@safepassage/sdk
Version:
SafePassage SDK - Lightweight redirect-based age verification
4 lines (3 loc) • 14.7 kB
JavaScript
/* SafePassage SDK v3.0.0 - Redirect Implementation */
;var SafePassageSDK=(()=>{var d=Object.defineProperty;var K=Object.getOwnPropertyDescriptor;var W=Object.getOwnPropertyNames;var H=Object.prototype.hasOwnProperty;var p=(t,e)=>()=>(t&&(e=t(t=0)),e);var u=(t,e)=>{for(var i in e)d(t,i,{get:e[i],enumerable:!0})},q=(t,e,i,n)=>{if(e&&typeof e=="object"||typeof e=="function")for(let o of W(e))!H.call(t,o)&&o!==i&&d(t,o,{get:()=>e[o],enumerable:!(n=K(e,o))||n.enumerable});return t};var I=t=>q(d({},"__esModule",{value:!0}),t);function F(t,e){return E[e].includes(t)}function P(t,e,i=[]){let{origin:n}=t;return F(n,e)||i.length>0&&i.some(r=>{if(r.startsWith("*.")){let s=r.slice(2);return n.endsWith(`.${s}`)||n===`https://${s}`||n===`http://${s}`}return n===r})?!0:(console.warn(`SafePassage Security: Blocked PostMessage from untrusted origin: ${n}`,{environment:e,trustedOrigins:E[e],allowedCustomOrigins:i,eventType:t.data?.type}),!1)}function T(t,e){let{data:i}=t;return!i||typeof i!="object"?{isValid:!1,error:"Invalid message format"}:i.type!=="safepassage:verification:complete"?{isValid:!1,error:"Invalid message type"}:!i.sessionId||i.sessionId!==e?{isValid:!1,error:"Session ID mismatch"}:!i.status||!["verified","failed","cancelled"].includes(i.status)?{isValid:!1,error:"Invalid status value"}:{isValid:!0}}function U(t){if(t==="production"&&window.location.protocol!=="https:"){let e=window.location.href.replace("http:","https:");console.error("SafePassage Security: HTTPS required in production. Redirecting...",{current:window.location.href,redirect:e}),window.location.replace(e)}}function f(t,e){try{let i=new URL(t);if(e==="production"&&i.protocol!=="https:")return{isValid:!1,error:"HTTPS required for return URLs in production"};if(e==="development"&&!(i.hostname==="localhost"||i.hostname==="127.0.0.1"||i.hostname.endsWith(".local"))&&i.protocol!=="https:")return{isValid:!1,error:"Non-localhost URLs must use HTTPS"};if(e==="staging"&&i.protocol!=="https:")return{isValid:!1,error:"HTTPS required for return URLs in staging"};let n=[/data:/i,/javascript:/i,/vbscript:/i,/file:/i,/ftp:/i];for(let o of n)if(o.test(t))return{isValid:!1,error:"Blocked suspicious URL scheme"};return{isValid:!0}}catch{return{isValid:!1,error:"Invalid URL format"}}}function a(t,e){console.warn(`SafePassage Security Event: ${t}`,{timestamp:new Date().toISOString(),userAgent:navigator.userAgent,url:window.location.href,...e})}var E,g,A,h=p(()=>{"use strict";E={production:["https://verify.safepassageapp.com","https://portal.safepassageapp.com","https://api.safepassageapp.com"],staging:["https://verify-staging.safepassageapp.com","https://portal-staging.safepassageapp.com","https://api-staging.safepassageapp.com"],development:["http://localhost:5173","http://localhost:3000","http://localhost:3001","http://localhost:3002","http://127.0.0.1:5173","http://127.0.0.1:3000","http://127.0.0.1:3001","http://127.0.0.1:3002"]};g=class{constructor(){this.attempts=new Map;this.maxAttempts=5;this.timeWindow=6e4}isAllowed(e){let i=Date.now(),o=(this.attempts.get(e)||[]).filter(r=>i-r<this.timeWindow);return o.length>=this.maxAttempts?(console.warn(`SafePassage Security: Rate limit exceeded for ${e}`),!1):(o.push(i),this.attempts.set(e,o),!0)}reset(e){this.attempts.delete(e)}},A=new g});var L={};u(L,{createSignedState:()=>J,generateHMAC:()=>m,generateSecureToken:()=>V,getSigningSecret:()=>w,parseSignedState:()=>B,verifyHMAC:()=>b});async function m(t,e){let i=new TextEncoder,n=i.encode(e),o=i.encode(t),r=await crypto.subtle.importKey("raw",n,{name:"HMAC",hash:"SHA-256"},!1,["sign"]),s=await crypto.subtle.sign("HMAC",r,o);return Array.from(new Uint8Array(s)).map(l=>l.toString(16).padStart(2,"0")).join("")}async function b(t,e,i){try{let n=await m(t,i);return j(e,n)}catch{return!1}}function j(t,e){if(t.length!