npm - nextjs-secure - Versions diffs - 0.7.0 → 0.8.0 - Mend

nextjs-secure 0.7.0 → 0.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/dist/api.d.cts ADDED Viewed

@@ -0,0 +1,708 @@
+import { NextRequest } from 'next/server';
+/**
+ * API Security Types
+ * @module nextjs-secure/api
+ */
+/**
+ * Supported signing algorithms
+ */
+type SigningAlgorithm = 'sha256' | 'sha512' | 'sha384' | 'sha1';
+/**
+ * Signature encoding format
+ */
+type SignatureEncoding = 'hex' | 'base64' | 'base64url';
+/**
+ * Components to include in signature
+ */
+interface SignatureComponents {
+    /** Include HTTP method */
+    method?: boolean;
+    /** Include request path */
+    path?: boolean;
+    /** Include query string */
+    query?: boolean;
+    /** Include request body */
+    body?: boolean;
+    /** Include specific headers */
+    headers?: string[];
+    /** Include timestamp */
+    timestamp?: boolean;
+    /** Include nonce */
+    nonce?: boolean;
+}
+/**
+ * Request signing options
+ */
+interface SigningOptions {
+    /** Secret key for HMAC signing */
+    secret: string;
+    /** Signing algorithm (default: sha256) */
+    algorithm?: SigningAlgorithm;
+    /** Signature encoding (default: hex) */
+    encoding?: SignatureEncoding;
+    /** Header name for signature (default: x-signature) */
+    signatureHeader?: string;
+    /** Header name for timestamp (default: x-timestamp) */
+    timestampHeader?: string;
+    /** Header name for nonce (default: x-nonce) */
+    nonceHeader?: string;
+    /** Components to include in signature */
+    components?: SignatureComponents;
+    /** Timestamp tolerance in seconds (default: 300) */
+    timestampTolerance?: number;
+    /** Custom canonical string builder */
+    canonicalBuilder?: (req: Request, components: SignatureComponents) => Promise<string>;
+    /** Custom error response */
+    onInvalid?: (reason: string) => Response | Promise<Response>;
+    /** Skip signing for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+}
+/**
+ * Signature verification result
+ */
+interface SignatureResult {
+    /** Whether signature is valid */
+    valid: boolean;
+    /** Reason for failure (if invalid) */
+    reason?: string;
+    /** Computed signature (for debugging) */
+    computed?: string;
+    /** Provided signature */
+    provided?: string;
+    /** Canonical string used */
+    canonical?: string;
+}
+/**
+ * Nonce store interface for replay prevention
+ */
+interface NonceStore {
+    /** Check if nonce exists (has been used) */
+    exists(nonce: string): Promise<boolean>;
+    /** Store a nonce with TTL */
+    set(nonce: string, ttl: number): Promise<void>;
+    /** Remove expired nonces (optional cleanup) */
+    cleanup?(): Promise<void>;
+    /** Get store statistics */
+    getStats?(): {
+        size: number;
+        oldestTimestamp?: number;
+    };
+}
+/**
+ * Replay prevention options
+ */
+interface ReplayPreventionOptions {
+    /** Nonce store instance */
+    store?: NonceStore;
+    /** Header name for nonce (default: x-nonce) */
+    nonceHeader?: string;
+    /** Query param name for nonce (optional) */
+    nonceQuery?: string;
+    /** TTL for nonces in milliseconds (default: 300000 = 5 minutes) */
+    ttl?: number;
+    /** Require nonce on all requests (default: true) */
+    required?: boolean;
+    /** Minimum nonce length (default: 16) */
+    minLength?: number;
+    /** Maximum nonce length (default: 128) */
+    maxLength?: number;
+    /** Custom nonce validator */
+    validate?: (nonce: string) => boolean | Promise<boolean>;
+    /** Custom error response */
+    onReplay?: (nonce: string) => Response | Promise<Response>;
+    /** Skip replay check for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+}
+/**
+ * Replay check result
+ */
+interface ReplayCheckResult {
+    /** Whether request is a replay */
+    isReplay: boolean;
+    /** Nonce value */
+    nonce?: string;
+    /** Reason for failure */
+    reason?: string;
+}
+/**
+ * Timestamp format
+ */
+type TimestampFormat = 'unix' | 'unix-ms' | 'iso8601';
+/**
+ * Timestamp validation options
+ */
+interface TimestampOptions {
