npm - @api-client/core - Versions diffs - 0.18.11 → 0.18.13 - Mend

@api-client/core 0.18.11 → 0.18.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (264) hide show

package/src/runtime/http-engine/PayloadSupport.ts CHANGED Viewed

@@ -1,5 +1,6 @@
 import formDataConverter from './FormData.js'
 import { Headers } from '../../lib/headers/Headers.js'
+import { HttpEngineErrorFactory } from './errors/index.js'
 import {
   Payload,
   PayloadSerializer,
@@ -88,5 +89,5 @@ export function payloadToBuffer(headers: Headers, payload?: Payload): Buffer | u
     return result.buffer
   }
-  throw new Error('Unsupported payload message')
+  throw HttpEngineErrorFactory.unsupportedPayload(payload.type)
 }

package/src/runtime/http-engine/auth/AuthManager.ts ADDED Viewed

@@ -0,0 +1,242 @@
+import { Headers } from '../../../lib/headers/Headers.js'
+import { type Logger, type ILogObj } from '../../../lib/logging/index.js'
+import type { INtlmAuthorization, IAuthorizationSettingsUnion } from '../../../models/Authorization.js'
+import { NtlmAuth } from '../ntlm/NtlmAuth.js'
+import type { IRequestAuthState } from '../CoreEngine.js'
+import { HttpEngineErrorFactory } from '../errors/index.js'
+import {
+  HEADER_AUTHORIZATION,
+  HEADER_CONNECTION,
+  HEADER_WWW_AUTHENTICATE,
+  NTLM_PREFIX,
+  KEEP_ALIVE,
+  BASIC_PREFIX,
+} from '../constants.js'
+export interface ProxyAuthCredentials {
+  proxyUsername?: string
+  proxyPassword?: string
+  proxyAuthorization?: string
+}
+export interface AuthOptions {
+  logger: Logger<ILogObj>
+  proxyCredentials?: ProxyAuthCredentials
+}
+export interface AuthorizationConfig {
+  type: string
+  enabled: boolean
+  config?: IAuthorizationSettingsUnion
+}
+/**
+ * Manages all authentication logic for HTTP requests
+ */
+export class AuthManager {
+  private logger: Logger<ILogObj>
+  private proxyCredentials?: ProxyAuthCredentials
+  private authState?: IRequestAuthState
+  constructor(options: AuthOptions) {
+    this.logger = options.logger
+    this.proxyCredentials = options.proxyCredentials
+  }
+  /**
+   * Handle all authorization types for request headers.
+   * It applied authorization data defined on the request object.
+   */
+  handleRequestAuthorization(headers: Headers, authorizationConfig?: AuthorizationConfig[], hostname?: string): void {
+    if (!authorizationConfig || !Array.isArray(authorizationConfig)) {
+      this.logger.debug(`No authorization data on the request. Skipping setting up authorization.`)
+      return
+    }
+    const enabled = authorizationConfig.filter((i) => i.enabled)
+    if (!enabled.length) {
+      this.logger.debug(`No enabled authorization data on the request. Skipping setting up authorization.`)
+      return
+    }
+    const ntlm = enabled.find((i) => i.type === 'ntlm')
+    if (ntlm && ntlm.config) {
+      this.logger.debug(`Found NTLM authorization config.`)
+      this.handleNtlmAuth(ntlm.config as unknown as INtlmAuthorization, headers, hostname)
+    }
+    const basic = enabled.find((i) => i.type === 'basic')
+    if (basic && basic.config) {
+      this.logger.debug(`Found basic authorization config.`)
+      const config = basic.config as { username?: string; password?: string }
+      if (config.username && config.password) {
+        this.handleBasicAuth(config.username, config.password, headers)
+      }
+    }
+    const bearer = enabled.find((i) => i.type === 'bearer')
+    if (bearer && bearer.config) {
+      this.logger.debug(`Found bearer authorization config.`)
+      const config = bearer.config as { token?: string }
+      if (config.token) {
+        this.handleBearerAuth(config.token, headers)
+      }
+    }
+  }
+  /**
+   * Handle NTLM authentication
+   */
+  handleNtlmAuth(authData: INtlmAuthorization, headers: Headers, hostname?: string): void {
+    try {
+      const auth = new NtlmAuth(authData)
+      if (!this.authState) {
+        this.authState = {
+          method: 'ntlm',
+          state: 0,
+          headers: headers.toString(),
+        }
+        // Use the provided hostname or empty string for Message1
+        const msg = auth.createMessage1(hostname || '')
+        headers.set(HEADER_AUTHORIZATION, `${NTLM_PREFIX}${msg.toBase64()}`)
+        headers.set(HEADER_CONNECTION, KEEP_ALIVE)
+        this.logger.debug('Set NTLM message1 header with hostname:', hostname || '')