==e.length)return!1;let i=0;for(let n=0;n<t.length;n++)i|=t.charCodeAt(n)^e.charCodeAt(n);return i===0}function V(t=32){let e=new Uint8Array(t);return crypto.getRandomValues(e),Array.from(e,i=>i.toString(16).padStart(2,"0")).join("")}function w(t){return{production:"safepassage-prod-hmac-2025",staging:"safepassage-stage-hmac-2025",development:"safepassage-dev-hmac-2025"}[t]}async function J(t,e){let i={...t,timestamp:Date.now(),nonce:V(16)},n=JSON.stringify(i),o=w(e),r=await m(n,o);return btoa(JSON.stringify({data:i,signature:r}))}async function B(t,e,i=10*60*1e3){try{let n=atob(t),o=JSON.parse(n);if(!o.data||!o.signature)return console.warn("SafePassage: Invalid signed state format"),null;let{data:r,signature:s}=o,l=JSON.stringify(r),$=w(e);if(!await b(l,s,$))return console.warn("SafePassage: State signature verification failed"),null;if(r.timestamp){let y=Date.now()-r.timestamp;if(y>i)return console.warn("SafePassage: State parameter expired",{age:y,maxAge:i}),null}let{timestamp:ie,nonce:ne,...k}=r;return k}catch(n){return console.warn("SafePassage: Failed to parse signed state",n),null}}var x=p(()=>{"use strict"});function M(t){if(!t.apiKey)throw new Error("apiKey is required");if(!G.test(t.apiKey))throw new Error("Invalid apiKey format. Expected pk_xxx (public) or sk_xxx (private)");if(!t.returnUrl)throw new Error("returnUrl is required");if(!t.cancelUrl)throw new Error("cancelUrl is required");let e=Y(),i=f(t.returnUrl,e);if(!i.isValid)throw new Error(`returnUrl validation failed: ${i.error}`);let n=f(t.cancelUrl,e);if(!n.isValid)throw new Error(`cancelUrl validation failed: ${n.error}`);if(t.defaultChallengeAge!==void 0&&t.defaultChallengeAge<C)throw new Error(`defaultChallengeAge must be at least ${C}`);if(t.defaultVerificationMode&&!["L1","L2"].includes(t.defaultVerificationMode))throw new Error("defaultVerificationMode must be L1 or L2");if(t.mode&&!["redirect","new-tab"].includes(t.mode))throw new Error("mode must be redirect or new-tab")}function Y(){let t=window.location.hostname;return t==="localhost"||t==="127.0.0.1"||t.includes(".local")?"development":t.includes("staging")||t.includes("stage")?"staging":"production"}async function R(t,e){let{createSignedState:i}=await Promise.resolve().then(()=>(x(),L));return i(t,e)}var C,G,O=p(()=>{"use strict";h();C=25,G=/^(pk_|sk_)[a-zA-Z0-9]+$/});function v(t){let e=z[t];if((t==="production"||t==="staging")&&!e.startsWith("https://"))throw new Error(`HTTPS required for ${t} environment`);return e}function Z(t){let i={production:"https://api.safepassageapp.com",staging:"https://api-staging.safepassageapp.com",development:"http://localhost:3001"}[t];if((t==="production"||t==="staging")&&!i.startsWith("https://"))throw new Error(`HTTPS required for API URLs in ${t} environment`);return i}function D(t){let e=window.location.protocol==="https:",i=window.location.hostname;switch(t){case"production":if(!e)throw new Error("SafePassage requires HTTPS in production environment");break;case"staging":e||console.warn("SafePassage Warning: HTTPS strongly recommended in staging environment");break;case"development":let n=i==="localhost"||i==="127.0.0.1"||i.includes(".local");!e&&!n&&console.warn("SafePassage Warning: HTTPS recommended for non-localhost development");break}try{v(t),Z(t)}catch(n){throw new Error(`Environment configuration validation failed: ${n}`)}}var z,N=p(()=>{"use