+    /** Header name for timestamp (default: x-timestamp) */
+    timestampHeader?: string;
+    /** Query param name for timestamp (optional) */
+    timestampQuery?: string;
+    /** Expected timestamp format (default: unix) */
+    format?: TimestampFormat;
+    /** Maximum age in seconds (default: 300 = 5 minutes) */
+    maxAge?: number;
+    /** Allow future timestamps (default: false) */
+    allowFuture?: boolean;
+    /** Maximum future time in seconds (default: 60) */
+    maxFuture?: number;
+    /** Require timestamp on all requests (default: true) */
+    required?: boolean;
+    /** Custom error response */
+    onInvalid?: (reason: string) => Response | Promise<Response>;
+    /** Skip timestamp check for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+}
+/**
+ * Timestamp validation result
+ */
+interface TimestampResult {
+    /** Whether timestamp is valid */
+    valid: boolean;
+    /** Parsed timestamp value */
+    timestamp?: number;
+    /** Age of request in seconds */
+    age?: number;
+    /** Reason for failure */
+    reason?: string;
+}
+/**
+ * Version extraction source
+ */
+type VersionSource = 'header' | 'path' | 'query' | 'accept';
+/**
+ * Version status
+ */
+type VersionStatus = 'current' | 'supported' | 'deprecated' | 'sunset';
+/**
+ * Version information
+ */
+interface VersionInfo {
+    /** Version string */
+    version: string;
+    /** Version status */
+    status: VersionStatus;
+    /** Sunset date (for deprecated versions) */
+    sunsetDate?: Date;
+    /** Deprecation message */
+    deprecationMessage?: string;
+}
+/**
+ * API versioning options
+ */
+interface VersioningOptions {
+    /** Version extraction source (default: header) */
+    source?: VersionSource;
+    /** Header name for version (default: x-api-version) */
+    versionHeader?: string;
+    /** Query param name for version */
+    versionQuery?: string;
+    /** Path prefix pattern (e.g., /v{version}/) */
+    pathPattern?: RegExp;
+    /** Accept header media type pattern */
+    acceptPattern?: RegExp;
+    /** Current/default version */
+    current: string;
+    /** All supported versions */
+    supported: string[];
+    /** Deprecated versions (still work but show warning) */
+    deprecated?: string[];
+    /** Sunset versions (no longer work) */
+    sunset?: string[];
+    /** Sunset dates for deprecated versions */
+    sunsetDates?: Record<string, Date>;
+    /** Add deprecation headers to response */
+    addDeprecationHeaders?: boolean;
+    /** Custom version parser */
+    parseVersion?: (value: string) => string | null;
+    /** Custom error response for unsupported version */
+    onUnsupported?: (version: string) => Response | Promise<Response>;
+    /** Custom warning response for deprecated version */
+    onDeprecated?: (version: string, sunsetDate?: Date) => void;
+    /** Skip version check for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+}
+/**
+ * Version extraction result
+ */
+interface VersionResult {
+    /** Extracted version */
+    version: string | null;
+    /** Version source */
+    source: VersionSource | null;
+    /** Version status */
+    status: VersionStatus | null;
+    /** Whether version is valid */
+    valid: boolean;
+    /** Reason for failure */
+    reason?: string;
+    /** Sunset date (if deprecated) */
+    sunsetDate?: Date;
+}
+/**
+ * Cached response for idempotency
+ */
+interface CachedResponse {
+    /** Response status code */
+    status: number;
+    /** Response headers */
+    headers: Record<string, string>;
+    /** Response body */
+    body: string;
+    /** Timestamp when cached */
+    cachedAt: number;
+    /** Request hash for validation */
+    requestHash?: string;
+}
+/**
+ * Idempotency store interface
+ */
+interface IdempotencyStore {
+    /** Get cached response for key */
+    get(key: string): Promise<CachedResponse | null>;
+    /** Store response with TTL */
+    set(key: string, response: CachedResponse, ttl: number): Promise<void>;
+    /** Check if key is currently being processed (for concurrent requests) */
+    isProcessing(key: string): Promise<boolean>;
+    /** Mark key as being processed */
