suunto-api-wrapper 1.0.0 → 1.1.0

package/README.md

@@ -1,5 +1,7 @@
 # suunto-api-wrapper
 
+[![npm version](https://img.shields.io/npm/v/suunto-api-wrapper.svg)](https://www.npmjs.com/package/suunto-api-wrapper)
+
 A small, typed TypeScript client for the **Suunto app API** (which is served by
 the Sports Tracker backend at `api.sports-tracker.com`).
 
@@ -34,25 +36,13 @@ If Suunto or Sports Tracker request it, this project will comply.
 
 ## Installation
 
-This package isn't published to npm yet. Install it from source:
-
 ```bash
-git clone <this-repo> suunto-api-wrapper
-cd suunto-api-wrapper
-npm install
-npm run build      # emits ESM + CJS + .d.ts into dist/
+npm install suunto-api-wrapper
 ```
 
-Then consume it from another project (e.g. via a local path or `npm link`):
-
-```jsonc
-// package.json
-{
-  "dependencies": {
-    "suunto-api-wrapper": "file:../suunto-api-wrapper"
-  }
-}
-```
+Requires **Node.js 20+** or any modern browser — it relies on the global
+`fetch` and Web Crypto APIs, so it runs in Node and the browser (e.g. Angular,
+React) with no polyfills.
 
 The package ships both **ESM** and **CommonJS** builds with full type
 declarations, so `import` and `require` both work:

package/dist/index.d.mts

@@ -64,7 +64,7 @@ declare class HttpClient {
     private buildUrl;
 }
 
-declare function generateXtotp(email: string, now?: number): string;
+declare function generateXtotp(email: string, now?: number): Promise<string>;
 declare function secondsUntilRollover(now?: number): number;
 
 interface LoginOptions {

package/dist/index.d.ts

@@ -64,7 +64,7 @@ declare class HttpClient {
     private buildUrl;
 }
 
-declare function generateXtotp(email: string, now?: number): string;
+declare function generateXtotp(email: string, now?: number): Promise<string>;
 declare function secondsUntilRollover(now?: number): number;
 
 interface LoginOptions {

package/dist/index.js

@@ -1,9 +1,7 @@
 "use strict";
-var __create = Object.create;
 var __defProp = Object.defineProperty;
 var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
 var __getOwnPropNames = Object.getOwnPropertyNames;
-var __getProtoOf = Object.getPrototypeOf;
 var __hasOwnProp = Object.prototype.hasOwnProperty;
 var __export = (target, all) => {
   for (var name in all)
@@ -17,14 +15,6 @@ var __copyProps = (to, from, except, desc) => {
   }
   return to;
 };
-var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
-  // If the importer is in node compatibility mode or this is not an ESM
-  // file that has been converted to a CommonJS file using a Babel-
-  // compatible transform (i.e. "__esModule" has not been set), then set
-  // "default" to the CommonJS "module.exports" for node compatibility.
-  isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
-  mod
-));
 var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
 
