securequ 1.1.10 → 1.1.11
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/include/crypto.d.ts +11 -1
- package/include/crypto.js +60 -4
- package/include/crypto.js.map +1 -1
- package/include/crypto.mjs +60 -4
- package/include/crypto.mjs.map +1 -1
- package/package.json +1 -1
package/include/crypto.d.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
type EncryptInput = string | object | any[];
|
|
2
|
+
declare function init(): Promise<void>;
|
|
2
3
|
/** --- STRING --- */
|
|
3
4
|
declare function encrypt(input: EncryptInput, secret: string): Promise<string>;
|
|
4
5
|
declare function decrypt(base64: string, secret: string): Promise<any | null>;
|
|
@@ -7,13 +8,22 @@ declare function encryptBuffer(input: any, secret: string): Promise<Uint8Array>;
|
|
|
7
8
|
declare function decryptBuffer(box: Uint8Array, secret: string): Promise<any | null>;
|
|
8
9
|
/** --- HASH --- */
|
|
9
10
|
declare function hash(str: string): Promise<string>;
|
|
11
|
+
declare function createToken(payload: Record<string, any>, secret: string): Promise<string>;
|
|
12
|
+
declare function verifyToken(token: string, secret: string): Promise<{
|
|
13
|
+
valid: boolean;
|
|
14
|
+
payload?: any;
|
|
15
|
+
reason?: string;
|
|
16
|
+
}>;
|
|
10
17
|
declare const crypto: {
|
|
18
|
+
init: typeof init;
|
|
11
19
|
encrypt: typeof encrypt;
|
|
12
20
|
decrypt: typeof decrypt;
|
|
13
21
|
encryptBuffer: typeof encryptBuffer;
|
|
14
22
|
decryptBuffer: typeof decryptBuffer;
|
|
15
23
|
hash: typeof hash;
|
|
24
|
+
createToken: typeof createToken;
|
|
25
|
+
verifyToken: typeof verifyToken;
|
|
16
26
|
};
|
|
17
27
|
|
|
18
|
-
export { decrypt, decryptBuffer, crypto as default, encrypt, encryptBuffer, hash };
|
|
28
|
+
export { createToken, decrypt, decryptBuffer, crypto as default, encrypt, encryptBuffer, hash, init, verifyToken };
|
|
19
29
|
export type { EncryptInput };
|
package/include/crypto.js
CHANGED
|
@@ -5,6 +5,9 @@ function deriveKey(secret) {
|
|
|
5
5
|
function deriveNonce(secret) {
|
|
6
6
|
return sodium.crypto_generichash(sodium.crypto_secretbox_NONCEBYTES, sodium.from_string(secret));
|
|
7
7
|
}
|
|
8
|
+
async function init() {
|
|
9
|
+
await sodium.ready;
|
|
10
|
+
}
|
|
8
11
|
/** --- STRING --- */
|
|
9
12
|
async function encrypt(input, secret) {
|
|
10
13
|
const encrypted = await encryptBuffer(input, secret);
|
|
@@ -17,7 +20,7 @@ async function decrypt(base64, secret) {
|
|
|
17
20
|
/** --- BUFFER --- */
|
|
18
21
|
// Encrypt
|
|
19
22
|
async function encryptBuffer(input, secret) {
|
|
20
|
-
await
|
|
23
|
+
await init();
|
|
21
24
|
const key = deriveKey(secret);
|
|
22
25
|
const nonce = deriveNonce(secret);
|
|
23
26
|
const compressed = await compress.default.compressBuffer(input);
|
|
@@ -25,7 +28,7 @@ async function encryptBuffer(input, secret) {
|
|
|
25
28
|
}
|
|
26
29
|
// Decrypt
|
|
27
30
|
async function decryptBuffer(box, secret) {
|
|
28
|
-
await
|
|
31
|
+
await init();
|
|
29
32
|
const key = deriveKey(secret);
|
|
30
33
|
const nonce = deriveNonce(secret);
|
|
31
34
|
try {
|
|
@@ -40,16 +43,69 @@ async function decryptBuffer(box, secret) {
|
|
|
40
43
|
}
|
|
41
44
|
/** --- HASH --- */
|
|
42
45
|
async function hash(str) {
|
|
43
|
-
await
|
|
46
|
+
await init();
|
|
44
47
|
const digest = sodium.crypto_generichash(32, sodium.from_string(str));
|
|
45
48
|
return sodium
|
|
46
49
|
.to_base64(digest)
|
|
47
50
|
.replace(/[^a-zA-Z0-9]/g, "");
|
|
48
51
|
}
|
|
52
|
+
/* -----------------------------
|
|
53
|
+
Helper: canonical JSON
|
|
54
|
+
------------------------------ */
|
|
55
|
+
function canonicalJSON(obj) {
|
|
56
|
+
if (obj === null || typeof obj !== "object")
|
|
57
|
+
