genuine-browser
Version:
A package to detect browser requests using cryptographic challenge-response mechanism.
746 lines (745 loc) • 25.2 kB
JavaScript
"use strict";
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
try {
var info = gen[key](arg);
var value = info.value;
} catch (error) {
reject(error);
return;
}
if (info.done) {
resolve(value);
} else {
Promise.resolve(value).then(_next, _throw);
}
}
function _async_to_generator(fn) {
return function() {
var self = this, args = arguments;
return new Promise(function(resolve, reject) {
var gen = fn.apply(self, args);
function _next(value) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
}
function _throw(err) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
}
_next(undefined);
});
};
}
function _type_of(obj) {
"@swc/helpers - typeof";
return obj && typeof Symbol !== "undefined" && obj.constructor === Symbol ? "symbol" : typeof obj;
}
function _ts_generator(thisArg, body) {
var f, y, t, g, _ = {
label: 0,
sent: function() {
if (t[0] & 1) throw t[1];
return t[1];
},
trys: [],
ops: []
};
return g = {
next: verb(0),
"throw": verb(1),
"return": verb(2)
}, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
return this;
}), g;
function verb(n) {
return function(v) {
return step([
n,
v
]);
};
}
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while(_)try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [
op[0] & 2,
t.value
];
switch(op[0]){
case 0:
case 1:
t = op;
break;
case 4:
_.label++;
return {
value: op[1],
done: false
};
case 5:
_.label++;
y = op[1];
op = [
0
];
continue;
case 7:
op = _.ops.pop();
_.trys.pop();
continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
_ = 0;
continue;
}
if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
_.label = op[1];
break;
}
if (op[0] === 6 && _.label < t[1]) {
_.label = t[1];
t = op;
break;
}
if (t && _.label < t[2]) {
_.label = t[2];
_.ops.push(op);
break;
}
if (t[2]) _.ops.pop();
_.trys.pop();
continue;
}
op = body.call(thisArg, _);
} catch (e) {
op = [
6,
e
];
y = 0;
} finally{
f = t = 0;
}
if (op[0] & 5) throw op[1];
return {
value: op[0] ? op[1] : void 0,
done: true
};
}
}
var __defProp = Object.defineProperty;
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
var __getOwnPropNames = Object.getOwnPropertyNames;
var __hasOwnProp = Object.prototype.hasOwnProperty;
var __export = function(target, all) {
for(var name in all)__defProp(target, name, {
get: all[name],
enumerable: true
});
};
var __copyProps = function(to, from, except, desc) {
if (from && (typeof from === "undefined" ? "undefined" : _type_of(from)) === "object" || typeof from === "function") {
var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
try {
var _loop = function() {
var key = _step.value;
if (!__hasOwnProp.call(to, key) && key !== except) __defProp(to, key, {
get: function() {
return from[key];
},
enumerable: !(desc = __getOwnPropDesc(from, key)) || desc.enumerable
});
};
for(var _iterator = __getOwnPropNames(from)[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true)_loop();
} catch (err) {
_didIteratorError = true;
_iteratorError = err;
} finally{
try {
if (!_iteratorNormalCompletion && _iterator.return != null) {
_iterator.return();
}
} finally{
if (_didIteratorError) {
throw _iteratorError;
}
}
}
}
return to;
};
var __toCommonJS = function(mod) {
return __copyProps(__defProp({}, "__esModule", {
value: true
}), mod);
};
// src/index.ts
var src_exports = {};
__export(src_exports, {
exportPublicKey: function() {
return exportPublicKey;
},
fetchChallenge: function() {
return fetchChallenge;
},
generateKeyPair: function() {
return generateKeyPair;
},
isBrowserRequestValid: function() {
return isBrowserRequestValid;
},
retrieveKeysForValidation: function() {
return retrieveKeysForValidation;
},
setupBrowserDetection: function() {
return setupBrowserDetection;
},
signChallenge: function() {
return signChallenge;
},
storePrivateKey: function() {
return storePrivateKey;
},
validateBrowser: function() {
return validateBrowser;
}
});
module.exports = __toCommonJS(src_exports);
var BASE_URL = "https://nextjs-reusables.vercel.app/api";
function generateKeyPair() {
return _generateKeyPair.apply(this, arguments);
}
function _generateKeyPair() {
