS,EAAE,OAAO,GAAG,OAAO,CAAC;IAC7B,GAAG,EAAE,MAAM,CAAC;CACb;AAED,MAAM,WAAW,YAAY;IAC3B,SAAS,EAAE,MAAM,CAAC;IAClB,GAAG,EAAE,MAAM,CAAC;IACZ,QAAQ,EAAE,OAAO,CAAC;CACnB;AAED,MAAM,WAAW,cAAc;IAC7B,UAAU,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,GAAG,IAAI,CAAC,CAAC;IAChD,UAAU,CAAC,OAAO,EAAE,OAAO,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5C,aAAa,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEzC,WAAW,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,QAAQ,GAAG,IAAI,CAAC,CAAC;IACzD,WAAW,CAAC,GAAG,EAAE,QAAQ,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAC1C,cAAc,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAEjD,YAAY,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,SAAS,GAAG,IAAI,CAAC,CAAC;IACrD,YAAY,CAAC,SAAS,EAAE,SAAS,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAClD,gBAAgB,CAAC,GAAG,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAEhD,aAAa,CAAC,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;IAChD,gBAAgB,CAAC,MAAM,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CACjD;AAED,MAAM,WAAW,WAAW;IAC1B,iBAAiB,CAAC,EAAE,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAChD,YAAY,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,EAAE,MAAM,GAAG,OAAO,CAAC,OAAO,CAAC,CAAC;IAC9D,aAAa,CAAC,EAAE,EAAE,MAAM,EAAE,SAAS,CAAC,EAAE,MAAM,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC;CAC9D;AAED,MAAM,WAAW,cAAc;IAC7B,SAAS,EAAE,MAAM,CAAC;IAClB,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,cAAc,CAAC;IACrB,SAAS,EAAE,MAAM,CAAC;IAClB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,YAAa,SAAQ,cAAc;IAClD,IAAI,EAAE,SAAS,CAAC;IAChB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,wBAAyB,SAAQ,cAAc;IAC9D,IAAI,EAAE,sBAAsB,CAAC;IAC7B,MAAM,EAAE,MAAM,CAAC;IACf,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,kBAAmB,SAAQ,cAAc;IACxD,IAAI,EAAE,gBAAgB,CAAC;IACvB,EAAE,EAAE,MAAM,CAAC;CACZ;AAED,MAAM,WAAW,iBAAkB,SAAQ,cAAc;IACvD,IAAI,EAAE,eAAe,CAAC;IACtB,IAAI,EAAE,cAAc,CAAC;IACrB,EAAE,EAAE,cAAc,CAAC;IACnB,MAAM,EAAE,MAAM,CAAC;CAChB;AAED,MAAM,MAAM,iBAAiB,GACzB,iBAAiB,GACjB,YAAY,GACZ,wBAAwB,GACxB,kBAAkB,GAClB,iBAAiB,CAAC;AAEtB,MAAM,WAAW,WAAW;IAC1B,OAAO,EAAE,cAAc,CAAC;IACxB,QAAQ,CAAC,EAAE,UAAU,GAAG,MAAM,GAAG,MAAM,CAAC;IACxC,gBAAgB,CAAC,EAAE,MAAM,CAAC;IAC1B,WAAW,CAAC,EAAE,MAAM,CAAC;IACrB,cAAc,CAAC,EAAE,MAAM,CAAC;IACxB,qBAAqB,CAAC,EAAE,MAAM,CAAC;IAC/B,WAAW,CAAC,EAAE,WAAW,CAAC;IAC1B,OAAO,CAAC,EAAE,CAAC,KAAK,EAAE,iBAAiB,KAAK,IAAI,CAAC;CAC9C"}

package/dist/core/types.js

@@ -0,0 +1,2 @@
+export {};
+//# sourceMappingURL=types.js.map

package/dist/core/types.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"types.js","sourceRoot":"","sources":["../../src/core/types.ts"],"names":[],"mappings":""}

package/dist/express/index.d.ts

@@ -0,0 +1,20 @@
+import type { RequestHandler } from "express";
+import { type DbscOptions, type ProtectionTier } from "../core/index.js";
+export interface DbscExpressOptions extends DbscOptions {
+    secure?: boolean;
+}
+export interface DbscLocals {
+    sessionId: string | null;
+    tier: ProtectionTier;
+    revoke: () => Promise<void>;
+    requireBound: () => void;
+}
+declare global {
+    namespace Express {
+        interface Locals {
+            dbsc: DbscLocals;
+        }
+    }
+}
+export declare function dbsc(opts: DbscExpressOptions): RequestHandler;
+//# sourceMappingURL=index.d.ts.map

package/dist/express/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAmC,cAAc,EAAE,MAAM,SAAS,CAAC;AAE/E,OAAO,EAgBL,KAAK,WAAW,EAEhB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAW1B,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,MAAM,WAAW,UAAU;IACzB,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;IACzB,IAAI,EAAE,cAAc,CAAC;IACrB,MAAM,EAAE,MAAM,OAAO,CAAC,IAAI,CAAC,CAAC;IAC5B,YAAY,EAAE,MAAM,IAAI,CAAC;CAC1B;AAED,OAAO,CAAC,MAAM,CAAC;IACb,UAAU,OAAO,CAAC;QAChB,UAAU,MAAM;YACd,IAAI,EAAE,UAAU,CAAC;SAClB;KACF;CACF;AAsBD,wBAAgB,IAAI,CAAC,IAAI,EAAE,kBAAkB,GAAG,cAAc,CAoO7D"}

