post-armor 1.0.0 → 1.0.7

package/README.md

@@ -128,7 +128,8 @@ async function sendData() {
 | `key` | `string` | **Required** | Shared secret key. |
 | `body` | `any` | **Required** | JSON payload to send. |
 | `headers` | `object` | `{}` | Additional headers to include. |
-| `headerName` | `string` | `"post-armor-token"` | Custom header name. |
+| `headerName` | `string` | `"post-armor-token"` | Custom header name. (Must match server) |
+| `sourceName` | `string` | `"post-armor"` | Custom source name in payload metadata. (Must match server) |
 
 ---
 
@@ -141,3 +142,7 @@ async function sendData() {
 
 ## License
 MIT
+
+---
+
+**Powered By:** [Evelocore](https://evelocore.com) • [K.Prabhasha](https://kp.evelocore.com)

package/dist/post-armor.js

@@ -1,201 +1 @@
-const LIB_VERSION = "1.0.0";
-export function getTimestamp() {
-    const date = new Date();
-    return date
-        .toLocaleTimeString("en-GB", {
-        timeZone: "Asia/Kolkata",
-        hour12: false,
-        hour: "2-digit",
-        minute: "2-digit",
-        second: "2-digit",
-    })
-        .replace(/:/g, ""); // Returns "HHmmss"
-}
-function encryptTime(time, key) {
-    let encrypted = "";
-    for (let i = 0; i < time.length; i++) {
-        const charCode = time.charCodeAt(i) ^ key.charCodeAt(i % key.length);
-        encrypted += String.fromCharCode(charCode);
-    }
-    const random1 = Math.random().toString(36).substring(2, 7);
-    const random2 = Math.random().toString(36).substring(2, 7);
-    // Reverse the XOR result
-    encrypted = encrypted.split("").reverse().join("");
-    // Combine with random salts and encode to Base64 (stripping padding)
-    return btoa(random1 + encrypted + random2).replace(/=/g, "");
-}
-function decryptTime(raw, key) {
-    if (raw.length < 10)
-        return "";
-    let encrypted = raw.substring(5, raw.length - 5);
-    encrypted = encrypted.split("").reverse().join("");
-    let decrypted = "";
-    for (let i = 0; i < encrypted.length; i++) {
-        decrypted += String.fromCharCode(encrypted.charCodeAt(i) ^ key.charCodeAt(i % key.length));
-    }
-    return decrypted;
-}
-export function getSecureToken(key) {
-    const time = getTimestamp();
-    return encryptTime(time, key);
-}
-export function validateToken(token, key, delay = 5) {
-    try {
-        if (!token)
-            return false;
-        // Restore Base64 padding if missing
-        const paddedToken = token.padEnd(token.length + ((4 - (token.length % 4)) % 4), "=");
-        const raw = atob(paddedToken);
-        const decryptedTime = decryptTime(raw, key);
-        if (decryptedTime.length !== 6)
-            return false;
-        const serverTime = getTimestamp();
-        const toSeconds = (t) => {
-            const h = parseInt(t.substring(0, 2), 10);
-            const m = parseInt(t.substring(2, 4), 10);
-            const s = parseInt(t.substring(4, 6), 10);
-            return h * 3600 + m * 60 + s;
-        };
-        const serverSec = toSeconds(serverTime);
-        const clientSec = toSeconds(decryptedTime);
-        let diff = serverSec - clientSec;
-        // Handle midnight wrap-around
-        if (diff < -80000)
-            diff += 86400;
-        if (diff > 80000)
-            diff -= 86400;
-        return Math.abs(diff) <= delay;
-    }
-    catch (e) {
-        console.error("Token validation error:", e?.message);
-        return false;
-    }
-}
-/**
- * Sends a secure POST request with the given options.
- * @param options The options for the request.
- * @returns A Promise that resolves to the response from the server.
