myxl-core 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (47) hide show
  1. package/README.md +15 -0
  2. package/dist/@types/payment.d.ts +10 -0
  3. package/dist/auth.d.ts +20 -0
  4. package/dist/auth.js +157 -0
  5. package/dist/ciam.d.ts +259 -0
  6. package/dist/ciam.js +351 -0
  7. package/dist/client.d.ts +56 -0
  8. package/dist/client.js +276 -0
  9. package/dist/config.d.ts +14 -0
  10. package/dist/config.js +70 -0
  11. package/dist/device.d.ts +23 -0
  12. package/dist/device.js +107 -0
  13. package/dist/encrypt.d.ts +37 -0
  14. package/dist/encrypt.js +259 -0
  15. package/dist/family-plan.d.ts +28 -0
  16. package/dist/family-plan.js +325 -0
  17. package/dist/family.d.ts +146 -0
  18. package/dist/family.js +365 -0
  19. package/dist/index.d.ts +19 -0
  20. package/dist/index.js +1487 -0
  21. package/dist/lib/decoy.d.ts +17 -0
  22. package/dist/lib/decoy.js +117 -0
  23. package/dist/lib/encrypt-helper.d.ts +71 -0
  24. package/dist/lib/encrypt-helper.js +166 -0
  25. package/dist/lib/payment.d.ts +116 -0
  26. package/dist/lib/payment.js +271 -0
  27. package/dist/lib/utils.d.ts +15 -0
  28. package/dist/lib/utils.js +290 -0
  29. package/dist/notification.d.ts +28 -0
  30. package/dist/notification.js +275 -0
  31. package/dist/package.d.ts +259 -0
  32. package/dist/package.js +387 -0
  33. package/dist/payments/balance.d.ts +2 -0
  34. package/dist/payments/balance.js +408 -0
  35. package/dist/payments/decoy.d.ts +1 -0
  36. package/dist/payments/decoy.js +6 -0
  37. package/dist/payments/ewallet.d.ts +11 -0
  38. package/dist/payments/ewallet.js +373 -0
  39. package/dist/payments/index.d.ts +3 -0
  40. package/dist/payments/index.js +632 -0
  41. package/dist/payments/qris.d.ts +2 -0
  42. package/dist/payments/qris.js +378 -0
  43. package/dist/profile.d.ts +1 -0
  44. package/dist/profile.js +266 -0
  45. package/dist/verification.d.ts +2 -0
  46. package/dist/verification.js +279 -0
  47. package/package.json +116 -0
@@ -0,0 +1,14 @@
1
+ export declare const BASE_API_URL: string;
2
+ export declare const BASE_CIAM_URL: string;
3
+ export declare const BASIC_AUTH: string;
4
+ export declare const AX_FP_KEY: string;
5
+ export declare const UA: string;
6
+ export declare const API_KEY: string;
7
+ export declare const ENCRYPTED_FIELD_KEY: string;
8
+ export declare const XDATA_KEY: string;
9
+ export declare const AX_API_SIG_KEY: string;
10
+ export declare const X_API_BASE_SECRET: string;
11
+ export declare const CIRCLE_MSISDN_KEY: string;
12
+ export declare const DEFAULT_AX_DEVICE_ID = "a9698fc65ed122e1b0efb2b7e9d93728";
13
+ export declare const DEFAULT_AX_FP = "LDMGk/l1xEViBHOOsQb/CtVyh6FI0QvxXGfsoizEhr7ms1SBTYN07kcmSY3CWDlkG39iSV4p0AuafPoIL+pyoI+1StGif01C7Z/3Lprtkn+WHS3QAKHuAb8LQGe9/2pn";
14
+ export declare const X_APP_VERSION = "8.9.0";
package/dist/config.js ADDED
@@ -0,0 +1,70 @@
1
+ // @bun
2
+ var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
3
+
4
+ // src/lib/encrypt-helper.ts
5
+ var init_encrypt_helper = __esm(() => {
6
+ init_config();