package/dist/express/index.js

@@ -0,0 +1,217 @@
+import { randomBytes as nodeRandomBytes } from "node:crypto";
+import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
+const cookieNames = (secure) => ({
+    bound: secure ? "__Host-dbsc-session" : "dbsc-session",
+    reg: secure ? "__Host-dbsc-reg" : "dbsc-reg",
+    challenge: secure ? "__Host-dbsc-challenge" : "dbsc-challenge",
+});
+const DEFAULT_BOUND_TTL = 10 * 60 * 1000;
+const DEFAULT_REG_TTL = 24 * 60 * 60 * 1000;
+function cookieOpts(ttlMs, secure) {
+    return {
+        httpOnly: true,
+        secure,
+        sameSite: "lax",
+        maxAge: ttlMs / 1000,
+        path: "/",
+    };
+}
+function serializeCookie(name, value, opts) {
+    const parts = [`${name}=${value}`];
+    parts.push("HttpOnly");
+    if (opts.secure)
+        parts.push("Secure");
+    parts.push(`SameSite=${opts.sameSite}`);
+    parts.push(`Max-Age=${opts.maxAge}`);
+    parts.push(`Path=${opts.path}`);
+    return parts.join("; ");
+}
+export function dbsc(opts) {
+    const { storage, fallback = "webauthn", registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL, registrationCookieTtl = DEFAULT_REG_TTL, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
+    const hmacSecret = nodeRandomBytes(32);
+    const COOKIES = cookieNames(secure);
+    async function handleRegistrationRoute(req, res) {
+        const ip = req.ip ?? "unknown";
+        const allowed = await rateLimiter.checkRegistration(ip);
+        if (!allowed) {
+            res.status(429).json({ error: "rate limited" });
+            return;
+        }
+        const sessionId = req.cookies?.[COOKIES.reg];
+        const expectedJti = req.cookies?.[COOKIES.challenge];
+        if (!sessionId || !expectedJti) {
+            res.status(400).json({ error: "missing session or challenge cookie" });
+            return;
+        }
+        try {
+            await handleRegistration({
+                sessionId,
+                secSessionResponseHeader: readSessionResponseHeader(req.headers),
+                expectedJti,
+            }, storage);
+            emit(onEvent, {
+                type: "registration",
+                sessionId,
+                tier: "dbsc",
+                timestamp: Date.now(),
+                algorithm: "ES256",
+                ip,
+            });
+            res.setHeader("Set-Cookie", [
+                serializeCookie(COOKIES.bound, sessionId, cookieOpts(boundCookieTtl, secure)),
+                serializeCookie(COOKIES.challenge, "", { ...cookieOpts(0, secure), maxAge: 0 }),
+            ]);
+            res.setHeader("Content-Type", "application/json");
+            res.status(200).json({
+                session_identifier: sessionId,
+                refresh_url: refreshPath,
+                scope: { include_site: true },
+                credentials: [
+                    {
+                        type: "cookie",
+                        name: COOKIES.bound,
+                        attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
+                    },
+                ],
+            });
+        }
+        catch (err) {
+            await rateLimiter.recordFailure(ip, sessionId);
+            if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                emit(onEvent, {
+                    type: "verification_failure",
+                    sessionId,
+                    tier: "dbsc",
+                    timestamp: Date.now(),
+                    reason: err.code,
+                    ip,
+                });
+                res.status(400).json({ error: err.message });
+                return;
+            }
+            throw err;
+        }
+    }
+    async function handleRefreshRoute(req, res) {
+        const ip = req.ip ?? "unknown";
+        const sessionIdHeader = req.headers["sec-secure-session-id"];
+        const sessionId = (Array.isArray(sessionIdHeader) ? sessionIdHeader[0] : sessionIdHeader)
+            ?? req.cookies?.[COOKIES.bound];
+        if (!sessionId) {
+            res.status(403).end();
+            return;
+        }
+        const allowed = await rateLimiter.checkRefresh(ip, sessionId);
+        if (!allowed) {
+            res.status(429).json({ error: "rate limited" });
+            return;
+        }
+        const responseHeader = readSessionResponseHeader(req.headers);
+        if (!responseHeader) {
+            const challenge = await issueChallenge(sessionId, storage);
+            res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            res.setHeader("Set-Cookie", serializeCookie(COOKIES.challenge, challenge.jti, cookieOpts(5 * 60 * 1000, secure)));
+            res.status(403).end();
+            return;
+        }
+        const expectedJti = req.cookies?.[COOKIES.challenge];
+        if (!expectedJti) {
+            const challenge = await issueChallenge(sessionId, storage);
+            res.setHeader(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            res.setHeader(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            res.setHeader("Set-Cookie", serializeCookie(COOKIES.challenge, challenge.jti, cookieOpts(5 * 60 * 1000, secure)));
+            res.status(403).end();
+            return;
+        }
+        try {
+            await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
+            emit(onEvent, {
+                type: "refresh",
+                sessionId,
+                tier: "dbsc",
+                timestamp: Date.now(),
+                ip,
+            });
+            res.setHeader("Set-Cookie", [
+                serializeCookie(COOKIES.bound, sessionId, cookieOpts(boundCookieTtl, secure)),
+                serializeCookie(COOKIES.challenge, "", { ...cookieOpts(0, secure), maxAge: 0 }),
+            ]);
+            res.setHeader("Content-Type", "application/json");
+            res.status(200).json({
+                session_identifier: sessionId,
+                refresh_url: refreshPath,
+                scope: { include_site: true },
+                credentials: [
+                    {
+                        type: "cookie",
+                        name: COOKIES.bound,
+                        attributes: `Path=/; Secure; HttpOnly; SameSite=Lax; Max-Age=${Math.floor(boundCookieTtl / 1000)}`,
+                    },
+                ],
+            });
+        }
+        catch (err) {
+            await rateLimiter.recordFailure(ip, sessionId);
+            const stolenCheck = await storage.getBoundKey(sessionId);
+            if (stolenCheck) {
+                emit(onEvent, {
+                    type: "session_stolen",
+                    sessionId,
+                    tier: "dbsc",
+                    timestamp: Date.now(),
+                    ip,
+                });
+            }
+            if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                emit(onEvent, {
+                    type: "verification_failure",
+                    sessionId,
+                    tier: "dbsc",
+                    timestamp: Date.now(),
+                    reason: err.code,
+                    ip,
+                });
