@aamp/protocol 1.1.3 → 1.1.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/publisher.d.ts +1 -5
  2. package/dist/publisher.js +7 -4
  3. package/package.json +1 -1
  4. package/src/publisher.ts +9 -5
package/dist/publisher.d.ts CHANGED
@@ -1,8 +1,4 @@
1
- /**
2
- * Layer 2: Publisher Middleware
3
- * Used by content owners to enforce policy, log access, and filter bots.
4
- */
5
- import { AccessPolicy, ContentOrigin, EvaluationResult, UnauthenticatedStrategy, IdentityCache } from './types';
1
+ import { AccessPolicy, ContentOrigin, EvaluationResult, IdentityCache, UnauthenticatedStrategy } from './types';
6
2
  export declare class AAMPPublisher {
7
3
  private policy;
8
4
  private keyPair;
package/dist/publisher.js CHANGED
@@ -5,9 +5,9 @@ exports.AAMPPublisher = void 0;
5
5
  * Layer 2: Publisher Middleware
6
6
  * Used by content owners to enforce policy, log access, and filter bots.
7
7
  */
8
- const types_1 = require("./types");
9
- const crypto_1 = require("./crypto");
10
8
  const constants_1 = require("./constants");
9
+ const crypto_1 = require("./crypto");
10
+ const types_1 = require("./types");
11
11
  /**
12
12
  * Default In-Memory Cache (Fallback only)
13
13
  * NOT recommended for high-traffic Serverless production.
@@ -218,7 +218,9 @@ class AAMPPublisher {
218
218
  }
219
219
  async verifyDnsBinding(domain, requestKeySpki) {
220
220
  try {
221
- const url = `https://${domain}${constants_1.WELL_KNOWN_AGENT_PATH}`;
221
+ // Allow HTTP for localhost testing
222
+ const protocol = (domain.includes('localhost') || domain.match(/:\d+$/)) ? 'http' : 'https';
223
+ const url = `${protocol}://${domain}${constants_1.WELL_KNOWN_AGENT_PATH}`;
222
224
  // In production, we need a short timeout to prevent hanging
223
225
  const controller = new AbortController();
224
226
  const timeoutId = setTimeout(() => controller.abort(), 1500); // 1.5s max for DNS check
@@ -234,7 +236,8 @@ class AAMPPublisher {
234
236
  }
235
237
  }
236
238
  isDomain(s) {
237
- return /^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(s);
239
+ // Basic regex, allows localhost with ports
240
+ return /^[a-zA-Z0-9.-]+(:\d+)?$/.test(s) || /^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(s);
238
241
  }
239
242
  async generateResponseHeaders(origin) {
240
243
  if (!this.keyPair)
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@aamp/protocol",
3
- "version": "1.1.3",
3
+ "version": "1.1.4",
4
4
  "description": "TypeScript reference implementation of AAMP v1.1",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/index.d.ts",
package/src/publisher.ts CHANGED
@@ -2,9 +2,9 @@
2
2
  * Layer 2: Publisher Middleware
3
3
  * Used by content owners to enforce policy, log access, and filter bots.
4
4
  */
5
- import { AccessPolicy, AccessPurpose, SignedAccessRequest, ContentOrigin, FeedbackSignal, AgentIdentityManifest, EvaluationResult, UnauthenticatedStrategy, IdentityCache } from './types';
6
- import { verifySignature, signData, exportPublicKey } from './crypto';
7
- import { MAX_CLOCK_SKEW_MS, HEADERS, WELL_KNOWN_AGENT_PATH } from './constants';
5
+ import { HEADERS, MAX_CLOCK_SKEW_MS, WELL_KNOWN_AGENT_PATH } from './constants';
6
+ import { exportPublicKey, signData, verifySignature } from './crypto';
7
+ import { AccessPolicy, AccessPurpose, AgentIdentityManifest, ContentOrigin, EvaluationResult, IdentityCache, SignedAccessRequest, UnauthenticatedStrategy } from './types';
8
8
 
9
9
  interface VerificationResult {
10
10
  allowed: boolean;
@@ -273,7 +273,10 @@ export class AAMPPublisher {
273
273
 
274
274
  private async verifyDnsBinding(domain: string, requestKeySpki: string): Promise<boolean> {
275
275
  try {
276
- const url = `https://${domain}${WELL_KNOWN_AGENT_PATH}`;
276
+ // Allow HTTP for localhost testing
277
+ const protocol = (domain.includes('localhost') || domain.match(/:\d+$/)) ? 'http' : 'https';
278
+ const url = `${protocol}://${domain}${WELL_KNOWN_AGENT_PATH}`;
279
+
277
280
  // In production, we need a short timeout to prevent hanging
278
281
  const controller = new AbortController();
279
282
  const timeoutId = setTimeout(() => controller.abort(), 1500); // 1.5s max for DNS check
@@ -288,7 +291,8 @@ export class AAMPPublisher {
288
291
  }
289
292
 
290
293
  private isDomain(s: string): boolean {
291
- return /^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(s);
294
+ // Basic regex, allows localhost with ports
295
+ return /^[a-zA-Z0-9.-]+(:\d+)?$/.test(s) || /^[a-zA-Z0-9.-]+\.[a-zA-Z]{2,}$/.test(s);
292
296
  }
293
297
 
294
298
  async generateResponseHeaders(origin: ContentOrigin): Promise<Record<string, string>> {