UNPKG

client-trace

Version:

A comprehensive client-side security and telemetry library. Features device fingerprinting, bot detection, network tampering analysis, and secure transport.

client-trace-demo-production.up.railway.app

deepsingh245/client-trace

51 lines (44 loc) 1.72 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
/** * Request Payload Signing * Signs outgoing telemetry using HMAC-SHA256 to ensure authenticity and integrity. */ /** * Signs a payload object. * @param {object} payload - The data to sign. * @param {string} secret - The shared secret key. * @returns {Promise<{ payload: object, timestamp: number, signature: string }>} */ export async function signPayload(payload, secret) { const timestamp = Date.now(); // Canonical JSON stringify (simple version: sort keys) // For robust canonicalization, a library might be needed, but this suffices for simple objects. const canonicalize = (obj) => { if (typeof obj !== 'object' || obj === null) return JSON.stringify(obj); if (Array.isArray(obj)) return JSON.stringify(obj.map(canonicalize)); const sortedKeys = Object.keys(obj).sort(); const result = {}; sortedKeys.forEach(key => { result[key] = obj[key]; }); return JSON.stringify(result); }; const dataString = canonicalize(payload) + timestamp; const encoder = new TextEncoder(); const keyData = encoder.encode(secret); const messageData = encoder.encode(dataString); const key = await crypto.subtle.importKey( 'raw', keyData, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'] ); const signature = await crypto.subtle.sign('HMAC', key, messageData); const signatureArray = Array.from(new Uint8Array(signature)); const signatureHex = signatureArray.map(b => b.toString(16).padStart(2, '0')).join(''); return { payload, timestamp, signature: signatureHex }; }