return JSON.stringify(obj);
|
|
58
|
+
if (Array.isArray(obj))
|
|
59
|
+
return JSON.stringify(obj.map(canonicalJSON));
|
|
60
|
+
const keys = Object.keys(obj).sort();
|
|
61
|
+
const result = {};
|
|
62
|
+
for (const k of keys) {
|
|
63
|
+
result[k] = obj[k];
|
|
64
|
+
}
|
|
65
|
+
return JSON.stringify(result);
|
|
66
|
+
}
|
|
67
|
+
/* -----------------------------
|
|
68
|
+
Create Token
|
|
69
|
+
------------------------------ */
|
|
70
|
+
async function createToken(payload, secret) {
|
|
71
|
+
await init();
|
|
72
|
+
const key = deriveKey(secret);
|
|
73
|
+
const json = canonicalJSON(payload);
|
|
74
|
+
const payloadBase64 = await encrypt(payload, sodium.to_base64(secret));
|
|
75
|
+
const signature = sodium.crypto_sign_detached(sodium.from_string(json), key);
|
|
76
|
+
const sigBase64 = sodium.to_base64(signature, sodium.base64_variants.URLSAFE_NO_PADDING);
|
|
77
|
+
return `${payloadBase64}.${sigBase64}`;
|
|
78
|
+
}
|
|
79
|
+
/* -----------------------------
|
|
80
|
+
Verify Token
|
|
81
|
+
------------------------------ */
|
|
82
|
+
async function verifyToken(token, secret) {
|
|
83
|
+
await init();
|
|
84
|
+
const key = deriveKey(secret);
|
|
85
|
+
const parts = token.split(".");
|
|
86
|
+
if (parts.length !== 2) {
|
|
87
|
+
return { valid: false, reason: "Invalid token format" };
|
|
88
|
+
}
|
|
89
|
+
const [payloadBase64, sigBase64] = parts;
|
|
90
|
+
const payload = await decrypt(payloadBase64, sodium.to_base64(secret));
|
|
91
|
+
if (payload === null) {
|
|
92
|
+
return { valid: false, reason: "Decryption failed" };
|
|
93
|
+
}
|
|
94
|
+
const json = canonicalJSON(payload);
|
|
95
|
+
const signature = sodium.from_base64(sigBase64, sodium.base64_variants.URLSAFE_NO_PADDING);
|
|
96
|
+
const isValid = sodium.crypto_sign_verify_detached(signature, sodium.from_string(json), key);
|
|
97
|
+
if (!isValid) {
|
|
98
|
+
return { valid: false, reason: "Signature verification failed" };
|
|
99
|
+
}
|
|
100
|
+
return { valid: true, payload };
|
|
101
|
+
}
|
|
49
102
|
const crypto = {
|
|
103
|
+
init,
|
|
50
104
|
encrypt,
|
|
51
105
|
decrypt,
|
|
52
106
|
encryptBuffer,
|
|
53
107
|
decryptBuffer,
|
|
54
108
|
hash,
|
|
55
|
-
|
|
109
|
+
createToken,
|
|
110
|
+
verifyToken
|
|
111
|
+
};exports.createToken=createToken;exports.decrypt=decrypt;exports.decryptBuffer=decryptBuffer;exports.default=crypto;exports.encrypt=encrypt;exports.encryptBuffer=encryptBuffer;exports.hash=hash;exports.init=init;exports.verifyToken=verifyToken;//# sourceMappingURL=crypto.js.map
|
package/include/crypto.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.js","sources":["../../src/include/crypto.ts"],"sourcesContent":["import sodium from \"libsodium-wrappers\";\r\nimport compresor from \"./compress\";\r\n\r\nexport type EncryptInput = string | object | any[];\r\n\r\n/** --- Key/Nonce Derivation --- */\r\nfunction deriveKey(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_KEYBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nfunction deriveNonce(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_NONCEBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\n/** --- STRING --- */\r\nexport async function encrypt(input: EncryptInput, secret: string): Promise<string> {\r\n const encrypted = await encryptBuffer(input, secret);\r\n return sodium.to_base64(encrypted);\r\n}\r\n\r\nexport async function decrypt(base64: string, secret: string): Promise<any | null> {\r\n const cipher = sodium.from_base64(base64);\r\n return await decryptBuffer(cipher, secret);\r\n}\r\n\r\n/** --- BUFFER --- */\r\n// Encrypt\r\nexport async function encryptBuffer(input: any, secret: string): Promise<Uint8Array> {\r\n await
