@blamejs/blamejs-shop 0.1.37 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +6 -0
- package/lib/admin.js +205 -42
- package/lib/asset-manifest.json +5 -5
- package/lib/storefront.js +428 -51
- package/lib/vendor/MANIFEST.json +2 -2
- package/lib/vendor/blamejs/CHANGELOG.md +12 -0
- package/lib/vendor/blamejs/README.md +2 -2
- package/lib/vendor/blamejs/SECURITY.md +1 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/ai-disclosure.js +2 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +5 -3
- package/lib/vendor/blamejs/lib/archive-read.js +101 -35
- package/lib/vendor/blamejs/lib/archive-tar-read.js +86 -31
- package/lib/vendor/blamejs/lib/archive-tar.js +2 -3
- package/lib/vendor/blamejs/lib/auth/fal.js +12 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +15 -11
- package/lib/vendor/blamejs/lib/auth/jwt.js +2 -2
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -6
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +15 -12
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +3 -3
- package/lib/vendor/blamejs/lib/backup/index.js +2 -3
- package/lib/vendor/blamejs/lib/calendar.js +9 -2
- package/lib/vendor/blamejs/lib/circuit-breaker.js +5 -4
- package/lib/vendor/blamejs/lib/cose.js +4 -3
- package/lib/vendor/blamejs/lib/crypto-hpke.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-oprf.js +2 -2
- package/lib/vendor/blamejs/lib/crypto.js +2 -2
- package/lib/vendor/blamejs/lib/framework-error.js +2 -1
- package/lib/vendor/blamejs/lib/guard-jwt.js +3 -2
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +2 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +2 -2
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +1 -1
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +7 -7
- package/lib/vendor/blamejs/lib/mail-crypto.js +1 -1
- package/lib/vendor/blamejs/lib/mail-dav.js +5 -4
- package/lib/vendor/blamejs/lib/mail-deploy.js +3 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +1 -1
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +10 -10
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +1 -1
- package/lib/vendor/blamejs/lib/mail-server-mx.js +142 -47
- package/lib/vendor/blamejs/lib/mail-server-submission.js +6 -5
- package/lib/vendor/blamejs/lib/mail-store.js +2 -2
- package/lib/vendor/blamejs/lib/mail.js +2 -2
- package/lib/vendor/blamejs/lib/mdoc.js +14 -14
- package/lib/vendor/blamejs/lib/network-dnssec.js +10 -8
- package/lib/vendor/blamejs/lib/network-tls.js +10 -7
- package/lib/vendor/blamejs/lib/safe-decompress.js +8 -6
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -12
- package/lib/vendor/blamejs/lib/safe-mime.js +6 -6
- package/lib/vendor/blamejs/lib/safe-sieve.js +1 -1
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +44 -0
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +27 -0
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +36 -0
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +27 -0
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +27 -0
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +27 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/archive-read.test.js +82 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jwt-defenses.test.js +4 -4
- package/lib/vendor/blamejs/test/layer-0-primitives/calendar.test.js +31 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +188 -6
- package/lib/vendor/blamejs/test/layer-0-primitives/fal.test.js +26 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-smime.test.js +5 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dav.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-mx.test.js +166 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-cluster.test.js +25 -18
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-ical.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +12 -12
- package/lib/vendor/blamejs/test/layer-0-primitives/scheduler-exactly-once.test.js +15 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/websocket-channels.test.js +0 -6
- package/package.json +1 -1
|
@@ -26,7 +26,7 @@ async function testHappyPath() {
|
|
|
26
26
|
var r = await b.sandbox.run({
|
|
27
27
|
source: "return { upper: input.name.toUpperCase(), len: input.name.length };",
|
|
28
28
|
input: { name: "alice" },
|
|
29
|
-
timeoutMs:
|
|
29
|
+
timeoutMs: 10000,
|
|
30
30
|
});
|
|
31
31
|
check("happy path returns wrapped result", typeof r === "object");