+                res.status(401).json({ error: err.message });
+                return;
+            }
+            throw err;
+        }
+    }
+    return async (req, res, next) => {
+        if (req.method === "POST" && req.path === registrationPath) {
+            await handleRegistrationRoute(req, res);
+            return;
+        }
+        if (req.method === "POST" && req.path === refreshPath) {
+            await handleRefreshRoute(req, res);
+            return;
+        }
+        const sessionId = req.cookies?.[COOKIES.bound];
+        res.locals.dbsc = {
+            sessionId: sessionId ?? null,
+            tier: "none",
+            revoke: async () => {
+                if (sessionId)
+                    await storage.revokeSession(sessionId);
+                res.setHeader("Set-Cookie", [
+                    serializeCookie(COOKIES.bound, "", { ...cookieOpts(0, secure), maxAge: 0 }),
+                ]);
+            },
+            requireBound: () => {
+                if (!sessionId) {
+                    res.status(401).json({ error: "authentication required" });
+                    throw new Error("unauthenticated");
+                }
+            },
+        };
+        if (sessionId) {
+            const session = await storage.getSession(sessionId);
+            if (session) {
+                res.locals.dbsc.tier = session.tier;
+            }
+        }
+        next();
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/express/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/express/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,WAAW,IAAI,eAAe,EAAE,MAAM,aAAa,CAAC;AAC7D,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EAEd,oBAAoB,EACpB,yBAAyB,EAEzB,gBAAgB,EAEhB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAKtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,WAAW,GAAG,CAAC,MAAe,EAAE,EAAE,CAAC,CAAC;IACxC,KAAK,EAAE,MAAM,CAAC,CAAC,CAAC,qBAAqB,CAAC,CAAC,CAAC,cAAc;IACtD,GAAG,EAAE,MAAM,CAAC,CAAC,CAAC,iBAAiB,CAAC,CAAC,CAAC,UAAU;IAC5C,SAAS,EAAE,MAAM,CAAC,CAAC,CAAC,uBAAuB,CAAC,CAAC,CAAC,gBAAgB;CAC/D,CAAC,CAAC;AAEH,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AACzC,MAAM,eAAe,GAAG,EAAE,GAAG,EAAE,GAAG,EAAE,GAAG,IAAI,CAAC;AAqB5C,SAAS,UAAU,CAAC,KAAa,EAAE,MAAe;IAChD,OAAO;QACL,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,MAAM,EAAE,KAAK,GAAG,IAAI;QACpB,IAAI,EAAE,GAAG;KACV,CAAC;AACJ,CAAC;AAED,SAAS,eAAe,CAAC,IAAY,EAAE,KAAa,EAAE,IAAmC;IACvF,MAAM,KAAK,GAAG,CAAC,GAAG,IAAI,IAAI,KAAK,EAAE,CAAC,CAAC;IACnC,KAAK,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;IACvB,IAAI,IAAI,CAAC,MAAM;QAAE,KAAK,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IACtC,KAAK,CAAC,IAAI,CAAC,YAAY,IAAI,CAAC,QAAQ,EAAE,CAAC,CAAC;IACxC,KAAK,CAAC,IAAI,CAAC,WAAW,IAAI,CAAC,MAAM,EAAE,CAAC,CAAC;IACrC,KAAK,CAAC,IAAI,CAAC,QAAQ,IAAI,CAAC,IAAI,EAAE,CAAC,CAAC;IAChC,OAAO,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC;AAC1B,CAAC;AAED,MAAM,UAAU,IAAI,CAAC,IAAwB;IAC3C,MAAM,EACJ,OAAO,EACP,QAAQ,GAAG,UAAU,EACrB,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,EAClC,qBAAqB,GAAG,eAAe,EACvC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG,eAAe,CAAC,EAAE,CAAC,CAAC;IACvC,MAAM,OAAO,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAEpC,KAAK,UAAU,uBAAuB,CAAC,GAAY,EAAE,GAAa;QAChE,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,GAAG,CAAuB,CAAC;QACnE,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAE3E,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;YACvE,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAE,GAAG,CAAC,IAAI;oBAChB,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,KAAK,UAAU,kBAAkB,CAAC,GAAY,EAAE,GAAa;QAC3D,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,IAAI,SAAS,CAAC;QAC/B,MAAM,eAAe,GAAG,GAAG,CAAC,OAAO,CAAC,uBAAuB,CAAC,CAAC;QAC7D,MAAM,SAAS,GAAG,CAAC,KAAK,CAAC,OAAO,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC,CAAC,CAAC,CAAC,CAAC,CAAC,eAAe,CAAC;eACnF,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAwB,CAAC;QAE1D,IAAI,CAAC,SAAS,EAAE,CAAC;YACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO,EAAE,CAAC;YACb,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;YAChD,OAAO;QACT,CAAC;QAED,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,SAAS,CAAuB,CAAC;QAC3E,IAAI,CAAC,WAAW,EAAE,CAAC;YACjB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,GAAG,CAAC,SAAS,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACrE,GAAG,CAAC,SAAS,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC5E,GAAG,CAAC,SAAS,CACX,YAAY,EACZ,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,SAAS,CAAC,GAAG,EAAE,UAAU,CAAC,CAAC,GAAG,EAAE,GAAG,IAAI,EAAE,MAAM,CAAC,CAAC,CACrF,CAAC;YACF,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,GAAG,EAAE,CAAC;YACtB,OAAO;QACT,CAAC;QAED,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;gBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,SAAS,EAAE,UAAU,CAAC,cAAc,EAAE,MAAM,CAAC,CAAC;gBAC7E,eAAe,CAAC,OAAO,CAAC,SAAS,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;aAChF,CAAC,CAAC;YACH,GAAG,CAAC,SAAS,CAAC,cAAc,EAAE,kBAAkB,CAAC,CAAC;YAClD,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC;gBACnB,kBAAkB,EAAE,SAAS;gBAC7B,WAAW,EAAE,WAAW;gBACxB,KAAK,EAAE,EAAE,YAAY,EAAE,IAAI,EAAE;gBAC7B,WAAW,EAAE;oBACX;wBACE,IAAI,EAAE,QAAQ;wBACd,IAAI,EAAE,OAAO,CAAC,KAAK;wBACnB,UAAU,EAAE,mDAAmD,IAAI,CAAC,KAAK,CAAC,cAAc,GAAG,IAAI,CAAC,EAAE;qBACnG;iBACF;aACF,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAE/C,MAAM,WAAW,GAAG,MAAM,OAAO,CAAC,WAAW,CAAC,SAAS,CAAC,CAAC;YACzD,IAAI,WAAW,EAAE,CAAC;gBAChB,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,gBAAgB;oBACtB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;YACL,CAAC;YAED,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,sBAAsB;oBAC5B,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,MAAM,EAAG,GAA6B,CAAC,IAAI;oBAC3C,EAAE;iBACH,CAAC,CAAC;gBACH,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;gBAC7C,OAAO;YACT,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC;IAED,OAAO,KAAK,EAAE,GAAY,EAAE,GAAa,EAAE,IAAkB,EAAiB,EAAE;QAC9E,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,gBAAgB,EAAE,CAAC;YAC3D,MAAM,uBAAuB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACxC,OAAO;QACT,CAAC;QAED,IAAI,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,IAAI,KAAK,WAAW,EAAE,CAAC;YACtD,MAAM,kBAAkB,CAAC,GAAG,EAAE,GAAG,CAAC,CAAC;YACnC,OAAO;QACT,CAAC;QAED,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,OAAO,CAAC,KAAK,CAAuB,CAAC;QAErE,GAAG,CAAC,MAAM,CAAC,IAAI,GAAG;YAChB,SAAS,EAAE,SAAS,IAAI,IAAI;YAC5B,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,GAAG,CAAC,SAAS,CAAC,YAAY,EAAE;oBAC1B,eAAe,CAAC,OAAO,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,GAAG,UAAU,CAAC,CAAC,EAAE,MAAM,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,CAAC;iBAC5E,CAAC,CAAC;YACL,CAAC;YACD,YAAY,EAAE,GAAG,EAAE;gBACjB,IAAI,CAAC,SAAS,EAAE,CAAC;oBACf,GAAG,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,yBAAyB,EAAE,CAAC,CAAC;oBAC3D,MAAM,IAAI,KAAK,CAAC,iBAAiB,CAAC,CAAC;gBACrC,CAAC;YACH,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO,EAAE,CAAC;gBACZ,GAAG,CAAC,MAAM,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;YACtC,CAAC;QACH,CAAC;QAED,IAAI,EAAE,CAAC;IACT,CAAC,CAAC;AACJ,CAAC"}

