k9guard 1.0.0

package/src/core/captchaGenerator.ts

@@ -0,0 +1,233 @@
+import { createHash, randomBytes } from 'crypto';
+import { Random } from '../utils/random';
+import { RiddleBank } from '../utils/riddleBank';
+import { SequenceGenerator } from '../utils/sequenceGenerator';
+import { ScrambleGenerator } from '../utils/scrambleGenerator';
+import { LogicGenerator } from '../utils/logicGenerator';
+import { ReverseGenerator } from '../utils/reverseGenerator';
+import { CustomQuestionGenerator } from '../utils/customQuestionGenerator';
+import { CustomQuestionValidator } from '../validators/customQuestionValidator';
+import type { K9GuardOptions, K9GuardCustomOptions, CaptchaChallenge, MathCaptcha, TextCaptcha, RiddleCaptcha, SequenceCaptcha, ScrambleCaptcha, LogicCaptcha, ReverseCaptcha, MixedCaptcha, CustomCaptcha, CustomQuestion } from '../types';
+
+export class CaptchaGenerator {
+  private standardOptions: K9GuardOptions | null = null;
+  private customOptions: K9GuardCustomOptions | null = null;
+  private customGenerator: CustomQuestionGenerator | null = null;
+  private usedNonces: Set<string> = new Set();
+
+  // set up the generator and check custom questions if they exist
+  constructor(options: K9GuardOptions | K9GuardCustomOptions) {
+    if (this.isCustomOptions(options)) {
+      this.customOptions = options;
+      const validation = CustomQuestionValidator.validate(options.questions);
+      if (!validation.valid) {
+        throw new Error(`Invalid custom questions: ${validation.error}`);
+      }
+      const sanitized = CustomQuestionValidator.sanitize(options.questions);
+      this.customGenerator = new CustomQuestionGenerator(sanitized);
+    } else {
+      this.standardOptions = options;
+    }
+  }
+
+  // check if we got custom captcha options
+  private isCustomOptions(options: unknown): options is K9GuardCustomOptions {
+    if (typeof options !== 'object' || options === null) {
+      return false;
+    }
+    const opt = options as Record<string, unknown>;
+    return opt.type === 'custom' && Array.isArray(opt.questions);
+  }
+
+  private getDifficulty(): 'easy' | 'medium' | 'hard' {
+    if (!this.standardOptions) {
+      return 'easy';
+    }
+    return this.standardOptions.difficulty;
+  }
+
+  private getLocale(): 'en' | 'tr' {
+    if (!this.standardOptions) {
+      return 'en';
+    }
+    return this.standardOptions.locale || 'en';
+  }
+
+  // add security stuff to the challenge like unique nonce, expiry time, and hashed answer
+  private createChallenge(base: Omit<CaptchaChallenge, 'nonce' | 'expiry' | 'hashedAnswer' | 'salt'>): CaptchaChallenge {
+    let nonce: string;
+    do {
+      // NOTE: make sure each nonce is unique to stop replay attacks
+      nonce = Random.generateNonce();
+    } while (this.usedNonces.has(nonce));
+
+    this.usedNonces.add(nonce);
+
+    // challenge will expire in 5 minutes
+    const expiry = Date.now() + 5 * 60 * 1000;
+    const salt = Random.generateSalt();
+    // never save the real answer, only the hash for checking later
+    const hashedAnswer = createHash('sha256').update(base.answer.toString() + salt).digest('hex');
+
+    return {
+      ...base,
+      nonce,
+      expiry,
+      hashedAnswer,
+      salt
+    };
+  }
+
+  // do the math based on which operator we got
+  private calculateMath(a: number, op: string, b: number): number {
+    if (op === '+') {
+      return a + b;
+    }
+    if (op === '-') {
+      return a - b;
+    }
+    if (op === '*') {
+      return a * b;
+    }
+    if (op === '/') {
+      if (b === 0) {
+        // can't divide by zero, return NaN
+        return Number.NaN;
+      }
+      // round to 2 decimals to avoid weird floating point numbers
+      return Math.round((a / b) * 100) / 100;
+    }
+    return 0;
+  }
+
+  // main function that picks the right generator for the captcha type
+  generate(): CaptchaChallenge {
+    if (this.customOptions) {
+      return this.generateCustom();
+    }
+
+    if (!this.standardOptions) {
+      throw new Error('Generator not properly initialized');
+    }
+
+    const captchaType = this.standardOptions.type;
+
+    if (captchaType === 'math') {
+      return this.generateMath();
+    }
