npm - secure-web-token - Versions diffs - 1.0.1 → 1.0.2 - Mend

secure-web-token 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/README.md CHANGED Viewed

@@ -1,18 +1,22 @@
-# 🔐 Secure Web Token (Fingerprint Based)
+# 🔐 Secure Web Token (SWT)
-A lightweight Node.js authentication package that allows you to **sign and verify tokens using one or more device fingerprints**.
+**Secure Web Token (SWT)** is a lightweight Node.js authentication package designed to make token-based authentication **more secure than traditional JWTs** by binding tokens to **device fingerprints**.
-This helps prevent token misuse across different devices.
+Unlike JWTs, SWT:
+- **Encrypts the payload** (can’t be decoded without the secret)
+- Allows **device-level access control**
+- Prevents token misuse across multiple devices
 ---
 ## ✨ Features
-- Supports **single or multiple fingerprints**
-- Simple `sign()` and `verify()` API
-- CommonJS compatible
-- Editor IntelliSense support
-- No heavy dependencies
+- 🔐 Encrypted payload (AES-256-GCM)
+- 📱 Device fingerprint support (single or multiple)
+- ⏱ Token expiration
+- ⚡ Lightweight & fast
+- 🧠 TypeScript + IntelliSense support
+- ✅ CommonJS compatible
 ---
@@ -32,144 +36,88 @@ const { sign, verify } = require("secure-web-token");
 ---
-## 🧠 What is Fingerprint?
+## 🧠 What is a Fingerprint?
-A fingerprint is any unique identifier of a device, for example:
+A fingerprint is any identifier that represents a device.
+Examples:
 - Browser + OS (`Chrome-Linux`)
-- Device name
+- Device ID
 - IP address
-- Custom string
+- Any custom unique string
-You can pass **one or multiple fingerprints**.
+You can allow **one or multiple fingerprints** per token.
 ---
 ## ✍️ sign()
-Creates a secure token with fingerprint validation.
+Creates a secure encrypted token.
 ### Syntax
 ```js
-sign(payload, secret, options)
+sign(data, secret, options)
 ```
-### Parameters
-| Parameter | Type | Description |
-|---------|-----|-------------|
-| payload | Object | Data you want inside token |
-| secret | String | Secret key |
-| options.expiresIn | Number | Expiry time (seconds) |
-| options.fingerprint | String \| String[] | Allowed fingerprint(s) |
+### Options
----
+| Option | Type | Description |
+|------|------|------------|
+| expiresIn | number | Token expiry (seconds) |
+| fingerprint | true \| string \| string[] | Device fingerprint(s) |
-### Example: Single Fingerprint
+### Payload Structure
 ```js
-const token = sign(
-  { userId: 1 },
-  "my-secret",
-  {
-    expiresIn: 60,
-    fingerprint: "Chrome-Linux"
-  }
-);
-console.log("TOKEN:", token);
+{
+  data: { ... },
+  iat: number,
+  exp: number,
+  fp: string[]
+}
 ```
----
-### Example: Multiple Fingerprints
+### Example (Auto Device ID)
 ```js
-const token = sign(
-  { userId: 1 },
+const { token, deviceId } = sign(
+  { userId: 1, role: "admin" },
   "my-secret",
-  {
-    expiresIn: 60,
-    fingerprint: ["Chrome-Linux", "Windows"]
-  }
+  { fingerprint: true }
 );
+console.log(token, deviceId);
 ```
 ---
 ## ✅ verify()
-Verifies the token and checks whether the fingerprint is valid.
-### Syntax
-```js
-verify(token, secret, options)
-```
-### Parameters
-| Parameter | Type | Description |
-|---------|-----|-------------|
-| token | String | Token to verify |
-| secret | String | Same secret used while signing |
-| options.fingerprint | String \| String[] | Current device fingerprint |
----
-### Example: Successful Verification
+Verifies token integrity, expiry, and fingerprint.
 ```js
-const payload = verify(token, "my-secret", {
-  fingerprint: "Chrome-Linux"
-});
-console.log("PAYLOAD:", payload);
+verify(token, secret, { fingerprint })
 ```
----
-### Example: Multiple Fingerprints Verification
+### Example
 ```js
 const payload = verify(token, "my-secret", {
-  fingerprint: ["Chrome-Linux", "monjal"]
+  fingerprint: deviceId
 });
-```
----
-## ❌ Invalid Fingerprint Example
-```js
-try {
-  verify(token, "my-secret", {
-    fingerprint: "Unknown-Device"
-  });
-} catch (err) {
-  console.error(err.message);
-}
+console.log(payload.data);
 ```
 ---
-## ⏰ Token Expiry Example
+## 🔐 Use Cases
-```js
-const token = sign(
-  { role: "admin" },
-  "secret-key",
-  {
-    expiresIn: 5,
-    fingerprint: "Chrome-Linux"
-  }
-);
-// After 5 seconds
-verify(token, "secret-key", {
-  fingerprint: "Chrome-Linux"
-});
-```
+- Prevent account sharing
+- Device-restricted access
+- Secure SaaS authentication
+- Course/content protection
 ---