_generateKeyPair = _async_to_generator(function() {
var keyPair;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
window.crypto.subtle.generateKey({
name: "ECDSA",
namedCurve: "P-256"
}, false, [
"sign",
"verify"
])
];
case 1:
keyPair = _state.sent();
return [
2,
keyPair
];
}
});
});
return _generateKeyPair.apply(this, arguments);
}
function storePrivateKey(key) {
return _storePrivateKey.apply(this, arguments);
}
function _storePrivateKey() {
_storePrivateKey = _async_to_generator(function(key) {
var db, tx, store, request;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
openDB()
];
case 1:
db = _state.sent();
tx = db.transaction("keys", "readwrite");
store = tx.objectStore("keys");
request = store.put(key, "privateKey");
return [
4,
new Promise(function(resolve, reject) {
request.onsuccess = function() {
return resolve();
};
request.onerror = function() {
return reject(request.error);
};
})
];
case 2:
_state.sent();
return [
2
];
}
});
});
return _storePrivateKey.apply(this, arguments);
}
function openDB() {
return _openDB.apply(this, arguments);
}
function _openDB() {
_openDB = _async_to_generator(function() {
return _ts_generator(this, function(_state) {
return [
2,
new Promise(function(resolve, reject) {
var request = indexedDB.open("browser-detection-db", 1);
request.onupgradeneeded = function() {
var db = request.result;
db.createObjectStore("keys");
};
request.onsuccess = function() {
resolve(request.result);
};
request.onerror = function() {
reject(request.error);
};
})
];
});
});
return _openDB.apply(this, arguments);
}
function exportPublicKey(key) {
return _exportPublicKey.apply(this, arguments);
}
function _exportPublicKey() {
_exportPublicKey = _async_to_generator(function(key) {
var exported, publicKeyBase64;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
window.crypto.subtle.exportKey("spki", key)
];
case 1:
exported = _state.sent();
publicKeyBase64 = arrayBufferToBase64(exported);
return [
2,
publicKeyBase64
];
}
});
});
return _exportPublicKey.apply(this, arguments);
}
function setupBrowserDetection() {
return _setupBrowserDetection.apply(this, arguments);
}
function _setupBrowserDetection() {
_setupBrowserDetection = _async_to_generator(function() {
var keyPair, publicKey, response, data;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
generateKeyPair()
];
case 1:
keyPair = _state.sent();
return [
4,
storePrivateKey(keyPair.privateKey)
];
case 2:
_state.sent();
return [
4,
exportPublicKey(keyPair.publicKey)
];
case 3:
publicKey = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/register-public-key"), {
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
publicKey: publicKey
})
})
];
case 4:
response = _state.sent();
return [
4,
response.json()
];
case 5:
data = _state.sent();
if (data.token) {
localStorage.setItem("authToken", data.token);
}
return [
2
];
}
});
});
return _setupBrowserDetection.apply(this, arguments);
}
function getPrivateKeyFromStorage() {
return _getPrivateKeyFromStorage.apply(this, arguments);
}
function _getPrivateKeyFromStorage() {
_getPrivateKeyFromStorage = _async_to_generator(function() {
var db, tx, store;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
openDB()
];
case 1:
db = _state.sent();
tx = db.transaction("keys", "readonly");
store = tx.objectStore("keys");
return [
2,
new Promise(function(resolve, reject) {
var request = store.get("privateKey");
request.onsuccess = function() {
var privateKey = request.result;
resolve(privateKey || null);
};
request.onerror = function() {
reject(request.error);
};
})
];
}
});
});
return _getPrivateKeyFromStorage.apply(this, arguments);
}
function fetchChallenge() {
return _fetchChallenge.apply(this, arguments);
}
function _fetchChallenge() {
_fetchChallenge = _async_to_generator(function() {
var token, response, data;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
token = localStorage.getItem("authToken");
return [
4,
fetch("".concat(BASE_URL, "/get-challenge"), {
method: "GET",
headers: {
Authorization: "Bearer ".concat(token)
}
})
];
case 1:
response = _state.sent();
return [
4,
response.json()
];
case 2:
data = _state.sent();
return [
2,
data.challenge
];
}
});
});