7
+ });
8
+
9
+ // src/encrypt.ts
10
+ var init_encrypt = __esm(() => {
11
+ init_config();
12
+ init_encrypt_helper();
13
+ init_encrypt_helper();
14
+ });
15
+
16
+ // src/lib/utils.ts
17
+ import axios from "axios";
18
+ import { v4 as uuidv4 } from "uuid";
19
+ import { DateTime } from "luxon";
20
+ function unseal(getter, fallback) {
21
+ try {
22
+ const hex = getter();
23
+ if (!hex || typeof __SEED__ === "undefined")
24
+ return fallback;
25
+ const seed = Buffer.from(__SEED__, "hex");
26
+ const data = Buffer.from(hex, "hex");
27
+ return Buffer.from(data.map((b, i) => b ^ seed[i % seed.length])).toString("utf8");
28
+ } catch {
29
+ return fallback;
30
+ }
31
+ }
32
+ var init_utils = __esm(() => {
33
+ init_config();
34
+ init_encrypt();
35
+ });
36
+
37
+ // src/config.ts
38
+ var BASE_API_URL, BASE_CIAM_URL, BASIC_AUTH, AX_FP_KEY, UA, API_KEY, ENCRYPTED_FIELD_KEY, XDATA_KEY, AX_API_SIG_KEY, X_API_BASE_SECRET, CIRCLE_MSISDN_KEY, DEFAULT_AX_DEVICE_ID = "a9698fc65ed122e1b0efb2b7e9d93728", DEFAULT_AX_FP = "LDMGk/l1xEViBHOOsQb/CtVyh6FI0QvxXGfsoizEhr7ms1SBTYN07kcmSY3CWDlkG39iSV4p0AuafPoIL+pyoI+1StGif01C7Z/3Lprtkn+WHS3QAKHuAb8LQGe9/2pn", X_APP_VERSION = "8.9.0";
39
+ var init_config = __esm(() => {
40
+ init_utils();
41
+ BASE_API_URL = unseal(() => __E_BASE_API_URL__, "https://api.myxl.xlaxiata.co.id");
42
+ BASE_CIAM_URL = unseal(() => __E_BASE_CIAM_URL__, "https://gede.ciam.xlaxiata.co.id");
43
+ BASIC_AUTH = unseal(() => __E_BASIC_AUTH__, "OWZjOTdlZDEtNmEzMC00OGQ1LTk1MTYtNjBjNTNjZTNhMTM1OllEV21GNExKajlYSUt3UW56eTJlMmxiMHRKUWIyOW8z");
44
+ AX_FP_KEY = unseal(() => __E_AX_FP_KEY__, "18b4d589826af50241177961590e6693");
45
+ UA = unseal(() => __E_UA__, "myXL / 8.9.0(1202); com.android.vending; (samsung; SM-N935F; SDK 33; Android 13)");
46
+ API_KEY = unseal(() => __E_API_KEY__, "vT8tINqHaOxXbGE7eOWAhA==");
47
+ ENCRYPTED_FIELD_KEY = unseal(() => __E_ENCRYPTED_FIELD_KEY__, "5dccbf08920a5527");
48
+ XDATA_KEY = unseal(() => __E_XDATA_KEY__, "5dccbf08920a5527b99e222789c34bb7");
49
+ AX_API_SIG_KEY = unseal(() => __E_AX_API_SIG_KEY__, "18b4d589826af50241177961590e6693");
50
+ X_API_BASE_SECRET = unseal(() => __E_X_API_BASE_SECRET__, "mU1Y4n1vBjf3M7tMnRkFU08mVyUJHed8B5En3EAniu1mXLixeuASmBmKnkyzVziOye7rG5nIekMdthensbQMcOJ6SLnrkGyfXALD7mrBC6vuWv6G01pmD3XlU5rT7Tzx");
51
+ CIRCLE_MSISDN_KEY = unseal(() => __E_CIRCLE_MSISDN_KEY__, "5dccbf08920a5527");
52
+ });
53
+ init_config();
54
+
55
+ export {
56
+ X_APP_VERSION,
57
+ X_API_BASE_SECRET,
58
+ XDATA_KEY,
59
+ UA,
60
+ ENCRYPTED_FIELD_KEY,
61
+ DEFAULT_AX_FP,
62
+ DEFAULT_AX_DEVICE_ID,
63
+ CIRCLE_MSISDN_KEY,
64
+ BASIC_AUTH,
65
+ BASE_CIAM_URL,
66
+ BASE_API_URL,
67
+ AX_FP_KEY,
68
+ AX_API_SIG_KEY,
69
+ API_KEY
70
+ };
@@ -0,0 +1,23 @@
1
+ export type DeviceInfo = {
2
+ manufacturer: string;
3
+ model: string;
4
+ lang: string;
5
+ resolution: string;
6
+ tz_short: string;
7
+ ip: string;
8
+ font_scale: number;
9
+ android_release: string;
10
+ msisdn: string;
11
+ };
12
+ export declare function buildFingerprintPlain(dev: DeviceInfo): string;
