react-native-app-attestation 0.1.0

package/src/AttestationService.ts

@@ -0,0 +1,123 @@
+// src/AttestationService.ts
+
+import { Platform, NativeModules } from 'react-native';
+import { AttestationConfig, AttestationResult } from './types';
+
+export class AttestationService {
+  private config: AttestationConfig;
+  private cachedToken: string | null = null;
+  private tokenExpiry: number | null = null;
+  private cacheDuration: number;
+
+  constructor(config: AttestationConfig) {
+    this.config = config;
+    this.cacheDuration = config.tokenCacheDurationMs ?? 10 * 60 * 1000;
+  }
+
+  private log(msg: string) {
+    if (this.config.debug) console.log(`[Attestation] ${msg}`);
+  }
+
+  // Backend se nonce fetch karo
+  private async fetchNonce(): Promise<string> {
+    const response = await fetch(this.config.nonceEndpoint);
+    const data = await response.json();
+    if (!data.nonce) throw new Error('Nonce nahi mila backend se');
+    return data.nonce;
+  }
+
+  // Android — Play Integrity
+  private async getAndroidToken(): Promise<string | null> {
+    try {
+      const { PlayIntegrityModule } = NativeModules;
+
+      if (!PlayIntegrityModule) {
+        this.log('PlayIntegrityModule nahi mila');
+        return null;
+      }
+
+      const nonce = await this.fetchNonce();
+      const token = await PlayIntegrityModule
+        .getAttestationToken(nonce);
+      this.log('Android token mila!');
+      return token;
+
+    } catch (error) {
+      this.log(`Android error: ${error}`);
+      return null;
+    }
+  }
+
+  // iOS — App Attest
+  private async getIOSToken(): Promise<string | null> {
+    try {
+      const { AppAttestModule } = NativeModules;
+
+      if (!AppAttestModule) {
+        this.log('AppAttestModule nahi mila');
+        return null;
+      }
+
+      const challenge = await this.fetchNonce();
+      const token = await AppAttestModule
+        .getAttestationToken(challenge);
+      this.log('iOS token mila!');
+      return token;
+
+    } catch (error) {
+      this.log(`iOS error: ${error}`);
+      return null;
+    }
+  }
+
+  // Main function
+  async getToken(forceRefresh = false): Promise<AttestationResult> {
+    const now = Date.now();
+    const platform = Platform.OS as 'android' | 'ios';
+
+    // Cache valid hai?
+    if (
+      !forceRefresh &&
+      this.cachedToken &&
+      this.tokenExpiry &&
+      now < this.tokenExpiry
+    ) {
+      this.log('Cached token use ho raha hai');
+      return {
+        token: this.cachedToken,
+        fromCache: true,
+        platform,
+      };
+    }
+
+    // Fresh token lo
+    let token: string | null = null;
+
+    if (Platform.OS === 'android') {
+      token = await this.getAndroidToken();
+    } else if (Platform.OS === 'ios') {
+      token = await this.getIOSToken();
+    }
+
+    // Cache karo
+    if (token) {
+      this.cachedToken = token;
+      this.tokenExpiry = now + this.cacheDuration;
+      this.log(`Token cached — ${this.cacheDuration / 60000} min valid`);
+    }
+
+    return { token, fromCache: false, platform };
+  }
+
+  // Sensitive operations ke liye
+  async getFreshToken(): Promise<AttestationResult> {
+    return this.getToken(true);
+  }
+
+  // Logout pe call karo
+  clearCache(): void {
+    this.cachedToken = null;
+    this.tokenExpiry = null;
+    this.log('Cache cleared');
+  }
+}

package/src/DeviceIDService.ts

@@ -0,0 +1,62 @@
+// src/DeviceIDService.ts
+
+import { StorageAdapter } from './types';
+
+const DEVICE_ID_KEY = 'rn_attestation_device_id';
+
+// Khud ka UUID generator — koi library nahi!
+const generateUUID = (): string => {
+  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, (c) => {
+    const r = (Math.random() * 16) | 0;
+    const v = c === 'x' ? r : (r & 0x3) | 0x8;
+    return v.toString(16);
+  });
+};
+
+export class DeviceIDService {
+  private storage: StorageAdapter;
+  private debug: boolean;
+
+  constructor(storage: StorageAdapter, debug = false) {
+    this.storage = storage;
+    this.debug = debug;
+  }
+
+  private log(msg: string) {
+    if (this.debug) console.log(`[DeviceID] ${msg}`);
+  }
+
+  async getDeviceID(): Promise<string> {
+    try {
+      // Storage se check karo
+      let deviceId = await Promise.resolve(
+        this.storage.get(DEVICE_ID_KEY)
+      );
+
+      if (!deviceId) {
+        // Pehli baar — naya UUID banao
+        deviceId = generateUUID();
+        await Promise.resolve(
+          this.storage.set(DEVICE_ID_KEY, deviceId)
+        );
+        this.log(`Naya Device ID banaya: ${deviceId}`);
+      } else {
+        this.log(`Existing Device ID mila: ${deviceId}`);
+      }
+
+      return deviceId;
+
+    } catch (error) {
+      this.log(`Error: ${error}`);
+      // Fallback — storage fail ho toh bhi app crash na ho
+      return generateUUID();
+    }
+  }
+
+  async resetDeviceID(): Promise<void> {
+    await Promise.resolve(
+      this.storage.delete(DEVICE_ID_KEY)
+    );
+    this.log('Device ID reset ho gaya');
+  }
+}