 // src/index.ts
@@ -209,32 +199,59 @@ function isAbortError(err) {
 }
 
 // src/otp/index.ts
-var import_node_crypto = __toESM(require("crypto"));
 var PART1 = "FBkubDYmN28bWVQLLTsWWhI+NAtILCNlPQc5Y";
 var PART2 = "BgiMRYjKA99Jj4HHFIqLmomOFttBQchNzcZU0QrODcDWz4hekc1QGNTPlciNhEKGl5GPDkzFyVX";
-var XOR_KEY = Buffer.from("Bh8nsTyCeC0Ql2drMen78awk84AE3ZxW");
-var RAW = Buffer.from(PART1 + PART2, "base64");
-var SHARED = Buffer.from(
-  RAW.map((b, i) => b ^ XOR_KEY[i % XOR_KEY.length])
-);
+var XOR_KEY = new TextEncoder().encode("Bh8nsTyCeC0Ql2drMen78awk84AE3ZxW");
+var RAW = base64ToBytes(PART1 + PART2);
+var SHARED = RAW.map((b, i) => b ^ XOR_KEY[i % XOR_KEY.length]);
 var PBKDF2_ITERATIONS = 100;
 var PBKDF2_KEY_LENGTH = 32;
 var TOTP_PERIOD_MS = 3e4;
 var TOTP_DIGITS = 6;
-function generateXtotp(email, now = Date.now()) {
-  const key = import_node_crypto.default.pbkdf2Sync(
-    SHARED,
-    Buffer.from(email, "utf8"),
-    PBKDF2_ITERATIONS,
-    PBKDF2_KEY_LENGTH,
-    "sha1"
+function getCrypto() {
+  const c = globalThis.crypto;
+  if (!c?.subtle) {
+    throw new Error(
+      "Web Crypto API is unavailable. Use a browser or Node 20+ (or a global `crypto` polyfill)."
+    );
+  }
+  return c;
+}
+function base64ToBytes(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
+async function generateXtotp(email, now = Date.now()) {
+  const subtle = getCrypto().subtle;
+  const baseKey = await subtle.importKey("raw", SHARED, "PBKDF2", false, [
+    "deriveBits"
+  ]);
+  const derived = await subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt: new TextEncoder().encode(email),
+      iterations: PBKDF2_ITERATIONS,
+      hash: "SHA-1"
+    },
+    baseKey,
+    PBKDF2_KEY_LENGTH * 8
+  );
+  const hmacKey = await subtle.importKey(
+    "raw",
+    derived,
+    { name: "HMAC", hash: "SHA-1" },
+    false,
+    ["sign"]
   );
   const counter = BigInt(Math.floor(now / TOTP_PERIOD_MS));
-  const msg = Buffer.allocUnsafe(8);
-  msg.writeBigUInt64BE(counter);
-  const mac = import_node_crypto.default.createHmac("sha1", key).update(msg).digest();
+  const msg = new Uint8Array(8);
+  new DataView(msg.buffer).setBigUint64(0, counter, false);
+  const mac = new Uint8Array(await subtle.sign("HMAC", hmacKey, msg));
   const offset = mac[mac.length - 1] & 15;
-  const binary = mac.readUInt32BE(offset) & 2147483647;
+  const view = new DataView(mac.buffer, mac.byteOffset, mac.byteLength);
+  const binary = view.getUint32(offset, false) & 2147483647;
   const code = binary % 10 ** TOTP_DIGITS;
   return code.toString().padStart(TOTP_DIGITS, "0");
 }
@@ -262,7 +279,7 @@ async function login(options) {
     body,
     headers: {
       "user-agent": userAgent,
-      "x-totp": generateXtotp(email),
+      "x-totp": await generateXtotp(email),
       "content-type": "application/x-www-form-urlencoded"
     }
   });
@@ -368,8 +385,8 @@ var SuuntoClient = class _SuuntoClient {
       baseUrl: baseUrl ?? SPORTS_TRACKER_API,
       headers: { "user-agent": userAgent, ...headers },
       ...rest,
-      beforeRequest: (ctx) => {
-        if (email) ctx.headers["x-totp"] = generateXtotp(email);
+      beforeRequest: async (ctx) => {
+        if (email) ctx.headers["x-totp"] = await generateXtotp(email);
         if (sessionKey) ctx.headers["sttauthorization"] = sessionKey;
       }
     });