+      } else if (this.authState && this.authState.state === 1) {
+        if (!this.authState.challengeHeader) {
+          throw new Error('NTLM challenge header is missing')
+        }
+        // Use the provided hostname or empty string for Message3
+        const msg = auth.createMessage3(this.authState.challengeHeader, hostname || '')
+        this.authState.state = 2
+        headers.set(HEADER_AUTHORIZATION, `${NTLM_PREFIX}${msg.toBase64()}`)
+        this.logger.debug('Set NTLM message3 header with hostname:', hostname || '')
+      } else {
+        this.logger.warn('Invalid NTLM state:', this.authState?.state)
+      }
+    } catch (error) {
+      this.logger.error('NTLM authentication error:', error)
+      delete this.authState
+      throw HttpEngineErrorFactory.authenticationError(
+        `NTLM authentication failed: ${error instanceof Error ? error.message : 'Unknown error'}`,
+        undefined,
+        'ntlm'
+      )
+    }
+  }
+  /**
+   * Handle NTLM response from server
+   */
+  handleNtlmResponse(headers: Headers): boolean {
+    if (!this.authState) {
+      throw HttpEngineErrorFactory.authenticationError('No auth data.', undefined, 'ntlm')
+    }
+    this.logger.debug('Handling NTLM response.')
+    if (this.authState.state === 0) {
+      if (headers.has(HEADER_WWW_AUTHENTICATE)) {
+        this.authState.state = 1
+        const authHeader = headers.get(HEADER_WWW_AUTHENTICATE)
+        // Extract just the base64 part after "NTLM " prefix
+        this.authState.challengeHeader = authHeader?.replace(/^NTLM\s+/i, '') || ''
+        if (!this.authState.challengeHeader) {
+          this.logger.error('NTLM challenge header is empty after parsing')
+          delete this.authState
+          return false
+        }
+        this.logger.debug('NTLM challenge header was set:', this.authState.challengeHeader)
+        return true // Indicates we need to retry with challenge
+      }
+    }
+    // Authentication complete or failed
+    this.logger.debug('NTLM authentication complete or failed.')
+    delete this.authState
+    return false
+  }
+  /**
+   * Generate proxy authorization header
+   */
+  generateProxyAuthHeader(): string | undefined {
+    const { proxyUsername, proxyPassword, proxyAuthorization } = this.proxyCredentials || {}
+    if (!proxyUsername || !proxyPassword) {
+      if (!proxyAuthorization) {
+        return undefined
+      }
+      return proxyAuthorization
+    }
+    if (!proxyAuthorization || proxyAuthorization === 'Basic') {
+      // Basic authentication
+      const token = Buffer.from(`${proxyUsername}:${proxyPassword}`).toString('base64')
+      return `${BASIC_PREFIX}${token}`
+    }
+    if (proxyAuthorization === 'Digest') {
+      // Note: Digest authentication is handled by ProxyAuthHandler in connections
+      // This is just a placeholder for the header format
+      this.logger.warn('Digest proxy authentication should be handled by ProxyAuthHandler')
+      return undefined
+    }
+    throw HttpEngineErrorFactory.authenticationError(
+      `Unsupported proxy authorization type: ${proxyAuthorization}`,
+      undefined,
+      'proxy'
+    )
+  }
+  /**
+   * Handle Basic authentication
+   */
+  handleBasicAuth(username: string, password: string, headers: Headers): void {
+    const token = Buffer.from(`${username}:${password}`).toString('base64')
+    headers.set(HEADER_AUTHORIZATION, `${BASIC_PREFIX}${token}`)
+  }
+  /**
+   * Handle Bearer token authentication
+   */
+  handleBearerAuth(token: string, headers: Headers): void {
+    headers.set(HEADER_AUTHORIZATION, `Bearer ${token}`)
+  }
+  /**
+   * Get current authentication state
+   */
+  getAuthState(): IRequestAuthState | undefined {
+    return this.authState
+  }
+  /**
+   * Set authentication state
+   */
+  setAuthState(state: IRequestAuthState): void {
+    this.authState = state
+  }
+  /**
+   * Clear authentication state
+   */
+  clearAuthState(): void {
+    delete this.authState
+  }
+  /**
+   * Check if authentication is in progress
+   */
+  isAuthenticating(): boolean {
+    return !!this.authState
+  }
+  /**
+   * Check if we have credentials for proxy authentication
+   */
+  hasProxyCredentials(): boolean {
+    const { proxyUsername, proxyPassword, proxyAuthorization } = this.proxyCredentials || {}
+    return !!(proxyUsername && proxyPassword) || !!proxyAuthorization
+  }
+}