13
+ export declare function axFingerprint(dev: DeviceInfo, secretKey32Ascii: string): string;
14
+ /**
15
+ * Equivalent to Python `load_ax_fp()`
16
+ * - kalau file ada & isinya tidak kosong -> return isinya
17
+ * - kalau tidak -> generate DeviceInfo random, encrypt, simpan, return
18
+ */
19
+ export declare function generateAxFp(params?: {
20
+ ip?: string;
21
+ msisdn?: string;
22
+ }): string;
23
+ export declare function getAxDeviceId(axFp: string): string;
package/dist/device.js ADDED
@@ -0,0 +1,107 @@
1
+ // @bun
2
+ var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
3
+
4
+ // src/lib/encrypt-helper.ts
5
+ var init_encrypt_helper = __esm(() => {
6
+ init_config();
7
+ });
8
+
9
+ // src/encrypt.ts
10
+ var init_encrypt = __esm(() => {
11
+ init_config();
12
+ init_encrypt_helper();
13
+ init_encrypt_helper();
14
+ });
15
+
16
+ // src/lib/utils.ts
17
+ import axios from "axios";
18
+ import { v4 as uuidv4 } from "uuid";
19
+ import { DateTime } from "luxon";
20
+ function unseal(getter, fallback) {
21
+ try {
22
+ const hex = getter();
23
+ if (!hex || typeof __SEED__ === "undefined")
24
+ return fallback;
25
+ const seed = Buffer.from(__SEED__, "hex");
26
+ const data = Buffer.from(hex, "hex");
27
+ return Buffer.from(data.map((b, i) => b ^ seed[i % seed.length])).toString("utf8");
28
+ } catch {
29
+ return fallback;
30
+ }
31
+ }
32
+ var init_utils = __esm(() => {
33
+ init_config();
34
+ init_encrypt();
35
+ });
36
+
37
+ // src/config.ts
38
+ var BASE_API_URL, BASE_CIAM_URL, BASIC_AUTH, AX_FP_KEY, UA, API_KEY, ENCRYPTED_FIELD_KEY, XDATA_KEY, AX_API_SIG_KEY, X_API_BASE_SECRET, CIRCLE_MSISDN_KEY;
39
+ var init_config = __esm(() => {
40
+ init_utils();
41
+ BASE_API_URL = unseal(() => __E_BASE_API_URL__, "https://api.myxl.xlaxiata.co.id");
42
+ BASE_CIAM_URL = unseal(() => __E_BASE_CIAM_URL__, "https://gede.ciam.xlaxiata.co.id");
43
+ BASIC_AUTH = unseal(() => __E_BASIC_AUTH__, "OWZjOTdlZDEtNmEzMC00OGQ1LTk1MTYtNjBjNTNjZTNhMTM1OllEV21GNExKajlYSUt3UW56eTJlMmxiMHRKUWIyOW8z");
44
+ AX_FP_KEY = unseal(() => __E_AX_FP_KEY__, "18b4d589826af50241177961590e6693");
45
+ UA = unseal(() => __E_UA__, "myXL / 8.9.0(1202); com.android.vending; (samsung; SM-N935F; SDK 33; Android 13)");
46
+ API_KEY = unseal(() => __E_API_KEY__, "vT8tINqHaOxXbGE7eOWAhA==");
47
+ ENCRYPTED_FIELD_KEY = unseal(() => __E_ENCRYPTED_FIELD_KEY__, "5dccbf08920a5527");
48
+ XDATA_KEY = unseal(() => __E_XDATA_KEY__, "5dccbf08920a5527b99e222789c34bb7");
49
+ AX_API_SIG_KEY = unseal(() => __E_AX_API_SIG_KEY__, "18b4d589826af50241177961590e6693");
50
+ X_API_BASE_SECRET = unseal(() => __E_X_API_BASE_SECRET__, "mU1Y4n1vBjf3M7tMnRkFU08mVyUJHed8B5En3EAniu1mXLixeuASmBmKnkyzVziOye7rG5nIekMdthensbQMcOJ6SLnrkGyfXALD7mrBC6vuWv6G01pmD3XlU5rT7Tzx");
51
+ CIRCLE_MSISDN_KEY = unseal(() => __E_CIRCLE_MSISDN_KEY__, "5dccbf08920a5527");
52
+ });
53
+
54
+ // src/device.ts
55
+ init_config();
56
+ import crypto from "crypto";
57
+ function randint(min, max) {
58
+ return Math.floor(Math.random() * (max - min + 1)) + min;
59
+ }
60
