secure-web-token 1.0.3 → 1.0.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -21
- package/dist/device.d.ts +1 -4
- package/dist/device.d.ts.map +1 -1
- package/dist/device.js +3 -39
- package/dist/sign.d.ts +9 -4
- package/dist/sign.d.ts.map +1 -1
- package/dist/sign.js +13 -12
- package/dist/verify.d.ts +2 -2
- package/dist/verify.d.ts.map +1 -1
- package/dist/verify.js +3 -5
- package/package.json +1 -1
package/README.md
CHANGED
|
@@ -2,9 +2,9 @@
|
|
|
2
2
|
|
|
3
3
|
## 1. About the Package
|
|
4
4
|
|
|
5
|
-
**Secure Web Token (SWT)**
|
|
5
|
+
**Secure Web Token (SWT)** operates on a strict **Device Registration Model**, providing a significant security upgrade over traditional JWTs. Through **AES-256-GCM encryption** and enforced **device-fingerprint binding**, SWT ensures that authentication tokens are intrinsically locked to specific devices, effectively neutralizing risks associated with token leakage and unauthorized access.
|
|
6
6
|
|
|
7
|
-
It is designed for applications where security and
|
|
7
|
+
It is designed for mission-critical applications where security and strictly controlled access are paramount.
|
|
8
8
|
|
|
9
9
|
---
|
|
10
10
|
|
|
@@ -108,25 +108,6 @@ try {
|
|
|
108
108
|
|
|
109
109
|
---
|
|
110
110
|
|
|
111
|
-
### Using Custom Fingerprints
|
|
112
|
-
|
|
113
|
-
```js
|
|
114
|
-
const { token } = sign(
|
|
115
|
-
{ userId: 2 },
|
|
116
|
-
secret,
|
|
117
|
-
{
|
|
118
|
-
expiresIn: 60,
|
|
119
|
-
fingerprint: ["Chrome-Linux", "192.168.1.10"]
|
|
120
|
-
}
|
|
121
|
-
);
|
|
122
|
-
|
|
123
|
-
verify(token, secret, {
|
|
124
|
-
fingerprint: "Chrome-Linux"
|
|
125
|
-
});
|
|
126
|
-
```
|
|
127
|
-
|
|
128
|
-
---
|
|
129
|
-
|
|
130
111
|
## Payload Structure (Internal)
|
|
131
112
|
|
|
132
113
|
```js
|
package/dist/device.d.ts
CHANGED
package/dist/device.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../src/device.ts"],"names":[],"mappings":"AAEA
|
|
1
|
+
{"version":3,"file":"device.d.ts","sourceRoot":"","sources":["../src/device.ts"],"names":[],"mappings":"AAEA;;GAEG;AACH,wBAAgB,gBAAgB,IAAI,MAAM,CAEzC"}
|
package/dist/device.js
CHANGED
|
@@ -1,46 +1,10 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
-
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
-
if (k2 === undefined) k2 = k;
|
|
4
|
-
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
-
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
-
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
-
}
|
|
8
|
-
Object.defineProperty(o, k2, desc);
|
|
9
|
-
}) : (function(o, m, k, k2) {
|
|
10
|
-
if (k2 === undefined) k2 = k;
|
|
11
|
-
o[k2] = m[k];
|
|
12
|
-
}));
|
|
13
|
-
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
|
|
14
|
-
Object.defineProperty(o, "default", { enumerable: true, value: v });
|
|
15
|
-
}) : function(o, v) {
|
|
16
|
-
o["default"] = v;
|
|
17
|
-
});
|
|
18
|
-
var __importStar = (this && this.__importStar) || (function () {
|
|
19
|
-
var ownKeys = function(o) {
|
|
20
|
-
ownKeys = Object.getOwnPropertyNames || function (o) {
|
|
21
|
-
var ar = [];
|
|
22
|
-
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
|
|
23
|
-
return ar;
|
|
24
|
-
};
|
|
25
|
-
return ownKeys(o);
|
|
26
|
-
};
|
|
27
|
-
return function (mod) {
|
|
28
|
-
if (mod && mod.__esModule) return mod;
|
|
29
|
-
var result = {};
|
|
30
|
-
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
|
|
31
|
-
__setModuleDefault(result, mod);
|
|
32
|
-
return result;
|
|
33
|
-
};
|
|
34
|
-
})();
|
|
35
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
36
3
|
exports.generateDeviceId = generateDeviceId;
|
|
37
|
-
const
|
|
4
|
+
const crypto_1 = require("crypto");
|
|
38
5
|
/**
|
|
39
|
-
*
|
|
40
|
-
* Used for Device Registration Model.