- */
-export async function armoredPost({ url, headers = {}, body, key, headerName = "post-armor-token", sourceName = "post-armor", }) {
-    const _headers = {
-        ...headers,
-        "Content-Type": "application/octet-stream",
-        [headerName]: getSecureToken(key),
-    };
-    const encoder = new TextEncoder();
-    const _body = encoder.encode(JSON.stringify({
-        body,
-        _: {
-            source: sourceName,
-            version: LIB_VERSION,
-        },
-    }));
-    const response = await fetch(url, {
-        method: "POST",
-        headers: _headers,
-        body: _body,
-    });
-    let received = {
-        body: undefined,
-        type: "undefined",
-        _: {
-            source: "",
-            version: "",
-        },
-    };
-    if (response.status == 200) {
-        const buffer = await response.arrayBuffer();
-        const decoder = new TextDecoder();
-        const text = decoder.decode(buffer);
-        try {
-            received = JSON.parse(text);
-        }
-        catch (e) {
-            throw new Error("Failed to parse armored response");
-        }
-        if (received._?.source !== sourceName || received._?.version !== LIB_VERSION) {
-            throw new Error(`Invalid response source: expected ${sourceName}, got ${received._?.source}`);
-        }
-    }
-    return {
-        status: response.status,
-        statusText: response.statusText,
-        body: received.body || undefined,
-        type: typeof received.body,
-        ok: response.ok,
-        url: response.url,
-        redirected: response.redirected,
-        headers: response.headers,
-    };
-}
-/**
- * Creates a PostArmor middleware instance with the given configuration.
- * This middleware is built using Web Standards and can be safely included in
- * browser bundles without causing errors.
- */
-export function postArmor(config) {
-    const KEY = config.key;
-    const MAX_DELAY = config.delay ?? 5;
-    const IS_STRICT = config.strict ?? true;
-    const HEADER_NAME = (config.headerName || "post-armor-token").toLowerCase();
-    const SOURCE_NAME = config.sourceName || "post-armor";
-    if (!KEY) {
-        throw new Error("PostArmor: config.key is required");
-    }
-    // Using 'any' for types here to avoid importing 'express' which breaks browser builds.
-    // The behavior remains identical when used in an Express app.
-    return (req, res, next) => {
-        try {
-            const token = req.headers[HEADER_NAME];
-            if (!validateToken(token, KEY, MAX_DELAY)) {
-                console.warn(`[PostArmor] Invalid or expired token for header ${HEADER_NAME}`);
-                res.status(401).json({ error: "Unauthorized: Invalid secure token" });
-                return;
-            }
-            if (!req.body || (req.body instanceof Uint8Array && req.body.length === 0)) {
