UNPKG

token-guardian

Version:

A comprehensive solution for protecting and managing API tokens and secrets

205 lines (204 loc) 5.98 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
/// <reference types="node" /> import { EventEmitter } from 'events'; /** * Interface representing the structure of canary token alert data */ interface AlertData { /** * Name of the token that was detected */ tokenName: string; /** * ISO timestamp when the alert was generated */ timestamp: string; /** * Method used to detect the canary token */ detectionMethod: string; /** * Information about the source of the detection */ source: { /** * IP address where the token was detected */ ipAddress: string; /** * User agent information */ userAgent: string; /** * ISO timestamp of the detection */ timestamp: string; }; /** * Masked/partial version of the detected token for safe logging */ partialToken: string; } /** * Service for managing canary tokens */ export declare class CanaryService extends EventEmitter { private enabled; private canaries; private webhookUrl; private alertEndpoints; /** * Creates a new CanaryService * @param enabled Whether canary tokens are enabled */ constructor(enabled: boolean); /** * Configure webhook for canary notifications * @param webhookUrl URL to send notifications to */ configureWebhook(webhookUrl: string): void; /** * Add an alert endpoint for specific tokens * @param tokenName Token to monitor * @param endpointUrl URL to notify on detection */ addAlertEndpoint(tokenName: string, endpointUrl: string): void; /** * Embeds a canary marker in a token * @param token The original token * @param tokenName The name/identifier of the token * @returns Token with embedded canary marker */ embedCanary(token: string, tokenValue: string): string; /** * Generates a unique canary ID * @param tokenName The name/identifier of the token * @returns Unique canary ID */ private generateCanaryId; /** * Embeds a canary ID in a JWT token * @param token The JWT token * @param canaryId The canary ID to embed * @returns Modified JWT with embedded canary */ private embedInJWT; /** * Embeds a marker in base64 encoded data * @param base64Data The base64 data to modify * @param marker The marker to embed * @returns Modified base64 data */ private embedBase64Marker; /** * Embeds a canary ID in a generic token * @param token The token * @param canaryId The canary ID to embed * @returns Modified token with embedded canary */ private embedInGenericToken; /** * Embeds a canary ID in a base64-encoded token * @param token The base64 token * @param canaryId The canary ID to embed * @returns Modified token with embedded canary */ private embedBase64Token; /** * Embeds a canary ID in a hex token * @param token The hex token * @param canaryId The canary ID to embed * @returns Modified token with embedded canary */ private embedHexToken; /** * Embeds a canary ID in a mixed-character token * @param token The mixed-character token * @param canaryId The canary ID to embed * @returns Modified token with embedded canary */ private embedMixedToken; /** * Checks if a token contains a canary marker * @param token The token to check * @returns The token name if a canary was found, null otherwise */ detectCanary(token: string): string | null; /** * Extract canary ID from JWT payload * @param payload The JWT payload object * @returns Extracted canary ID or null */ private extractJWTCanary; /** * Extract canary marker from base64 data * @param base64Data The base64 data to check * @returns Extracted canary ID or null */ private extractBase64Marker; /** * Extract canary ID from a base64 token * @param token The base64 token * @returns Extracted canary ID or null */ private extractBase64TokenCanary; /** * Extract canary ID from a hex token * @param token The hex token * @returns Extracted canary ID or null */ private extractHexTokenCanary; /** * Extract canary ID from a mixed-character token * @param token The mixed-character token * @returns Extracted canary ID or null */ private extractMixedTokenCanary; /** * Calculate Hamming distance between two strings * @param str1 First string * @param str2 Second string * @returns Number of differing characters */ private hammingDistance; /** * Triggers alert for a detected canary * @param tokenName The name of the detected token * @param token The actual token that was detected * @param detectionMethod How the canary was detected */ private triggerAlert; /** * Gets source information for alerts * @returns Object with source info */ private getSourceInfo; /** * Masks a token for safe logging * @param token The token to mask * @returns Masked token */ private maskToken; /** * Sends a webhook alert * @param alertData Data to send in the alert */ private sendWebhookAlert; /** * Sends an alert to a custom endpoint * @param endpoint Endpoint URL * @param alertData Data to send in the alert */ private sendEndpointAlert; /** * Registers a callback for canary alerts * @param callback Function to call when a canary is triggered */ onCanaryTriggered(callback: (tokenName: string, context: AlertData) => void): void; /** * Logs an error with context * @param message Error context message * @param error The caught error */ private logError; } export {};