|
|
41
|
-
*
|
|
42
|
-
* @returns UUID v4 string
|
|
6
|
+
* Generates a unique device identifier
|
|
43
7
|
*/
|
|
44
8
|
function generateDeviceId() {
|
|
45
|
-
return
|
|
9
|
+
return (0, crypto_1.randomUUID)();
|
|
46
10
|
}
|
package/dist/sign.d.ts
CHANGED
|
@@ -8,14 +8,19 @@ export interface SignOptions {
|
|
|
8
8
|
*/
|
|
9
9
|
expiresIn?: number;
|
|
10
10
|
/**
|
|
11
|
-
* true → auto-generate device ID
|
|
12
|
-
* string | string[] → custom fingerprints
|
|
11
|
+
* true → auto-generate a device ID
|
|
13
12
|
*/
|
|
14
|
-
fingerprint?: true
|
|
13
|
+
fingerprint?: true;
|
|
15
14
|
}
|
|
16
15
|
/**
|
|
17
16
|
* Creates a Secure Web Token (SWT).
|
|
18
|
-
*
|
|
17
|
+
* Payload structure:
|
|
18
|
+
* {
|
|
19
|
+
* data: {...},
|
|
20
|
+
* iat,
|
|
21
|
+
* exp,
|
|
22
|
+
* fp
|
|
23
|
+
* }
|
|
19
24
|
*/
|
|
20
25
|
export default function sign(data: Record<string, any>, secret: string, options?: SignOptions): {
|
|
21
26
|
token: string;
|
package/dist/sign.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB
|
|
1
|
+
{"version":3,"file":"sign.d.ts","sourceRoot":"","sources":["../src/sign.ts"],"names":[],"mappings":"AAKA;;GAEG;AACH,MAAM,WAAW,WAAW;IAC1B;;;OAGG;IACH,SAAS,CAAC,EAAE,MAAM,CAAC;IAEnB;;OAEG;IACH,WAAW,CAAC,EAAE,IAAI,CAAC;CACpB;AAED;;;;;;;;;GASG;AACH,MAAM,CAAC,OAAO,UAAU,IAAI,CAC1B,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,EACzB,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,WAAgB,GACxB;IAAE,KAAK,EAAE,MAAM,CAAC;IAAC,QAAQ,CAAC,EAAE,MAAM,CAAA;CAAE,CA4CtC"}
|
package/dist/sign.js
CHANGED
|
@@ -43,7 +43,13 @@ const utils_1 = require("./utils");
|
|
|
43
43
|
const device_1 = require("./device");
|
|
44
44
|
/**
|
|
45
45
|
* Creates a Secure Web Token (SWT).