+ function buildFingerprintPlain(dev) {
61
+ return `${dev.manufacturer}|${dev.model}|${dev.lang}|${dev.resolution}|` + `${dev.tz_short}|${dev.ip}|${dev.font_scale}|Android ${dev.android_release}|${dev.msisdn}`;
62
+ }
63
+ function pkcs7Pad(buf, blockSize = 16) {
64
+ const padLen = blockSize - (buf.length % blockSize || blockSize);
65
+ const padByte = padLen;
66
+ const padding = Buffer.alloc(padLen, padByte);
67
+ return Buffer.concat([buf, padding]);
68
+ }
69
+ function axFingerprint(dev, secretKey32Ascii) {
70
+ const key = Buffer.from(secretKey32Ascii, "ascii");
71
+ if (![16, 24, 32].includes(key.length)) {
72
+ throw new Error(`AX_FP_KEY invalid length: got ${key.length} bytes. Expected 16/24/32 ASCII chars.`);
73
+ }
74
+ const iv = Buffer.alloc(16, 0);
75
+ const pt = Buffer.from(buildFingerprintPlain(dev), "utf8");
76
+ const padded = pkcs7Pad(pt, 16);
77
+ const cipher = crypto.createCipheriv(key.length === 16 ? "aes-128-cbc" : key.length === 24 ? "aes-192-cbc" : "aes-256-cbc", key, iv);
78
+ cipher.setAutoPadding(false);
79
+ const ct = Buffer.concat([cipher.update(padded), cipher.final()]);
80
+ return ct.toString("base64");
81
+ }
82
+ function generateAxFp(params) {
83
+ const dev = {
84
+ manufacturer: "samsung" + String(randint(1000, 9999)),
85
+ model: "SM-N93" + String(randint(1000, 9999)),
86
+ lang: "en",
87
+ resolution: "720x1540",
88
+ tz_short: "GMT07:00",
89
+ ip: params?.ip ?? "192.169.69.69",
90
+ font_scale: 1,
91
+ android_release: "13",
92
+ msisdn: params?.msisdn ?? "6281398370564"
93
+ };
94
+ const fp = axFingerprint(dev, AX_FP_KEY);
95
+ return fp;
96
+ }
97
+ function getAxDeviceId(axFp) {
98
+ if (!axFp || !axFp.trim())
99
+ throw new Error("AX_FP is empty");
100
+ return crypto.createHash("md5").update(axFp, "utf8").digest("hex");
101
+ }
102
+ export {
103
+ getAxDeviceId,
104
+ generateAxFp,
105
+ buildFingerprintPlain,
106
+ axFingerprint
107
+ };
@@ -0,0 +1,37 @@
1
+ /**
2
+ * encrypt.ts (pure-TS replacement)
3
+ *
4
+ * Port of xldor/encrypt.py → TypeScript.
5
+ * All crypto runs locally via Node.js `crypto` — no HTTP request to Python server.
6
+ */
7
+ export type EncryptedBody = {
8
+ xdata: string;
9
+ xtime: number;
10
+ };
11
+ export type EncryptSignResult = {
12
+ x_signature: string;
13
+ encrypted_body: EncryptedBody;
14
+ };
15
+ /**
16
+ * Encrypt + sign an API payload.
17
+ *
18
+ * Previously called the Python server. Now runs inline.
19
+ */
20
+ export declare function encryptSignXData(method: string, path: string, idToken: string, payload: unknown): EncryptSignResult;
21
+ /**
22
+ * Decrypt API response xdata.
23
+ *
24
+ * @param xdata URL-safe base64 ciphertext from the API response
25
+ * @param xtimeMs xtime value from the API response (epoch ms)
26
+ * @returns Parsed JSON object
27
+ */
28
+ export declare function decryptXDataSync(xdata: string, xtimeMs: number): any;
29
+ export declare function decryptXData(xdata: string, xtimeMs: number): Promise<any>;
30
+ /**
31
+ * Build an encrypted-field token (empty-plaintext AES-CBC).