package/src/index.ts

@@ -0,0 +1,174 @@
+// src/index.ts
+
+import { Platform } from 'react-native';
+import { DeviceIDService } from './DeviceIDService';
+import { AttestationService } from './AttestationService';
+import { axiosInterceptor, secureFetch } from './interceptors';
+import {
+  AttestationConfig,
+  SecurityHeaders,
+  StorageAdapter,
+} from './types';
+
+// Re-export — user directly import kar sake
+export * from './types';
+export { DeviceIDService } from './DeviceIDService';
+export { AttestationService } from './AttestationService';
+export { axiosInterceptor, secureFetch } from './interceptors';
+
+// ========================================
+// SINGLETON — ek baar init, har jagah use
+// ========================================
+let deviceIDService: DeviceIDService | null = null;
+let attestationService: AttestationService | null = null;
+let globalConfig: AttestationConfig | null = null;
+
+/**
+ * App start pe ek baar call karo
+ *
+ * MMKV example:
+ * initAttestation({
+ *   storage: {
+ *     get: (key) => mmkv.getString(key) ?? null,
+ *     set: (key, val) => mmkv.set(key, val),
+ *     delete: (key) => mmkv.delete(key),
+ *   },
+ *   nonceEndpoint: 'https://api.yourapp.com/auth/nonce',
+ *   appVersion: '1.4',
+ *   debug: __DEV__,
+ * });
+ */
+export const initAttestation = (config: AttestationConfig): void => {
+  globalConfig = config;
+  deviceIDService = new DeviceIDService(config.storage, config.debug);
+  attestationService = new AttestationService(config);
+};
+
+// Init check
+const checkInit = (fnName: string) => {
+  if (!deviceIDService || !attestationService || !globalConfig) {
+    throw new Error(
+      `[react-native-app-attestation] ${fnName}() call karne se pehle initAttestation() call karo!`
+    );
+  }
+};
+
+/**
+ * Device ID lo
+ */
+export const getDeviceID = async (): Promise<string> => {
+  checkInit('getDeviceID');
+  return deviceIDService!.getDeviceID();
+};
+
+/**
+ * Attestation token lo (cached ya fresh)
+ */
+export const getAttestationToken = async (
+  forceRefresh = false
+): Promise<string | null> => {
+  checkInit('getAttestationToken');
+  const result = await attestationService!.getToken(forceRefresh);
+  return result.token;
+};
+
+/**
+ * Sensitive operations ke liye fresh token
+ * Payment, Login, OTP pe ye use karo
+ */
+export const getFreshAttestationToken = async (): Promise<string | null> => {
+  checkInit('getFreshAttestationToken');
+  const result = await attestationService!.getFreshToken();
+  return result.token;
+};
+
+/**
+ * Saare security headers ek saath lo
+ * Interceptor mein ye use karo
+ */
+export const getSecurityHeaders = async (): Promise<SecurityHeaders> => {
+  checkInit('getSecurityHeaders');
+
+  const [deviceId, attestationResult] = await Promise.all([
+    deviceIDService!.getDeviceID(),
+    attestationService!.getToken(),
+  ]);
+
+  const timestamp = Math.floor(Date.now() / 1000).toString();
+  const platform = Platform.OS === 'ios' ? 'iOS' : 'Android';
+
+  const headers: SecurityHeaders = {
+    'User-Agent': `App/${globalConfig!.appVersion} (${platform})`,
+    'X-App-Platform': Platform.OS,
+    'X-App-Version': globalConfig!.appVersion,
+    'X-Device-ID': deviceId,
+    'X-Timestamp': timestamp,
+  };
+
+  if (attestationResult.token) {
+    headers['X-Attestation'] = attestationResult.token;
+  }
+
+  return headers;
+};
+
+/**
+ * Axios interceptor setup
+ * 
+ * import axios from 'axios';
+ * import { initAttestation, setupAxios } from 'react-native-app-attestation';
+ * 
+ * const api = axios.create({ baseURL: '...' });
+ * setupAxios(api);
+ */
+export const setupAxios = (axiosInstance: any): void => {
+  checkInit('setupAxios');
+  axiosInterceptor(axiosInstance, {
+    appVersion: globalConfig!.appVersion,
+    getHeaders: getSecurityHeaders,
+  });
+};
+
+/**
+ * Secure fetch — fetch ki jagah use karo
+ * 
+ * const res = await secureGet('https://api.com/user');
+ */
+export const secureGet = (
+  url: string,
+  options?: RequestInit
+): Promise<Response> => {
+  checkInit('secureGet');
+  return secureFetch(url, options ?? {}, getSecurityHeaders);
+};
+
+export const securePost = (
+  url: string,
+  body: unknown,
+  options?: RequestInit
+): Promise<Response> => {
+  checkInit('securePost');
+  return secureFetch(
+    url,
+    {
+      ...options,
+      method: 'POST',
+      body: JSON.stringify(body),
+    },
+    getSecurityHeaders
+  );
+};
+
+/**
+ * Logout pe call karo
+ */
+export const clearAttestationCache = (): void => {
+  attestationService?.clearCache();
+};
+
+/**
+ * Device ID reset karo
+ */
+export const resetDeviceID = async (): Promise<void> => {
+  await deviceIDService?.resetDeviceID();
+};