package/src/runtime/http-engine/certificates/CertificateManager.ts ADDED Viewed

@@ -0,0 +1,74 @@
+import tls from 'tls'
+import { HttpCertificate, IPemCertificate } from '../../../models/ClientCertificate.js'
+/**
+ * Adds client certificate to the request configuration options.
+ */
+export function addClientCertificate(certificate: HttpCertificate | null, options: tls.ConnectionOptions): void {
+  if (!certificate) {
+    return
+  }
+  const cert = { ...certificate }
+  if (cert.type === 'p12') {
+    if (!options.pfx) {
+      options.pfx = []
+    }
+    const struct: tls.PxfObject = {
+      buf: Buffer.from(cert.cert.data as Buffer),
+    }
+    if (cert.cert.passphrase) {
+      struct.passphrase = cert.cert.passphrase
+    }
+    if (!Array.isArray(options.pfx)) {
+      if (options.pfx) {
+        options.pfx = [options.pfx]
+      } else {
+        options.pfx = []
+      }
+    }
+    options.pfx.push(struct)
+  } else if (cert.type === 'pem') {
+    const typed = cert as IPemCertificate
+    if (!options.cert) {
+      options.cert = []
+    }
+    if (!Array.isArray(options.cert)) {
+      if (options.cert) {
+        options.cert = [options.cert]
+      } else {
+        options.cert = []
+      }
+    }
+    const added = Buffer.from(typed.cert.data as Buffer | Uint8Array)
+    options.cert.push(added)
+    if (typed.certKey) {
+      if (!Array.isArray(options.key)) {
+        if (options.key) {
+          options.key = [options.key]
+        } else {
+          options.key = []
+        }
+      }
+      const struct: tls.KeyObject = {
+        pem: Buffer.from(typed.certKey.data as Buffer | Uint8Array),
+      }
+      if (typed.certKey.passphrase) {
+        struct.passphrase = typed.certKey.passphrase
+      }
+      options.key.push(struct)
+    }
+  }
+}
+/**
+ * Checks certificate identity using TLS api.
+ */
+export function checkServerIdentity(host: string, cert: tls.PeerCertificate | null): Error | undefined {
+  if (!cert) {
+    return new Error('Certificate is required')
+  }
+  const err = tls.checkServerIdentity(host, cert)
+  if (err) {
+    return err
+  }
+}

package/src/runtime/http-engine/compression/CompressionManager.ts ADDED Viewed

@@ -0,0 +1,99 @@
+import zlib from 'zlib'
+import { Headers } from '../../../lib/headers/Headers.js'
+import { WithImplicitCoercion } from 'buffer'
+export interface CompressionOptions {
+  aborted?: boolean
+  headers?: Headers
+}
+/**
+ * Decompresses received body if `content-encoding` header is set.
+ * When multiple encodings are present, they are decoded in reverse order
+ * (last applied encoding is decoded first).
+ */
+export async function decompress(body?: Buffer, options: CompressionOptions = {}): Promise<Buffer | undefined> {
+  const { aborted, headers } = options
+  if (aborted || !headers || !body) {
+    return
+  }
+  const ce = headers.get('content-encoding')
+  if (!ce) {
+    return body
+  }
+  // Parse encodings from the header - they are listed in the order they were applied
+  const encodings = ce
+    .split(',')
+    .map((enc) => enc.trim().toLowerCase())
+    .filter((enc) => enc.length > 0)
+  if (encodings.length === 0) {
+    return body
+  }
+  // Decode in reverse order (last applied encoding first)
+  let currentBody = body
+  for (let i = encodings.length - 1; i >= 0; i--) {
+    const encoding = encodings[i]
+    if (encoding === 'deflate') {
+      currentBody = await inflate(currentBody)
+    } else if (encoding === 'gzip') {
+      currentBody = await gunzip(currentBody)
+    } else if (encoding === 'br' || encoding === 'brotli') {
+      currentBody = await brotli(currentBody)
+    }
+    // If encoding is unknown, we continue with the current body unchanged
+  }
+  return currentBody
+}
+/**
+ * Decompress body with Inflate.
+ */
+export function inflate(body: WithImplicitCoercion<ArrayLike<number>>): Promise<Buffer> {
+  const buff = Buffer.from(body)
+  return new Promise((resolve, reject) => {
+    zlib.inflate(buff, (err: Error | null, buffer: Buffer) => {
+      if (err) {
+        reject(new Error(err.message || String(err)))
+      } else {
+        resolve(buffer)
+      }
+    })
+  })
+}
+/**
+ * Decompress body with ZLib.
+ */
+export function gunzip(body: WithImplicitCoercion<ArrayLike<number>>): Promise<Buffer> {
+  const buff = Buffer.from(body)
+  return new Promise((resolve, reject) => {
+    zlib.gunzip(buff, (err: Error | null, buffer: Buffer) => {
+      if (err) {
+        reject(new Error(err.message || String(err)))
+      } else {
+        resolve(buffer)
+      }
+    })
+  })
+}
+/**
+ * Decompress Brotli.
+ */
+export function brotli(body: WithImplicitCoercion<ArrayLike<number>>): Promise<Buffer> {
+  const buff = Buffer.from(body)
+  return new Promise((resolve, reject) => {
+    zlib.brotliDecompress(buff, (err: Error | null, buffer: Buffer) => {
+      if (err) {
+        reject(err)
+      } else {
+        resolve(buffer)
+      }
+    })
+  })
+}