+    startProcessing(key: string, timeout: number): Promise<boolean>;
+    /** Mark key as done processing */
+    endProcessing(key: string): Promise<void>;
+    /** Remove a key */
+    delete(key: string): Promise<void>;
+    /** Cleanup expired entries */
+    cleanup?(): Promise<void>;
+}
+/**
+ * Idempotency options
+ */
+interface IdempotencyOptions {
+    /** Idempotency store instance */
+    store?: IdempotencyStore;
+    /** Header name for idempotency key (default: idempotency-key) */
+    keyHeader?: string;
+    /** TTL for cached responses in milliseconds (default: 86400000 = 24 hours) */
+    ttl?: number;
+    /** Require idempotency key for mutating requests (default: false) */
+    required?: boolean;
+    /** HTTP methods that require idempotency (default: POST, PUT, PATCH) */
+    methods?: string[];
+    /** Minimum key length (default: 16) */
+    minKeyLength?: number;
+    /** Maximum key length (default: 256) */
+    maxKeyLength?: number;
+    /** Include request body hash in cache key (default: true) */
+    hashRequestBody?: boolean;
+    /** Lock timeout for concurrent requests in ms (default: 30000) */
+    lockTimeout?: number;
+    /** Wait for lock instead of failing (default: true) */
+    waitForLock?: boolean;
+    /** Max wait time for lock in ms (default: 10000) */
+    maxWaitTime?: number;
+    /** Custom key validator */
+    validateKey?: (key: string) => boolean | Promise<boolean>;
+    /** Custom error response */
+    onError?: (reason: string) => Response | Promise<Response>;
+    /** Skip idempotency for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+    /** Called when returning cached response */
+    onCacheHit?: (key: string, response: CachedResponse) => void;
+}
+/**
+ * Idempotency check result
+ */
+interface IdempotencyResult {
+    /** Idempotency key */
+    key: string | null;
+    /** Whether response was from cache */
+    fromCache: boolean;
+    /** Cached response (if from cache) */
+    cachedResponse?: CachedResponse;
+    /** Whether request is currently being processed */
+    isProcessing: boolean;
+    /** Reason for any errors */
+    reason?: string;
+}
+/**
+ * API protection preset names
+ */
+type APIProtectionPreset = 'basic' | 'standard' | 'strict' | 'financial';
+/**
+ * Combined API protection options
+ */
+interface APIProtectionOptions {
+    /** Request signing options (false to disable) */
+    signing?: SigningOptions | false;
+    /** Replay prevention options (false to disable) */
+    replay?: ReplayPreventionOptions | false;
+    /** Timestamp validation options (false to disable) */
+    timestamp?: TimestampOptions | false;
+    /** API versioning options (false to disable) */
+    versioning?: VersioningOptions | false;
+    /** Idempotency options (false to disable) */
+    idempotency?: IdempotencyOptions | false;
+    /** Custom error handler */
+    onError?: (error: APISecurityError) => Response | Promise<Response>;
+    /** Skip all checks for certain requests */
+    skip?: (req: Request) => boolean | Promise<boolean>;
+}
+/**
+ * API security error
+ */
+interface APISecurityError {
+    /** Error type */
+    type: 'signing' | 'replay' | 'timestamp' | 'versioning' | 'idempotency';
+    /** Error message */
+    message: string;
+    /** Additional details */
+    details?: Record<string, unknown>;
+}
+/**
+ * API protection result
+ */
+interface APIProtectionResult {
+    /** Whether all checks passed */
+    passed: boolean;
+    /** Signing result */
+    signing?: SignatureResult;
+    /** Replay check result */
+    replay?: ReplayCheckResult;
+    /** Timestamp result */
+    timestamp?: TimestampResult;
+    /** Version result */
+    version?: VersionResult;
+    /** Idempotency result */
+    idempotency?: IdempotencyResult;
+    /** Error if any check failed */
+    error?: APISecurityError;
+}
+/**
+ * API protection presets
+ */
+declare const API_PROTECTION_PRESETS: Record<APIProtectionPreset, Partial<APIProtectionOptions>>;
+/**
+ * Request Signing for API Security
+ * @module nextjs-secure/api
+ */
+declare const DEFAULT_SIGNING_OPTIONS: Required<Omit<SigningOptions, 'secret' | 'canonicalBuilder' | 'onInvalid' | 'skip'>>;
+/**
