@blamejs/blamejs-shop 0.1.25 → 0.1.27
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/README.md +4 -0
- package/SECURITY.md +14 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/checkout.js +125 -12
- package/lib/order.js +42 -0
- package/lib/storefront.js +373 -6
- package/lib/vendor/MANIFEST.json +2 -2
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/README.md +1 -1
- package/lib/vendor/blamejs/api-snapshot.json +55 -2
- package/lib/vendor/blamejs/lib/backup/manifest.js +1 -1
- package/lib/vendor/blamejs/lib/cloud-events.js +455 -0
- package/lib/vendor/blamejs/lib/csp.js +3 -2
- package/lib/vendor/blamejs/lib/jtd.js +4 -15
- package/lib/vendor/blamejs/lib/rfc3339.js +37 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +8 -0
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.12.63.json +27 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cloud-events.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +26 -0
- package/package.json +1 -1
|
@@ -0,0 +1,129 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
/**
|
|
3
|
+
* Layer 0 — b.cloudEvents (CloudEvents 1.0.2).
|
|
4
|
+
* Covers the existing wrap / parse envelope helpers plus the JSON event
|
|
5
|
+
* format (toJSON / fromJSON + batch), the non-throwing validate / isValid
|
|
6
|
+
* check, and the HTTP protocol binding (binary + structured + batch +
|
|
7
|
+
* auto-detect decode). Oracle: the normative example events from the
|
|
8
|
+
* CloudEvents JSON Event Format 1.0.2 spec and the HTTP binding's
|
|
9
|
+
* binary-mode example request.
|
|
10
|
+
*/
|
|
11
|
+
|
|
12
|
+
var helpers = require("../helpers");
|
|
13
|
+
var check = helpers.check;
|
|
14
|
+
var b = helpers.b;
|
|
15
|
+
function code(fn) { try { fn(); return "NO-THROW"; } catch (e) { return e.code; } }
|
|
16
|
+
|
|
17
|
+
// Spec JSON-format example events (json-format.md), with data_base64
|
|
18
|
+
// replaced by real canonical base64 for byte-exact round-trips.
|
|
19
|
+
var EX_JSON_OBJECT = {
|
|
20
|
+
specversion: "1.0", type: "com.example.someevent", source: "/mycontext",
|
|
21
|
+
id: "C234-1234-1234", time: "2018-04-05T17:31:00Z",
|
|
22
|
+
comexampleextension1: "value", comexampleothervalue: 5,
|
|
23
|
+
datacontenttype: "application/json",
|
|
24
|
+
data: { appinfoA: "abc", appinfoB: 123, appinfoC: true },
|
|
25
|
+
};
|
|
26
|
+
var EX_XML_STRING = {
|
|
27
|
+
specversion: "1.0", type: "com.example.someevent", source: "/mycontext",
|
|
28
|
+
id: "B234-1234-1234", time: "2018-04-05T17:31:00Z",
|
|
29
|
+
comexampleextension1: "value", unsetextension: null,
|
|
30
|
+
datacontenttype: "application/xml", data: "<much wow=\"xml\"/>",
|
|
31
|
+
};
|
|
32
|
+
|
|
33
|
+
function testWrapParse() {
|
|
34
|
+
var ce = b.cloudEvents.wrap({ source: "/services/orders", type: "com.example.order.created", subject: "order/o-1234", data: { id: "o-1234" } });
|
|
35
|
+
check("wrap sets specversion 1.0", ce.specversion === "1.0");
|
|
36
|
+
check("wrap auto-fills UUID id", /^[0-9a-f-]{36}$/.test(ce.id));
|
|
37
|
+
check("wrap sets application/json for object data", ce.datacontenttype === "application/json");
|
|
38
|
+
var bin = b.cloudEvents.wrap({ source: "/x", type: "t", data: Buffer.from([1, 2, 3]) });
|
|
39
|
+
check("wrap routes Buffer to data_base64", bin.data_base64 === Buffer.from([1, 2, 3]).toString("base64"));
|
|
40
|
+
var rec = b.cloudEvents.parse(EX_JSON_OBJECT);
|
|
41
|
+
check("parse surfaces extensions separately", rec.extensions.comexampleothervalue === 5 && rec.data.appinfoA === "abc");
|
|
42
|
+
check("parse rejects missing required", code(function () { b.cloudEvents.parse({ specversion: "1.0", id: "1", source: "/x" }); }) === "cloud-events/missing-required");
|
|
43
|
+
}