|
|
1
|
+
{"version":3,"file":"crypto.js","sources":["../../src/include/crypto.ts"],"sourcesContent":["import sodium from \"libsodium-wrappers\";\r\nimport compresor from \"./compress\";\r\n\r\nexport type EncryptInput = string | object | any[];\r\n\r\n/** --- Key/Nonce Derivation --- */\r\nfunction deriveKey(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_KEYBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nfunction deriveNonce(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_NONCEBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nexport async function init() {\r\n await sodium.ready;\r\n}\r\n\r\n\r\n/** --- STRING --- */\r\nexport async function encrypt(input: EncryptInput, secret: string): Promise<string> {\r\n const encrypted = await encryptBuffer(input, secret);\r\n return sodium.to_base64(encrypted);\r\n}\r\n\r\nexport async function decrypt(base64: string, secret: string): Promise<any | null> {\r\n const cipher = sodium.from_base64(base64);\r\n return await decryptBuffer(cipher, secret);\r\n}\r\n\r\n/** --- BUFFER --- */\r\n// Encrypt\r\nexport async function encryptBuffer(input: any, secret: string): Promise<Uint8Array> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const nonce = deriveNonce(secret);\r\n const compressed = await compresor.compressBuffer(input);\r\n return sodium.crypto_secretbox_easy(compressed, nonce, key);\r\n}\r\n\r\n// Decrypt\r\nexport async function decryptBuffer(box: Uint8Array, secret: string): Promise<any | null> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const nonce = deriveNonce(secret);\r\n try {\r\n const opened = sodium.crypto_secretbox_open_easy(box, nonce, key);\r\n if (!opened) return null;\r\n return await compresor.decompressBuffer(opened);\r\n } catch (error) {\r\n return null;\r\n }\r\n}\r\n\r\n/** --- HASH --- */\r\nexport async function hash(str: string): Promise<string> {\r\n await init()\r\n const digest = sodium.crypto_generichash(32, sodium.from_string(str));\r\n return sodium\r\n .to_base64(digest)\r\n .replace(/[^a-zA-Z0-9]/g, \"\")\r\n}\r\n\r\n\r\n\r\n/* -----------------------------\r\n Helper: canonical JSON\r\n------------------------------ */\r\nfunction canonicalJSON(obj: any): string {\r\n if (obj === null || typeof obj !== \"object\") return JSON.stringify(obj);\r\n if (Array.isArray(obj)) return JSON.stringify(obj.map(canonicalJSON));\r\n const keys = Object.keys(obj).sort();\r\n const result: any = {};\r\n for (const k of keys) {\r\n result[k] = obj[k];\r\n }\r\n return JSON.stringify(result);\r\n}\r\n\r\n/* -----------------------------\r\n Create Token\r\n------------------------------ */\r\nexport async function createToken(payload: Record<string, any>, secret: string): Promise<string> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const json = canonicalJSON(payload);\r\n const payloadBase64 = await encrypt(payload, sodium.to_base64(secret));\r\n\r\n const signature = sodium.crypto_sign_detached(\r\n sodium.from_string(json),\r\n key\r\n );\r\n const sigBase64 = sodium.to_base64(\r\n signature,\r\n sodium.base64_variants.URLSAFE_NO_PADDING\r\n );\r\n\r\n return `${payloadBase64}.${sigBase64}`;\r\n}\r\n\r\n/* -----------------------------\r\n Verify Token\r\n------------------------------ */\r\nexport async function verifyToken(token: string, secret: string): Promise<{ valid: boolean; payload?: any; reason?: string }> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const parts = token.split(\".\");\r\n if (parts.length !