UNPKG

genuine-browser

Version:

A package to detect browser requests using cryptographic challenge-response mechanism.

653 lines (652 loc) 22.2 kB
// src/index.ts function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) { try { var info = gen[key](arg); var value = info.value; } catch (error) { reject(error); return; } if (info.done) { resolve(value); } else { Promise.resolve(value).then(_next, _throw); } } function _async_to_generator(fn) { return function() { var self = this, args = arguments; return new Promise(function(resolve, reject) { var gen = fn.apply(self, args); function _next(value) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value); } function _throw(err) { asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err); } _next(undefined); }); }; } function _ts_generator(thisArg, body) { var f, y, t, g, _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }; return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g; function verb(n) { return function(v) { return step([ n, v ]); }; } function step(op) { if (f) throw new TypeError("Generator is already executing."); while(_)try { if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t; if (y = 0, t) op = [ op[0] & 2, t.value ]; switch(op[0]){ case 0: case 1: t = op; break; case 4: _.label++; return { value: op[1], done: false }; case 5: _.label++; y = op[1]; op = [ 0 ]; continue; case 7: op = _.ops.pop(); _.trys.pop(); continue; default: if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; } if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) { _.label = op[1]; break; } if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; } if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; } if (t[2]) _.ops.pop(); _.trys.pop(); continue; } op = body.call(thisArg, _); } catch (e) { op = [ 6, e ]; y = 0; } finally{ f = t = 0; } if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true }; } } var BASE_URL = "https://nextjs-reusables.vercel.app/api"; function generateKeyPair() { return _generateKeyPair.apply(this, arguments); } function _generateKeyPair() { _generateKeyPair = _async_to_generator(function() { var keyPair; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, window.crypto.subtle.generateKey({ name: "ECDSA", namedCurve: "P-256" }, false, [ "sign", "verify" ]) ]; case 1: keyPair = _state.sent(); return [ 2, keyPair ]; } }); }); return _generateKeyPair.apply(this, arguments); } function storePrivateKey(key) { return _storePrivateKey.apply(this, arguments); } function _storePrivateKey() { _storePrivateKey = _async_to_generator(function(key) { var db, tx, store, request; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, openDB() ]; case 1: db = _state.sent(); tx = db.transaction("keys", "readwrite"); store = tx.objectStore("keys"); request = store.put(key, "privateKey"); return [ 4, new Promise(function(resolve, reject) { request.onsuccess = function() { return resolve(); }; request.onerror = function() { return reject(request.error); }; }) ]; case 2: _state.sent(); return [ 2 ]; } }); }); return _storePrivateKey.apply(this, arguments); } function openDB() { return _openDB.apply(this, arguments); } function _openDB() { _openDB = _async_to_generator(function() { return _ts_generator(this, function(_state) { return [ 2, new Promise(function(resolve, reject) { var request = indexedDB.open("browser-detection-db", 1); request.onupgradeneeded = function() { var db = request.result; db.createObjectStore("keys"); }; request.onsuccess = function() { resolve(request.result); }; request.onerror = function() { reject(request.error); }; }) ]; }); }); return _openDB.apply(this, arguments); } function exportPublicKey(key) { return _exportPublicKey.apply(this, arguments); } function _exportPublicKey() { _exportPublicKey = _async_to_generator(function(key) { var exported, publicKeyBase64; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, window.crypto.subtle.exportKey("spki", key) ]; case 1: exported = _state.sent(); publicKeyBase64 = arrayBufferToBase64(exported); return [ 2, publicKeyBase64 ]; } }); }); return _exportPublicKey.apply(this, arguments); } function setupBrowserDetection() { return _setupBrowserDetection.apply(this, arguments); } function _setupBrowserDetection() { _setupBrowserDetection = _async_to_generator(function() { var keyPair, publicKey, response, data; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, generateKeyPair() ]; case 1: keyPair = _state.sent(); return [ 4, storePrivateKey(keyPair.privateKey) ]; case 2: _state.sent(); return [ 4, exportPublicKey(keyPair.publicKey) ]; case 3: publicKey = _state.sent(); return [ 4, fetch("".concat(BASE_URL, "/register-public-key"), { method: "POST", headers: { "Content-Type": "application/json" }, body: JSON.stringify({ publicKey: publicKey }) }) ]; case 4: response = _state.sent(); return [ 4, response.json() ]; case 5: data = _state.sent(); if (data.token) { localStorage.setItem("authToken", data.token); } return [ 2 ]; } }); }); return _setupBrowserDetection.apply(this, arguments); } function getPrivateKeyFromStorage() { return _getPrivateKeyFromStorage.apply(this, arguments); } function _getPrivateKeyFromStorage() { _getPrivateKeyFromStorage = _async_to_generator(function() { var db, tx, store; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, openDB() ]; case 1: db = _state.sent(); tx = db.transaction("keys", "readonly"); store = tx.objectStore("keys"); return [ 2, new Promise(function(resolve, reject) { var