+ * Create HMAC signature using Web Crypto API
+ */
+declare function createHMAC(data: string, secret: string, algorithm?: SigningAlgorithm, encoding?: SignatureEncoding): Promise<string>;
+/**
+ * Timing-safe string comparison
+ */
+declare function timingSafeEqual(a: string, b: string): boolean;
+/**
+ * Build canonical string for signing
+ */
+declare function buildCanonicalString(req: NextRequest, components: SignatureComponents, options?: {
+    timestampHeader?: string;
+    nonceHeader?: string;
+}): Promise<string>;
+/**
+ * Generate signature for a request
+ */
+declare function generateSignature(req: NextRequest, options: SigningOptions): Promise<string>;
+/**
+ * Generate signature headers for outgoing requests
+ */
+declare function generateSignatureHeaders(method: string, url: string, body: string | null, options: SigningOptions & {
+    includeTimestamp?: boolean;
+    includeNonce?: boolean;
+}): Promise<Record<string, string>>;
+/**
+ * Generate a random nonce
+ */
+declare function generateNonce$1(length?: number): string;
+/**
+ * Verify request signature
+ */
+declare function verifySignature(req: NextRequest, options: SigningOptions): Promise<SignatureResult>;
+/**
+ * Create request signing middleware
+ */
+declare function withRequestSigning<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options: SigningOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Replay Attack Prevention for API Security
+ * @module nextjs-secure/api
+ */
+declare const DEFAULT_REPLAY_OPTIONS: Required<Omit<ReplayPreventionOptions, 'store' | 'validate' | 'onReplay' | 'skip'>>;
+/**
+ * In-memory nonce store with LRU eviction
+ */
+declare class MemoryNonceStore implements NonceStore {
+    private nonces;
+    private maxSize;
+    private cleanupInterval;
+    constructor(options?: {
+        maxSize?: number;
+        autoCleanup?: boolean;
+        cleanupIntervalMs?: number;
+    });
+    exists(nonce: string): Promise<boolean>;
+    set(nonce: string, ttl: number): Promise<void>;
+    cleanup(): Promise<void>;
+    getStats(): {
+        size: number;
+        oldestTimestamp?: number;
+    };
+    private evictOldest;
+    /**
+     * Clear all nonces
+     */
+    clear(): void;
+    /**
+     * Stop auto cleanup
+     */
+    destroy(): void;
+}
+/**
+ * Get global nonce store (singleton)
+ */
+declare function getGlobalNonceStore(): MemoryNonceStore;
+/**
+ * Generate a cryptographically secure nonce
+ */
+declare function generateNonce(length?: number): string;
+/**
+ * Validate nonce format
+ */
+declare function isValidNonceFormat(nonce: string, minLength?: number, maxLength?: number): boolean;
+/**
+ * Extract nonce from request
+ */
+declare function extractNonce(req: NextRequest, options?: ReplayPreventionOptions): string | null;
+/**
+ * Check request for replay attack
+ */
+declare function checkReplay(req: NextRequest, options?: ReplayPreventionOptions): Promise<ReplayCheckResult>;
+/**
+ * Create replay prevention middleware
+ */
+declare function withReplayPrevention<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options?: ReplayPreventionOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Add nonce header to outgoing request headers
+ */
+declare function addNonceHeader(headers?: Record<string, string>, options?: {
+    headerName?: string;
+    length?: number;
+}): Record<string, string>;
+/**
+ * Timestamp Validation for API Security
+ * @module nextjs-secure/api
+ */
+declare const DEFAULT_TIMESTAMP_OPTIONS: Required<Omit<TimestampOptions, 'timestampQuery' | 'onInvalid' | 'skip'>>;
+/**
+ * Parse timestamp string to Unix timestamp (seconds)
+ */
+declare function parseTimestamp(value: string, format?: TimestampFormat): number | null;
+/**
+ * Format current timestamp
+ */
+declare function formatTimestamp(format?: TimestampFormat): string;
+/**
+ * Extract timestamp from request
+ */
+declare function extractTimestamp(req: NextRequest, options?: TimestampOptions): string | null;
+/**
+ * Validate request timestamp
+ */
+declare function validateTimestamp(req: NextRequest, options?: TimestampOptions): TimestampResult;
+/**
+ * Quick check if timestamp is valid
+ */