|
|
44
|
+
|
|
45
|
+
function testValidate() {
|
|
46
|
+
check("isValid true for conformant", b.cloudEvents.isValid(EX_JSON_OBJECT));
|
|
47
|
+
check("validate flags bad specversion", b.cloudEvents.validate({ specversion: "0.3", id: "1", source: "/x", type: "t" }).some(function (i) { return i.attribute === "specversion"; }));
|
|
48
|
+
check("validate flags bad time", b.cloudEvents.validate({ specversion: "1.0", id: "1", source: "/x", type: "t", time: "not-a-time" }).some(function (i) { return i.attribute === "time"; }));
|
|
49
|
+
check("validate flags float extension", b.cloudEvents.validate({ specversion: "1.0", id: "1", source: "/x", type: "t", frac: 1.5 }).some(function (i) { return i.attribute === "frac"; }));
|
|
50
|
+
check("validate flags uppercase ext name", b.cloudEvents.validate({ specversion: "1.0", id: "1", source: "/x", type: "t", Foo: "v" }).some(function (i) { return i.attribute === "Foo"; }));
|
|
51
|
+
check("validate flags data + data_base64", b.cloudEvents.validate({ specversion: "1.0", id: "1", source: "/x", type: "t", data: 1, data_base64: "AA==" }).some(function (i) { return i.attribute === "data"; }));
|
|
52
|
+
}
|
|
53
|
+
|
|
54
|
+
function testJsonFormat() {
|
|
55
|
+
var rt = b.cloudEvents.fromJSON(b.cloudEvents.toJSON(EX_JSON_OBJECT));
|
|
56
|
+
check("toJSON/fromJSON round-trip JSON data", JSON.stringify(rt.data) === JSON.stringify(EX_JSON_OBJECT.data));
|
|
57
|
+
var rtx = b.cloudEvents.fromJSON(b.cloudEvents.toJSON(EX_XML_STRING));
|
|
58
|
+
check("xml-string data round-trips", rtx.data === "<much wow=\"xml\"/>" && rtx.unsetextension === null);
|
|
59
|
+
var binEvt = b.cloudEvents.wrap({ source: "/x", type: "t", data: Buffer.from([0, 1, 254, 255]) });
|
|
60
|
+
var binRt = b.cloudEvents.fromJSON(b.cloudEvents.toJSON(binEvt));
|
|
61
|
+
check("binary data_base64 round-trips", binRt.data_base64 === Buffer.from([0, 1, 254, 255]).toString("base64"));
|
|
62
|
+
check("fromJSON rejects non-canonical base64", code(function () { b.cloudEvents.fromJSON(JSON.stringify({ specversion: "1.0", id: "1", source: "/x", type: "t", data_base64: "!!!!" })); }) === "cloud-events/invalid");
|
|
63
|
+
check("fromJSON rejects malformed JSON", code(function () { b.cloudEvents.fromJSON("{nope"); }) === "cloud-events/bad-json");
|
|
64
|
+
}
|
|
65
|
+
|
|
66
|
+
function testBatch() {
|
|
67
|
+
var body = b.cloudEvents.toJSONBatch([EX_JSON_OBJECT, EX_XML_STRING]);
|
|
68
|
+
check("batch serializes a JSON array", Array.isArray(JSON.parse(body)) && JSON.parse(body).length === 2);
|
|
69
|
+
var evts = b.cloudEvents.fromJSONBatch(body);
|
|
70
|
+
check("batch round-trips two events", evts.length === 2 && evts[0].id === "C234-1234-1234");
|
|
71
|
+
check("empty batch valid both ways", b.cloudEvents.fromJSONBatch("[]").length === 0 && b.cloudEvents.toJSONBatch([]) === "[]");
|
|
72
|
+
check("non-array batch refused", code(function () { b.cloudEvents.fromJSONBatch("{}"); }) === "cloud-events/invalid");
|
|
73
|
+
}
|
|
74
|
+
|
|
75
|
+
function testHttpBinary() {
|
|
76
|
+
var enc = b.cloudEvents.http.encodeBinary(EX_JSON_OBJECT);
|
|
77
|
+
check("binary maps id to ce-id", enc.headers["ce-id"] === "C234-1234-1234");
|
|
78
|
+
check("binary maps specversion to ce-specversion", enc.headers["ce-specversion"] === "1.0");
|
|
79
|
+
check("binary does NOT prefix datacontenttype", enc.headers["content-type"] === "application/json" && enc.headers["ce-datacontenttype"] === undefined);
|
|
80
|
+
check("binary maps extension int to ce header string", enc.headers["ce-comexampleothervalue"] === "5");
|
|
81
|
+
check("binary body is JSON data", JSON.parse(enc.body).appinfoA === "abc");
|
|
82
|
+
// Spec HTTP binding binary-mode example request.