package/dist/fastify/index.d.ts

@@ -0,0 +1,17 @@
+import type { FastifyPluginAsync } from "fastify";
+import "@fastify/cookie";
+import { type DbscOptions, type ProtectionTier } from "../core/index.js";
+declare module "fastify" {
+    interface FastifyRequest {
+        dbsc: {
+            sessionId: string | null;
+            tier: ProtectionTier;
+            revoke(): Promise<void>;
+        };
+    }
+}
+export interface DbscFastifyOptions extends DbscOptions {
+    secure?: boolean;
+}
+export declare const dbsc: FastifyPluginAsync<DbscFastifyOptions>;
+//# sourceMappingURL=index.d.ts.map

package/dist/fastify/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAE,kBAAkB,EAAgC,MAAM,SAAS,CAAC;AAEhF,OAAO,iBAAiB,CAAC;AACzB,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAE1B,OAAO,QAAQ,SAAS,CAAC;IACvB,UAAU,cAAc;QACtB,IAAI,EAAE;YACJ,SAAS,EAAE,MAAM,GAAG,IAAI,CAAC;YACzB,IAAI,EAAE,cAAc,CAAC;YACrB,MAAM,IAAI,OAAO,CAAC,IAAI,CAAC,CAAC;SACzB,CAAC;KACH;CACF;AAQD,MAAM,WAAW,kBAAmB,SAAQ,WAAW;IACrD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAoID,eAAO,MAAM,IAAI,wCAA2D,CAAC"}