+declare function isTimestampValid(timestampStr: string, options?: {
+    format?: TimestampFormat;
+    maxAge?: number;
+    allowFuture?: boolean;
+    maxFuture?: number;
+}): boolean;
+/**
+ * Create timestamp validation middleware
+ */
+declare function withTimestamp<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options?: TimestampOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Add timestamp header to outgoing request headers
+ */
+declare function addTimestampHeader(headers?: Record<string, string>, options?: {
+    headerName?: string;
+    format?: TimestampFormat;
+}): Record<string, string>;
+/**
+ * Get request age in seconds (for monitoring/logging)
+ */
+declare function getRequestAge(req: NextRequest, options?: TimestampOptions): number | null;
+/**
+ * API Versioning for API Security
+ * @module nextjs-secure/api
+ */
+declare const DEFAULT_VERSIONING_OPTIONS: Required<Omit<VersioningOptions, 'current' | 'supported' | 'deprecated' | 'sunset' | 'sunsetDates' | 'pathPattern' | 'acceptPattern' | 'parseVersion' | 'onUnsupported' | 'onDeprecated' | 'skip'>>;
+/**
+ * Extract version from request
+ */
+declare function extractVersion(req: NextRequest, options: VersioningOptions): {
+    version: string | null;
+    source: VersionSource | null;
+};
+/**
+ * Try to extract version from multiple sources
+ */
+declare function extractVersionMultiSource(req: NextRequest, options: VersioningOptions, sources?: VersionSource[]): {
+    version: string | null;
+    source: VersionSource | null;
+};
+/**
+ * Get version status
+ */
+declare function getVersionStatus(version: string, options: VersioningOptions): VersionStatus | null;
+/**
+ * Check if version is supported
+ */
+declare function isVersionSupported(version: string, options: VersioningOptions): boolean;
+/**
+ * Validate request version
+ */
+declare function validateVersion(req: NextRequest, options: VersioningOptions): VersionResult;
+/**
+ * Add deprecation headers to response
+ */
+declare function addDeprecationHeaders(response: Response, version: string, sunsetDate?: Date): Response;
+/**
+ * Create API versioning middleware
+ */
+declare function withAPIVersion<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options: VersioningOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+type VersionHandler<T> = (req: NextRequest, ctx: T) => Response | Promise<Response>;
+/**
+ * Create version-based router
+ */
+declare function createVersionRouter<T = unknown>(handlers: Record<string, VersionHandler<T>>, options: Omit<VersioningOptions, 'current' | 'supported'> & {
+    default?: string;
+}): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Compare semantic versions
+ */
+declare function compareVersions(a: string, b: string): number;
+/**
+ * Check if version is greater than or equal to minimum
+ */
+declare function isVersionAtLeast(version: string, minimum: string): boolean;
+/**
+ * Normalize version string
+ */
+declare function normalizeVersion(version: string): string;
+/**
+ * Idempotency Support for API Security
+ * @module nextjs-secure/api
+ */
+declare const DEFAULT_IDEMPOTENCY_OPTIONS: Required<Omit<IdempotencyOptions, 'store' | 'validateKey' | 'onError' | 'skip' | 'onCacheHit'>>;
+/**
+ * In-memory idempotency store
+ */
+declare class MemoryIdempotencyStore implements IdempotencyStore {
+    private cache;
+    private processing;
+    private maxSize;
+    private cleanupInterval;
+    constructor(options?: {
+        maxSize?: number;
+        autoCleanup?: boolean;
+        cleanupIntervalMs?: number;
+    });
+    get(key: string): Promise<CachedResponse | null>;
+    set(key: string, response: CachedResponse, ttl: number): Promise<void>;
+    isProcessing(key: string): Promise<boolean>;
+    startProcessing(key: string, timeout: number): Promise<boolean>;
+    endProcessing(key: string): Promise<void>;
+    delete(key: string): Promise<void>;
+    cleanup(): Promise<void>;
+    getStats(): {
+        cacheSize: number;
+        processingSize: number;
+    };
+    private evictOldest;
+    /**
+     * Clear all entries
+     */
+    clear(): void;
+    /**
+     * Stop auto cleanup
+     */
+    destroy(): void;
+}
+/**