+    if (captchaType === 'text') {
+      return this.generateText();
+    }
+    if (captchaType === 'riddle') {
+      return this.generateRiddle();
+    }
+    if (captchaType === 'sequence') {
+      return this.generateSequence();
+    }
+    if (captchaType === 'scramble') {
+      return this.generateScramble();
+    }
+    if (captchaType === 'logic') {
+      return this.generateLogic();
+    }
+    if (captchaType === 'reverse') {
+      return this.generateReverse();
+    }
+    if (captchaType === 'multi') {
+      return this.generateMulti();
+    }
+    return this.generateMixed();
+  }
+
+  private generateCustom(): CustomCaptcha {
+    if (!this.customGenerator) {
+      throw new Error('Custom generator not initialized');
+    }
+
+    const custom = this.customGenerator.generate();
+    return this.createChallenge({ type: 'custom', question: custom.question, answer: custom.answer }) as CustomCaptcha;
+  }
+
+  private generateMath(): MathCaptcha {
+    let num1 = Random.getRandomNumber(this.getDifficulty());
+    let num2 = Random.getRandomNumber(this.getDifficulty());
+    const operator = Random.getRandomOperator();
+
+    if (operator === '/' && num2 === 0) {
+      num2 = Random.getRandomNumber(this.getDifficulty()) + 1;
+    }
+
+    const question = `${num1} ${operator} ${num2}`;
+    const answer = this.calculateMath(num1, operator, num2);
+
+    if (isNaN(answer)) {
+      return this.generateMath();
+    }
+
+    return this.createChallenge({ type: 'math', question, answer }) as MathCaptcha;
+  }
+
+  private generateText(): TextCaptcha {
+    const text = Random.generateRandomString(this.getDifficulty());
+    return this.createChallenge({ type: 'text', question: text, answer: text }) as TextCaptcha;
+  }
+
+  private generateRiddle(): RiddleCaptcha {
+    const riddle = RiddleBank.getRandom(this.getLocale(), this.getDifficulty());
+    return this.createChallenge({ type: 'riddle', question: riddle.question, answer: riddle.answer }) as RiddleCaptcha;
+  }
+
+  private generateSequence(): SequenceCaptcha {
+    const seq = SequenceGenerator.generate(this.getDifficulty());
+    return this.createChallenge({ type: 'sequence', question: seq.question, answer: seq.answer }) as SequenceCaptcha;
+  }
+
+  private generateScramble(): ScrambleCaptcha {
+    const scr = ScrambleGenerator.generate(this.getDifficulty());
+    return this.createChallenge({ type: 'scramble', question: scr.question, answer: scr.answer }) as ScrambleCaptcha;
+  }
+
+  private generateLogic(): LogicCaptcha {
+    const logic = LogicGenerator.getRandom(this.getLocale(), this.getDifficulty());
+    return this.createChallenge({ type: 'logic', question: logic.question, answer: logic.answer }) as LogicCaptcha;
+  }
+
+  private generateReverse(): ReverseCaptcha {
+    const rev = ReverseGenerator.generate(this.getDifficulty());
+    return this.createChallenge({ type: 'reverse', question: rev.question, answer: rev.answer }) as ReverseCaptcha;
+  }
+
+  // generates a mixed captcha by randomly selecting a type and generating accordingly
+  private generateMixed(): MixedCaptcha {
+    const types: ('math' | 'text' | 'riddle' | 'sequence' | 'scramble' | 'logic' | 'reverse')[] = ['math', 'text', 'riddle', 'sequence', 'scramble', 'logic', 'reverse'];
+    const buffer = randomBytes(1);
+    const randomType = types[buffer[0]! % types.length]!;
+
+    const previousType = this.standardOptions?.type;
+    if (this.standardOptions) {
+      // NOTE: change the type temporarily so we can call generate() again
+      this.standardOptions.type = randomType;
+    }
+
+    const challenge = this.generate();
+    if (this.standardOptions && previousType) {
+      // put back the old type when done
+      this.standardOptions.type = previousType;
+    }
+
+    return this.createChallenge({ ...challenge, type: 'mixed' }) as MixedCaptcha;
+  }
+
+  // make a two-step captcha with math and riddle
+  private generateMulti(): CaptchaChallenge {
+    const step1 = this.generateMath();
+    const step2 = this.generateRiddle();
+
+    return this.createChallenge({
+      type: 'multi',
+      question: 'Complete two steps',
+      answer: '',
+      steps: [step1, step2]
+    });
+  }
+}