return _fetchChallenge.apply(this, arguments);
}
function signChallenge(challenge) {
return _signChallenge.apply(this, arguments);
}
function _signChallenge() {
_signChallenge = _async_to_generator(function(challenge) {
var privateKey, encoder, data, signature, signatureBase64;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
getPrivateKeyFromStorage()
];
case 1:
privateKey = _state.sent();
if (!privateKey) {
throw new Error("Private key not found in storage");
}
encoder = new TextEncoder();
data = encoder.encode(challenge);
return [
4,
window.crypto.subtle.sign({
name: "ECDSA",
hash: {
name: "SHA-256"
}
}, privateKey, data)
];
case 2:
signature = _state.sent();
signatureBase64 = arrayBufferToBase64(signature);
return [
2,
signatureBase64
];
}
});
});
return _signChallenge.apply(this, arguments);
}
function arrayBufferToBase64(buffer) {
var byteArray = new Uint8Array(buffer);
var binary = "";
for(var i = 0; i < byteArray.byteLength; i++){
binary += String.fromCharCode(byteArray[i]);
}
return window.btoa(binary);
}
function isBrowserRequestValid() {
return _isBrowserRequestValid.apply(this, arguments);
}
function _isBrowserRequestValid() {
_isBrowserRequestValid = _async_to_generator(function() {
var token, challenge, signature, response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
5,
,
6
]);
token = localStorage.getItem("authToken");
return [
4,
fetchChallenge()
];
case 1:
challenge = _state.sent();
return [
4,
signChallenge(challenge)
];
case 2:
signature = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/validate-browser"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 3:
response = _state.sent();
if (!response.ok) {
return [
2,
false
];
}
return [
4,
response.json()
];
case 4:
data = _state.sent();
return [
2,
data.valid === true
];
case 5:
error = _state.sent();
console.error("Error validating browser request:", error);
return [
2,
false
];
case 6:
return [
2
];
}
});
});
return _isBrowserRequestValid.apply(this, arguments);
}
function retrieveKeysForValidation() {
return _retrieveKeysForValidation.apply(this, arguments);
}
function _retrieveKeysForValidation() {
_retrieveKeysForValidation = _async_to_generator(function() {
var token, challenge, signature, response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
5,
,
6
]);
token = localStorage.getItem("authToken");
return [
4,
fetchChallenge()
];
case 1:
challenge = _state.sent();
return [
4,
signChallenge(challenge)
];
case 2:
signature = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/retrieve-keys"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 3:
response = _state.sent();
if (!response.ok) {
return [
2,
{
token: "",
challenge: "",
signature: ""
}
];
}
return [
4,
response.json()
];
case 4:
data = _state.sent();
data.token = token;
return [
2,
data
];
case 5:
error = _state.sent();
console.error("Error retrieving keys:", error);
return [
2,
{
token: "",
challenge: "",
signature: ""
}
];
case 6:
return [
2
];
}
});
});
return _retrieveKeysForValidation.apply(this, arguments);
}
function validateBrowser(token, challenge, signature) {
return _validateBrowser.apply(this, arguments);
}
function _validateBrowser() {
_validateBrowser = _async_to_generator(function(token, challenge, signature) {
var response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
3,
,
4
]);
return [
4,
fetch("".concat(BASE_URL, "/validate-browser"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 1:
response = _state.sent();
if (!response.ok) {
return [
2,
false
];
}
return [
4,
response.json()
];
case 2:
data = _state.sent();
return [
2,
data.valid === true
];
case 3:
error = _state.sent();
console.error("Error validating the browser:", error);
return [
2,
false
];
case 4:
return [
2
];
}
});
});
return _validateBrowser.apply(this, arguments);
}
// Annotate the CommonJS export names for ESM import in node:
0 && (module.exports = {
exportPublicKey: exportPublicKey,
fetchChallenge: fetchChallenge,
generateKeyPair: generateKeyPair,
isBrowserRequestValid: isBrowserRequestValid,
retrieveKeysForValidation: retrieveKeysForValidation,
setupBrowserDetection: setupBrowserDetection,
signChallenge: signChallenge,
storePrivateKey: storePrivateKey,
validateBrowser: validateBrowser
});