32
+ *
33
+ * @param ivHex16 Optional 16-char hex IV; random if omitted.
34
+ * @param urlsafeB64 Use URL-safe base64 encoding.
35
+ */
36
+ export declare function buildEncryptedField(ivHex16?: string | null, urlsafeB64?: boolean): string;
37
+ export { makeXSignaturePayment, makeAxApiSignature, makeXSignatureBounty, makeXSignatureLoyalty, makeXSignatureBountyAllotment, makeXSignatureBasic, encryptEncryptedField, decryptEncryptedField, } from "./lib/encrypt-helper";
@@ -0,0 +1,259 @@
1
+ // @bun
2
+ var __defProp = Object.defineProperty;
3
+ var __getOwnPropNames = Object.getOwnPropertyNames;
4
+ var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
5
+ var __hasOwnProp = Object.prototype.hasOwnProperty;
6
+ function __accessProp(key) {
7
+ return this[key];
8
+ }
9
+ var __toCommonJS = (from) => {
10
+ var entry = (__moduleCache ??= new WeakMap).get(from), desc;
11
+ if (entry)
12
+ return entry;
13
+ entry = __defProp({}, "__esModule", { value: true });
14
+ if (from && typeof from === "object" || typeof from === "function") {
15
+ for (var key of __getOwnPropNames(from))
16
+ if (!__hasOwnProp.call(entry, key))
17
+ __defProp(entry, key, {
18
+ get: __accessProp.bind(from, key),
19
+ enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
20
+ });
21
+ }
22
+ __moduleCache.set(from, entry);
23
+ return entry;
24
+ };
25
+ var __moduleCache;
26
+ var __returnValue = (v) => v;
27
+ function __exportSetter(name, newValue) {
28
+ this[name] = __returnValue.bind(null, newValue);
29
+ }
30
+ var __export = (target, all) => {
31
+ for (var name in all)
32
+ __defProp(target, name, {
33
+ get: all[name],
34
+ enumerable: true,
35
+ configurable: true,
36
+ set: __exportSetter.bind(all, name)
37
+ });
38
+ };
39
+ var __esm = (fn, res) => () => (fn && (res = fn(fn = 0)), res);
40
+
41
+ // src/lib/utils.ts
42
+ import axios from "axios";
43
+ import { v4 as uuidv4 } from "uuid";
44
+ import { DateTime } from "luxon";
45
+ function unseal(getter, fallback) {
46
+ try {
47
+ const hex = getter();
48
+ if (!hex || typeof __SEED__ === "undefined")
49
+ return fallback;
50
+ const seed = Buffer.from(__SEED__, "hex");
51
+ const data = Buffer.from(hex, "hex");
52
+ return Buffer.from(data.map((b, i) => b ^ seed[i % seed.length])).toString("utf8");
53
+ } catch {
54
+ return fallback;
55
+ }
56
+ }
57
+ var init_utils = __esm(() => {
58
+ init_config();
59
+ init_encrypt();
60
+ });
61
+
62
+ // src/config.ts
63
+ var BASE_API_URL, BASE_CIAM_URL, BASIC_AUTH, AX_FP_KEY, UA, API_KEY, ENCRYPTED_FIELD_KEY, XDATA_KEY, AX_API_SIG_KEY, X_API_BASE_SECRET, CIRCLE_MSISDN_KEY;
64
+ var init_config = __esm(() => {
65
+ init_utils();
66
+ BASE_API_URL = unseal(() => __E_BASE_API_URL__, "https://api.myxl.xlaxiata.co.id");
67
+ BASE_CIAM_URL = unseal(() => __E_BASE_CIAM_URL__, "https://gede.ciam.xlaxiata.co.id");
68
+ BASIC_AUTH = unseal(() => __E_BASIC_AUTH__, "OWZjOTdlZDEtNmEzMC00OGQ1LTk1MTYtNjBjNTNjZTNhMTM1OllEV21GNExKajlYSUt3UW56eTJlMmxiMHRKUWIyOW8z");
69
+ AX_FP_KEY = unseal(() => __E_AX_FP_KEY__, "18b4d589826af50241177961590e6693");
70
+ UA = unseal(() => __E_UA__, "myXL / 8.9.0(1202); com.android.vending; (samsung; SM-N935F; SDK 33; Android 13)");
71
+ API_KEY = unseal(() => __E_API_KEY__, "vT8tINqHaOxXbGE7eOWAhA==");
72
+ ENCRYPTED_FIELD_KEY = unseal(() => __E_ENCRYPTED_FIELD_KEY__, "5dccbf08920a5527");
