UNPKG

zero-sight-protocol

Version:

A secure, zero-knowledge, PIN-based encryption protocol for custodial Web3 wallets.

github.com/dejaguarkyng/zsp

dejaguarkyng/zsp

47 lines (38 loc) 1.34 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
import crypto from 'crypto'; const SECRET = process.env.ZSP_SESSION_SECRET || 'fallback_dev_secret'; const TOKEN_VALIDITY_MS = 1000 * 60 * 10; // 10 minutes /** * Generates an HMAC-signed session token. * @param {string} userId * @returns {{ token: string, expiresAt: number }} */ export function createSessionToken(userId) { const expiresAt = Date.now() + TOKEN_VALIDITY_MS; const payload = `${userId}.${expiresAt}`; const signature = crypto .createHmac('sha256', SECRET) .update(payload) .digest('hex'); const token = `${payload}.${signature}`; return { token, expiresAt }; } /** * Verifies the session token's integrity and expiry. * @param {string} token * @returns {{ valid: boolean, userId?: string }} */ export function verifySessionToken(token) { if (!token) return { valid: false }; const [userId, expiresAtStr, signature] = token.split('.'); if (!userId || !expiresAtStr || !signature) return { valid: false }; const expectedSig = crypto .createHmac('sha256', SECRET) .update(`${userId}.${expiresAtStr}`) .digest('hex'); const isValidSig = expectedSig === signature; const isNotExpired = parseInt(expiresAtStr) > Date.now(); return { valid: isValidSig && isNotExpired, userId: isValidSig ? userId : undefined, }; }