package/dist/fastify/index.js

@@ -0,0 +1,115 @@
+import fp from "fastify-plugin";
+import "@fastify/cookie";
+import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, readSessionResponseHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
+const BOUND_COOKIE = "__Host-dbsc-session";
+const REGISTRATION_COOKIE = "__Host-dbsc-reg";
+const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
+const DEFAULT_BOUND_TTL = 10 * 60;
+const dbscPlugin = async (fastify, opts) => {
+    const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
+    const cookieOpts = {
+        httpOnly: true,
+        secure,
+        sameSite: "lax",
+        path: "/",
+    };
+    fastify.decorateRequest("dbsc", null);
+    fastify.addHook("onRequest", async (req, reply) => {
+        const sessionId = req.cookies?.[BOUND_COOKIE] ?? null;
+        req.dbsc = {
+            sessionId,
+            tier: "none",
+            revoke: async () => {
+                if (sessionId)
+                    await storage.revokeSession(sessionId);
+                reply.clearCookie(BOUND_COOKIE, cookieOpts);
+            },
+        };
+        if (sessionId) {
+            const session = await storage.getSession(sessionId);
+            if (session)
+                req.dbsc.tier = session.tier;
+        }
+    });
+    fastify.post(registrationPath, async (req, reply) => {
+        const ip = req.ip;
+        const sessionId = req.cookies?.[REGISTRATION_COOKIE];
+        const expectedJti = req.cookies?.[CHALLENGE_COOKIE];
+        if (!sessionId || !expectedJti) {
+            return reply.status(400).send({ error: "missing session or challenge cookie" });
+        }
+        const allowed = await rateLimiter.checkRegistration(ip);
+        if (!allowed)
+            return reply.status(429).send({ error: "rate limited" });
+        try {
+            await handleRegistration({
+                sessionId,
+                secSessionResponseHeader: readSessionResponseHeader(req.headers),
+                expectedJti,
+            }, storage);
+            emit(onEvent, {
+                type: "registration",
+                sessionId,
+                tier: "dbsc",
+                timestamp: Date.now(),
+                algorithm: "ES256",
+                ip,
+            });
+            reply.setCookie(BOUND_COOKIE, sessionId, {
+                ...cookieOpts,
+                maxAge: boundCookieTtl / 1000,
+            });
+            reply.clearCookie(CHALLENGE_COOKIE, cookieOpts);
+            return reply.status(204).send();
+        }
+        catch (err) {
+            await rateLimiter.recordFailure(ip, sessionId);
+            if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                return reply.status(400).send({ error: err.message });
+            }
+            throw err;
+        }
+    });
+    fastify.post(refreshPath, async (req, reply) => {
+        const ip = req.ip;
+        const sessionId = req.cookies?.[BOUND_COOKIE];
+        if (!sessionId)
+            return reply.status(401).send({ error: "no session" });
+        const allowed = await rateLimiter.checkRefresh(ip, sessionId);
+        if (!allowed)
+            return reply.status(429).send({ error: "rate limited" });
+        const responseHeader = readSessionResponseHeader(req.headers);
+        if (!responseHeader) {
+            const challenge = await issueChallenge(sessionId, storage);
+            reply.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            reply.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+            reply.setCookie(CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
+            return reply.status(403).send();
+        }
+        const expectedJti = req.cookies?.[CHALLENGE_COOKIE];
+        if (!expectedJti)
+            return reply.status(400).send({ error: "missing challenge cookie" });
+        try {
+            await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
+            emit(onEvent, {
+                type: "refresh",
+                sessionId,
+                tier: "dbsc",
+                timestamp: Date.now(),
+                ip,
+            });
+            reply.setCookie(BOUND_COOKIE, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
+            reply.clearCookie(CHALLENGE_COOKIE, cookieOpts);
+            return reply.status(204).send();
+        }
+        catch (err) {
+            await rateLimiter.recordFailure(ip, sessionId);
+            if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                return reply.status(401).send({ error: err.message });
+            }
+            throw err;
+        }
+    });
+};
+export const dbsc = fp(dbscPlugin, { name: "@dbsc-toolkit/server-fastify" });
+//# sourceMappingURL=index.js.map

