genuine-browser
Version:
A package to detect browser requests using cryptographic challenge-response mechanism.
653 lines (652 loc) • 22.2 kB
JavaScript
// src/index.ts
function asyncGeneratorStep(gen, resolve, reject, _next, _throw, key, arg) {
try {
var info = gen[key](arg);
var value = info.value;
} catch (error) {
reject(error);
return;
}
if (info.done) {
resolve(value);
} else {
Promise.resolve(value).then(_next, _throw);
}
}
function _async_to_generator(fn) {
return function() {
var self = this, args = arguments;
return new Promise(function(resolve, reject) {
var gen = fn.apply(self, args);
function _next(value) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "next", value);
}
function _throw(err) {
asyncGeneratorStep(gen, resolve, reject, _next, _throw, "throw", err);
}
_next(undefined);
});
};
}
function _ts_generator(thisArg, body) {
var f, y, t, g, _ = {
label: 0,
sent: function() {
if (t[0] & 1) throw t[1];
return t[1];
},
trys: [],
ops: []
};
return g = {
next: verb(0),
"throw": verb(1),
"return": verb(2)
}, typeof Symbol === "function" && (g[Symbol.iterator] = function() {
return this;
}), g;
function verb(n) {
return function(v) {
return step([
n,
v
]);
};
}
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while(_)try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [
op[0] & 2,
t.value
];
switch(op[0]){
case 0:
case 1:
t = op;
break;
case 4:
_.label++;
return {
value: op[1],
done: false
};
case 5:
_.label++;
y = op[1];
op = [
0
];
continue;
case 7:
op = _.ops.pop();
_.trys.pop();
continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) {
_ = 0;
continue;
}
if (op[0] === 3 && (!t || op[1] > t[0] && op[1] < t[3])) {
_.label = op[1];
break;
}
if (op[0] === 6 && _.label < t[1]) {
_.label = t[1];
t = op;
break;
}
if (t && _.label < t[2]) {
_.label = t[2];
_.ops.push(op);
break;
}
if (t[2]) _.ops.pop();
_.trys.pop();
continue;
}
op = body.call(thisArg, _);
} catch (e) {
op = [
6,
e
];
y = 0;
} finally{
f = t = 0;
}
if (op[0] & 5) throw op[1];
return {
value: op[0] ? op[1] : void 0,
done: true
};
}
}
var BASE_URL = "https://nextjs-reusables.vercel.app/api";
function generateKeyPair() {
return _generateKeyPair.apply(this, arguments);
}
function _generateKeyPair() {
_generateKeyPair = _async_to_generator(function() {
var keyPair;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
window.crypto.subtle.generateKey({
name: "ECDSA",
namedCurve: "P-256"
}, false, [
"sign",
"verify"
])
];
case 1:
keyPair = _state.sent();
return [
2,
keyPair
];
}
});
});
return _generateKeyPair.apply(this, arguments);
}
function storePrivateKey(key) {
return _storePrivateKey.apply(this, arguments);
}
function _storePrivateKey() {
_storePrivateKey = _async_to_generator(function(key) {
var db, tx, store, request;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
openDB()
];
case 1:
db = _state.sent();
tx = db.transaction("keys", "readwrite");
store = tx.objectStore("keys");
request = store.put(key, "privateKey");
return [
4,
new Promise(function(resolve, reject) {
request.onsuccess = function() {
return resolve();
};
request.onerror = function() {
return reject(request.error);
};
})
];
case 2:
_state.sent();
return [
2
];
}
});
});
return _storePrivateKey.apply(this, arguments);
}
function openDB() {
return _openDB.apply(this, arguments);
}
function _openDB() {
_openDB = _async_to_generator(function() {
return _ts_generator(this, function(_state) {
return [
2,
new Promise(function(resolve, reject) {
var request = indexedDB.open("browser-detection-db", 1);
request.onupgradeneeded = function() {
var db = request.result;
db.createObjectStore("keys");
};
request.onsuccess = function() {
resolve(request.result);
};
request.onerror = function() {
reject(request.error);
};
})
];
});
});
return _openDB.apply(this, arguments);
}
function exportPublicKey(key) {
return _exportPublicKey.apply(this, arguments);
}
function _exportPublicKey() {
_exportPublicKey = _async_to_generator(function(key) {
var exported, publicKeyBase64;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
window.crypto.subtle.exportKey("spki", key)
];
case 1:
exported = _state.sent();
publicKeyBase64 = arrayBufferToBase64(exported);
return [
2,
publicKeyBase64
];
}
});
});
return _exportPublicKey.apply(this, arguments);
}
function setupBrowserDetection() {
return _setupBrowserDetection.apply(this, arguments);
}
function _setupBrowserDetection() {
_setupBrowserDetection = _async_to_generator(function() {
var keyPair, publicKey, response, data;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
generateKeyPair()
];
case 1:
keyPair = _state.sent();
return [
4,
storePrivateKey(keyPair.privateKey)
];
case 2:
_state.sent();
return [
4,
exportPublicKey(keyPair.publicKey)
];
case 3:
publicKey = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/register-public-key"), {
method: "POST",
headers: {
"Content-Type": "application/json"
},
body: JSON.stringify({
publicKey: publicKey
})
})
];
case 4:
response = _state.sent();
return [
4,
response.json()
];
case 5:
data = _state.sent();
if (data.token) {
localStorage.setItem("authToken", data.token);
}
return [
2
];
}
});
});
return _setupBrowserDetection.apply(this, arguments);
}
function getPrivateKeyFromStorage() {
return _getPrivateKeyFromStorage.apply(this, arguments);
}
function _getPrivateKeyFromStorage() {