package/dist/decrypt.d.ts CHANGED Viewed

@@ -1,2 +1,9 @@
+/**
+ * Decrypts an encrypted SWT payload.
+ *
+ * @param encryptedPayload - Encrypted Base64URL payload
+ * @param secret - Secret key
+ * @returns Decrypted payload object
+ */
 export default function decrypt(encryptedPayload: string, secret: string): Record<string, any>;
 //# sourceMappingURL=decrypt.d.ts.map

package/dist/decrypt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,OAAO,UAAU,OAAO,~~CAC3B~~,gBAAgB,EAAE,MAAM,EACxB,MAAM,EAAE,MAAM,~~GACf~~,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,~~CA0BrB~~"}
1	+ {"version":3,"file":"decrypt.d.ts","sourceRoot":"","sources":["../src/decrypt.ts"],"names":[],"mappings":"AAGA;;;;;;GAMG;AACH,MAAM,CAAC,OAAO,UAAU,OAAO,CAC7B,gBAAgB,EAAE,MAAM,EACxB,MAAM,EAAE,MAAM,GACb,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAqBrB"}

package/dist/decrypt.js CHANGED Viewed

@@ -36,6 +36,13 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = decrypt;
 const crypto = __importStar(require("crypto"));
 const utils_1 = require("./utils");
+/**
+ * Decrypts an encrypted SWT payload.
+ *
+ * @param encryptedPayload - Encrypted Base64URL payload
+ * @param secret - Secret key
+ * @returns Decrypted payload object
+ */
 function decrypt(encryptedPayload, secret) {
     const data = (0, utils_1.base64urlDecode)(encryptedPayload);
     const iv = data.subarray(0, 12);

package/dist/device.d.ts ADDED Viewed

@@ -0,0 +1,8 @@
+/**
+ * Generate a secure, random device ID.
+ * Used for Device Registration Model.
+ *
+ * @returns UUID v4 string
+ */
+export declare function generateDeviceId(): string;
+//# sourceMappingURL=device.d.ts.map

package/dist/device.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../src/device.ts"],"names":[],"mappings":"AAEA;;;;;GAKG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}

package/dist/device.js ADDED Viewed

@@ -0,0 +1,46 @@
+"use strict";
+var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
+}) : (function(o, m, k, k2) {
+    if (k2 === undefined) k2 = k;
+    o[k2] = m[k];
+}));
+var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
+    Object.defineProperty(o, "default", { enumerable: true, value: v });
+}) : function(o, v) {
+    o["default"] = v;
+});
+var __importStar = (this && this.__importStar) || (function () {
+    var ownKeys = function(o) {
+        ownKeys = Object.getOwnPropertyNames || function (o) {
+            var ar = [];
+            for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
+            return ar;
+        };
+        return ownKeys(o);
+    };
+    return function (mod) {
+        if (mod && mod.__esModule) return mod;
+        var result = {};
+        if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
+        __setModuleDefault(result, mod);
+        return result;
+    };
+})();
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.generateDeviceId = generateDeviceId;
+const crypto = __importStar(require("crypto"));
+/**
+ * Generate a secure, random device ID.
+ * Used for Device Registration Model.
+ *
+ * @returns UUID v4 string
+ */
+function generateDeviceId() {
+    return crypto.randomUUID();
+}