package/dist/fastify/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/fastify/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,MAAM,gBAAgB,CAAC;AAChC,OAAO,iBAAiB,CAAC;AACzB,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EACpB,yBAAyB,EACzB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAY1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAMlC,MAAM,UAAU,GAA2C,KAAK,EAAE,OAAO,EAAE,IAAI,EAAE,EAAE;IACjF,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,CAAC,eAAe,CAAC,MAAM,EAAE,IAAI,CAAC,CAAC;IAEtC,OAAO,CAAC,OAAO,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC9E,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,IAAI,IAAI,CAAC;QAEtD,GAAG,CAAC,IAAI,GAAG;YACT,SAAS;YACT,IAAI,EAAE,MAAM;YACZ,MAAM,EAAE,KAAK,IAAI,EAAE;gBACjB,IAAI,SAAS;oBAAE,MAAM,OAAO,CAAC,aAAa,CAAC,SAAS,CAAC,CAAC;gBACtD,KAAK,CAAC,WAAW,CAAC,YAAY,EAAE,UAAU,CAAC,CAAC;YAC9C,CAAC;SACF,CAAC;QAEF,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO;gBAAE,GAAG,CAAC,IAAI,CAAC,IAAI,GAAG,OAAO,CAAC,IAAI,CAAC;QAC5C,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,gBAAgB,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAChF,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,mBAAmB,CAAC,CAAC;QACrD,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QAEpD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;YAC/B,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,CAAC,CAAC;QAClF,CAAC;QAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;QACxD,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,IAAI,CAAC;YACH,MAAM,kBAAkB,CACtB;gBACE,SAAS;gBACT,wBAAwB,EAAE,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC;gBACjH,WAAW;aACZ,EACD,OAAO,CACR,CAAC;YAEF,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,cAAc;gBACpB,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,SAAS,EAAE,OAAO;gBAClB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE;gBACvC,GAAG,UAAU;gBACb,MAAM,EAAE,cAAc,GAAG,IAAI;aAC9B,CAAC,CAAC;YACH,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;IAEH,OAAO,CAAC,IAAI,CAAC,WAAW,EAAE,KAAK,EAAE,GAAmB,EAAE,KAAmB,EAAE,EAAE;QAC3E,MAAM,EAAE,GAAG,GAAG,CAAC,EAAE,CAAC;QAClB,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,YAAY,CAAC,CAAC;QAE9C,IAAI,CAAC,SAAS;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,CAAC,CAAC;QAEvE,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;QAC9D,IAAI,CAAC,OAAO;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,CAAC,CAAC;QAEvE,MAAM,cAAc,GAAG,yBAAyB,CAAC,GAAG,CAAC,OAAwD,CAAC,CAAC;QAE/G,IAAI,CAAC,cAAc,EAAE,CAAC;YACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;YAC3D,KAAK,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YACpE,KAAK,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;YAC3E,KAAK,CAAC,SAAS,CAAC,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;YACpF,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAED,MAAM,WAAW,GAAG,GAAG,CAAC,OAAO,EAAE,CAAC,gBAAgB,CAAC,CAAC;QACpD,IAAI,CAAC,WAAW;YAAE,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,CAAC,CAAC;QAEvF,IAAI,CAAC;YACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;YAEnG,IAAI,CAAC,OAAO,EAAE;gBACZ,IAAI,EAAE,SAAS;gBACf,SAAS;gBACT,IAAI,EAAE,MAAM;gBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;gBACrB,EAAE;aACH,CAAC,CAAC;YAEH,KAAK,CAAC,SAAS,CAAC,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;YAC3F,KAAK,CAAC,WAAW,CAAC,gBAAgB,EAAE,UAAU,CAAC,CAAC;YAChD,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;QAClC,CAAC;QAAC,OAAO,GAAG,EAAE,CAAC;YACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;gBAC7E,OAAO,KAAK,CAAC,MAAM,CAAC,GAAG,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,CAAC,CAAC;YACxD,CAAC;YACD,MAAM,GAAG,CAAC;QACZ,CAAC;IACH,CAAC,CAAC,CAAC;AACL,CAAC,CAAC;AAEF,MAAM,CAAC,MAAM,IAAI,GAAG,EAAE,CAAC,UAAU,EAAE,EAAE,IAAI,EAAE,8BAA8B,EAAE,CAAC,CAAC"}

package/dist/hono/index.d.ts

@@ -0,0 +1,13 @@
+import type { MiddlewareHandler } from "hono";
+import { type DbscOptions, type ProtectionTier } from "../core/index.js";
+export interface DbscHonoOptions extends DbscOptions {
+    secure?: boolean;
+}
+declare module "hono" {
+    interface ContextVariableMap {
+        dbscSessionId: string | null;
+        dbscTier: ProtectionTier;
+    }
+}
+export declare function dbsc(opts: DbscHonoOptions): MiddlewareHandler;
+//# sourceMappingURL=index.d.ts.map

package/dist/hono/index.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AAAA,OAAO,KAAK,EAAW,iBAAiB,EAAE,MAAM,MAAM,CAAC;AAEvD,OAAO,EAYL,KAAK,WAAW,EAChB,KAAK,cAAc,EACpB,MAAM,kBAAkB,CAAC;AAQ1B,MAAM,WAAW,eAAgB,SAAQ,WAAW;IAClD,MAAM,CAAC,EAAE,OAAO,CAAC;CAClB;AAED,OAAO,QAAQ,MAAM,CAAC;IACpB,UAAU,kBAAkB;QAC1B,aAAa,EAAE,MAAM,GAAG,IAAI,CAAC;QAC7B,QAAQ,EAAE,cAAc,CAAC;KAC1B;CACF;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,eAAe,GAAG,iBAAiB,CA2H7D"}