_getPrivateKeyFromStorage = _async_to_generator(function() {
var db, tx, store;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
openDB()
];
case 1:
db = _state.sent();
tx = db.transaction("keys", "readonly");
store = tx.objectStore("keys");
return [
2,
new Promise(function(resolve, reject) {
var request = store.get("privateKey");
request.onsuccess = function() {
var privateKey = request.result;
resolve(privateKey || null);
};
request.onerror = function() {
reject(request.error);
};
})
];
}
});
});
return _getPrivateKeyFromStorage.apply(this, arguments);
}
function fetchChallenge() {
return _fetchChallenge.apply(this, arguments);
}
function _fetchChallenge() {
_fetchChallenge = _async_to_generator(function() {
var token, response, data;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
token = localStorage.getItem("authToken");
return [
4,
fetch("".concat(BASE_URL, "/get-challenge"), {
method: "GET",
headers: {
Authorization: "Bearer ".concat(token)
}
})
];
case 1:
response = _state.sent();
return [
4,
response.json()
];
case 2:
data = _state.sent();
return [
2,
data.challenge
];
}
});
});
return _fetchChallenge.apply(this, arguments);
}
function signChallenge(challenge) {
return _signChallenge.apply(this, arguments);
}
function _signChallenge() {
_signChallenge = _async_to_generator(function(challenge) {
var privateKey, encoder, data, signature, signatureBase64;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
return [
4,
getPrivateKeyFromStorage()
];
case 1:
privateKey = _state.sent();
if (!privateKey) {
throw new Error("Private key not found in storage");
}
encoder = new TextEncoder();
data = encoder.encode(challenge);
return [
4,
window.crypto.subtle.sign({
name: "ECDSA",
hash: {
name: "SHA-256"
}
}, privateKey, data)
];
case 2:
signature = _state.sent();
signatureBase64 = arrayBufferToBase64(signature);
return [
2,
signatureBase64
];
}
});
});
return _signChallenge.apply(this, arguments);
}
function arrayBufferToBase64(buffer) {
var byteArray = new Uint8Array(buffer);
var binary = "";
for(var i = 0; i < byteArray.byteLength; i++){
binary += String.fromCharCode(byteArray[i]);
}
return window.btoa(binary);
}
function isBrowserRequestValid() {
return _isBrowserRequestValid.apply(this, arguments);
}
function _isBrowserRequestValid() {
_isBrowserRequestValid = _async_to_generator(function() {
var token, challenge, signature, response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
5,
,
6
]);
token = localStorage.getItem("authToken");
return [
4,
fetchChallenge()
];
case 1:
challenge = _state.sent();
return [
4,
signChallenge(challenge)
];
case 2:
signature = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/validate-browser"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 3:
response = _state.sent();
if (!response.ok) {
return [
2,
false
];
}
return [
4,
response.json()
];
case 4:
data = _state.sent();
return [
2,
data.valid === true
];
case 5:
error = _state.sent();
console.error("Error validating browser request:", error);
return [
2,
false
];
case 6:
return [
2
];
}
});
});
return _isBrowserRequestValid.apply(this, arguments);
}
function retrieveKeysForValidation() {
return _retrieveKeysForValidation.apply(this, arguments);
}
function _retrieveKeysForValidation() {
_retrieveKeysForValidation = _async_to_generator(function() {
var token, challenge, signature, response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
5,
,
6
]);
token = localStorage.getItem("authToken");
return [
4,
fetchChallenge()
];
case 1:
challenge = _state.sent();
return [
4,
signChallenge(challenge)
];
case 2:
signature = _state.sent();
return [
4,
fetch("".concat(BASE_URL, "/retrieve-keys"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 3:
response = _state.sent();
if (!response.ok) {
return [
2,
{
token: "",
challenge: "",
signature: ""
}
];
}
return [
4,
response.json()
];
case 4:
data = _state.sent();
data.token = token;
return [
2,
data
];
case 5:
error = _state.sent();
console.error("Error retrieving keys:", error);
return [
2,
{
token: "",
challenge: "",
signature: ""
}
];
case 6:
return [
2
];
}
});
});
return _retrieveKeysForValidation.apply(this, arguments);
}
function validateBrowser(token, challenge, signature) {
return _validateBrowser.apply(this, arguments);
}
function _validateBrowser() {
_validateBrowser = _async_to_generator(function(token, challenge, signature) {
var response, data, error;
return _ts_generator(this, function(_state) {
switch(_state.label){
case 0:
_state.trys.push([
0,
3,
,
4
]);
return [
4,
fetch("".concat(BASE_URL, "/validate-browser"), {
method: "POST",
headers: {
Authorization: "Bearer ".concat(token),
// Include token in Authorization header
"Content-Type": "application/json"
},
body: JSON.stringify({
challenge: challenge,
signature: signature
})
})
];
case 1:
response = _state.sent();
if (!response.ok) {
return [
2,
false
];
}
return [
4,
response.json()
];
case 2:
data = _state.sent();
return [
2,
data.valid === true
];
case 3:
error = _state.sent();
console.error("Error validating the browser:", error);
return [
2,
false
];
case 4:
return [
2
];
}
});
});
return _validateBrowser.apply(this, arguments);
}
export { exportPublicKey, fetchChallenge, generateKeyPair, isBrowserRequestValid, retrieveKeysForValidation, setupBrowserDetection, signChallenge, storePrivateKey, validateBrowser };