package/src/core/captchaValidator.ts

@@ -0,0 +1,117 @@
+import { createHash } from 'crypto';
+import type { CaptchaChallenge } from '../types';
+
+export class CaptchaValidator {
+  private static readonly MAX_INPUT_LENGTH = 1000;
+  private static readonly VALID_CHAR_REGEX = /^[a-zA-Z0-9\s\-çÇğĞıİöÖşŞüÜ.,'!?]*$/;
+
+  // main validation entry point, routes to the correct validator based on challenge type
+  static validate(challenge: CaptchaChallenge, userInput: string): boolean {
+    if (!this.isValidInput(userInput)) {
+      return false;
+    }
+
+    if (challenge.type === 'multi') {
+      return this.validateMulti(challenge, userInput);
+    }
+
+    if (challenge.type === 'custom') {
+      return this.validateCustom(challenge, userInput);
+    }
+
+    if (this.isNumericChallenge(challenge)) {
+      return this.validateNumeric(challenge, userInput);
+    }
+
+    return this.validateText(challenge, userInput);
+  }
+
+  private static isValidInput(input: unknown): boolean {
+    if (typeof input !== 'string') {
+      return false;
+    }
+    if (input.length === 0 || input.length > this.MAX_INPUT_LENGTH) {
+      return false;
+    }
+    return true;
+  }
+
+  // validates multi step captchas by checking each step individually
+  private static validateMulti(challenge: CaptchaChallenge, userInput: string): boolean {
+    if (!challenge.steps || challenge.steps.length === 0) {
+      return false;
+    }
+
+    let parsed: unknown;
+    try {
+      // NOTE: user input should be a JSON array of answers
+      parsed = JSON.parse(userInput);
+    } catch {
+      return false;
+    }
+
+    if (!Array.isArray(parsed) || parsed.length !== challenge.steps.length) {
+      return false;
+    }
+
+    // check each step answer matches its challenge
+    for (let i = 0; i < challenge.steps.length; i++) {
+      const step = challenge.steps[i];
+      const input = parsed[i];
+      
+      if (!step || typeof input !== 'string') {
+        return false;
+      }
+      
+      if (!this.validate(step, input)) {
+        return false;
+      }
+    }
+
+    return true;
+  }
+
+  private static isNumericChallenge(challenge: CaptchaChallenge): boolean {
+    return challenge.type === 'math' || challenge.type === 'sequence' || (challenge.type === 'mixed' && typeof challenge.answer === 'number');
+  }
+
+  private static validateNumeric(challenge: CaptchaChallenge, userInput: string): boolean {
+    const inputNum = parseFloat(userInput);
+
+    // make sure we got a valid number, not NaN or Infinity
+    if (isNaN(inputNum) || !isFinite(inputNum)) {
+      return false;
+    }
+
+    return this.verifyAnswer(challenge, inputNum.toString());
+  }
+
+  private static validateText(challenge: CaptchaChallenge, userInput: string): boolean {
+    const sanitized = userInput.trim();
+
+    if (!this.VALID_CHAR_REGEX.test(sanitized)) {
+      return false;
+    }
+
+    return this.verifyAnswer(challenge, sanitized);
+  }
+
+  // NOTE: hash the user input with same salt and compare to stored hash
+  private static verifyAnswer(challenge: CaptchaChallenge, userInput: string): boolean {
+    const userHash = createHash('sha256')
+      .update(userInput + challenge.salt)
+      .digest('hex');
+
+    return userHash === challenge.hashedAnswer;
+  }
+
+  private static validateCustom(challenge: CaptchaChallenge, userInput: string): boolean {
+    const sanitized = userInput.trim();
+
+    if (!this.VALID_CHAR_REGEX.test(sanitized)) {
+      return false;
+    }
+
+    return this.verifyAnswer(challenge, sanitized);
+  }
+}