== 2) {\r\n return { valid: false, reason: \"Invalid token format\" };\r\n }\r\n const [payloadBase64, sigBase64] = parts;\r\n\r\n const payload = await decrypt(payloadBase64, sodium.to_base64(secret));\r\n if (payload === null) {\r\n return { valid: false, reason: \"Decryption failed\" };\r\n }\r\n const json = canonicalJSON(payload);\r\n\r\n const signature = sodium.from_base64(\r\n sigBase64,\r\n sodium.base64_variants.URLSAFE_NO_PADDING\r\n );\r\n const isValid = sodium.crypto_sign_verify_detached(\r\n signature,\r\n sodium.from_string(json),\r\n key\r\n );\r\n if (!isValid) {\r\n return { valid: false, reason: \"Signature verification failed\" };\r\n }\r\n return { valid: true, payload };\r\n}\r\n\r\nconst crypto = {\r\n init,\r\n encrypt,\r\n decrypt,\r\n encryptBuffer,\r\n decryptBuffer,\r\n hash,\r\n createToken,\r\n verifyToken\r\n};\r\n\r\nexport default crypto;\r\n"],"names":["compresor"],"mappings":"iJAKA;AACA,SAAS,SAAS,CAAC,MAAc,EAAA;AAC9B,IAAA,OAAO,MAAM,CAAC,kBAAkB,CAC7B,MAAM,CAAC,yBAAyB,EAChC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAC5B,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAA;AAChC,IAAA,OAAO,MAAM,CAAC,kBAAkB,CAC7B,MAAM,CAAC,2BAA2B,EAClC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAC5B,CAAC;AACL,CAAC;AAEM,eAAe,IAAI,GAAA;IACvB,MAAM,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AAGD;AACO,eAAe,OAAO,CAAC,KAAmB,EAAE,MAAc,EAAA;IAC9D,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACrD,IAAA,OAAO,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAEM,eAAe,OAAO,CAAC,MAAc,EAAE,MAAc,EAAA;IACzD,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;AAC1C,IAAA,OAAO,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED;AACA;AACO,eAAe,aAAa,CAAC,KAAU,EAAE,MAAc,EAAA;IAC3D,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,MAAMA,gBAAS,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,qBAAqB,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AAC/D,CAAC;AAED;AACO,eAAe,aAAa,CAAC,GAAe,EAAE,MAAc,EAAA;IAChE,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI;AACD,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AAClE,QAAA,IAAI,CAAC,MAAM;AAAE,YAAA,OAAO,IAAI,CAAC;AACzB,QAAA,OAAO,MAAMA,gBAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;AAClD,IAAA,CAAA;AAAC,IAAA,OAAO,KAAK,EAAE;AACb,QAAA,OAAO,IAAI,CAAC;AACd,IAAA,CAAA;AACJ,CAAC;AAED;AACO,eAAe,IAAI,CAAC,GAAW,EAAA;IACnC,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,CAAC,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,IAAA,OAAO,MAAM;SACT,SAAS,CAAC,MAAM,CAAC;AACjB,SAAA,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAA;AACnC,CAAC;AAID;;AAEiC;AACjC,SAAS,aAAa,CAAC,GAAQ,EAAA;AAC5B,IAAA,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;AAAE,QAAA,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AACxE,IAAA,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAQ,EAAE,CAAC;AACvB,IAAA,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE;QACnB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACrB,IAAA,CAAA;AACD,IAAA,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED;;AAEiC;AAC1B,eAAe,WAAW,CAAC,OAA4B,EAAE,MAAc,EAAA;IAC3E,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;AACpC,IAAA,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAEvE,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAC1C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EACxB,GAAG,CACL,CAAC;AACF,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAC/B,SAAS,EACT,MAAM,CAAC,eAAe,CAAC,kBAAkB,CAC3C,CAAC;AAEF,IAAA,OAAO,CAAA,EAAG,aAAa,CAAA,CAAA,EAAI,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED;;AAEiC;AAC1B,eAAe,WAAW,CAAC,KAAa,EAAE,MAAc,EAAA;IAC5D,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC/B,IAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACrB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;AAC1D,IAAA,CAAA;AACD,IAAA,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;AAEzC,IAAA,