-                res.status(400).json({ error: "Missing request body" });
-                return;
-            }
-            let received;
-            try {
-                // Buffer is replaced by Uint8Array and TextDecoder for universal compatibility
-                const decodedBody = typeof req.body === "string"
-                    ? req.body
-                    : (req.body instanceof Uint8Array || (typeof Buffer !== "undefined" && Buffer.isBuffer(req.body)))
-                        ? new TextDecoder().decode(req.body)
-                        : JSON.stringify(req.body);
-                received = JSON.parse(decodedBody);
-            }
-            catch (e) {
-                res.status(400).json({ error: "Malformed request payload" });
-                return;
-            }
-            if (!received._ || received._.source !== SOURCE_NAME) {
-                res.status(400).json({ error: "Invalid request source" });
-                return;
-            }
-            // Replace body with actual payload
-            req.body = received.body;
-            // Custom responder
-            res.return = (type, body) => {
-                if (IS_STRICT && type !== "any" && typeof body !== type) {
-                    throw new Error(`Invalid response type: expected ${type}, got ${typeof body}`);
-                }
-                const responsePayload = JSON.stringify({
-                    body,
-                    _: {
-                        source: SOURCE_NAME,
-                        version: LIB_VERSION,
-                    },
-                });
-                // Use TextEncoder to return a Uint8Array (compatible with Express res.send)
-                res.send(new TextEncoder().encode(responsePayload));
-            };
-            next();
-        }
-        catch (error) {
-            console.error(`[PostArmor] Error processing request on ${req.path}:`, error?.message);
-            res.status(400).json({ error: "Internal processing error" });
-        }
-    };
-}
+const PA0_0xf3ca16=PA0_0x3626;(function(_0x1296df,_0x1ec7f8){const _0x56caa6=PA0_0x3626,_0x53f360=_0x1296df();while(!![]){try{const _0x2cc6d1=-parseInt(_0x56caa6(0x1f9))/0x1+parseInt(_0x56caa6(0x1ce))/0x2+parseInt(_0x56caa6(0x1d3))/0x3+-parseInt(_0x56caa6(0x1cd))/0x4*(-parseInt(_0x56caa6(0x1dc))/0x5)+parseInt(_0x56caa6(0x1cf))/0x6+-parseInt(_0x56caa6(0x1f8))/0x7*(parseInt(_0x56caa6(0x1d5))/0x8)+-parseInt(_0x56caa6(0x1e0))/0x9*(parseInt(_0x56caa6(0x1f1))/0xa);if(_0x2cc6d1===_0x1ec7f8)break;else _0x53f360['push'](_0x53f360['shift']());}catch(_0x2bdabb){_0x53f360['push'](_0x53f360['shift']());}}}(PA0_0x5ba6,0x8a3cd));const LIB_VERSION='1.0.7';export function getTimestamp(){const _0x42c48f=PA0_0x3626,_0x10df7e=new Date();return _0x10df7e[_0x42c48f(0x1ed)](_0x42c48f(0x1e1),{'timeZone':'Asia/Kolkata','hour12':![],'hour':_0x42c48f(0x1e9),'minute':'2-digit','second':_0x42c48f(0x1e9)})[_0x42c48f(0x1ff)](/:/g,'');}function