package/src/locale/en.json

@@ -0,0 +1,46 @@
+{
+  "riddles": [
+    { "question": "What has keys but can't open locks?", "answer": "piano" },
+    { "question": "What gets wetter as it dries?", "answer": "towel" },
+    { "question": "What has a head, a tail, but no body?", "answer": "coin" },
+    { "question": "What can you catch but not throw?", "answer": "cold" },
+    { "question": "What has one eye but can't see?", "answer": "needle" },
+    { "question": "What is always in front of you but can't be seen?", "answer": "future" },
+    { "question": "What has many teeth but can't bite?", "answer": "comb" },
+    { "question": "What is full of holes but still holds water?", "answer": "sponge" },
+    { "question": "What has a neck but no head?", "answer": "bottle" },
+    { "question": "What can travel around the world while staying in a corner?", "answer": "stamp" },
+    { "question": "What has hands but cannot clap?", "answer": "clock" },
+    { "question": "What runs but never walks?", "answer": "water" },
+    { "question": "What has a bed but never sleeps?", "answer": "river" },
+    { "question": "What has a face and two hands but no arms or legs?", "answer": "clock" },
+    { "question": "What goes up but never comes down?", "answer": "age" },
+    { "question": "What has words but never speaks?", "answer": "book" },
+    { "question": "What has a thumb and four fingers but is not alive?", "answer": "glove" },
+    { "question": "What can fill a room but takes up no space?", "answer": "light" },
+    { "question": "What breaks when you say its name?", "answer": "silence" },
+    { "question": "What has legs but cannot walk?", "answer": "table" }
+  ],
+  "logics": [
+    { "question": "If today is Monday, tomorrow is Tuesday. True or False?", "answer": "True" },
+    { "question": "A cat is an animal. True or False?", "answer": "True" },
+    { "question": "Water is dry. True or False?", "answer": "False" },
+    { "question": "All apples are red. True or False?", "answer": "False" },
+    { "question": "5 is greater than 3. True or False?", "answer": "True" },
+    { "question": "If A > B and B > C, then A > C. True or False?", "answer": "True" },
+    { "question": "A square has 3 sides. True or False?", "answer": "False" },
+    { "question": "The sun rises in the east. True or False?", "answer": "True" },
+    { "question": "Fish can fly. True or False?", "answer": "False" },
+    { "question": "2 + 2 = 4. True or False?", "answer": "True" },
+    { "question": "A triangle has 3 corners. True or False?", "answer": "True" },
+    { "question": "Ice is hot. True or False?", "answer": "False" },
+    { "question": "10 is an even number. True or False?", "answer": "True" },
+    { "question": "Humans need oxygen to breathe. True or False?", "answer": "True" },
+    { "question": "A year has 12 months. True or False?", "answer": "True" },
+    { "question": "Birds are mammals. True or False?", "answer": "False" },
+    { "question": "7 is less than 15. True or False?", "answer": "True" },
+    { "question": "A circle has corners. True or False?", "answer": "False" },
+    { "question": "The earth is flat. True or False?", "answer": "False" },
+    { "question": "A week has 7 days. True or False?", "answer": "True" }
+  ]
+}