request = store.get("privateKey"); request.onsuccess = function() { var privateKey = request.result; resolve(privateKey || null); }; request.onerror = function() { reject(request.error); }; }) ]; } }); }); return _getPrivateKeyFromStorage.apply(this, arguments); } function fetchChallenge() { return _fetchChallenge.apply(this, arguments); } function _fetchChallenge() { _fetchChallenge = _async_to_generator(function() { var token, response, data; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: token = localStorage.getItem("authToken"); return [ 4, fetch("".concat(BASE_URL, "/get-challenge"), { method: "GET", headers: { Authorization: "Bearer ".concat(token) } }) ]; case 1: response = _state.sent(); return [ 4, response.json() ]; case 2: data = _state.sent(); return [ 2, data.challenge ]; } }); }); return _fetchChallenge.apply(this, arguments); } function signChallenge(challenge) { return _signChallenge.apply(this, arguments); } function _signChallenge() { _signChallenge = _async_to_generator(function(challenge) { var privateKey, encoder, data, signature, signatureBase64; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: return [ 4, getPrivateKeyFromStorage() ]; case 1: privateKey = _state.sent(); if (!privateKey) { throw new Error("Private key not found in storage"); } encoder = new TextEncoder(); data = encoder.encode(challenge); return [ 4, window.crypto.subtle.sign({ name: "ECDSA", hash: { name: "SHA-256" } }, privateKey, data) ]; case 2: signature = _state.sent(); signatureBase64 = arrayBufferToBase64(signature); return [ 2, signatureBase64 ]; } }); }); return _signChallenge.apply(this, arguments); } function arrayBufferToBase64(buffer) { var byteArray = new Uint8Array(buffer); var binary = ""; for(var i = 0; i < byteArray.byteLength; i++){ binary += String.fromCharCode(byteArray[i]); } return window.btoa(binary); } function isBrowserRequestValid() { return _isBrowserRequestValid.apply(this, arguments); } function _isBrowserRequestValid() { _isBrowserRequestValid = _async_to_generator(function() { var token, challenge, signature, response, data, error; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: _state.trys.push([ 0, 5, , 6 ]); token = localStorage.getItem("authToken"); return [ 4, fetchChallenge() ]; case 1: challenge = _state.sent(); return [ 4, signChallenge(challenge) ]; case 2: signature = _state.sent(); return [ 4, fetch("".concat(BASE_URL, "/validate-browser"), { method: "POST", headers: { Authorization: "Bearer ".concat(token), // Include token in Authorization header "Content-Type": "application/json" }, body: JSON.stringify({ challenge: challenge, signature: signature }) }) ]; case 3: response = _state.sent(); if (!response.ok) { return [ 2, false ]; } return [ 4, response.json() ]; case 4: data = _state.sent(); return [ 2, data.valid === true ]; case 5: error = _state.sent(); console.error("Error validating browser request:", error); return [ 2, false ]; case 6: return [ 2 ]; } }); }); return _isBrowserRequestValid.apply(this, arguments); } function retrieveKeysForValidation() { return _retrieveKeysForValidation.apply(this, arguments); } function _retrieveKeysForValidation() { _retrieveKeysForValidation = _async_to_generator(function() { var token, challenge, signature, response, data, error; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: _state.trys.push([ 0, 5, , 6 ]); token = localStorage.getItem("authToken"); return [ 4, fetchChallenge() ]; case 1: challenge = _state.sent(); return [ 4, signChallenge(challenge) ]; case 2: signature = _state.sent(); return [ 4, fetch("".concat(BASE_URL, "/retrieve-keys"), { method: "POST", headers: { Authorization: "Bearer ".concat(token), // Include token in Authorization header "Content-Type": "application/json" }, body: JSON.stringify({ challenge: challenge, signature: signature }) }) ]; case 3: response = _state.sent(); if (!response.ok) { return [ 2, { token: "", challenge: "", signature: "" } ]; } return [ 4, response.json() ]; case 4: data = _state.sent(); data.token = token; return [ 2, data ]; case 5: error = _state.sent(); console.error("Error retrieving keys:", error); return [ 2, { token: "", challenge: "", signature: "" } ]; case 6: return [ 2 ]; } }); }); return _retrieveKeysForValidation.apply(this, arguments); } function validateBrowser(token, challenge, signature) { return _validateBrowser.apply(this, arguments); } function _validateBrowser() { _validateBrowser = _async_to_generator(function(token, challenge, signature) { var response, data, error; return _ts_generator(this, function(_state) { switch(_state.label){ case 0: _state.trys.push([ 0, 3, , 4 ]); return [ 4, fetch("".concat(BASE_URL, "/validate-browser"), { method: "POST", headers: { Authorization: "Bearer ".concat(token), // Include token in Authorization header "Content-Type": "application/json" }, body: JSON.stringify({ challenge: challenge, signature: signature }) }) ]; case 1: response = _state.sent(); if (!response.ok) { return [ 2, false ]; } return [ 4, response.json() ]; case 2: data = _state.sent(); return [ 2, data.valid === true ]; case 3: error = _state.sent(); console.error("Error validating the browser:", error); return [ 2, false ]; case 4: return [ 2 ]; } }); }); return _validateBrowser.apply(this, arguments); } export { exportPublicKey, fetchChallenge, generateKeyPair, isBrowserRequestValid, retrieveKeysForValidation, setupBrowserDetection, signChallenge, storePrivateKey, validateBrowser };