73
+ XDATA_KEY = unseal(() => __E_XDATA_KEY__, "5dccbf08920a5527b99e222789c34bb7");
74
+ AX_API_SIG_KEY = unseal(() => __E_AX_API_SIG_KEY__, "18b4d589826af50241177961590e6693");
75
+ X_API_BASE_SECRET = unseal(() => __E_X_API_BASE_SECRET__, "mU1Y4n1vBjf3M7tMnRkFU08mVyUJHed8B5En3EAniu1mXLixeuASmBmKnkyzVziOye7rG5nIekMdthensbQMcOJ6SLnrkGyfXALD7mrBC6vuWv6G01pmD3XlU5rT7Tzx");
76
+ CIRCLE_MSISDN_KEY = unseal(() => __E_CIRCLE_MSISDN_KEY__, "5dccbf08920a5527");
77
+ });
78
+
79
+ // src/lib/encrypt-helper.ts
80
+ var exports_encrypt_helper = {};
81
+ __export(exports_encrypt_helper, {
82
+ makeXSignaturePayment: () => makeXSignaturePayment,
83
+ makeXSignatureLoyalty: () => makeXSignatureLoyalty,
84
+ makeXSignatureBountyAllotment: () => makeXSignatureBountyAllotment,
85
+ makeXSignatureBounty: () => makeXSignatureBounty,
86
+ makeXSignatureBasic: () => makeXSignatureBasic,
87
+ makeXSignature: () => makeXSignature,
88
+ makeAxApiSignature: () => makeAxApiSignature,
89
+ encryptXData: () => encryptXData,
90
+ encryptEncryptedField: () => encryptEncryptedField,
91
+ decryptXData: () => decryptXData2,
92
+ decryptEncryptedField: () => decryptEncryptedField
93
+ });
94
+ import crypto from "crypto";
95
+ function pkcs7Pad(buf, blockSize = 16) {
96
+ const pad = blockSize - buf.length % blockSize;
97
+ const padBuf = Buffer.alloc(pad, pad);
98
+ return Buffer.concat([buf, padBuf]);
99
+ }
100
+ function pkcs7Unpad(buf) {
101
+ const pad = buf[buf.length - 1] ?? 16;
102
+ if (pad < 1 || pad > 16)
103
+ throw new Error("Invalid PKCS7 padding");
104
+ return buf.slice(0, buf.length - pad);
105
+ }
106
+ function deriveIv(xtimeMs) {
107
+ const sha = crypto.createHash("sha256").update(String(xtimeMs)).digest("hex");
108
+ return Buffer.from(sha.slice(0, 16), "ascii");
109
+ }
110
+ function urlsafeB64Encode(buf) {
111
+ return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_");
112
+ }
113
+ function urlsafeB64Decode(s) {
114
+ const b64 = s.replace(/-/g, "+").replace(/_/g, "/");
115
+ const padded = b64 + "=".repeat((4 - b64.length % 4) % 4);
116
+ return Buffer.from(padded, "base64");
117
+ }
118
+ function encryptXData(plaintext, xtimeMs) {
119
+ const key = Buffer.from(XDATA_KEY, "ascii");
120
+ const iv = deriveIv(xtimeMs);
121
+ const padded = pkcs7Pad(Buffer.from(plaintext, "utf-8"));
122
+ const cipher = crypto.createCipheriv("aes-256-cbc", key, iv);
123
+ cipher.setAutoPadding(false);
124
+ const ct = Buffer.concat([cipher.update(padded), cipher.final()]);
125
+ return urlsafeB64Encode(ct);
126
+ }
127
+ function decryptXData2(xdata, xtimeMs) {
128
+ const key = Buffer.from(XDATA_KEY, "ascii");
129
+ const iv = deriveIv(xtimeMs);
130
+ const ct = urlsafeB64Decode(xdata);
131
+ const decipher = crypto.createDecipheriv("aes-256-cbc", key, iv);
132
+ decipher.setAutoPadding(false);
133
+ const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
134
+ return pkcs7Unpad(pt).toString("utf-8");
135
+ }
136
+ function makeXSignature(idToken, method, path, sigTimeSec) {
137
+ const keyStr = `${X_API_BASE_SECRET};${idToken};${method};${path};${sigTimeSec}`;
138
+ const msg = `${idToken};${sigTimeSec};`;
139
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
140
+ }
141
+ function makeXSignaturePayment(accessToken, sigTimeSec, packageCode, tokenPayment, paymentMethod, paymentFor, path) {