package/dist/index.mjs

@@ -157,32 +157,59 @@ function isAbortError(err) {
 }
 
 // src/otp/index.ts
-import crypto from "crypto";
 var PART1 = "FBkubDYmN28bWVQLLTsWWhI+NAtILCNlPQc5Y";
 var PART2 = "BgiMRYjKA99Jj4HHFIqLmomOFttBQchNzcZU0QrODcDWz4hekc1QGNTPlciNhEKGl5GPDkzFyVX";
-var XOR_KEY = Buffer.from("Bh8nsTyCeC0Ql2drMen78awk84AE3ZxW");
-var RAW = Buffer.from(PART1 + PART2, "base64");
-var SHARED = Buffer.from(
-  RAW.map((b, i) => b ^ XOR_KEY[i % XOR_KEY.length])
-);
+var XOR_KEY = new TextEncoder().encode("Bh8nsTyCeC0Ql2drMen78awk84AE3ZxW");
+var RAW = base64ToBytes(PART1 + PART2);
+var SHARED = RAW.map((b, i) => b ^ XOR_KEY[i % XOR_KEY.length]);
 var PBKDF2_ITERATIONS = 100;
 var PBKDF2_KEY_LENGTH = 32;
 var TOTP_PERIOD_MS = 3e4;
 var TOTP_DIGITS = 6;
-function generateXtotp(email, now = Date.now()) {
-  const key = crypto.pbkdf2Sync(
-    SHARED,
-    Buffer.from(email, "utf8"),
-    PBKDF2_ITERATIONS,
-    PBKDF2_KEY_LENGTH,
-    "sha1"
+function getCrypto() {
+  const c = globalThis.crypto;
+  if (!c?.subtle) {
+    throw new Error(
+      "Web Crypto API is unavailable. Use a browser or Node 20+ (or a global `crypto` polyfill)."
+    );
+  }
+  return c;
+}
+function base64ToBytes(b64) {
+  const binary = atob(b64);
+  const bytes = new Uint8Array(binary.length);
+  for (let i = 0; i < binary.length; i++) bytes[i] = binary.charCodeAt(i);
+  return bytes;
+}
+async function generateXtotp(email, now = Date.now()) {
+  const subtle = getCrypto().subtle;
+  const baseKey = await subtle.importKey("raw", SHARED, "PBKDF2", false, [
+    "deriveBits"
+  ]);
+  const derived = await subtle.deriveBits(
+    {
+      name: "PBKDF2",
+      salt: new TextEncoder().encode(email),
+      iterations: PBKDF2_ITERATIONS,
+      hash: "SHA-1"
+    },
+    baseKey,
+    PBKDF2_KEY_LENGTH * 8
+  );
+  const hmacKey = await subtle.importKey(
+    "raw",
+    derived,
+    { name: "HMAC", hash: "SHA-1" },
+    false,
+    ["sign"]
   );
   const counter = BigInt(Math.floor(now / TOTP_PERIOD_MS));
-  const msg = Buffer.allocUnsafe(8);
-  msg.writeBigUInt64BE(counter);
-  const mac = crypto.createHmac("sha1", key).update(msg).digest();
+  const msg = new Uint8Array(8);
+  new DataView(msg.buffer).setBigUint64(0, counter, false);
+  const mac = new Uint8Array(await subtle.sign("HMAC", hmacKey, msg));
   const offset = mac[mac.length - 1] & 15;
-  const binary = mac.readUInt32BE(offset) & 2147483647;
+  const view = new DataView(mac.buffer, mac.byteOffset, mac.byteLength);
+  const binary = view.getUint32(offset, false) & 2147483647;
   const code = binary % 10 ** TOTP_DIGITS;
   return code.toString().padStart(TOTP_DIGITS, "0");
 }
@@ -210,7 +237,7 @@ async function login(options) {
     body,
     headers: {
       "user-agent": userAgent,
-      "x-totp": generateXtotp(email),
+      "x-totp": await generateXtotp(email),
       "content-type": "application/x-www-form-urlencoded"
     }
   });
@@ -316,8 +343,8 @@ var SuuntoClient = class _SuuntoClient {
       baseUrl: baseUrl ?? SPORTS_TRACKER_API,
       headers: { "user-agent": userAgent, ...headers },
       ...rest,
-      beforeRequest: (ctx) => {
-        if (email) ctx.headers["x-totp"] = generateXtotp(email);
+      beforeRequest: async (ctx) => {
+        if (email) ctx.headers["x-totp"] = await generateXtotp(email);
         if (sessionKey) ctx.headers["sttauthorization"] = sessionKey;
       }
     });

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "suunto-api-wrapper",
-  "version": "1.0.0",
+  "version": "1.1.0",
   "description": "Unofficial typed TypeScript client for the Suunto app API (Sports Tracker backend). Not affiliated with or endorsed by Suunto or Sports Tracker.",
   "repository": {
     "url": "https://github.com/Marius-Ar/suunto-api-wrapper"
@@ -18,6 +18,9 @@
   "files": [
     "dist"
   ],
+  "engines": {
+    "node": ">=20"
+  },
   "scripts": {
     "build": "tsup",
     "dev": "tsup --watch",