|
|
83
|
+
var dec = b.cloudEvents.http.decodeBinary({
|
|
84
|
+
"ce-specversion": "1.0", "ce-type": "com.example.someevent",
|
|
85
|
+
"ce-time": "2018-04-05T03:56:24Z", "ce-id": "1234-1234-1234",
|
|
86
|
+
"ce-source": "/mycontext/subcontext", "Content-Type": "application/json; charset=utf-8",
|
|
87
|
+
}, "{\"hello\":\"world\"}");
|
|
88
|
+
check("binary decode reads ce-id + body", dec.id === "1234-1234-1234" && dec.data.hello === "world");
|
|
89
|
+
check("binary decode maps Content-Type to datacontenttype", dec.datacontenttype === "application/json; charset=utf-8");
|
|
90
|
+
// Percent-encoding round-trip (space / quote / non-ASCII).
|
|
91
|
+
var pe = b.cloudEvents.http.encodeBinary(b.cloudEvents.wrap({ source: "/x", type: "t", subject: "a b\"cé" }));
|
|
92
|
+
check("header percent-encodes space/quote/unicode", /%20/.test(pe.headers["ce-subject"]) && /%22/.test(pe.headers["ce-subject"]) && /%C3%A9/.test(pe.headers["ce-subject"]));
|
|
93
|
+
check("percent-decode round-trips", b.cloudEvents.http.decodeBinary(pe.headers, "").subject === "a b\"cé");
|
|
94
|
+
// JSON-media string payloads must be JSON-encoded in the body so they
|
|
95
|
+
// re-parse — a bare string under application/json (or absent, which
|
|
96
|
+
// defaults to JSON) round-trips through binary mode.
|
|
97
|
+
var strEvt = b.cloudEvents.wrap({ source: "/x", type: "t", datacontenttype: "application/json", data: "hello" });
|
|
98
|
+
var strEnc = b.cloudEvents.http.encodeBinary(strEvt);
|
|
99
|
+
check("json string payload is JSON-encoded in body", strEnc.body === "\"hello\"");
|
|
100
|
+
check("json string payload round-trips through binary", b.cloudEvents.http.decodeBinary(strEnc.headers, strEnc.body).data === "hello");
|
|
101
|
+
// Opaque binary body becomes data_base64.