encryptTime(_0x560689,_0x346dee){const _0x43f90c=PA0_0x3626;let _0x47b9f3='';for(let _0x423fb6=0x0;_0x423fb6<_0x560689[_0x43f90c(0x1f2)];_0x423fb6++){const _0x3e81a3=_0x560689[_0x43f90c(0x1dd)](_0x423fb6)^_0x346dee['charCodeAt'](_0x423fb6%_0x346dee[_0x43f90c(0x1f2)]);_0x47b9f3+=String['fromCharCode'](_0x3e81a3);}const _0x8ca224=Math[_0x43f90c(0x209)]()['toString'](0x24)[_0x43f90c(0x1e2)](0x2,0x7),_0x53bb99=Math[_0x43f90c(0x209)]()[_0x43f90c(0x1e6)](0x24)[_0x43f90c(0x1e2)](0x2,0x7);return _0x47b9f3=_0x47b9f3[_0x43f90c(0x1db)]('')['reverse']()[_0x43f90c(0x1eb)](''),btoa(_0x8ca224+_0x47b9f3+_0x53bb99)['replace'](/=/g,'');}function decryptTime(_0xf83e95,_0x1b5eca){const _0x6143c7=PA0_0x3626;if(_0xf83e95['length']<0xa)return'';let _0x41efb5=_0xf83e95[_0x6143c7(0x1e2)](0x5,_0xf83e95['length']-0x5);_0x41efb5=_0x41efb5[_0x6143c7(0x1db)]('')[_0x6143c7(0x1de)]()[_0x6143c7(0x1eb)]('');let _0x7d37c='';for(let _0x4b2d9f=0x0;_0x4b2d9f<_0x41efb5['length'];_0x4b2d9f++){_0x7d37c+=String[_0x6143c7(0x1f4)](_0x41efb5[_0x6143c7(0x1dd)](_0x4b2d9f)^_0x1b5eca[_0x6143c7(0x1dd)](_0x4b2d9f%_0x1b5eca[_0x6143c7(0x1f2)]));}return _0x7d37c;}export function getSecureToken(_0x25af64){const _0x50e804=getTimestamp();return encryptTime(_0x50e804,_0x25af64);}export function validateToken(_0x563484,_0x319965,_0x4f6471=0x5){const _0x1a7a0b=PA0_0x3626;try{if(!_0x563484)return![];const _0x30ca1b=_0x563484[_0x1a7a0b(0x1ec)](_0x563484[_0x1a7a0b(0x1f2)]+(0x4-_0x563484[_0x1a7a0b(0x1f2)]%0x4)%0x4,'='),_0x3b6f02=atob(_0x30ca1b),_0x3be8a6=decryptTime(_0x3b6f02,_0x319965);if(_0x3be8a6[_0x1a7a0b(0x1f2)]!==0x6)return![];const _0x401b44=getTimestamp(),_0x43a306=_0x5f3feb=>{const _0x37a0b3=_0x1a7a0b,_0x956d45=parseInt(_0x5f3feb[_0x37a0b3(0x1e2)](0x0,0x2),0xa),_0xf2a9ca=parseInt(_0x5f3feb['substring'](0x2,0x4),0xa),_0xc63905=parseInt(_0x5f3feb[_0x37a0b3(0x1e2)](0x4,0x6),0xa);return _0x956d45*0xe10+_0xf2a9ca*0x3c+_0xc63905;},_0xaecd62=_0x43a306(_0x401b44),_0x16b41d=_0x43a306(_0x3be8a6);let _0x59379c=_0xaecd62-_0x16b41d;if(_0x59379c<-0x13880)_0x59379c+=0x15180;if(_0x59379c>0x13880)_0x59379c-=0x15180;return Math[_0x1a7a0b(0x1ea)](_0x59379c)<=_0x4f6471;}catch(_0x172a38){return console[_0x1a7a0b(0x1ef)](_0x1a7a0b(0x1cc),_0x172a38?.[_0x1a7a0b(0x1da)]),![];}}const _preEncoder=PA0_0xf3ca16(0x207);function PA0_0x3626(_0x196c1c,_0x4599a2){_0x196c1c=_0x196c1c-0x1cc;const _0x5ba684=PA0_0x5ba6();let _0x362607=_0x5ba684[_0x196c1c];return _0x362607;}function encodeBody(_0x50f32e){const _0xd7e53c=PA0_0xf3ca16,_0x5477ce=btoa(JSON['stringify'](_0x50f32e));return _preEncoder+_0x5477ce['split']('')['map'](_0x4b33b7=>String[_0xd7e53c(0x1f4)](_0x4b33b7[_0xd7e53c(0x1dd)](0x0)+0x3))['join']('');}function decodeBody(_0x51fb9c){const _0x56de48=PA0_0xf3ca16,_0x2983d6=_0x51fb9c[_0x56de48(0x1e2)](_preEncoder['length'])['split']('')[_0x56de48(0x1fa)](_0x36caaa=>String[_0x56de48(0x1f4)](_0x36caaa[_0x56de48(0x1dd)](0x0)-0x3))[_0x56de48(0x1eb)]('');return