secure-web-token 1.0.2 β†’ 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. package/README.md +76 -73
  2. package/dist/sign.d.ts +1 -1
  3. package/dist/sign.d.ts.map +1 -1
  4. package/dist/sign.js +0 -5
  5. package/dist/verify.d.ts +1 -1
  6. package/dist/verify.d.ts.map +1 -1
  7. package/dist/verify.js +3 -7
  8. package/package.json +1 -1
package/README.md CHANGED
@@ -1,126 +1,129 @@
1
1
  # πŸ” Secure Web Token (SWT)
2
2
 
3
- **Secure Web Token (SWT)** is a lightweight Node.js authentication package designed to make token-based authentication **more secure than traditional JWTs** by binding tokens to **device fingerprints**.
3
+ ## 1. About the Package
4
4
 
5
- Unlike JWTs, SWT:
6
- - **Encrypts the payload** (can’t be decoded without the secret)
7
- - Allows **device-level access control**
8
- - Prevents token misuse across multiple devices
5
+ **Secure Web Token (SWT)** operates on a strict **Device Registration Model**, providing a significant security upgrade over traditional JWTs. Through **AES-256-GCM encryption** and enforced **device-fingerprint binding**, SWT ensures that authentication tokens are intrinsically locked to specific devices, effectively neutralizing risks associated with token leakage and unauthorized access.
6
+
7
+ It is designed for mission-critical applications where security and strictly controlled access are paramount.
9
8
 
10
9
  ---
11
10
 
12
- ## ✨ Features
11
+ ## 2. What Problem Does It Solve?
13
12
 
14
- - πŸ” Encrypted payload (AES-256-GCM)
15
- - πŸ“± Device fingerprint support (single or multiple)
16
- - ⏱ Token expiration
17
- - ⚑ Lightweight & fast
18
- - 🧠 TypeScript + IntelliSense support
19
- - βœ… CommonJS compatible
13
+ Traditional JWT has some well-known issues:
20
14
 
21
- ---
15
+ - JWT payloads are **Base64 encoded**, not encrypted
16
+ - Anyone can decode the payload using online tools without the secret
17
+ - If a token leaks, it can be reused on **any device**
18
+ - No built-in way to restrict tokens to a specific device
22
19
 
23
- ## πŸ“¦ Installation
20
+ **Secure Web Token (SWT)** solves these problems by:
24
21
 
25
- ```bash
26
- npm install secure-web-token
27
- ```
22
+ - Encrypting the payload using **AES-256-GCM**
23
+ - Making payload data **completely unreadable without the secret**
24
+ - Allowing tokens to be bound to **one or more device fingerprints**
25
+ - Preventing token reuse from unauthorized devices
26
+ - Supporting auto-generated device IDs for stronger protection
28
27
 
29
- ---
28
+ This makes SWT especially useful for:
29
+ - Course platforms (anti-piracy)
30
+ - SaaS dashboards
31
+ - Admin panels
32
+ - Device-restricted systems
30
33
 
31
- ## πŸ“₯ Import
34
+ ---
32
35
 
33
- ```js
34
- const { sign, verify } = require("secure-web-token");
35
- ```
36
+ ## 3. Available Functions
36
37
 
37
- ---
38
+ ### `sign()`
39
+ Creates an encrypted and signed token.
38
40
 
39
- ## 🧠 What is a Fingerprint?
41
+ **Features:**
42
+ - Encrypts payload
43
+ - Adds expiry (`iat`, `exp`)
44
+ - Supports device fingerprint binding
45
+ - Can auto-generate a device ID
40
46
 
41
- A fingerprint is any identifier that represents a device.
47
+ ---
42
48
 
43
- Examples:
44
- - Browser + OS (`Chrome-Linux`)
45
- - Device ID
46
- - IP address
47
- - Any custom unique string
49
+ ### `verify()`
50
+ Verifies and decrypts a token.
48
51
 
49
- You can allow **one or multiple fingerprints** per token.
52
+ **Checks performed:**
53
+ - Token format
54
+ - Signature integrity
55
+ - Token expiry
56
+ - Device fingerprint validation
50
57
 
51
58
  ---
52
59
 
53
- ## ✍️ sign()
60
+ ## 4. Sample Code
54
61
 
55
- Creates a secure encrypted token.
62
+ ### Installation
56
63
 
57
- ### Syntax
58
-
59
- ```js
60
- sign(data, secret, options)
64
+ ```bash
65
+ npm install secure-web-token
61
66
  ```
62
67
 
63
- ### Options
64
-
65
- | Option | Type | Description |
66
- |------|------|------------|
67
- | expiresIn | number | Token expiry (seconds) |
68
- | fingerprint | true \| string \| string[] | Device fingerprint(s) |
68
+ ---
69
69
 
70
- ### Payload Structure
70
+ ### Import
71
71
 
72
72
  ```js
73
- {
74
- data: { ... },
75
- iat: number,
76
- exp: number,
77
- fp: string[]
78
- }
73
+ const { sign, verify } = require("secure-web-token");
79
74
  ```
80
75
 
81
- ### Example (Auto Device ID)
76
+ ---
77
+
78
+ ### Signing a Token (Auto Device Registration)
82
79
 
83
80
  ```js
81
+ const secret = "my-super-secret";
82
+
84
83
  const { token, deviceId } = sign(
85
84
  { userId: 1, role: "admin" },
86
- "my-secret",
85
+ secret,
87
86
  { fingerprint: true }
88
87
  );
89
88
 
