npm - @arcblock/jwt - Versions diffs - 1.29.22 → 1.29.23 - Mend

@arcblock/jwt 1.29.22 → 1.29.23

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/esm/index.mjs CHANGED Viewed

@@ -3,12 +3,24 @@ import { Hasher, getSigner, types } from "@ocap/mcrypto";
 import { fromBase64, scopeMatchAny, toBase64, toHex } from "@ocap/util";
 import Debug from "debug";
 import stringify from "json-stable-stringify";
-import semver from "semver";
 //#region src/index.ts
 const debug = Debug("@arcblock/jwt");
 const JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN = "1.1.0";
 const hasher = Hasher.SHA3.hash256;
+function coerceVersion(str) {
+	const m = str.match(/(\d+\.\d+\.\d+)/);
+	return m ? m[1] : null;
+}
+function semverGte(a, b) {
+	const pa = a.split(".").map(Number);
+	const pb = b.split(".").map(Number);
+	for (let i = 0; i < 3; i++) {
+		if ((pa[i] || 0) > (pb[i] || 0)) return true;
+		if ((pa[i] || 0) < (pb[i] || 0)) return false;
+	}
+	return true;
+}
 /**
 *
 *
@@ -59,8 +71,8 @@ async function sign(signer, sk, payload = {}, doSign = true, version = "1.0.0")
 	const bodyB64 = toBase64(stringify(body));
 	debug("sign.body", body);
 	const msgHex = toHex(`${headerB64}.${bodyB64}`);
-	const coercedVersion = semver.coerce(version);
-	const msgHash = coercedVersion && semver.gte(coercedVersion.version, JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) ? hasher(msgHex) : msgHex;
+	const coercedVersion = coerceVersion(version);
+	const msgHash = coercedVersion && semverGte(coercedVersion, JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) ? hasher(msgHex) : msgHex;
 	// istanbul ignore if
 	if (!doSign) return `${headerB64}.${bodyB64}`;
 	return [
@@ -203,8 +215,7 @@ async function verify(token, signerPk, options) {
 		};
 		if (signers[alg]) {
 			const msgHex = toHex(`${headerB64}.${bodyB64}`);
-			const coercedBodyVersion = body.version ? semver.coerce(body.version) : null;
-			const version = coercedBodyVersion ? coercedBodyVersion.version : "";
+			const version = (body.version ? coerceVersion(body.version) : null) || "";
 			if (version && version === JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) return signers[alg].verify(hasher(msgHex), signature, signerPk);
 			return signers[alg].verify(msgHex, signature, signerPk);
 		}

package/lib/index.cjs CHANGED Viewed

@@ -6,13 +6,24 @@ let debug = require("debug");
 debug = require_rolldown_runtime.__toESM(debug);
 let json_stable_stringify = require("json-stable-stringify");
 json_stable_stringify = require_rolldown_runtime.__toESM(json_stable_stringify);
-let semver = require("semver");
-semver = require_rolldown_runtime.__toESM(semver);
 //#region src/index.ts
 const debug$1 = (0, debug.default)("@arcblock/jwt");
 const JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN = "1.1.0";
 const hasher = _ocap_mcrypto.Hasher.SHA3.hash256;
+function coerceVersion(str) {
+	const m = str.match(/(\d+\.\d+\.\d+)/);
+	return m ? m[1] : null;
+}
+function semverGte(a, b) {
+	const pa = a.split(".").map(Number);
+	const pb = b.split(".").map(Number);
+	for (let i = 0; i < 3; i++) {
+		if ((pa[i] || 0) > (pb[i] || 0)) return true;
+		if ((pa[i] || 0) < (pb[i] || 0)) return false;
+	}
+	return true;
+}
 /**
 *
 *
@@ -63,8 +74,8 @@ async function sign(signer, sk, payload = {}, doSign = true, version = "1.0.0")
 	const bodyB64 = (0, _ocap_util.toBase64)((0, json_stable_stringify.default)(body));
 	debug$1("sign.body", body);
 	const msgHex = (0, _ocap_util.toHex)(`${headerB64}.${bodyB64}`);
-	const coercedVersion = semver.default.coerce(version);
-	const msgHash = coercedVersion && semver.default.gte(coercedVersion.version, JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) ? hasher(msgHex) : msgHex;
+	const coercedVersion = coerceVersion(version);
+	const msgHash = coercedVersion && semverGte(coercedVersion, JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) ? hasher(msgHex) : msgHex;
 	// istanbul ignore if
 	if (!doSign) return `${headerB64}.${bodyB64}`;
 	return [
@@ -207,8 +218,7 @@ async function verify(token, signerPk, options) {
 		};
 		if (signers[alg]) {
 			const msgHex = (0, _ocap_util.toHex)(`${headerB64}.${bodyB64}`);
-			const coercedBodyVersion = body.version ? semver.default.coerce(body.version) : null;
-			const version = coercedBodyVersion ? coercedBodyVersion.version : "";
+			const version = (body.version ? coerceVersion(body.version) : null) || "";
 			if (version && version === JWT_VERSION_REQUIRE_HASH_BEFORE_SIGN) return signers[alg].verify(hasher(msgHex), signature, signerPk);
 			return signers[alg].verify(msgHex, signature, signerPk);
 		}

package/package.json CHANGED Viewed

@@ -2,7 +2,7 @@
   "name": "@arcblock/jwt",
   "description": "JSON Web Token variant for arcblock DID solutions",
   "type": "module",
-  "version": "1.29.22",
+  "version": "1.29.23",
   "author": {
     "name": "wangshijun",
     "email": "shijun@arcblock.io",
@@ -19,18 +19,16 @@
     "access": "public"
   },
   "dependencies": {
-    "@arcblock/did": "1.29.22",
-    "@ocap/mcrypto": "1.29.22",
-    "@ocap/util": "1.29.22",
+    "@arcblock/did": "1.29.23",
+    "@ocap/mcrypto": "1.29.23",
+    "@ocap/util": "1.29.23",
     "debug": "^4.4.3",
-    "json-stable-stringify": "^1.0.1",
-    "semver": "^7.6.3"
+    "json-stable-stringify": "^1.0.1"
   },
   "devDependencies": {
-    "@ocap/wallet": "1.29.22",
+    "@ocap/wallet": "1.29.23",
     "@types/json-stable-stringify": "^1.0.36",
     "@types/node": "^22.7.5",
-    "@types/semver": "^7.5.8",
     "tsdown": "^0.18.4",
     "tslib": "^2.4.0"
   },