UNPKG

@trap_stevo/veripath

Version:

The pinnacle of real-time encrypted routing and session-bound communication through a precision-crafted middleware system. Empowering developers to secure every route with dynamic request decryption, intelligent session validation, and seamless encrypted

117 lines (116 loc) 3.9 kB
"use strict"; const crypto = require("crypto"); const { RouteSecurityEngine } = require("../RouteSecurityEngine.js"); const { veriVaultManager } = require("./VeriVaultManager.js"); const { linkTracker } = require("./LinkTracker.js"); function createDecryptRequest(config = {}) { const engine = new RouteSecurityEngine(config); const defaultAgents = ["verilink-node", "verilink-browser"]; const expectedAgents = Array.isArray(config.expectedUserAgents) ? config.expectedUserAgents : typeof config.expectedUserAgent === "string" ? [config.expectedUserAgent] : defaultAgents; return async function decryptRequest(req, res, next) { try { const vlinkTime = parseInt(req.headers["x-vlink-claim-timestamp"]); const vlinkDevice = req.headers["x-vlink-device"] || undefined; const vlinkClaim = req.headers["x-vlink-claim"]; const vlinkID = req.headers["x-vlink-id"]; const vlink = req.headers["x-vlink"]; if (!vlink || !vlinkID || !vlinkClaim || !vlinkTime) { return res.status(400).json({ error: "Unauthorized ~ missing required data" }); } const sessionKey = await veriVaultManager.getKey(req); if (!sessionKey) { return res.status(401).json({ error: "Unauthorized ~ missing required data" }); } const expectedID = crypto.createHmac("sha256", Buffer.from(sessionKey)).update(vlink).digest("base64"); if (expectedID !== vlinkID) { return res.status(401).json({ error: "Unauthorized" }); } const sessionHash = crypto.createHash("sha256").update(Buffer.from(sessionKey)).digest("hex"); const fresh = linkTracker.register(sessionHash, vlink); if (!fresh) { return res.status(401).json({ error: "Unauthorized" }); } let claimAuthorized = false; for (const agent of expectedAgents) { const payload = { deviceID: vlinkDevice, timestamp: vlinkTime, userAgent: agent }; const expectedClaim = crypto.createHmac("sha256", Buffer.from(sessionKey)).update(JSON.stringify(payload)).digest("base64"); if (expectedClaim === vlinkClaim) { claimAuthorized = true; break; } } if (!claimAuthorized) { return res.status(401).json({ error: "Unauthorized" }); } const now = Date.now(); if (Math.abs(now - vlinkTime) > 5 * 60 * 1000) { return res.status(401).json({ error: "Unauthorized" }); } if (req.method === "POST" && req.body?.encrypted) { req.vData = await engine.decrypt(req.body.encrypted, sessionKey); } else if (req.method === "GET" && req.query?.encrypted) { const decrypted = await engine.decrypt(req.query.encrypted, sessionKey); req.vData = decrypted; } next(); } catch (error) { console.log("🔐 [VeriPath] ~ Error ~", error); res.status(400).json({ error: "Unauthorized" }); } }; } ; function createEncryptResponse(config = {}) { const engine = new RouteSecurityEngine(config); return async function encryptResponse(req, ress, next) { ress.vSend = async function (data) { try { const sessionKey = await veriVaultManager.getKey(req); if (!sessionKey) { return ress.status(401).send({ error: "Unauthorized ~ missing data" }); } const encrypted = await engine.encrypt(data, sessionKey); return ress.status(200).send({ encrypted }); } catch (error) { console.log("🔐 [VeriPath] ~ Encryption error ~", error); return ress.status(500).send({ error: "Unauthorized" }); } }; next(); }; } ; module.exports = { createDecryptRequest, createEncryptResponse };