@safepassage/sdk
Version:
SafePassage SDK - Lightweight redirect-based age verification
51 lines (50 loc) • 1.78 kB
TypeScript
/**
* Security utilities for the SDK.
* Enhanced origin validation and security enforcement.
*/
/**
* Validate if an origin is trusted for the given environment
*/
export declare function isOriginTrusted(origin: string, trustedOrigins: string[]): boolean;
/**
* Enhanced origin validation with logging and strict allowlist
*/
export declare function validatePostMessageOrigin(event: MessageEvent, trustedOrigins: string[], allowedCustomOrigins?: string[], logLabel?: string): boolean;
/**
* Validate verification message format and content
*/
export declare function validateVerificationMessage(event: MessageEvent, expectedSessionId: string, expectedMessageType: string, legacyMessageType?: string): {
isValid: boolean;
error?: string;
};
/**
* Enforce HTTPS in production environment
*/
export declare function enforceHTTPS(environment: 'production' | 'staging', logLabel?: string): void;
/**
* Validate URL security for return/cancel URLs
*/
export declare function validateReturnUrl(url: string, environment: 'production' | 'staging', _logLabel?: string): {
isValid: boolean;
error?: string;
};
/**
* Generate secure session ID with entropy validation
*/
export declare function generateSecureSessionId(): string;
/**
* Rate limiting for verification attempts
*/
declare class VerificationRateLimit {
private attempts;
private readonly maxAttempts;
private readonly timeWindow;
isAllowed(identifier: string, logLabel?: string): boolean;
reset(identifier: string): void;
}
export declare const verificationRateLimit: VerificationRateLimit;
/**
* Log security events with consistent formatting
*/
export declare function logSecurityEvent(event: string, metadata: Record<string, unknown>, logLabel?: string): void;
export {};