package/dist/encrypt.d.ts CHANGED Viewed

@@ -1,2 +1,10 @@
+/**
+ * Encrypts payload using AES-256-GCM.
+ * Payload is fully encrypted (unlike JWT).
+ *
+ * @param payload - Object to encrypt
+ * @param secret - Secret key
+ * @returns Encrypted Base64URL string
+ */
 export default function encrypt(payload: Record<string, any>, secret: string): string;
 //# sourceMappingURL=encrypt.d.ts.map

package/dist/encrypt.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"encrypt.d.ts","sourceRoot":"","sources":["../src/encrypt.ts"],"names":[],"mappings":"AAGA,MAAM,CAAC,OAAO,UAAU,OAAO,~~CAC3B~~,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC5B,MAAM,EAAE,MAAM,~~GACf~~,MAAM,~~CAoBR~~"}
1	+ {"version":3,"file":"encrypt.d.ts","sourceRoot":"","sources":["../src/encrypt.ts"],"names":[],"mappings":"AAGA;;;;;;;GAOG;AACH,MAAM,CAAC,OAAO,UAAU,OAAO,CAC7B,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EAC5B,MAAM,EAAE,MAAM,GACb,MAAM,CAkBR"}

package/dist/encrypt.js CHANGED Viewed

@@ -36,6 +36,14 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.default = encrypt;
 const crypto = __importStar(require("crypto"));
 const utils_1 = require("./utils");
+/**
+ * Encrypts payload using AES-256-GCM.
+ * Payload is fully encrypted (unlike JWT).
+ *
+ * @param payload - Object to encrypt
+ * @param secret - Secret key
+ * @returns Encrypted Base64URL string
+ */
 function encrypt(payload, secret) {
     const iv = crypto.randomBytes(12);
     const key = crypto

package/dist/index.d.ts CHANGED Viewed

@@ -1,3 +1,7 @@
+/**
+ * Secure Web Token (SWT)
+ * Encrypted, device-bound alternative to JWT
+ */
 export { default as sign } from "./sign";
 export { default as verify } from "./verify";
 export type { SignOptions } from "./sign";

package/dist/index.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,UAAU,CAAC;AAE7C,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}
1	+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,UAAU,CAAC;AAE7C,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}

package/dist/index.js CHANGED Viewed

@@ -1,4 +1,8 @@
 "use strict";
+/**
+ * Secure Web Token (SWT)
+ * Encrypted, device-bound alternative to JWT
+ */
 var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };

package/dist/sign.d.ts CHANGED Viewed

@@ -1,5 +1,5 @@
 /**
- * Options for signing a secure token
+ * Options for signing a Secure Web Token (SWT)
  */
 export interface SignOptions {
     /**
@@ -8,22 +8,17 @@ export interface SignOptions {
      */
     expiresIn?: number;
     /**
-     * One or more fingerprints allowed to use this token
-     * Example: device hash, IP hash, browser hash
+     * true → auto-generate device ID
+     * string | string[] → custom fingerprints
      */
-    fingerprint?: string | string[];
+    fingerprint?: true | string | string[];
 }
 /**
- * Creates a secure encrypted token.
- *
- * @param payload - Data you want to store inside the token
- * @param secret - Secret key used for encryption & signature
- * @param options - Optional token settings (expiry, fingerprint)
- *
- * @returns Encrypted and signed token string
- *
- * @example
- * sign({ userId: 1 }, "secret", { expiresIn: 60 })
+ * Creates a Secure Web Token (SWT).
+ * User data is stored inside `payload.data`.
  */
-export default function sign(payload: Record<string, any>, secret: string, options?: SignOptions): string;
+export default function sign(data: Record<string, any>, secret: string, options?: SignOptions): {
+    token: string;
+    deviceId?: string;
+};
 //# sourceMappingURL=sign.d.ts.map