90
- console.log(token, deviceId);
89
+ console.log("TOKEN:", token);
90
+ console.log("DEVICE ID:", deviceId);
91
91
  ```
92
92
 
93
93
  ---
94
94
 
95
- ## βœ… verify()
96
-
97
- Verifies token integrity, expiry, and fingerprint.
95
+ ### Verifying the Token
98
96
 
99
97
  ```js
100
- verify(token, secret, { fingerprint })
101
- ```
102
-
103
- ### Example
104
-
105
- ```js
106
- const payload = verify(token, "my-secret", {
107
- fingerprint: deviceId
108
- });
109
-
110
- console.log(payload.data);
98
+ try {
99
+ const payload = verify(token, secret, {
100
+ fingerprint: deviceId
101
+ });
102
+
103
+ console.log("USER DATA:", payload.data);
104
+ } catch (err) {
105
+ console.error("AUTH ERROR:", err.message);
106
+ }
111
107
  ```
112
108
 
113
109
  ---
114
110
 
115
- ## πŸ” Use Cases
111
+ ## Payload Structure (Internal)
116
112
 
117
- - Prevent account sharing
118
- - Device-restricted access
119
- - Secure SaaS authentication
120
- - Course/content protection
113
+ ```js
114
+ {
115
+ data: {
116
+ userId: 1,
117
+ role: "admin"
118
+ },
119
+ iat: 1768368114,
120
+ exp: 1768369014,
121
+ fp: ["device-id"]
122
+ }
123
+ ```
121
124
 
122
125
  ---
123
126
 
124
- ## πŸ“œ License
127
+ ## License
125
128
 
126
129
  MIT License
package/dist/sign.d.ts CHANGED
@@ -11,7 +11,7 @@ export interface SignOptions {
11
11
  * true β†’ auto-generate device ID
12
12
  * string | string[] β†’ custom fingerprints
13
13
  */
14
- fingerprint?: true | string | string[];
14
+ fingerprint?: true;
15
15
  }
16
16
  /**
17
17
  * Creates a Secure Web Token (SWT).
package/dist/sign.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,IAAI,GAAG,MAAM,GAAG,MAAM,EAAE,CAAC;CACxC;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,WAAgB,GACxB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CAgDtC"}
1
+ {"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;;OAGG;IACH,WAAW,CAAC,EAAE,IAAI,CAAC;CACpB;AAED;;;GAGG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,WAAgB,GACxB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CA4CtC"}
package/dist/sign.js CHANGED
@@ -64,11 +64,6 @@ function sign(data, secret, options = {}) {
64
64
  deviceId = (0, device_1.generateDeviceId)();
65
65
  payload.fp = [deviceId];
66
66
  }
67
- else if (options.fingerprint) {
68
- payload.fp = Array.isArray(options.fingerprint)
69
- ? options.fingerprint
70
- : [options.fingerprint];
71
- }
72
67
  const header = {
73
68
  alg: "AES-256-GCM+HMAC",
74
69
  typ: "SWT",
package/dist/verify.d.ts CHANGED
@@ -5,7 +5,7 @@ export interface VerifyOptions {
5
5
  /**
6
6
  * Device fingerprint(s) allowed to verify token
7
7
  */
8
- fingerprint?: string | string[];
8
+ fingerprint?: string;
9
9
  }
10
10
  /**
11
11
  * Verifies and decrypts a Secure Web Token.
package/dist/verify.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,GAAG,MAAM,EAAE,CAAC;CACjC;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAuDrB"}
1
+ {"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAmDrB"}
package/dist/verify.js CHANGED
@@ -69,13 +69,9 @@ function verify(token, secret, options = {}) {
69
69
  throw new Error("Invalid payload structure");
70
70
  }
71
71
  if (options.fingerprint) {
72
- const provided = Array.isArray(options.fingerprint)
73
- ? options.fingerprint
74
- : [options.fingerprint];
75
- const stored = Array.isArray(payload.fp)
76
- ? payload.fp
77
- : [];
78
- const matched = provided.some(fp => stored.includes(fp));
72
+ const provided = options.fingerprint;
73
+ const stored = payload.fp;
74
+ const matched = provided === stored;
79
75
  if (!matched) {
80
76
  throw new Error("Fingerprint mismatch");
81
77
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "secure-web-token",
3
- "version": "1.0.2",
3
+ "version": "1.0.4",
4
4
  "description": "A secure web token utility",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",