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACvE,IAAI,OAAO,KAAK,IAAI,EAAE;QACnB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;AACvD,IAAA,CAAA;AACD,IAAA,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;AAEpC,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CACjC,SAAS,EACT,MAAM,CAAC,eAAe,CAAC,kBAAkB,CAC3C,CAAC;AACF,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,2BAA2B,CAC/C,SAAS,EACT,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EACxB,GAAG,CACL,CAAC;IACF,IAAI,CAAC,OAAO,EAAE;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;AACnE,IAAA,CAAA;AACD,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,MAAM,GAAG;IACZ,IAAI;IACJ,OAAO;IACP,OAAO;IACP,aAAa;IACb,aAAa;IACb,IAAI;IACJ,WAAW;IACX,WAAW;"}
|
package/include/crypto.mjs
CHANGED
|
@@ -5,6 +5,9 @@ function deriveKey(secret) {
|
|
|
5
5
|
function deriveNonce(secret) {
|
|
6
6
|
return sodium.crypto_generichash(sodium.crypto_secretbox_NONCEBYTES, sodium.from_string(secret));
|
|
7
7
|
}
|
|
8
|
+
async function init() {
|
|
9
|
+
await sodium.ready;
|
|
10
|
+
}
|
|
8
11
|
/** --- STRING --- */
|
|
9
12
|
async function encrypt(input, secret) {
|
|
10
13
|
const encrypted = await encryptBuffer(input, secret);
|
|
@@ -17,7 +20,7 @@ async function decrypt(base64, secret) {
|
|
|
17
20
|
/** --- BUFFER --- */
|
|
18
21
|
// Encrypt
|
|
19
22
|
async function encryptBuffer(input, secret) {
|
|
20
|
-
await
|
|
23
|
+
await init();
|
|
21
24
|
const key = deriveKey(secret);
|
|
22
25
|
const nonce = deriveNonce(secret);
|
|
23
26
|
const compressed = await compresor.compressBuffer(input);
|
|
@@ -25,7 +28,7 @@ async function encryptBuffer(input, secret) {
|
|
|
25
28
|
}
|
|
26
29
|
// Decrypt
|
|
27
30
|
async function decryptBuffer(box, secret) {
|
|
28
|
-
await
|
|
31
|
+
await init();
|
|
29
32
|
const key = deriveKey(secret);
|
|
30
33
|
const nonce = deriveNonce(secret);
|
|
31
34
|
try {
|
|
@@ -40,16 +43,69 @@ async function decryptBuffer(box, secret) {
|
|
|
40
43
|
}
|
|
41
44
|
/** --- HASH --- */
|
|
42
45
|
async function hash(str) {
|
|
43
|
-
await
|
|
46
|
+
await init();
|
|
44
47
|
const digest = sodium.crypto_generichash(32, sodium.from_string(str));
|
|
45
48
|
return sodium
|
|
46
49
|
.to_base64(digest)
|
|
47
50
|
.replace(/[^a-zA-Z0-9]/g, "");
|
|
48
51
|
}
|
|
52
|
+
/* -----------------------------
|
|
53
|
+
Helper: canonical JSON
|
|
54
|
+
------------------------------ */
|
|
55
|
+
function canonicalJSON(obj) {
|
|
56
|
+
if (obj === null || typeof obj !== "object")
|
|
57
|
+
return JSON.stringify(obj);
|
|
58
|
+
if (Array.isArray(obj))
|
|
59
|
+
return JSON.stringify(obj.map(canonicalJSON));
|
|
60
|
+
const keys = Object.keys(obj).sort();
|
|
61
|
+
const result = {};
|
|
62
|
+
for (const k of keys) {
|
|
63
|
+
result[k] = obj[k];
|
|
64
|
+
}
|
|
65
|
+
return JSON.stringify(result);
|
|
66
|
+
}
|
|
67
|
+
/* -----------------------------
|
|
68
|
+
Create Token
|
|
69
|
+
------------------------------ */
|
|
70
|
+
async function createToken(payload, secret) {
|
|
71
|
+
await init();
|
|
72
|
+
const key = deriveKey(secret);
|
|
73
|
+
const json = canonicalJSON(payload);
|
|
74
|
+
const payloadBase64 = await encrypt(payload, sodium.to_base64(secret));
|
|
75
|
+
const signature = sodium.crypto_sign_detached(sodium.from_string(json), key);
|
|
76
|
+
const sigBase64 = sodium.to_base64(signature, sodium.base64_variants.URLSAFE_NO_PADDING);
|
|
77
|
+
return `${payloadBase64}.${sigBase64}`;
|
|
78
|
+
}
|
|
79
|
+
/* -----------------------------
|
|
80
|
+
Verify Token
|
|
81
|
+
------------------------------ */
|
|
82
|
+
async function verifyToken(token, secret) {
|
|
83
|
+
await init();
|
|
84
|
+
const key = deriveKey(secret);