package/dist/sign.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"~~AAIA~~;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;~~CACjC~~;AAED~~;;;;;;;;;;;GAWG~~;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,~~OAAO~~,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,~~EAC5B~~,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,WAAgB,GACxB,MAAM,~~CA0BR~~"}
1	+ {"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,WAAgB,GACxB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAgDtC"}

package/dist/sign.js CHANGED Viewed

@@ -40,31 +40,39 @@ exports.default = sign;
 const crypto = __importStar(require("crypto"));
 const encrypt_1 = __importDefault(require("./encrypt"));
 const utils_1 = require("./utils");
+const device_1 = require("./device");
 /**
- * Creates a secure encrypted token.
- *
- * @param payload - Data you want to store inside the token
- * @param secret - Secret key used for encryption & signature
- * @param options - Optional token settings (expiry, fingerprint)
- *
- * @returns Encrypted and signed token string
- *
- * @example
- * sign({ userId: 1 }, "secret", { expiresIn: 60 })
+ * Creates a Secure Web Token (SWT).
+ * User data is stored inside `payload.data`.
  */
-function sign(payload, secret, options = {}) {
-    const header = {
-        alg: "AES-256-GCM+HMAC",
-        typ: "STK",
-    };
+function sign(data, secret, options = {}) {
+    if (!secret || typeof secret !== "string") {
+        throw new Error("Secret must be a non-empty string");
+    }
+    if (!data || typeof data !== "object") {
+        throw new Error("Data must be an object");
+    }
     const now = Math.floor(Date.now() / 1000);
-    payload.iat = now;
-    payload.exp = now + (options.expiresIn ?? 900);
-    if (options.fingerprint) {
+    const payload = {
+        data, // 👈 user data lives here
+        iat: now,
+        exp: now + (options.expiresIn ?? 900),
+    };
+    let deviceId;
+    // 🔐 Device Registration Model
+    if (options.fingerprint === true) {
+        deviceId = (0, device_1.generateDeviceId)();
+        payload.fp = [deviceId];
+    }
+    else if (options.fingerprint) {
         payload.fp = Array.isArray(options.fingerprint)
             ? options.fingerprint
             : [options.fingerprint];
     }
+    const header = {
+        alg: "AES-256-GCM+HMAC",
+        typ: "SWT",
+    };
     const encodedHeader = (0, utils_1.base64urlEncode)(JSON.stringify(header));
     const encryptedPayload = (0, encrypt_1.default)(payload, secret);
     const dataToSign = `${encodedHeader}.${encryptedPayload}`;
@@ -72,5 +80,8 @@ function sign(payload, secret, options = {}) {
         .createHmac("sha256", secret)
         .update(dataToSign)
         .digest("base64url");
-    return `${dataToSign}.${signature}`;
+    return {
+        token: `${dataToSign}.${signature}`,
+        deviceId,
+    };
 }

package/dist/utils.d.ts CHANGED Viewed

@@ -1,5 +1,33 @@
+/**
+ * Encode data into Base64URL format.
+ * Used to make tokens URL-safe.
+ *
+ * @param input - Buffer or string to encode
+ * @returns Base64URL encoded string
+ */
 export declare function base64urlEncode(input: Buffer | string): string;
+/**
+ * Decode Base64URL encoded data back into Buffer.
+ *
+ * @param input - Base64URL string
+ * @returns Decoded Buffer
+ */
 export declare function base64urlDecode(input: string): Buffer;
+/**
+ * Create a SHA-256 hash.
+ * Useful for hashing fingerprints or secrets.
+ *
+ * @param data - String or Buffer to hash
+ * @returns SHA-256 hash Buffer
+ */
 export declare function hash(data: string | Buffer): Buffer;
+/**
+ * Compare two buffers in constant time.
+ * Prevents timing attacks.
+ *
+ * @param a - First buffer
+ * @param b - Second buffer
+ * @returns True if equal, false otherwise
+ */
 export declare function timingSafeEqual(a: Buffer, b: Buffer): boolean;
 //# sourceMappingURL=utils.d.ts.map