strict";z={production:"https://verify.safepassageapp.com",staging:"https://verify-staging.safepassageapp.com",development:"http://localhost:5173"}});var _={};u(_,{SafePassage:()=>c,default:()=>X});var c,X,S=p(()=>{"use strict";O();N();h();c=class{constructor(e){this.popupWindow=null;this.messageListener=null;this.popupMonitorInterval=null;this.unloadListener=null;this.isVerificationInProgress=!1;this.currentSessionId=null;M(e),this.config={...e,environment:e.environment||this.detectEnvironment(),mode:e.mode||"redirect"},D(this.config.environment),U(this.config.environment),a("SDK_INITIALIZED",{environment:this.config.environment,mode:this.config.mode,origin:window.location.origin,protocol:window.location.protocol,hostname:window.location.hostname}),this.setupAutoCleanup()}async verify(e={}){let i=this.isPublicKey(),n=e.sessionId;if(i&&!n&&(n=await this.createInternalSession(e)),!i&&!n)throw new Error("sessionId is required for private API keys - must be a merchant-generated UUID v4");if(!n)throw new Error("Failed to create or obtain sessionId");if(this.isVerificationInProgress){let o=new Error(`Verification already in progress for session ${this.currentSessionId?.substring(0,8)}...`);throw a("RACE_CONDITION_PREVENTED",{currentSession:this.currentSessionId?.substring(0,8)+"...",attemptedSession:e.sessionId?e.sessionId.substring(0,8)+"...":"undefined",origin:window.location.origin}),this.config.onError?.(o),o}this.isVerificationInProgress=!0,this.currentSessionId=n;try{let o=`${this.config.apiKey}:${window.location.origin}`;if(!A.isAllowed(o)){let s=new Error("Too many verification attempts. Please wait before trying again.");throw a("RATE_LIMIT_EXCEEDED",{apiKey:this.config.apiKey.substring(0,8)+"...",origin:window.location.origin,sessionId:n?n.substring(0,8)+"...":"undefined"}),this.config.onError?.(s),s}let r=await this.buildVerificationUrl({...e,sessionId:n});a("VERIFICATION_INITIATED",{environment:this.config.environment,mode:this.config.mode,sessionId:n?n.substring(0,8)+"...":"undefined",origin:window.location.origin}),this.config.mode==="new-tab"?this.openNewTab(r,n):(this.unlockVerification(),this.redirect(r))}catch(o){throw this.unlockVerification(),o}}async buildVerificationUrl(e){let i=v(this.config.environment),n=e.challengeAge!==void 0,o=e.verificationMode!==void 0,r=n||o,s=await R({merchantId:this.config.apiKey,sessionId:e.sessionId,returnUrl:this.config.returnUrl,cancelUrl:this.config.cancelUrl,challengeAge:e.challengeAge||this.config.defaultChallengeAge,verificationMode:e.verificationMode||this.config.defaultVerificationMode,hasOverrides:r,timestamp:Date.now()},this.config.environment),l=new URLSearchParams({state:s,sessionId:e.sessionId,mode:this.config.mode});return`${i}/verify?${l.toString()}`}redirect(e){window.location.href=e}openNewTab(e,i){if(this.cleanup(),this.popupMonitorInterval&&(clearInterval(this.popupMonitorInterval),this.popupMonitorInterval=null),this.popupWindow=window.open(e,"safepassage-verify","width=600,height=700"),!this.popupWindow){this.config.onError?.(new Error("Failed to open verification window. Please check popup blocker settings."));return}this.messageListener=n=>{if(!P(n,this.config.environment)){a("POSTMESSAGE_ORIGIN_BLOCKED",{origin:n.origin,environment:this.config.environment,expectedOrigins:`SafePassage trusted origins for ${this.config.environment}`,messageType:n.data?.type});return}let o=T(n,i);if(!o.isValid){a("POSTMESSAGE_VALIDATION_FAILED",{error:o.error,origin:n.origin,sessionId:i.substring(0,8)+"...",messageType:n.data?.type});return}let r={sessionId:n.data.sessionId,status:n.data.status};a("VERIFICATION_COMPLETED",{status:r.status,sessionId:i.substring(0,8)+"...",origin:n.origin}),this.cleanup(),this.unlockVerification(),this.popupMonitorInterval&&(clearInterval(this.popupMonitorInterval),this.popupMonitorInterval=null),r.status==="verified"?this.config.onComplete?.