package/src/locale/tr.json

@@ -0,0 +1,46 @@
+{
+  "riddles": [
+    { "question": "Anahtarları var ama kapıları açamaz?", "answer": "piyano" },
+    { "question": "Kurudukça ıslanan nedir?", "answer": "havlu" },
+    { "question": "Baş ve kuyruğu var ama vücudu yok?", "answer": "madeni para" },
+    { "question": "Yakalayabilirsin ama atamazsın?", "answer": "soğuk algınlığı" },
+    { "question": "Bir gözü var ama göremez?", "answer": "iğne" },
+    { "question": "Her zaman önünde ama görülemez?", "answer": "gelecek" },
+    { "question": "Çok dişleri var ama ısırmaz?", "answer": "tarak" },
+    { "question": "Delik dolu ama suyu tutar?", "answer": "sünger" },
+    { "question": "Boynu var ama başı yok?", "answer": "şişe" },
+    { "question": "Dünyayı dolaşır ama köşede kalır?", "answer": "posta pulu" },
+    { "question": "Elleri var ama alkışlayamaz?", "answer": "saat" },
+    { "question": "Koşar ama asla yürümez?", "answer": "su" },
+    { "question": "Yatağı var ama asla uyumaz?", "answer": "nehir" },
+    { "question": "Yüzü ve iki eli var ama kolu ve bacağı yok?", "answer": "saat" },
+    { "question": "Yukarı çıkar ama asla aşağı inmez?", "answer": "yaş" },
+    { "question": "Kelimeleri var ama asla konuşmaz?", "answer": "kitap" },
+    { "question": "Başparmağı ve dört parmağı var ama canlı değil?", "answer": "eldiven" },
+    { "question": "Bir odayı doldurur ama yer kaplamaz?", "answer": "ışık" },
+    { "question": "Adını söylediğinde kırılır?", "answer": "sessizlik" },
+    { "question": "Bacakları var ama yürüyemez?", "answer": "masa" }
+  ],
+  "logics": [
+    { "question": "Bugün Pazartesi ise, yarın Salı'dır. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Kedi bir hayvandır. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Su kurudur. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "Tüm elmalar kırmızıdır. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "5, 3'ten büyüktür. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Eğer A > B ve B > C ise, A > C olur. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Karenin 3 kenarı vardır. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "Güneş doğudan doğar. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Balıklar uçar. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "2 + 2 = 4. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Üçgenin 3 köşesi vardır. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Buz sıcaktır. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "10 çift sayıdır. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "İnsanlar nefes almak için oksijene ihtiyaç duyar. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Bir yılda 12 ay vardır. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Kuşlar memelidir. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "7, 15'ten küçüktür. Doğru mu Yanlış mı?", "answer": "Doğru" },
+    { "question": "Dairenin köşeleri vardır. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "Dünya düzdür. Doğru mu Yanlış mı?", "answer": "Yanlış" },
+    { "question": "Bir haftada 7 gün vardır. Doğru mu Yanlış mı?", "answer": "Doğru" }
+  ]
+}