|
|
102
|
+
var ob = b.cloudEvents.http.decodeBinary({ "ce-specversion": "1.0", "ce-id": "1", "ce-source": "/x", "ce-type": "t", "content-type": "application/octet-stream" }, Buffer.from([9, 8, 7]));
|
|
103
|
+
check("opaque body decodes to data_base64", ob.data_base64 === Buffer.from([9, 8, 7]).toString("base64"));
|
|
104
|
+
}
|
|
105
|
+
|
|
106
|
+
function testHttpStructuredAndDetect() {
|
|
107
|
+
var s = b.cloudEvents.http.encodeStructured(EX_JSON_OBJECT);
|
|
108
|
+
check("structured uses cloudevents+json", /^application\/cloudevents\+json/.test(s.headers["content-type"]));
|
|
109
|
+
check("auto-detect decodes structured", b.cloudEvents.http.decode(s.headers, s.body).id === "C234-1234-1234");
|
|
110
|
+
var bn = b.cloudEvents.http.encodeBinary(EX_JSON_OBJECT);
|
|
111
|
+
check("auto-detect decodes binary", !Array.isArray(b.cloudEvents.http.decode(bn.headers, bn.body)) && b.cloudEvents.http.decode(bn.headers, bn.body).id === "C234-1234-1234");
|
|
112
|
+
var ba = b.cloudEvents.http.encodeBatch([EX_JSON_OBJECT, EX_XML_STRING]);
|
|
113
|
+
check("batch uses cloudevents-batch+json", /^application\/cloudevents-batch\+json/.test(ba.headers["content-type"]));
|
|
114
|
+
check("auto-detect decodes batch to array", Array.isArray(b.cloudEvents.http.decode(ba.headers, ba.body)) && b.cloudEvents.http.decode(ba.headers, ba.body).length === 2);
|
|
115
|
+
}
|
|
116
|
+
|
|
117
|
+
function run() {
|
|
118
|
+
testWrapParse();
|
|
119
|
+
testValidate();
|
|
120
|
+
testJsonFormat();
|
|
121
|
+
testBatch();
|
|
122
|
+
testHttpBinary();
|
|
123
|
+
testHttpStructuredAndDetect();
|
|
124
|
+
}
|
|
125
|
+
if (require.main === module) {
|
|
126
|
+
try { run(); console.log("[cloud-events] OK — " + helpers.getChecks() + " checks passed"); }
|
|
127
|
+
catch (e) { console.error("FAIL:", e && e.stack || e); process.exit(1); }
|
|
128
|
+
}
|
|
129
|
+
module.exports = { run: run };
|
|
@@ -4,6 +4,30 @@
|
|
|
4
4
|
var helpers = require("../helpers");
|
|
5
5
|
var check = helpers.check;
|
|
6
6
|
var b = helpers.b;
|
|
7
|
+
var DEFAULT_CSP = require("../../lib/middleware/security-headers").DEFAULT_CSP;
|
|
8
|
+
|
|
9
|
+
// Every directive the framework's own DEFAULT_CSP emits must be a
|
|
10
|
+
// directive b.csp.build recognizes — otherwise the default policy can't
|
|
11
|
+
// round-trip through the builder (regression: fenced-frame-src shipped in
|
|
12
|
+
// DEFAULT_CSP but was missing from ALL_DIRECTIVES).
|
|
13
|
+
function testDefaultCspRoundTrips() {
|
|
14
|
+
var directives = {};
|
|
15
|
+
DEFAULT_CSP.split(";").forEach(function (part) {
|
|
16
|
+
var tokens = part.trim().split(/\s+/);
|
|
17
|
+
if (!tokens[0]) return;
|
|
18
|
+
directives[tokens[0]] = tokens.slice(1);
|
|
19
|
+
});
|
|
20
|
+
check("DEFAULT_CSP names fenced-frame-src", Object.prototype.hasOwnProperty.call(directives, "fenced-frame-src"));
|
|
21
|
+
var threw = null;
|
|
22
|
+
try { b.csp.build(directives, { acknowledgeUnsafe: true, allowDataImages: true, trustedTypesPolicies: ["default"] }); }
|
|
23
|
+
catch (e) { threw = e.code + ": " + e.message; }
|
|
24
|
+
check("DEFAULT_CSP round-trips through b.csp.build", threw === null);
|
|
25
|
+
}
|
|
26
|
+
|
|
27
|
+
function testWebrtcDirective() {
|
|
28
|
+
var policy = b.csp.build({ "default-src": ["'self'"], "webrtc": ["'block'"] });
|
|
29
|
+
check("csp.build accepts webrtc directive", policy.indexOf("webrtc 'block'") !== -1);
|
|
30
|
+
}
|
|
7
31
|
|
|
8
32
|
function testBuild() {
|
|
9
33
|
var policy = b.csp.build({
|
|
@@ -79,6 +103,8 @@ function testCspErrorClass() {
|
|
|
79
103
|
}
|
|
80
104
|
|
|
81
105
|
function run() {
|
|
106
|
+
testDefaultCspRoundTrips();
|
|
107
|
+
testWebrtcDirective();
|
|
82
108
|
testBuild();
|
|
83
109
|
testRefusesUnsafeKeywords();
|
|
84
110
|
testRefusesCatchAll();
|
package/package.json
CHANGED