secure-web-token 1.2.0 → 1.2.2

package/README.md

@@ -1,129 +1,42 @@
 # 🔐 Secure Web Token (SWT)
 
-## 1. About the Package
-
-**Secure Web Token (SWT)** operates on a strict **Device Registration Model**, providing a significant security upgrade over traditional JWTs. Through **AES-256-GCM encryption** and enforced **device-fingerprint binding**, SWT ensures that authentication tokens are intrinsically locked to specific devices, effectively neutralizing risks associated with token leakage and unauthorized access.
-
-It is designed for mission-critical applications where security and strictly controlled access are paramount.
-
----
-
-## 2. What Problem Does It Solve?
-
-Traditional JWT has some well-known issues:
-
-- JWT payloads are **Base64 encoded**, not encrypted  
-- Anyone can decode the payload using online tools without the secret  
-- If a token leaks, it can be reused on **any device**  
-- No built-in way to restrict tokens to a specific device  
-
-**Secure Web Token (SWT)** solves these problems by:
-
-- Encrypting the payload using **AES-256-GCM**
-- Making payload data **completely unreadable without the secret**
-- Allowing tokens to be bound to **one or more device fingerprints**
-- Preventing token reuse from unauthorized devices
-- Supporting auto-generated device IDs for stronger protection
-
-This makes SWT especially useful for:
-- Course platforms (anti-piracy)
-- SaaS dashboards
-- Admin panels
-- Device-restricted systems
-
----
-
-## 3. Available Functions
-
-### `sign()`
-Creates an encrypted and signed token.
-
-**Features:**
-- Encrypts payload
-- Adds expiry (`iat`, `exp`)
-- Supports device fingerprint binding
-- Can auto-generate a device ID
-
----
+## About the Package
+SWT is a secure token system that encrypts payloads and binds them to devices. Unlike JWT, it prevents token reuse on other devices.
+
+## What Problem Does It Solve?
+- JWT can be decoded easily.
+- Tokens can be used on any device if leaked.
+- SWT encrypts payloads and binds tokens to device fingerprints.
+
+## Functions
+
+### sign()
+Creates a secure token.
+```ts
+import { sign } from "secure-web-token";
+const { token, deviceId } = sign({ userId:1 }, "secret", { fingerprint: true });
+console.log(token, deviceId);
+```
 
-### `verify()`
+### verify()
 Verifies and decrypts a token.
+```ts
+import { verify } from "secure-web-token";
+const payload = verify(token, "secret", { fingerprint: deviceId });
+console.log(payload.data);
+```
 
-**Checks performed:**
-- Token format
-- Signature integrity
-- Token expiry
-- Device fingerprint validation
-
----
-
-## 4. Sample Code
-
-### Installation
-
+## Installation
 ```bash
 npm install secure-web-token
 ```
 
----
-
-### Import
-
-```js
+## Importing
+```ts
+import { sign, verify } from "secure-web-token";
+// or
 const { sign, verify } = require("secure-web-token");
 ```
 
----
-
-### Signing a Token (Auto Device Registration)
-
-```js
-const secret = "my-super-secret";
-
-const { token, deviceId } = sign(
-  { userId: 1, role: "admin" },
-  secret,
-  { fingerprint: true }
-);
-
-console.log("TOKEN:", token);
-console.log("DEVICE ID:", deviceId);
-```
-
----
-
-### Verifying the Token
-
-```js
-try {
-  const payload = verify(token, secret, {
-    fingerprint: deviceId
-  });
-
-  console.log("USER DATA:", payload.data);
-} catch (err) {
-  console.error("AUTH ERROR:", err.message);
-}
-```
-
----
-
-## Payload Structure (Internal)
-
-```js
-{
-  data: {
-    userId: 1,
-    role: "admin"
-  },
-  iat: 1768368114,
-  exp: 1768369014,
-  fp: ["device-id"]
-}
-```
-
----
-
-## License
+This simple version focuses on **encrypted tokens and device binding**.
 
-MIT License

package/dist/index.d.ts

@@ -4,6 +4,8 @@
  */
 export { default as sign } from "./sign";
 export { default as verify } from "./verify";
+export { getStore, StoreType } from "./store";
 export type { SignOptions } from "./sign";
 export type { VerifyOptions } from "./verify";
+export type { Store } from "./store/types";
 //# sourceMappingURL=index.d.ts.map

package/dist/index.d.ts.map

@@ -1 +1 @@
-{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,UAAU,CAAC;AAE7C,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC"}
+{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../src/index.ts"],"names":[],"mappings":"AAAA;;;GAGG;AAEH,OAAO,EAAE,OAAO,IAAI,IAAI,EAAE,MAAM,QAAQ,CAAC;AACzC,OAAO,EAAE,OAAO,IAAI,MAAM,EAAE,MAAM,UAAU,CAAC;AAG7C,OAAO,EAAE,QAAQ,EAAE,SAAS,EAAE,MAAM,SAAS,CAAC;AAG9C,YAAY,EAAE,WAAW,EAAE,MAAM,QAAQ,CAAC;AAC1C,YAAY,EAAE,aAAa,EAAE,MAAM,UAAU,CAAC;AAC9C,YAAY,EAAE,KAAK,EAAE,MAAM,eAAe,CAAC"}

package/dist/index.js

@@ -7,8 +7,11 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.verify = exports.sign = void 0;
+exports.getStore = exports.verify = exports.sign = void 0;
 var sign_1 = require("./sign");
 Object.defineProperty(exports, "sign", { enumerable: true, get: function () { return __importDefault(sign_1).default; } });
 var verify_1 = require("./verify");
 Object.defineProperty(exports, "verify", { enumerable: true, get: function () { return __importDefault(verify_1).default; } });
+// Export store helpers
+var store_1 = require("./store");
+Object.defineProperty(exports, "getStore", { enumerable: true, get: function () { return store_1.getStore; } });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "secure-web-token",
-  "version": "1.2.0",
+  "version": "1.2.2",
   "description": "A secure web token utility",
   "main": "dist/index.js",
   "types": "dist/index.d.ts",