package/src/types/index.ts

@@ -0,0 +1,72 @@
+export interface K9GuardOptions {
+  type: 'math' | 'text' | 'riddle' | 'sequence' | 'scramble' | 'logic' | 'reverse' | 'mixed' | 'multi';
+  difficulty: 'easy' | 'medium' | 'hard';
+  locale?: 'en' | 'tr';
+}
+
+export interface CustomQuestion {
+  question: string;
+  answer: string;
+  difficulty: 'easy' | 'medium' | 'hard';
+}
+
+export interface K9GuardCustomOptions {
+  type: 'custom';
+  questions: CustomQuestion[];
+}
+
+export interface CaptchaChallenge {
+  type: 'math' | 'text' | 'riddle' | 'sequence' | 'scramble' | 'logic' | 'reverse' | 'mixed' | 'multi' | 'custom';
+  question: string;
+  answer: string | number;
+  nonce: string;
+  expiry: number;
+  hashedAnswer: string;
+  salt: string;
+  steps?: CaptchaChallenge[];
+}
+
+export interface MathCaptcha extends CaptchaChallenge {
+  type: 'math';
+  answer: number;
+}
+
+export interface TextCaptcha extends CaptchaChallenge {
+  type: 'text';
+  answer: string;
+}
+
+export interface RiddleCaptcha extends CaptchaChallenge {
+  type: 'riddle';
+  answer: string;
+}
+
+export interface SequenceCaptcha extends CaptchaChallenge {
+  type: 'sequence';
+  answer: string | number;
+}
+
+export interface ScrambleCaptcha extends CaptchaChallenge {
+  type: 'scramble';
+  answer: string;
+}
+
+export interface LogicCaptcha extends CaptchaChallenge {
+  type: 'logic';
+  answer: string;
+}
+
+export interface ReverseCaptcha extends CaptchaChallenge {
+  type: 'reverse';
+  answer: string;
+}
+
+export interface MixedCaptcha extends CaptchaChallenge {
+  type: 'mixed';
+  answer: string | number;
+}
+
+export interface CustomCaptcha extends CaptchaChallenge {
+  type: 'custom';
+  answer: string;
+}

package/src/utils/customQuestionGenerator.ts

@@ -0,0 +1,40 @@
+import { randomBytes } from 'crypto';
+import type { CustomQuestion } from '../types';
+
+export class CustomQuestionGenerator {
+  private questions: CustomQuestion[];
+
+  constructor(questions: CustomQuestion[]) {
+    this.questions = questions;
+  }
+
+  generate(difficulty?: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
+    // filter questions by difficulty if specified
+    const candidates = difficulty
+      ? this.questions.filter(q => q.difficulty === difficulty)
+      : this.questions;
+
+    // NOTE: fallback to all questions if no match found for difficulty
+    if (candidates.length === 0) {
+      return this.selectRandom(this.questions);
+    }
+
+    return this.selectRandom(candidates);
+  }
+
+  private selectRandom(questions: CustomQuestion[]): { question: string; answer: string } {
+    if (questions.length === 0) {
+      return { question: '', answer: '' };
+    }
+
+    // use crypto random to pick a question securely
+    const buffer = randomBytes(4);
+    const index = buffer.readUInt32LE(0) % questions.length;
+    const selected = questions[index]!;
+
+    return {
+      question: selected.question,
+      answer: selected.answer
+    };
+  }
+}

package/src/utils/logicGenerator.ts

@@ -0,0 +1,18 @@
+import { randomBytes } from 'crypto';
+import enData from '../locale/en.json';
+import trData from '../locale/tr.json';
+
+export class LogicGenerator {
+  private static data: Record<'en' | 'tr', { question: string; answer: string }[]> = {
+    en: enData.logics,
+    tr: trData.logics
+  };
+
+  static getRandom(locale: 'en' | 'tr' = 'en', difficulty: 'easy' | 'medium' | 'hard' = 'easy'): { question: string; answer: string } {
+    const logics = this.data[locale];
+    // use crypto random to select a logic puzzle securely
+    const buffer = randomBytes(4);
+    const index = buffer.readUInt32LE(0) % logics.length;
+    return logics[index]!;
+  }
+}