package/dist/hono/index.js

@@ -0,0 +1,107 @@
+import { getCookie, setCookie, deleteCookie } from "hono/cookie";
+import { handleRegistration, handleRefresh, issueChallenge, buildChallengeHeader, CHALLENGE_HEADER, LEGACY_CHALLENGE_HEADER, NoopRateLimiter, emit, DbscProtocolError, DbscVerificationError, } from "../core/index.js";
+const BOUND_COOKIE = "__Host-dbsc-session";
+const REGISTRATION_COOKIE = "__Host-dbsc-reg";
+const CHALLENGE_COOKIE = "__Host-dbsc-challenge";
+const DEFAULT_BOUND_TTL = 10 * 60;
+export function dbsc(opts) {
+    const { storage, registrationPath = "/dbsc/registration", refreshPath = "/dbsc/refresh", boundCookieTtl = DEFAULT_BOUND_TTL * 1000, rateLimiter = new NoopRateLimiter(), onEvent, secure = true, } = opts;
+    const cookieOpts = {
+        httpOnly: true,
+        secure,
+        sameSite: "lax",
+        path: "/",
+    };
+    return async (c, next) => {
+        const url = new URL(c.req.url);
+        const ip = c.req.header("x-forwarded-for") ?? "unknown";
+        if (c.req.method === "POST" && url.pathname === registrationPath) {
+            const sessionId = getCookie(c, REGISTRATION_COOKIE);
+            const expectedJti = getCookie(c, CHALLENGE_COOKIE);
+            if (!sessionId || !expectedJti) {
+                return c.json({ error: "missing session or challenge cookie" }, 400);
+            }
+            const allowed = await rateLimiter.checkRegistration(ip);
+            if (!allowed)
+                return c.json({ error: "rate limited" }, 429);
+            try {
+                const respHdr = c.req.header("secure-session-response") ?? c.req.header("sec-session-response");
+                await handleRegistration({
+                    sessionId,
+                    secSessionResponseHeader: respHdr,
+                    expectedJti,
+                }, storage);
+                emit(onEvent, {
+                    type: "registration",
+                    sessionId,
+                    tier: "dbsc",
+                    timestamp: Date.now(),
+                    algorithm: "ES256",
+                    ip,
+                });
+                setCookie(c, BOUND_COOKIE, sessionId, {
+                    ...cookieOpts,
+                    maxAge: boundCookieTtl / 1000,
+                });
+                deleteCookie(c, CHALLENGE_COOKIE);
+                return c.body(null, 204);
+            }
+            catch (err) {
+                await rateLimiter.recordFailure(ip, sessionId);
+                if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                    return c.json({ error: err.message }, 400);
+                }
+                throw err;
+            }
+        }
+        if (c.req.method === "POST" && url.pathname === refreshPath) {
+            const sessionId = getCookie(c, BOUND_COOKIE);
+            if (!sessionId)
+                return c.json({ error: "no session" }, 401);
+            const allowed = await rateLimiter.checkRefresh(ip, sessionId);
+            if (!allowed)
+                return c.json({ error: "rate limited" }, 429);
+            const responseHeader = c.req.header("secure-session-response") ?? c.req.header("sec-session-response");
+            if (!responseHeader) {
+                const challenge = await issueChallenge(sessionId, storage);
+                c.header(CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+                c.header(LEGACY_CHALLENGE_HEADER, buildChallengeHeader(challenge.jti));
+                setCookie(c, CHALLENGE_COOKIE, challenge.jti, { ...cookieOpts, maxAge: 5 * 60 });
+                return c.body(null, 403);
+            }
+            const expectedJti = getCookie(c, CHALLENGE_COOKIE);
+            if (!expectedJti)
+                return c.json({ error: "missing challenge cookie" }, 400);
+            try {
+                await handleRefresh({ sessionId, secSessionResponseHeader: responseHeader, expectedJti }, storage);
+                emit(onEvent, {
+                    type: "refresh",
+                    sessionId,
+                    tier: "dbsc",
+                    timestamp: Date.now(),
+                    ip,
+                });
+                setCookie(c, BOUND_COOKIE, sessionId, { ...cookieOpts, maxAge: boundCookieTtl / 1000 });
+                deleteCookie(c, CHALLENGE_COOKIE);
+                return c.body(null, 204);
+            }
+            catch (err) {
+                await rateLimiter.recordFailure(ip, sessionId);
+                if (err instanceof DbscVerificationError || err instanceof DbscProtocolError) {
+                    return c.json({ error: err.message }, 401);
+                }
+                throw err;
+            }
+        }
+        const sessionId = getCookie(c, BOUND_COOKIE) ?? null;
+        c.set("dbscSessionId", sessionId);
+        c.set("dbscTier", "none");
+        if (sessionId) {
+            const session = await storage.getSession(sessionId);
+            if (session)
+                c.set("dbscTier", session.tier);
+        }
+        await next();
+    };
+}
+//# sourceMappingURL=index.js.map