(r):r.status==="cancelled"?this.config.onCancel?.():this.config.onError?.(new Error(`Verification failed: ${r.status}`))},window.addEventListener("message",this.messageListener),this.popupMonitorInterval=setInterval(()=>{this.popupWindow&&this.popupWindow.closed&&(a("POPUP_CLOSED_BY_USER",{sessionId:i.substring(0,8)+"...",environment:this.config.environment}),this.cleanup(),this.unlockVerification(),this.config.onCancel?.())},500)}setupAutoCleanup(){if(this.unloadListener=()=>{a("SDK_AUTO_CLEANUP",{environment:this.config.environment,trigger:"page_unload"}),this.cleanup(),this.unlockVerification()},window.addEventListener("beforeunload",this.unloadListener),window.addEventListener("pagehide",this.unloadListener),window.history&&window.history.pushState){let e=window.history.pushState;window.history.pushState=(...i)=>(this.cleanup(),this.unlockVerification(),e.apply(window.history,i))}}detectEnvironment(){let e=window.location.hostname;return e==="localhost"||e==="127.0.0.1"||e.includes(".local")?"development":e.includes("staging")||e.includes("stage")?"staging":"production"}unlockVerification(){this.isVerificationInProgress=!1,this.currentSessionId=null,a("VERIFICATION_UNLOCKED",{environment:this.config.environment,origin:window.location.origin})}cleanup(){this.popupWindow&&!this.popupWindow.closed&&this.popupWindow.close(),this.popupWindow=null,this.messageListener&&(window.removeEventListener("message",this.messageListener),this.messageListener=null),this.popupMonitorInterval&&(clearInterval(this.popupMonitorInterval),this.popupMonitorInterval=null)}removeAutoCleanupListeners(){this.unloadListener&&(window.removeEventListener("beforeunload",this.unloadListener),window.removeEventListener("pagehide",this.unloadListener),this.unloadListener=null)}destroy(){a("SDK_DESTROYED",{environment:this.config.environment,origin:window.location.origin}),this.cleanup(),this.unlockVerification(),this.removeAutoCleanupListeners()}isPublicKey(){return this.config.apiKey.startsWith("pk_")}async createInternalSession(e){let i=crypto.randomUUID();try{let n=this.getPortalApiUrl(),o=await fetch(`${n}/api/v1/sessions/create`,{method:"POST",headers:{"Content-Type":"application/json",Authorization:`Bearer ${this.config.apiKey}`},body:JSON.stringify({merchantId:this.config.apiKey,sessionId:i,returnUrl:this.config.returnUrl,cancelUrl:this.config.cancelUrl,challengeAge:e.challengeAge,verificationMode:e.verificationMode,merchantName:document.title||window.location.hostname})});if(!o.ok){let s=await o.json().catch(()=>({}));throw new Error(`Failed to create session: ${o.status} ${o.statusText}. ${s.message||""}`)}let r=await o.json();return a("INTERNAL_SESSION_CREATED",{sessionId:i.substring(0,8)+"...",environment:this.config.environment,apiKeyType:"public"}),i}catch(n){let o=n instanceof Error?n.message:String(n);throw a("INTERNAL_SESSION_FAILED",{error:o,environment:this.config.environment,apiKeyType:"public"}),this.config.onError?.(n),new Error(`Failed to create verification session: ${o}`)}}getPortalApiUrl(){switch(this.config.environment){case"production":return"https://api.safepassageapp.com";case"staging":return"https://api-staging.safepassageapp.com";case"development":default:return"http://localhost:3001"}}},X=c});var ee={};u(ee,{SafePassage:()=>c,VERSION:()=>Q,default:()=>c});S();var Q="3.0.0";typeof window<"u"&&window&&(window.SafePassage=(S(),I(_)).SafePassage);return I(ee);})();
if(typeof SafePassageSDK !== "undefined" && SafePassageSDK.SafePassage) { window.SafePassage = SafePassageSDK.SafePassage; }