|
|
85
|
+
const parts = token.split(".");
|
|
86
|
+
if (parts.length !== 2) {
|
|
87
|
+
return { valid: false, reason: "Invalid token format" };
|
|
88
|
+
}
|
|
89
|
+
const [payloadBase64, sigBase64] = parts;
|
|
90
|
+
const payload = await decrypt(payloadBase64, sodium.to_base64(secret));
|
|
91
|
+
if (payload === null) {
|
|
92
|
+
return { valid: false, reason: "Decryption failed" };
|
|
93
|
+
}
|
|
94
|
+
const json = canonicalJSON(payload);
|
|
95
|
+
const signature = sodium.from_base64(sigBase64, sodium.base64_variants.URLSAFE_NO_PADDING);
|
|
96
|
+
const isValid = sodium.crypto_sign_verify_detached(signature, sodium.from_string(json), key);
|
|
97
|
+
if (!isValid) {
|
|
98
|
+
return { valid: false, reason: "Signature verification failed" };
|
|
99
|
+
}
|
|
100
|
+
return { valid: true, payload };
|
|
101
|
+
}
|
|
49
102
|
const crypto = {
|
|
103
|
+
init,
|
|
50
104
|
encrypt,
|
|
51
105
|
decrypt,
|
|
52
106
|
encryptBuffer,
|
|
53
107
|
decryptBuffer,
|
|
54
108
|
hash,
|
|
55
|
-
|
|
109
|
+
createToken,
|
|
110
|
+
verifyToken
|
|
111
|
+
};export{createToken,decrypt,decryptBuffer,crypto as default,encrypt,encryptBuffer,hash,init,verifyToken};//# sourceMappingURL=crypto.mjs.map
|
package/include/crypto.mjs.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"crypto.mjs","sources":["../../src/include/crypto.ts"],"sourcesContent":["import sodium from \"libsodium-wrappers\";\r\nimport compresor from \"./compress\";\r\n\r\nexport type EncryptInput = string | object | any[];\r\n\r\n/** --- Key/Nonce Derivation --- */\r\nfunction deriveKey(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_KEYBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nfunction deriveNonce(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_NONCEBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\n/** --- STRING --- */\r\nexport async function encrypt(input: EncryptInput, secret: string): Promise<string> {\r\n const encrypted = await encryptBuffer(input, secret);\r\n return sodium.to_base64(encrypted);\r\n}\r\n\r\nexport async function decrypt(base64: string, secret: string): Promise<any | null> {\r\n const cipher = sodium.from_base64(base64);\r\n return await decryptBuffer(cipher, secret);\r\n}\r\n\r\n/** --- BUFFER --- */\r\n// Encrypt\r\nexport async function encryptBuffer(input: any, secret: string): Promise<Uint8Array> {\r\n await
|
|
1
|
+
{"version":3,"file":"crypto.mjs","sources":["../../src/include/crypto.ts"],"sourcesContent":["import sodium from \"libsodium-wrappers\";\r\nimport compresor from \"./compress\";\r\n\r\nexport type EncryptInput = string | object | any[];\r\n\r\n/** --- Key/Nonce Derivation --- */\r\nfunction deriveKey(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_KEYBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nfunction deriveNonce(secret: string): Uint8Array {\r\n return sodium.crypto_generichash(\r\n sodium.crypto_secretbox_NONCEBYTES,\r\n sodium.from_string(secret)\r\n );\r\n}\r\n\r\nexport async function init() {\r\n await sodium.ready;\r\n}\r\n\r\n\r\n/** --- STRING --- */\r\nexport async function encrypt(input: EncryptInput, secret: string): Promise<string> {\r\n const encrypted = await encryptBuffer(input, secret);\r\n return sodium.to_base64(encrypted);\r\n}\r\n\r\nexport async function decrypt(base64: string, secret: string): Promise<any | null> {\r\n const cipher = sodium.from_base64(base64);\r\n return await decryptBuffer(cipher, secret);\r\n}\r\n\r\n/** --- BUFFER --- */\r\n// Encrypt\r\nexport async function encryptBuffer(input: any, secret: string): Promise<Uint8Array> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const nonce = deriveNonce(secret);\r\n