package/dist/utils.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAEA,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAE9D;AAED,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAErD;AAED,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAElD;AAED,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAG7D"}
1	+ {"version":3,"file":"utils.d.ts","sourceRoot":"","sources":["../src/utils.ts"],"names":[],"mappings":"AAEA;;;;;;GAMG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAE9D;AAED;;;;;GAKG;AACH,wBAAgB,eAAe,CAAC,KAAK,EAAE,MAAM,GAAG,MAAM,CAErD;AAED;;;;;;GAMG;AACH,wBAAgB,IAAI,CAAC,IAAI,EAAE,MAAM,GAAG,MAAM,GAAG,MAAM,CAElD;AAED;;;;;;;GAOG;AACH,wBAAgB,eAAe,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAG7D"}

package/dist/utils.js CHANGED Viewed

@@ -38,15 +38,43 @@ exports.base64urlDecode = base64urlDecode;
 exports.hash = hash;
 exports.timingSafeEqual = timingSafeEqual;
 const crypto = __importStar(require("crypto"));
+/**
+ * Encode data into Base64URL format.
+ * Used to make tokens URL-safe.
+ *
+ * @param input - Buffer or string to encode
+ * @returns Base64URL encoded string
+ */
 function base64urlEncode(input) {
     return Buffer.from(input).toString("base64url");
 }
+/**
+ * Decode Base64URL encoded data back into Buffer.
+ *
+ * @param input - Base64URL string
+ * @returns Decoded Buffer
+ */
 function base64urlDecode(input) {
     return Buffer.from(input, "base64url");
 }
+/**
+ * Create a SHA-256 hash.
+ * Useful for hashing fingerprints or secrets.
+ *
+ * @param data - String or Buffer to hash
+ * @returns SHA-256 hash Buffer
+ */
 function hash(data) {
     return crypto.createHash("sha256").update(data).digest();
 }
+/**
+ * Compare two buffers in constant time.
+ * Prevents timing attacks.
+ *
+ * @param a - First buffer
+ * @param b - Second buffer
+ * @returns True if equal, false otherwise
+ */
 function timingSafeEqual(a, b) {
     if (a.length !== b.length)
         return false;

package/dist/verify.d.ts CHANGED Viewed

@@ -1,5 +1,14 @@
+/**
+ * Options for verifying a Secure Web Token
+ */
 export interface VerifyOptions {
+    /**
+     * Device fingerprint(s) allowed to verify token
+     */
     fingerprint?: string | string[];
 }
+/**
+ * Verifies and decrypts a Secure Web Token.
+ */
 export default function verify(token: string, secret: string, options?: VerifyOptions): Record<string, any>;
 //# sourceMappingURL=verify.d.ts.map

package/dist/verify.d.ts.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA,MAAM,WAAW,aAAa;~~IAC1B~~,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;~~CACnC~~;AAED,MAAM,CAAC,OAAO,UAAU,MAAM,~~CAC1B~~,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,~~GAC5B~~,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,~~CAiDrB~~"}
1	+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAuDrB"}

package/dist/verify.js CHANGED Viewed

@@ -40,7 +40,13 @@ exports.default = verify;
 const crypto = __importStar(require("crypto"));
 const decrypt_1 = __importDefault(require("./decrypt"));
 const utils_1 = require("./utils");
+/**
+ * Verifies and decrypts a Secure Web Token.
+ */
 function verify(token, secret, options = {}) {
+    if (!token || typeof token !== "string") {
+        throw new Error("Token must be a string");
+    }
     const parts = token.split(".");
     if (parts.length !== 3) {
         throw new Error("Invalid token format");
@@ -59,6 +65,9 @@ function verify(token, secret, options = {}) {
     if (payload.exp < now) {
         throw new Error("Token expired");
     }
+    if (!payload.data || typeof payload.data !== "object") {
+        throw new Error("Invalid payload structure");
+    }
     if (options.fingerprint) {
         const provided = Array.isArray(options.fingerprint)
             ? options.fingerprint
@@ -71,5 +80,5 @@ function verify(token, secret, options = {}) {
             throw new Error("Fingerprint mismatch");
         }
     }
-    return payload;
+    return payload; // { data, iat, exp, fp }
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "secure-web-token",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "A secure web token utility",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",