package/src/interceptors.ts

@@ -0,0 +1,72 @@
+// src/interceptors.ts
+
+import { SecurityHeaders } from './types';
+
+/**
+ * AXIOS ke liye
+ * 
+ * Use karo:
+ * axiosInterceptor(api, { appVersion: '1.4', getHeaders })
+ */
+export const axiosInterceptor = (
+  axiosInstance: any,
+  options: {
+    appVersion: string;
+    getHeaders: () => Promise<SecurityHeaders>;
+  }
+) => {
+  axiosInstance.interceptors.request.use(
+    async (config: any) => {
+      try {
+        // Security headers lo
+        const securityHeaders = await options.getHeaders();
+
+        // Existing headers ke saath merge karo
+        config.headers = {
+          ...config.headers,
+          ...securityHeaders,
+        };
+
+      } catch (error) {
+        console.warn('[Attestation] Headers add nahi ho sake:', error);
+        // App crash nahi hona chahiye — silently fail
+      }
+
+      return config;
+    },
+    (error: any) => Promise.reject(error)
+  );
+};
+
+/**
+ * FETCH ke liye
+ * 
+ * Use karo:
+ * const res = await secureFetch(url, options, getHeaders)
+ */
+export const secureFetch = async (
+  url: string,
+  options: RequestInit = {},
+  getHeaders: () => Promise<SecurityHeaders>
+): Promise<Response> => {
+  try {
+    // Security headers lo
+    const securityHeaders = await getHeaders();
+
+    // Existing headers ke saath merge karo
+    const mergedHeaders = {
+      ...options.headers,
+      ...securityHeaders,
+    };
+
+    return fetch(url, {
+      ...options,
+      headers: mergedHeaders,
+    });
+
+  } catch (error) {
+    console.warn('[Attestation] secureFetch headers error:', error);
+    // Headers add nahi hue — normal fetch karo
+    return fetch(url, options);
+  }
+};

package/src/types.ts

@@ -0,0 +1,52 @@
+// src/types.ts
+
+/**
+ * Storage interface — user apna storage dega
+ * MMKV, AsyncStorage, ya koi bhi
+ */
+export interface StorageAdapter {
+  get: (key: string) => string | null | Promise<string | null>;
+  set: (key: string, value: string) => void | Promise<void>;
+  delete: (key: string) => void | Promise<void>;
+}
+
+/**
+ * Package initialize karne ke liye config
+ */
+export interface AttestationConfig {
+  // Tumhara storage (MMKV ya AsyncStorage)
+  storage: StorageAdapter;
+
+  // Nonce fetch karne ke liye URL
+  nonceEndpoint: string;
+
+  // App version — header mein jayega
+  appVersion: string;
+
+  // Token cache kitni der valid rahe (default: 10 min)
+  tokenCacheDurationMs?: number;
+
+  // Debug logs on/off (default: false)
+  debug?: boolean;
+}
+
+/**
+ * Attestation token result
+ */
+export interface AttestationResult {
+  token: string | null;
+  fromCache: boolean;
+  platform: 'android' | 'ios';
+}
+
+/**
+ * Security headers jo API call mein jayenge
+ */
+export interface SecurityHeaders {
+  'User-Agent': string;
+  'X-App-Platform': string;
+  'X-App-Version': string;
+  'X-Device-ID': string;
+  'X-Timestamp': string;
+  'X-Attestation'?: string;
+}