const compressed = await compresor.compressBuffer(input);\r\n return sodium.crypto_secretbox_easy(compressed, nonce, key);\r\n}\r\n\r\n// Decrypt\r\nexport async function decryptBuffer(box: Uint8Array, secret: string): Promise<any | null> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const nonce = deriveNonce(secret);\r\n try {\r\n const opened = sodium.crypto_secretbox_open_easy(box, nonce, key);\r\n if (!opened) return null;\r\n return await compresor.decompressBuffer(opened);\r\n } catch (error) {\r\n return null;\r\n }\r\n}\r\n\r\n/** --- HASH --- */\r\nexport async function hash(str: string): Promise<string> {\r\n await init()\r\n const digest = sodium.crypto_generichash(32, sodium.from_string(str));\r\n return sodium\r\n .to_base64(digest)\r\n .replace(/[^a-zA-Z0-9]/g, \"\")\r\n}\r\n\r\n\r\n\r\n/* -----------------------------\r\n Helper: canonical JSON\r\n------------------------------ */\r\nfunction canonicalJSON(obj: any): string {\r\n if (obj === null || typeof obj !== \"object\") return JSON.stringify(obj);\r\n if (Array.isArray(obj)) return JSON.stringify(obj.map(canonicalJSON));\r\n const keys = Object.keys(obj).sort();\r\n const result: any = {};\r\n for (const k of keys) {\r\n result[k] = obj[k];\r\n }\r\n return JSON.stringify(result);\r\n}\r\n\r\n/* -----------------------------\r\n Create Token\r\n------------------------------ */\r\nexport async function createToken(payload: Record<string, any>, secret: string): Promise<string> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const json = canonicalJSON(payload);\r\n const payloadBase64 = await encrypt(payload, sodium.to_base64(secret));\r\n\r\n const signature = sodium.crypto_sign_detached(\r\n sodium.from_string(json),\r\n key\r\n );\r\n const sigBase64 = sodium.to_base64(\r\n signature,\r\n sodium.base64_variants.URLSAFE_NO_PADDING\r\n );\r\n\r\n return `${payloadBase64}.${sigBase64}`;\r\n}\r\n\r\n/* -----------------------------\r\n Verify Token\r\n------------------------------ */\r\nexport async function verifyToken(token: string, secret: string): Promise<{ valid: boolean; payload?: any; reason?: string }> {\r\n await init()\r\n const key = deriveKey(secret);\r\n const parts = token.split(\".\");\r\n if (parts.length !== 2) {\r\n return { valid: false, reason: \"Invalid token format\" };\r\n }\r\n const [payloadBase64, sigBase64] = parts;\r\n\r\n const payload = await decrypt(payloadBase64, sodium.to_base64(secret));\r\n if (payload === null) {\r\n return { valid: false, reason: \"Decryption failed\" };\r\n }\r\n const json = canonicalJSON(payload);\r\n\r\n const signature = sodium.from_base64(\r\n sigBase64,\r\n sodium.base64_variants.URLSAFE_NO_PADDING\r\n );\r\n const isValid = sodium.crypto_sign_verify_detached(\r\n signature,\r\n sodium.from_string(json),\r\n key\r\n );\r\n if (!isValid) {\r\n return { valid: false, reason: \"Signature verification failed\" };\r\n }\r\n return { valid: true, payload };\r\n}\r\n\r\nconst crypto = {\r\n init,\r\n encrypt,\r\n decrypt,\r\n encryptBuffer,\r\n decryptBuffer,\r\n hash,\r\n createToken,\r\n verifyToken\r\n};\r\n\r\nexport default crypto;\r\n"],"names":[],"mappings":"6EAKA;AACA,SAAS,SAAS,CAAC,MAAc,EAAA;AAC9B,IAAA,OAAO,MAAM,CAAC,kBAAkB,CAC7B,MAAM,CAAC,yBAAyB,EAChC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAC5B,CAAC;AACL,CAAC;AAED,SAAS,WAAW,CAAC,MAAc,EAAA;AAChC,IAAA,OAAO,MAAM,CAAC,kBAAkB,CAC7B,MAAM,CAAC,2BAA2B,EAClC,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAC5B,CAAC;AACL,CAAC;AAEM,eAAe,IAAI,GAAA;IACvB,MAAM,MAAM,CAAC,KAAK,CAAC;AACtB,CAAC;AAGD;AACO,eAAe,OAAO,CAAC,KAAmB,EAAE,MAAc,EAAA;IAC9D,MAAM,SAAS,GAAG,MAAM,aAAa,CAAC,KAAK,EAAE,MAAM,CAAC,CAAC;AACrD,IAAA,OAAO,MAAM,CAAC,SAAS,CAAC,SAAS,CAAC,CAAC;AACtC,CAAC;AAEM,eAAe,OAAO,CAAC,MAAc,EAAE,MAAc,EAAA;IACzD,MAAM,MAAM,GAAG,MAAM,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;AAC1C,IAAA,OAAO,MAAM,aAAa,CAAC,MAAM,EAAE,MAAM,CAAC,CAAC;AAC9C,CAAC;AAED;AACA;AACO,eAAe,aAAa,CAAC,KAAU,EAAE,MAAc,EAAA;IAC3D,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,MAAM,UAAU,GAAG,MAAM,SAAS,CAAC,cAAc,CAAC,KAAK,CAAC,CAAC;IACzD,OAAO,MAAM,CAAC,qBAAqB,CAAC,UAAU,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AAC/D,CAAC;AAED;AACO,eAAe,aAAa,CAAC,GAAe,EAAE,MAAc,EAAA;IAChE,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,KAAK,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC;IAClC,IAAI;AACD,QAAA,MAAM,MAAM,GAAG,MAAM,CAAC,0BAA0B,CAAC,GAAG,EAAE,KAAK,EAAE,GAAG,CAAC,CAAC;AAClE,QAAA,IAAI,CAAC,MAAM;AAAE,YAAA,OAAO,IAAI,CAAC;AACzB,QAAA,OAAO,MAAM,SAAS,CAAC,gBAAgB,CAAC,MAAM,CAAC,CAAC;AAClD,IAAA,CAAA;AAAC,IAAA,OAAO,KAAK,EAAE;AACb,QAAA,OAAO,IAAI,CAAC;AACd,IAAA,CAAA;AACJ,CAAC;AAED;AACO,eAAe,IAAI,CAAC,GAAW,EAAA;IACnC,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,MAAM,GAAG,MAAM,CAAC,kBAAkB,CAAC,EAAE,EAAE,MAAM,CAAC,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC;AACtE,IAAA,OAAO,MAAM;SACT,SAAS,CAAC,MAAM,CAAC;AACjB,SAAA,OAAO,CAAC,eAAe,EAAE,EAAE,CAAC,CAAA;AACnC,CAAC;AAID;;AAEiC;AACjC,SAAS,aAAa,CAAC,GAAQ,EAAA;AAC5B,IAAA,IAAI,GAAG,KAAK,IAAI,IAAI,OAAO,GAAG,KAAK,QAAQ;AAAE,QAAA,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,CAAC;AACxE,IAAA,IAAI,KAAK,CAAC,OAAO,CAAC,GAAG,CAAC;QAAE,OAAO,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,GAAG,CAAC,aAAa,CAAC,CAAC,CAAC;IACtE,MAAM,IAAI,GAAG,MAAM,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,IAAI,EAAE,CAAC;IACrC,MAAM,MAAM,GAAQ,EAAE,CAAC;AACvB,IAAA,KAAK,MAAM,CAAC,IAAI,IAAI,EAAE;QACnB,MAAM,CAAC,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,CAAC,CAAC;AACrB,IAAA,CAAA;AACD,IAAA,OAAO,IAAI,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC;AACjC,CAAC;AAED;;AAEiC;AAC1B,eAAe,WAAW,CAAC,OAA4B,EAAE,MAAc,EAAA;IAC3E,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;AAC9B,IAAA,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;AACpC,IAAA,MAAM,aAAa,GAAG,MAAM,OAAO,CAAC,OAAO,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;AAEvE,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,oBAAoB,CAC1C,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EACxB,GAAG,CACL,CAAC;AACF,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,SAAS,CAC/B,SAAS,EACT,MAAM,CAAC,eAAe,CAAC,kBAAkB,CAC3C,CAAC;AAEF,IAAA,OAAO,CAAA,EAAG,aAAa,CAAA,CAAA,EAAI,SAAS,EAAE,CAAC;AAC1C,CAAC;AAED;;AAEiC;AAC1B,eAAe,WAAW,CAAC,KAAa,EAAE,MAAc,EAAA;IAC5D,MAAM,IAAI,EAAE,CAAA;AACZ,IAAA,MAAM,GAAG,GAAG,SAAS,CAAC,MAAM,CAAC,CAAC;IAC9B,MAAM,KAAK,GAAG,KAAK,CAAC,KAAK,CAAC,GAAG,CAAC,CAAC;AAC/B,IAAA,IAAI,KAAK,CAAC,MAAM,KAAK,CAAC,EAAE;QACrB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;AAC1D,IAAA,CAAA;AACD,IAAA,MAAM,CAAC,aAAa,EAAE,SAAS,CAAC,GAAG,KAAK,CAAC;AAEzC,IAAA,MAAM,OAAO,GAAG,MAAM,OAAO,CAAC,aAAa,EAAE,MAAM,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC;IACvE,IAAI,OAAO,KAAK,IAAI,EAAE;QACnB,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,mBAAmB,EAAE,CAAC;AACvD,IAAA,CAAA;AACD,IAAA,MAAM,IAAI,GAAG,aAAa,CAAC,OAAO,CAAC,CAAC;AAEpC,IAAA,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CACjC,SAAS,EACT,MAAM,CAAC,eAAe,CAAC,kBAAkB,CAC3C,CAAC;AACF,IAAA,MAAM,OAAO,GAAG,MAAM,CAAC,2BAA2B,CAC/C,SAAS,EACT,MAAM,CAAC,WAAW,CAAC,IAAI,CAAC,EACxB,GAAG,CACL,CAAC;IACF,IAAI,CAAC,OAAO,EAAE;QACX,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,MAAM,EAAE,+BAA+B,EAAE,CAAC;AACnE,IAAA,CAAA;AACD,IAAA,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,CAAC;AACnC,CAAC;AAED,MAAM,MAAM,GAAG;IACZ,IAAI;IACJ,OAAO;IACP,OAAO;IACP,aAAa;IACb,aAAa;IACb,IAAI;IACJ,WAAW;IACX,WAAW;"}
|