142
+ const keyStr = `${X_API_BASE_SECRET};${sigTimeSec}#ae-hei_9Tee6he+Ik3Gais5=;POST;${path};${sigTimeSec}`;
143
+ const msg = `${accessToken};${tokenPayment};${sigTimeSec};${paymentFor};${paymentMethod};${packageCode};`;
144
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
145
+ }
146
+ function makeXSignatureBounty(accessToken, sigTimeSec, packageCode, tokenPayment) {
147
+ const path = "api/v8/personalization/bounties-exchange";
148
+ const keyStr = `${X_API_BASE_SECRET};${accessToken};${sigTimeSec}#ae-hei_9Tee6he+Ik3Gais5=;POST;${path};${sigTimeSec}`;
149
+ const msg = `${accessToken};${tokenPayment};${sigTimeSec};${packageCode};`;
150
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
151
+ }
152
+ function makeXSignatureLoyalty(sigTimeSec, packageCode, tokenConfirmation, path) {
153
+ const keyStr = `${X_API_BASE_SECRET};${sigTimeSec}#ae-hei_9Tee6he+Ik3Gais5=;POST;${path};${sigTimeSec}`;
154
+ const msg = `${tokenConfirmation};${sigTimeSec};${packageCode};`;
155
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
156
+ }
157
+ function makeXSignatureBountyAllotment(sigTimeSec, packageCode, tokenConfirmation, path, destinationMsisdn) {
158
+ const keyStr = `${X_API_BASE_SECRET};${sigTimeSec}#ae-hei_9Tee6he+Ik3Gais5=;${destinationMsisdn};POST;${path};${sigTimeSec}`;
159
+ const msg = `${tokenConfirmation};${sigTimeSec};${destinationMsisdn};${packageCode};`;
160
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
161
+ }
162
+ function makeXSignatureBasic(method, path, sigTimeSec) {
163
+ const keyStr = `${X_API_BASE_SECRET};${method};${path};${sigTimeSec}`;
164
+ const msg = `${sigTimeSec};en;`;
165
+ return crypto.createHmac("sha512", keyStr).update(msg).digest("hex");
166
+ }
167
+ function makeAxApiSignature(tsForSign, contact, code, contactType) {
168
+ const preimage = `${tsForSign}password${contactType}${contact}${code}openid`;
169
+ const digest = crypto.createHmac("sha256", Buffer.from(AX_API_SIG_KEY, "ascii")).update(preimage).digest();
170
+ return digest.toString("base64");
171
+ }
172
+ function decryptEncryptedField(encryptedB64) {
173
+ const ivAscii = encryptedB64.slice(-16);
174
+ const b64Part = encryptedB64.slice(0, -16);
175
+ const key = Buffer.from(ENCRYPTED_FIELD_KEY, "ascii");
176
+ const iv = Buffer.from(ivAscii, "ascii");
177
+ const ct = urlsafeB64Decode(b64Part);
178
+ const decipher = crypto.createDecipheriv("aes-128-cbc", key, iv);
179
+ decipher.setAutoPadding(false);
180
+ const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
181
+ return pkcs7Unpad(pt).toString("utf-8");
182
+ }
183
+ function encryptEncryptedField(plaintext) {
184
+ const key = Buffer.from(ENCRYPTED_FIELD_KEY, "ascii");
185
+ const ivHex = crypto.randomBytes(8).toString("hex");
186
+ const iv = Buffer.from(ivHex, "ascii");
187
+ const padded = pkcs7Pad(Buffer.from(plaintext, "utf-8"));
188
+ const cipher = crypto.createCipheriv("aes-128-cbc", key, iv);
189
+ cipher.setAutoPadding(false);
190
+ const ct = Buffer.concat([cipher.update(padded), cipher.final()]);
191
+ return urlsafeB64Encode(ct) + ivHex;
192
+ }
193
+ var init_encrypt_helper = __esm(() => {
194
+ init_config();
195
+ });
196
+
197
+ // src/encrypt.ts
198
+ import crypto2 from "crypto";
199
+ function encryptSignXData(method, path, idToken, payload) {
200
+ const plainBody = JSON.stringify(payload);