+ * Get global idempotency store (singleton)
+ */
+declare function getGlobalIdempotencyStore(): MemoryIdempotencyStore;
+/**
+ * Generate a cryptographically secure idempotency key
+ */
+declare function generateIdempotencyKey(length?: number): string;
+/**
+ * Hash request body using SHA-256
+ */
+declare function hashRequestBody(body: string): Promise<string>;
+/**
+ * Validate idempotency key format
+ */
+declare function isValidIdempotencyKey(key: string, minLength?: number, maxLength?: number): boolean;
+/**
+ * Create cache key from idempotency key and request hash
+ */
+declare function createCacheKey(idempotencyKey: string, req: NextRequest, hashBody?: boolean): Promise<string>;
+/**
+ * Extract idempotency key from request
+ */
+declare function extractIdempotencyKey(req: NextRequest, options?: IdempotencyOptions): string | null;
+/**
+ * Check idempotency for request
+ */
+declare function checkIdempotency(req: NextRequest, options?: IdempotencyOptions): Promise<IdempotencyResult>;
+/**
+ * Cache response for idempotency key
+ */
+declare function cacheResponse(key: string, req: NextRequest, response: Response, options?: IdempotencyOptions): Promise<void>;
+/**
+ * Create response from cached data
+ */
+declare function createResponseFromCache(cached: CachedResponse): Response;
+/**
+ * Create idempotency middleware
+ */
+declare function withIdempotency<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options?: IdempotencyOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Add idempotency key header to outgoing request headers
+ */
+declare function addIdempotencyHeader(headers?: Record<string, string>, options?: {
+    headerName?: string;
+    key?: string;
+}): Record<string, string>;
+/**
+ * Combined API Security Middleware
+ * @module nextjs-secure/api
+ */
+/**
+ * Check all API security measures
+ */
+declare function checkAPIProtection(req: NextRequest, options: APIProtectionOptions): Promise<APIProtectionResult>;
+/**
+ * Create combined API protection middleware
+ */
+declare function withAPIProtection<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, options: APIProtectionOptions): (req: NextRequest, ctx: T) => Promise<Response>;
+/**
+ * Create API protection middleware using preset
+ */
+declare function withAPIProtectionPreset<T = unknown>(handler: (req: NextRequest, ctx: T) => Response | Promise<Response>, preset: APIProtectionPreset, overrides?: Partial<APIProtectionOptions>): (req: NextRequest, ctx: T) => Promise<Response>;
+export { type APIProtectionOptions, type APIProtectionPreset, type APIProtectionResult, type APISecurityError, API_PROTECTION_PRESETS, type CachedResponse, DEFAULT_IDEMPOTENCY_OPTIONS, DEFAULT_REPLAY_OPTIONS, DEFAULT_SIGNING_OPTIONS, DEFAULT_TIMESTAMP_OPTIONS, DEFAULT_VERSIONING_OPTIONS, type IdempotencyOptions, type IdempotencyResult, type IdempotencyStore, MemoryIdempotencyStore, MemoryNonceStore, type NonceStore, type ReplayCheckResult, type ReplayPreventionOptions, type SignatureComponents, type SignatureEncoding, type SignatureResult, type SigningAlgorithm, type SigningOptions, type TimestampFormat, type TimestampOptions, type TimestampResult, type VersionInfo, type VersionResult, type VersionSource, type VersionStatus, type VersioningOptions, addDeprecationHeaders, addIdempotencyHeader, addNonceHeader, addTimestampHeader, buildCanonicalString, cacheResponse, checkAPIProtection, checkIdempotency, checkReplay, compareVersions, createCacheKey, createHMAC, generateNonce$1 as createNonce, createResponseFromCache, createVersionRouter, extractIdempotencyKey, extractNonce, extractTimestamp, extractVersion, extractVersionMultiSource, formatTimestamp, generateIdempotencyKey, generateNonce, generateSignature, generateSignatureHeaders, getGlobalIdempotencyStore, getGlobalNonceStore, getRequestAge, getVersionStatus, hashRequestBody, isTimestampValid, isValidIdempotencyKey, isValidNonceFormat, isVersionAtLeast, isVersionSupported, normalizeVersion, parseTimestamp, timingSafeEqual, validateTimestamp, validateVersion, verifySignature, withAPIProtection, withAPIProtectionPreset, withAPIVersion, withIdempotency, withReplayPrevention, withRequestSigning, withTimestamp };