package/src/utils/random.ts

@@ -0,0 +1,43 @@
+import { randomBytes } from 'crypto';
+
+export class Random {
+  static getRandomNumber(difficulty: 'easy' | 'medium' | 'hard'): number {
+    const buffer = randomBytes(4);
+    // NOTE: convert crypto bytes to a number between 0 and 1
+    const rand = buffer.readUInt32LE(0) / 0xFFFFFFFF;
+    if (difficulty === 'easy') {
+      return Math.floor(rand * 10) + 1;
+    }
+    if (difficulty === 'medium') {
+      return Math.floor(rand * 50) + 1;
+    }
+    return Math.floor(rand * 100) + 1;
+  }
+
+  static getRandomOperator(): string {
+    const operators = ['+', '-', '*', '/'];
+    const buffer = randomBytes(1);
+    const index = buffer[0]! % operators.length;
+    return operators[index]!;
+  }
+
+  static generateRandomString(difficulty: 'easy' | 'medium' | 'hard'): string {
+    const chars = 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let result = '';
+    const length = difficulty === 'easy' ? 4 : difficulty === 'medium' ? 6 : 8;
+    const buffer = randomBytes(length);
+    // pick random chars from the charset using crypto random bytes
+    for (let i = 0; i < length; i++) {
+      result += chars.charAt(buffer[i]! % chars.length);
+    }
+    return result;
+  }
+
+  static generateNonce(): string {
+    return randomBytes(16).toString('hex');
+  }
+
+  static generateSalt(): string {
+    return randomBytes(8).toString('hex');
+  }
+}

package/src/utils/reverseGenerator.ts

@@ -0,0 +1,50 @@
+export class ReverseGenerator {
+  private static readonly easyWords = [
+    'cat', 'dog', 'sun', 'moon', 'star', 'fish', 'bird', 'tree',
+    'ball', 'book', 'door', 'lamp', 'rock', 'leaf', 'wind', 'fire',
+    'ice', 'sky', 'sea', 'fog', 'rain', 'snow', 'bear', 'wolf',
+    'coin', 'key', 'cup', 'pen', 'box', 'hat', 'map', 'web'
+  ];
+
+  private static readonly mediumWords = [
+    'apple', 'house', 'water', 'bread', 'ocean', 'river', 'tiger', 'eagle',
+    'storm', 'cloud', 'flame', 'frost', 'stone', 'metal', 'glass', 'paper',
+    'forest', 'desert', 'valley', 'castle', 'bridge', 'garden', 'market', 'temple',
+    'dragon', 'wizard', 'knight', 'shield', 'sword', 'crown', 'jewel', 'crystal',
+    'planet', 'galaxy', 'comet', 'nebula', 'cipher', 'enigma', 'puzzle', 'riddle',
+    'shadow', 'mirror', 'portal', 'beacon', 'anchor', 'compass', 'lantern', 'prism'
+  ];
+
+  private static readonly hardWords = [
+    'typescript', 'javascript', 'encryption', 'cryptography', 'algorithm', 'infrastructure',
+    'architecture', 'authentication', 'authorization', 'vulnerability', 'cybersecurity',
+    'blockchain', 'metamorphosis', 'constellation', 'synchronization', 'transformation',
+    'illumination', 'orchestration', 'denomination', 'comprehension', 'manifestation',
+    'extraordinary', 'revolutionary', 'sophisticated', 'kaleidoscope', 'optimization',
+    'crystallization', 'configuration', 'implementation', 'parallelization', 'serialization',
+    'decentralization', 'internationalization', 'containerization', 'virtualization',
+    'obfuscation', 'triangulation', 'interpolation', 'extrapolation', 'approximation',
+    'segmentation', 'fragmentation', 'concatenation', 'regeneration', 'degeneration'
+  ];
+
+  static generate(difficulty: 'easy' | 'medium' | 'hard'): { question: string; answer: string } {
+    let wordPool: string[];
+    
+    if (difficulty === 'easy') {
+      wordPool = this.easyWords;
+    }
+    
+    if (difficulty === 'medium') {
+      wordPool = this.mediumWords;
+    }
+    
+    if (difficulty === 'hard') {
+      wordPool = this.hardWords;
+    }
+    
+    const text = wordPool![Math.floor(Math.random() * wordPool!.length)]!;
+    const reversed = text.split('').reverse().join('');
+    
+    return { question: reversed, answer: text };
+  }
+}