package/dist/hono/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../src/hono/index.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,SAAS,EAAE,SAAS,EAAE,YAAY,EAAE,MAAM,aAAa,CAAC;AACjE,OAAO,EACL,kBAAkB,EAClB,aAAa,EACb,cAAc,EACd,oBAAoB,EAEpB,gBAAgB,EAChB,uBAAuB,EACvB,eAAe,EACf,IAAI,EACJ,iBAAiB,EACjB,qBAAqB,GAGtB,MAAM,kBAAkB,CAAC;AAE1B,MAAM,YAAY,GAAG,qBAAqB,CAAC;AAC3C,MAAM,mBAAmB,GAAG,iBAAiB,CAAC;AAC9C,MAAM,gBAAgB,GAAG,uBAAuB,CAAC;AAEjD,MAAM,iBAAiB,GAAG,EAAE,GAAG,EAAE,CAAC;AAalC,MAAM,UAAU,IAAI,CAAC,IAAqB;IACxC,MAAM,EACJ,OAAO,EACP,gBAAgB,GAAG,oBAAoB,EACvC,WAAW,GAAG,eAAe,EAC7B,cAAc,GAAG,iBAAiB,GAAG,IAAI,EACzC,WAAW,GAAG,IAAI,eAAe,EAAE,EACnC,OAAO,EACP,MAAM,GAAG,IAAI,GACd,GAAG,IAAI,CAAC;IAET,MAAM,UAAU,GAAG;QACjB,QAAQ,EAAE,IAAI;QACd,MAAM;QACN,QAAQ,EAAE,KAAc;QACxB,IAAI,EAAE,GAAG;KACV,CAAC;IAEF,OAAO,KAAK,EAAE,CAAU,EAAE,IAAI,EAAE,EAAE;QAChC,MAAM,GAAG,GAAG,IAAI,GAAG,CAAC,CAAC,CAAC,GAAG,CAAC,GAAG,CAAC,CAAC;QAC/B,MAAM,EAAE,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,iBAAiB,CAAC,IAAI,SAAS,CAAC;QAExD,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,gBAAgB,EAAE,CAAC;YACjE,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,mBAAmB,CAAC,CAAC;YACpD,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YAEnD,IAAI,CAAC,SAAS,IAAI,CAAC,WAAW,EAAE,CAAC;gBAC/B,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,qCAAqC,EAAE,EAAE,GAAG,CAAC,CAAC;YACvE,CAAC;YAED,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,iBAAiB,CAAC,EAAE,CAAC,CAAC;YACxD,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,IAAI,CAAC;gBACH,MAAM,OAAO,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;gBAChG,MAAM,kBAAkB,CACtB;oBACE,SAAS;oBACT,wBAAwB,EAAE,OAAO;oBACjC,WAAW;iBACZ,EACD,OAAO,CACR,CAAC;gBAEF,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,cAAc;oBACpB,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,SAAS,EAAE,OAAO;oBAClB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE;oBACpC,GAAG,UAAU;oBACb,MAAM,EAAE,cAAc,GAAG,IAAI;iBAC9B,CAAC,CAAC;gBACH,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,KAAK,MAAM,IAAI,GAAG,CAAC,QAAQ,KAAK,WAAW,EAAE,CAAC;YAC5D,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,CAAC;YAE7C,IAAI,CAAC,SAAS;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,YAAY,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,MAAM,OAAO,GAAG,MAAM,WAAW,CAAC,YAAY,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;YAC9D,IAAI,CAAC,OAAO;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,cAAc,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5D,MAAM,cAAc,GAAG,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,yBAAyB,CAAC,IAAI,CAAC,CAAC,GAAG,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YAEvG,IAAI,CAAC,cAAc,EAAE,CAAC;gBACpB,MAAM,SAAS,GAAG,MAAM,cAAc,CAAC,SAAS,EAAE,OAAO,CAAC,CAAC;gBAC3D,CAAC,CAAC,MAAM,CAAC,gBAAgB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBAChE,CAAC,CAAC,MAAM,CAAC,uBAAuB,EAAE,oBAAoB,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC,CAAC;gBACvE,SAAS,CAAC,CAAC,EAAE,gBAAgB,EAAE,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,CAAC,GAAG,EAAE,EAAE,CAAC,CAAC;gBACjF,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAED,MAAM,WAAW,GAAG,SAAS,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;YACnD,IAAI,CAAC,WAAW;gBAAE,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,0BAA0B,EAAE,EAAE,GAAG,CAAC,CAAC;YAE5E,IAAI,CAAC;gBACH,MAAM,aAAa,CAAC,EAAE,SAAS,EAAE,wBAAwB,EAAE,cAAc,EAAE,WAAW,EAAE,EAAE,OAAO,CAAC,CAAC;gBAEnG,IAAI,CAAC,OAAO,EAAE;oBACZ,IAAI,EAAE,SAAS;oBACf,SAAS;oBACT,IAAI,EAAE,MAAM;oBACZ,SAAS,EAAE,IAAI,CAAC,GAAG,EAAE;oBACrB,EAAE;iBACH,CAAC,CAAC;gBAEH,SAAS,CAAC,CAAC,EAAE,YAAY,EAAE,SAAS,EAAE,EAAE,GAAG,UAAU,EAAE,MAAM,EAAE,cAAc,GAAG,IAAI,EAAE,CAAC,CAAC;gBACxF,YAAY,CAAC,CAAC,EAAE,gBAAgB,CAAC,CAAC;gBAClC,OAAO,CAAC,CAAC,IAAI,CAAC,IAAI,EAAE,GAAG,CAAC,CAAC;YAC3B,CAAC;YAAC,OAAO,GAAG,EAAE,CAAC;gBACb,MAAM,WAAW,CAAC,aAAa,CAAC,EAAE,EAAE,SAAS,CAAC,CAAC;gBAC/C,IAAI,GAAG,YAAY,qBAAqB,IAAI,GAAG,YAAY,iBAAiB,EAAE,CAAC;oBAC7E,OAAO,CAAC,CAAC,IAAI,CAAC,EAAE,KAAK,EAAE,GAAG,CAAC,OAAO,EAAE,EAAE,GAAG,CAAC,CAAC;gBAC7C,CAAC;gBACD,MAAM,GAAG,CAAC;YACZ,CAAC;QACH,CAAC;QAED,MAAM,SAAS,GAAG,SAAS,CAAC,CAAC,EAAE,YAAY,CAAC,IAAI,IAAI,CAAC;QACrD,CAAC,CAAC,GAAG,CAAC,eAAe,EAAE,SAAS,CAAC,CAAC;QAClC,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,MAAM,CAAC,CAAC;QAE1B,IAAI,SAAS,EAAE,CAAC;YACd,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC;YACpD,IAAI,OAAO;gBAAE,CAAC,CAAC,GAAG,CAAC,UAAU,EAAE,OAAO,CAAC,IAAI,CAAC,CAAC;QAC/C,CAAC;QAED,MAAM,IAAI,EAAE,CAAC;IACf,CAAC,CAAC;AACJ,CAAC"}

package/dist/index.d.ts

@@ -0,0 +1,2 @@
+export * from "./core/index.js";
+//# sourceMappingURL=index.d.ts.map