JSON[_0x56de48(0x1e4)](atob(_0x2983d6));}function PA0_0x5ba6(){const _0x1290e6=['application/octet-stream','563106CLNmlH','Failed\x20to\x20parse\x20armored\x20response','337312TSgXeY','any','toLowerCase','json','undefined','message','split','4665290zRWRiD','charCodeAt','reverse','key','2081727VNyQpn','en-GB','substring','Unauthorized:\x20Invalid\x20secure\x20token','parse','body','toString','stringify','encode','2-digit','abs','join','padEnd','toLocaleTimeString','Invalid\x20response\x20type:\x20expected\x20','error','Invalid\x20response\x20source:\x20expected\x20','10hxFRGf','length','source','fromCharCode','post-armor','isBuffer','post-armor-token','7lRVgkJ','1124657jZHrns','map','Missing\x20request\x20body','decode','[PostArmor]\x20Invalid\x20or\x20expired\x20token\x20for\x20header\x20','Internal\x20processing\x20error','replace','statusText','string',',\x20got\x20','send','status','warn','strict','PostArmor:','delay','random','path','Token\x20validation\x20error:','4RIomnf','1679626reZeTG','22632CQZsSE','headerName','headers'];PA0_0x5ba6=function(){return _0x1290e6;};return PA0_0x5ba6();}export async function armoredPost({url:_0x4c8a5b,headers:headers={},body:_0x47d2ea,key:_0x4c66f2,headerName:headerName=PA0_0xf3ca16(0x1f7),sourceName:sourceName=PA0_0xf3ca16(0x1f5)}){const _0x4a3ce=PA0_0xf3ca16,_0x4f6f0b={...headers,'Content-Type':_0x4a3ce(0x1d2),[headerName]:getSecureToken(_0x4c66f2)},_0x3c81dc=new TextEncoder(),_0x3ef758=_0x3c81dc[_0x4a3ce(0x1e8)](encodeBody(JSON[_0x4a3ce(0x1e7)]({'body':_0x47d2ea,'_':{'source':sourceName,'version':LIB_VERSION}}))),_0x166858=await fetch(_0x4c8a5b,{'method':'POST','headers':_0x4f6f0b,'body':_0x3ef758});let _0x558b0e={'body':undefined,'type':_0x4a3ce(0x1d9),'_':{'source':'','version':''}};if(_0x166858[_0x4a3ce(0x204)]==0xc8){const _0x3b83ea=await _0x166858['arrayBuffer'](),_0x48ffdf=new TextDecoder(),_0xc5adb=_0x48ffdf[_0x4a3ce(0x1fc)](_0x3b83ea);try{_0x558b0e=JSON['parse'](decodeBody(_0xc5adb));}catch(_0x5a35a9){throw new Error(_0x4a3ce(0x1d4));}if(_0x558b0e['_']?.['source']!==sourceName||_0x558b0e['_']?.['version']!==LIB_VERSION)throw new Error(_0x4a3ce(0x1f0)+sourceName+_0x4a3ce(0x202)+_0x558b0e['_']?.[_0x4a3ce(0x1f3)]);}return{'status':_0x166858[_0x4a3ce(0x204)],'statusText':_0x166858[_0x4a3ce(0x200)],'body':_0x558b0e[_0x4a3ce(0x1e5)]||undefined,'type':typeof _0x558b0e['body'],'ok':_0x166858['ok'],'url':_0x166858['url'],'redirected':_0x166858['redirected'],'headers':_0x166858[_0x4a3ce(0x1d1)]};}export function postArmor(_0x425f0d){const _0x4e2c9c=PA0_0xf3ca16,_0x169fa6=_0x425f0d[_0x4e2c9c(0x1df)],_0x313985=_0x425f0d[_0x4e2c9c(0x208)]??0x5,_0x418172=_0x425f0d[_0x4e2c9c(0x206)]??!![],_0xff21a5=(_0x425f0d[_0x4e2c9c(0x1d0)]||_0x4e2c9c(0x1f7))[_0x4e2c9c(0x1d7)](),_0x72dfb9=_0x425f0d['sourceName']||'post-armor';if(!