package/src/runtime/http-engine/connections/ConnectionManager.ts ADDED Viewed

@@ -0,0 +1,123 @@
+import net from 'net'
+import { type Logger, type ILogObj } from '../../../lib/logging/index.js'
+import type { RequestStats, HttpEngineOptions } from '../CoreEngine.js'
+import { DirectConnection } from './DirectConnection.js'
+import { ProxyConnection } from './ProxyConnection.js'
+import { TunnelConnection } from './TunnelConnection.js'
+import { HttpCertificate } from '../../../models/ClientCertificate.js'
+export interface ConnectionOptions {
+  host: string
+  port: number
+  protocol?: string
+  timeout?: number
+  validateCertificates?: boolean
+  certificates?: HttpCertificate[]
+  logger: Logger<ILogObj>
+  stats: RequestStats
+}
+export interface ProxyConnectionOptions extends ConnectionOptions {
+  proxy: string
+  proxyIsSsl: boolean
+  targetUrl: string
+  proxyUsername?: string
+  proxyPassword?: string
+  /**
+   * The type of proxy authentication to use.
+   */
+  proxyAuthorization?: 'Basic'
+}
+export interface TunnelConnectionOptions extends ProxyConnectionOptions {
+  targetHost: string
+  targetPort: number
+}
+/**
+ * Manages different types of HTTP connections
+ */
+export class ConnectionManager {
+  private logger: Logger<ILogObj>
+  private stats: RequestStats
+  constructor(logger: Logger<ILogObj>, stats: RequestStats) {
+    this.logger = logger
+    this.stats = stats
+  }
+  /**
+   * Create a direct connection (HTTP or HTTPS)
+   */
+  createDirectConnection(options: ConnectionOptions): DirectConnection {
+    return new DirectConnection(options)
+  }
+  /**
+   * Create a proxy connection for HTTP requests
+   */
+  createProxyConnection(options: ProxyConnectionOptions): ProxyConnection {
+    return new ProxyConnection(options)
+  }
+  /**
+   * Create a tunnel connection for HTTPS requests through proxy
+   */
+  createTunnelConnection(options: TunnelConnectionOptions): TunnelConnection {
+    return new TunnelConnection(options)
+  }
+  /**
+   * Determine the appropriate connection type and create it
+   */
+  createConnection(
+    host: string,
+    port: number,
+    protocol: string,
+    engineOptions: HttpEngineOptions
+  ): Promise<net.Socket> {
+    const connectionOptions: ConnectionOptions = {
+      host,
+      port,
+      protocol,
+      timeout: engineOptions.timeout,
+      validateCertificates: engineOptions.validateCertificates,
+      certificates: engineOptions.certificates,
+      logger: this.logger,
+      stats: this.stats,
+    }
+    // Direct connection
+    if (!engineOptions.proxy) {
+      this.logger.debug('Deciding to create a direct connection...')
+      const directConnection = this.createDirectConnection(connectionOptions)
+      return directConnection.connect()
+    }
+    // Proxy connection
+    const proxyOptions: ProxyConnectionOptions = {
+      ...connectionOptions,
+      proxy: engineOptions.proxy,
+      proxyIsSsl: engineOptions.proxy.startsWith('https:'),
+      targetUrl: `${protocol}//${host}:${port}`,
+      proxyUsername: engineOptions.proxyUsername,
+      proxyPassword: engineOptions.proxyPassword,
+      proxyAuthorization: engineOptions.proxyAuthorization,
+    }
+    // Check if we need a tunnel (HTTPS target through proxy)
+    if (protocol === 'https:') {
+      this.logger.debug('Deciding to create a tunnel connection through the proxy...')
+      const tunnelOptions: TunnelConnectionOptions = {
+        ...proxyOptions,
+        targetHost: host,
+        targetPort: port,
+      }
+      const tunnelConnection = this.createTunnelConnection(tunnelOptions)
+      return tunnelConnection.connect()
+    }
+    this.logger.debug('Deciding to create a proxy connection...')
+    const proxyConnection = this.createProxyConnection(proxyOptions)
+    return proxyConnection.connect()
+  }
+}