UNPKG

@safepassage/sdk

Version:

SafePassage SDK - Lightweight redirect-based age verification

docs.safepassageapp.com/sdk

safepassageapp/sdk

32 lines (31 loc) 1.22 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
/** * Crypto utilities for browser-compatible SDKs. * * These utilities handle HMAC signing, state parameter protection, and secure * token generation for client-side tamper resistance. * * IMPORTANT SECURITY NOTE: * Client-side cryptography provides defense-in-depth but cannot be considered * secure against determined attackers. Server-side validation is required for * real security. */ /** * Generate HMAC-SHA256 signature using Web Crypto API */ export declare function generateHMAC(data: string, secret: string): Promise<string>; /** * Verify HMAC-SHA256 signature using Web Crypto API */ export declare function verifyHMAC(data: string, signature: string, secret: string): Promise<boolean>; /** * Generate a secure random token for client-side use */ export declare function generateSecureToken(length?: number): string; /** * Create signed state parameter with timestamp and integrity protection */ export declare function createSignedState(payload: unknown, hmacSecret: string): Promise<string>; /** * Verify and parse signed state parameter */ export declare function parseSignedState(signedState: string, hmacSecret: string, maxAge?: number, logLabel?: string): Promise<unknown | null>;