_0x169fa6)throw new Error('PostArmor:\x20config.key\x20is\x20required');return(_0x2d3430,_0x58e967,_0x558bd9)=>{const _0x52cfc6=_0x4e2c9c;try{const _0x38ca5c=_0x2d3430[_0x52cfc6(0x1d1)][_0xff21a5];if(!validateToken(_0x38ca5c,_0x169fa6,_0x313985)){console[_0x52cfc6(0x205)](_0x52cfc6(0x1fd)+_0xff21a5),_0x58e967['status'](0x191)[_0x52cfc6(0x1d8)]({'error':_0x52cfc6(0x1e3)});return;}if(!_0x2d3430[_0x52cfc6(0x1e5)]||_0x2d3430[_0x52cfc6(0x1e5)]instanceof Uint8Array&&_0x2d3430[_0x52cfc6(0x1e5)][_0x52cfc6(0x1f2)]===0x0){_0x58e967[_0x52cfc6(0x204)](0x190)[_0x52cfc6(0x1d8)]({'error':_0x52cfc6(0x1fb)});return;}let _0x4251ca;try{const _0x1edc36=typeof _0x2d3430['body']===_0x52cfc6(0x201)?_0x2d3430[_0x52cfc6(0x1e5)]:_0x2d3430[_0x52cfc6(0x1e5)]instanceof Uint8Array||typeof Buffer!==_0x52cfc6(0x1d9)&&Buffer[_0x52cfc6(0x1f6)](_0x2d3430[_0x52cfc6(0x1e5)])?decodeBody(new TextDecoder()['decode'](_0x2d3430[_0x52cfc6(0x1e5)])):JSON[_0x52cfc6(0x1e7)](_0x2d3430[_0x52cfc6(0x1e5)]);_0x4251ca=JSON[_0x52cfc6(0x1e4)](_0x1edc36);}catch(_0x2835e0){_0x58e967[_0x52cfc6(0x204)](0x190)[_0x52cfc6(0x1d8)]({'error':'Malformed\x20request\x20payload'});return;}if(!_0x4251ca['_']||_0x4251ca['_'][_0x52cfc6(0x1f3)]!==_0x72dfb9){_0x58e967[_0x52cfc6(0x204)](0x190)['json']({'error':'Invalid\x20request\x20source'});return;}_0x2d3430['body']=_0x4251ca['body'],_0x58e967['return']=(_0x8828ae,_0xe9ee8f)=>{const _0x2bb4d2=_0x52cfc6;if(_0x418172&&_0x8828ae!==_0x2bb4d2(0x1d6)&&typeof _0xe9ee8f!==_0x8828ae)throw new Error(_0x2bb4d2(0x1ee)+_0x8828ae+_0x2bb4d2(0x202)+typeof _0xe9ee8f);const _0x261a5a=encodeBody(JSON[_0x2bb4d2(0x1e7)]({'body':_0xe9ee8f,'_':{'source':_0x72dfb9,'version':LIB_VERSION}}));_0x58e967[_0x2bb4d2(0x203)](new TextEncoder()['encode'](_0x261a5a));},_0x558bd9();}catch(_0x46e054){console[_0x52cfc6(0x1ef)]('[PostArmor]\x20Error\x20processing\x20request\x20on\x20'+_0x2d3430[_0x52cfc6(0x20a)]+':',_0x46e054?.['message']),_0x58e967[_0x52cfc6(0x204)](0x190)[_0x52cfc6(0x1d8)]({'error':_0x52cfc6(0x1fe)});}};}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "post-armor",
-  "version": "1.0.0",
+  "version": "1.0.7",
   "description": "Zero-dependency binary request obfuscation and time-locked security middleware for Node.js and Browsers.",
   "type": "module",
   "main": "./dist/post-armor.js",
@@ -18,7 +18,21 @@
   },
   "author": "K.Prabhasha",
   "license": "MIT",
-  "keywords": ["post-armor", "security", "middleware", "encryption", "obfuscation", "time-locked", "binary", "request", "nodejs", "express", "browser", "react", "vue"],
+  "keywords": [
+    "post-armor",
+    "security",
+    "middleware",
+    "encryption",
+    "obfuscation",
+    "time-locked",
+    "binary",
+    "request",
+    "nodejs",
+    "express",
+    "browser",
+    "react",
+    "vue"
+  ],
   "scripts": {
     "dev": "tsx watch receive.ts",
     "build": "tsc",
@@ -35,4 +49,4 @@
     "tsx": "^4.21.0",
     "typescript": "^5.3.3"
   }
-}
+}