201
+ const xtime = Date.now();
202
+ const xdata = encryptXData(plainBody, xtime);
203
+ const sigTimeSec = Math.floor(xtime / 1000);
204
+ const xSignature = makeXSignature(idToken, method, path, sigTimeSec);
205
+ return {
206
+ x_signature: xSignature,
207
+ encrypted_body: { xdata, xtime }
208
+ };
209
+ }
210
+ function decryptXDataSync(xdata, xtimeMs) {
211
+ const { decryptXData: decryptXData3 } = (init_encrypt_helper(), __toCommonJS(exports_encrypt_helper));
212
+ const plaintext = decryptXData3(xdata, xtimeMs);
213
+ return JSON.parse(plaintext);
214
+ }
215
+ async function decryptXData(xdata, xtimeMs) {
216
+ const { decryptXData: _decrypt } = (init_encrypt_helper(), __toCommonJS(exports_encrypt_helper));
217
+ return JSON.parse(_decrypt(xdata, xtimeMs));
218
+ }
219
+ function randomIvHex16() {
220
+ return crypto2.randomBytes(8).toString("hex");
221
+ }
222
+ function b64(data, urlsafe) {
223
+ const b64str = data.toString("base64");
224
+ if (urlsafe) {
225
+ return b64str.replace(/\+/g, "-").replace(/\//g, "_");
226
+ }
227
+ return b64str;
228
+ }
229
+ function buildEncryptedField(ivHex16 = null, urlsafeB64 = false) {
230
+ const key = Buffer.from(ENCRYPTED_FIELD_KEY, "ascii");
231
+ const ivHex = ivHex16 ?? randomIvHex16();
232
+ const iv = Buffer.from(ivHex, "ascii");
233
+ const pt = Buffer.alloc(16, 16);
234
+ const cipher = crypto2.createCipheriv("aes-128-cbc", key, iv);
235
+ cipher.setAutoPadding(false);
236
+ const ct = Buffer.concat([cipher.update(pt), cipher.final()]);
237
+ return b64(ct, urlsafeB64) + ivHex;
238
+ }
239
+ var init_encrypt = __esm(() => {
240
+ init_config();
241
+ init_encrypt_helper();
242
+ init_encrypt_helper();
243
+ });
244
+ init_encrypt();
245
+
246
+ export {
247
+ makeXSignaturePayment,
248
+ makeXSignatureLoyalty,
249
+ makeXSignatureBountyAllotment,
250
+ makeXSignatureBounty,
251
+ makeXSignatureBasic,
252
+ makeAxApiSignature,
253
+ encryptSignXData,
254
+ encryptEncryptedField,
255
+ decryptXDataSync,
256
+ decryptXData,
257
+ decryptEncryptedField,
258
+ buildEncryptedField
259
+ };
@@ -0,0 +1,28 @@
1
+ export declare function getFamilyData(idToken: string): Promise<any>;
2
+ export type ValidateMsisdnData = {
3
+ subscription_type: string;
4
+ subscriber_id: string;
5
+ msisdn: string;
6
+ has_prio_flex: boolean;
7
+ status: string;
8
+ suspended_status: string;
9
+ is_enterprise: boolean;
10
+ is_registered: boolean;
11
+ has_family_plan: boolean;
12
+ family_plan_role: string;
13
+ plan_type: string;
14
+ has_bizon: boolean;
15
+ has_bizon_in_same_company: boolean;
16
+ has_bizoptimus_package: boolean;
17
+ is_bizoptimus_same_company: boolean;
18
+ is_member_optimus: boolean;
19
+ };
20
+ export type ValidateMsisdnResponse = {
21
+ code: string;
22
+ status: string;
23
+ data: ValidateMsisdnData;
24
+ };
25
+ export declare function validateMsisdn(idToken: string, msisdn: string): Promise<ValidateMsisdnResponse>;
26
+ export declare function changeMember(idToken: string, parentAlias: string, alias: string, slotId: number, familyMemberId: string, newMsisdn: string): Promise<any>;
27
+ export declare function removeMember(idToken: string, familyMemberId: string): Promise<any>;
28
+ export declare function setQuotaLimit(idToken: string, originalAllocation: number, newAllocation: number, familyMemberId: string): Promise<any>;