|
|
46
|
-
*
|
|
46
|
+
* Payload structure:
|
|
47
|
+
* {
|
|
48
|
+
* data: {...},
|
|
49
|
+
* iat,
|
|
50
|
+
* exp,
|
|
51
|
+
* fp
|
|
52
|
+
* }
|
|
47
53
|
*/
|
|
48
54
|
function sign(data, secret, options = {}) {
|
|
49
55
|
if (!secret || typeof secret !== "string") {
|
|
@@ -54,24 +60,19 @@ function sign(data, secret, options = {}) {
|
|
|
54
60
|
}
|
|
55
61
|
const now = Math.floor(Date.now() / 1000);
|
|
56
62
|
const payload = {
|
|
57
|
-
data,
|
|
63
|
+
data,
|
|
58
64
|
iat: now,
|
|
59
|
-
exp: now + (options.expiresIn ?? 900)
|
|
65
|
+
exp: now + (options.expiresIn ?? 900)
|
|
60
66
|
};
|
|
61
67
|
let deviceId;
|
|
62
|
-
// 🔐
|
|
68
|
+
// 🔐 Single-device registration
|
|
63
69
|
if (options.fingerprint === true) {
|
|
64
70
|
deviceId = (0, device_1.generateDeviceId)();
|
|
65
|
-
payload.fp =
|
|
66
|
-
}
|
|
67
|
-
else if (options.fingerprint) {
|
|
68
|
-
payload.fp = Array.isArray(options.fingerprint)
|
|
69
|
-
? options.fingerprint
|
|
70
|
-
: [options.fingerprint];
|
|
71
|
+
payload.fp = deviceId;
|
|
71
72
|
}
|
|
72
73
|
const header = {
|
|
73
74
|
alg: "AES-256-GCM+HMAC",
|
|
74
|
-
typ: "SWT"
|
|
75
|
+
typ: "SWT"
|
|
75
76
|
};
|
|
76
77
|
const encodedHeader = (0, utils_1.base64urlEncode)(JSON.stringify(header));
|
|
77
78
|
const encryptedPayload = (0, encrypt_1.default)(payload, secret);
|
|
@@ -82,6 +83,6 @@ function sign(data, secret, options = {}) {
|
|
|
82
83
|
.digest("base64url");
|
|
83
84
|
return {
|
|
84
85
|
token: `${dataToSign}.${signature}`,
|
|
85
|
-
deviceId
|
|
86
|
+
deviceId
|
|
86
87
|
};
|
|
87
88
|
}
|
package/dist/verify.d.ts
CHANGED
|
@@ -3,12 +3,12 @@
|
|
|
3
3
|
*/
|
|
4
4
|
export interface VerifyOptions {
|
|
5
5
|
/**
|
|
6
|
-
* Device fingerprint
|
|
6
|
+
* Device fingerprint for verification
|
|
7
7
|
*/
|
|
8
8
|
fingerprint?: string;
|
|
9
9
|
}
|
|
10
10
|
/**
|
|
11
|
-
* Verifies and decrypts a Secure Web Token
|
|
11
|
+
* Verifies and decrypts a Secure Web Token (SWT)
|
|
12
12
|
*/
|
|
13
13
|
export default function verify(token: string, secret: string, options?: VerifyOptions): Record<string, any>;
|
|
14
14
|
//# sourceMappingURL=verify.d.ts.map
|
package/dist/verify.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,
|
|
1
|
+
{"version":3,"file":"verify.d.ts","sourceRoot":"","sources":["../src/verify.ts"],"names":[],"mappings":"AAIA;;GAEG;AACH,MAAM,WAAW,aAAa;IAC5B;;OAEG;IACH,WAAW,CAAC,EAAE,MAAM,CAAC;CACtB;AAED;;GAEG;AACH,MAAM,CAAC,OAAO,UAAU,MAAM,CAC5B,KAAK,EAAE,MAAM,EACb,MAAM,EAAE,MAAM,EACd,OAAO,GAAE,aAAkB,GAC1B,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CA+CrB"}
|
package/dist/verify.js
CHANGED
|
@@ -41,7 +41,7 @@ const crypto = __importStar(require("crypto"));
|
|
|
41
41
|
const decrypt_1 = __importDefault(require("./decrypt"));
|
|
42
42
|
const utils_1 = require("./utils");
|
|
43
43
|
/**
|
|
44
|
-
* Verifies and decrypts a Secure Web Token
|
|
44
|
+
* Verifies and decrypts a Secure Web Token (SWT)
|
|
45
45
|
*/
|
|
46
46
|
function verify(token, secret, options = {}) {
|
|
47
47
|
if (!token || typeof token !== "string") {
|
|
@@ -68,11 +68,9 @@ function verify(token, secret, options = {}) {
|
|
|
68
68
|
if (!payload.data || typeof payload.data !== "object") {
|
|
69
69
|
throw new Error("Invalid payload structure");
|
|
70
70
|
}
|
|
71
|
+
// 🔐 Single-device verification
|
|
71
72
|
if (options.fingerprint) {
|
|
72
|
-
|
|
73
|
-
const stored = payload.fp;
|
|
74
|
-
const matched = provided === stored;
|
|
75
|
-
if (!matched) {
|
|
73
|
+
if (payload.fp !== options.fingerprint) {
|
|
76
74
|
throw new Error("Fingerprint mismatch");
|
|
77
75
|
}
|
|
78
76
|
}
|