|
|
32
32
|
check("happy path produces result.result.upper", r.result && r.result.upper === "ALICE");
|
|
@@ -40,7 +40,7 @@ async function testAllowedBuiltins() {
|
|
|
40
40
|
source: "return { ts: Date.now() > 0, sqrt: Math.sqrt(16) };",
|
|
41
41
|
input: {},
|
|
42
42
|
allowed: ["Date", "Math"],
|
|
43
|
-
timeoutMs:
|
|
43
|
+
timeoutMs: 10000,
|
|
44
44
|
});
|
|
45
45
|
check("allowed Date works", r.result.ts === true);
|
|
46
46
|
check("allowed Math works", r.result.sqrt === 4);
|
|
@@ -51,7 +51,7 @@ async function testBadAllowedRejected() {
|
|
|
51
51
|
await b.sandbox.run({
|
|
52
52
|
source: "return null;",
|
|
53
53
|
allowed: ["process"],
|
|
54
|
-
timeoutMs:
|
|
54
|
+
timeoutMs: 10000,
|
|
55
55
|
});
|
|
56
56
|
check("bad-allowed should have refused", false);
|
|
57
57
|
} catch (e) {
|
|
@@ -62,13 +62,13 @@ async function testBadAllowedRejected() {
|
|
|
62
62
|
|
|
63
63
|
async function testBadSourceRejected() {
|
|
64
64
|
try {
|
|
65
|
-
await b.sandbox.run({ source: "", timeoutMs:
|
|
65
|
+
await b.sandbox.run({ source: "", timeoutMs: 10000 });
|
|
66
66
|
check("empty source should refuse", false);
|
|
67
67
|
} catch (e) {
|
|
68
68
|
check("empty source refused", e && e.code === "sandbox/bad-source");
|
|
69
69
|
}
|
|
70
70
|
try {
|
|
71
|
-
await b.sandbox.run({ source: 42, timeoutMs:
|
|
71
|
+
await b.sandbox.run({ source: 42, timeoutMs: 10000 });
|
|
72
72
|
check("non-string source should refuse", false);
|
|
73
73
|
} catch (e) {
|
|
74
74
|
check("non-string source refused", e && e.code === "sandbox/bad-source");
|
|
@@ -92,7 +92,7 @@ async function testBadTimeoutRejected() {
|
|
|
92
92
|
|
|
93
93
|
async function testBadMaxBytesRejected() {
|
|
94
94
|
try {
|
|
95
|
-
await b.sandbox.run({ source: "return 1;", maxBytes: 100, timeoutMs:
|
|
95
|
+
await b.sandbox.run({ source: "return 1;", maxBytes: 100, timeoutMs: 10000 });
|
|
96
96
|
check("under-floor maxBytes should refuse", false);
|
|
97
97
|
} catch (e) {
|
|
98
98
|
check("under-floor maxBytes refused", e && e.code === "sandbox/bad-max-bytes");
|
|
@@ -113,7 +113,7 @@ async function testTimeoutEnforced() {
|
|
|
113
113
|
|
|
114
114
|
async function testParseError() {
|
|
115
115
|
try {
|
|
116
|
-
await b.sandbox.run({ source: "this is not valid javascript ((", timeoutMs:
|
|
116
|
+
await b.sandbox.run({ source: "this is not valid javascript ((", timeoutMs: 10000 });
|
|
117
117
|
check("malformed source should refuse", false);
|
|
118
118
|
} catch (e) {
|
|
119
119
|
check("parse-error returned", e && e.code === "sandbox/parse-error");
|
|
@@ -124,7 +124,7 @@ async function testRuntimeError() {
|
|
|
124
124
|
try {
|
|
125
125
|
await b.sandbox.run({
|
|
126
126
|
source: "throw new Error('boom');",
|
|
127
|
-
timeoutMs:
|
|
127
|
+
timeoutMs: 10000,
|
|
128
128
|
});
|
|
129
129
|
check("throwing source should reject", false);
|
|
130
130
|
} catch (e) {
|
|
@@ -138,7 +138,7 @@ async function testBadInput() {
|
|
|
138
138
|
var circular = {};
|
|
139
139
|
circular.self = circular;
|
|
140
140
|
try {
|
|
141
|
-
await b.sandbox.run({ source: "return 1;", input: circular, timeoutMs:
|
|
141
|
+
await b.sandbox.run({ source: "return 1;", input: circular, timeoutMs: 10000 });
|
|
142
142
|
check("circular input should refuse", false);
|
|
143
143
|
} catch (e) {
|
|
144
144
|
check("bad-input refused", e && e.code === "sandbox/bad-input");
|
|
@@ -151,7 +151,7 @@ async function testContainment() {
|
|
|
151
151
|
try {
|
|
152
152
|
await b.sandbox.run({
|
|
153
153
|
source: "var x = require; return typeof x;",
|
|
154
|
-
timeoutMs:
|
|
154
|
+
timeoutMs: 10000,
|
|
155
155
|
});
|
|
156
156
|
check("require should not be reachable", false);
|
|
157
157
|
} catch (e) {
|
|
@@ -163,7 +163,7 @@ async function testProcessUnreachable() {
|
|
|
163
163
|
try {
|
|
164
164
|
await b.sandbox.run({
|
|
165
165
|
source: "return process.env.HOME;",
|
|
166
|
-
timeoutMs:
|
|
166
|
+
timeoutMs: 10000,
|
|
167
167
|
});
|
|
168
168
|
check("process should not be reachable", false);
|
|
169
169
|
} catch (e) {
|
|
@@ -176,7 +176,7 @@ async function testNoNetworkAccess() {
|
|
|
176
176
|
try {
|
|
177
177
|
await b.sandbox.run({
|
|
178
178
|
source: "var http = require('http'); return 1;",
|
|
179
|
-
timeoutMs:
|
|
179
|
+
timeoutMs: 10000,
|
|
180
180
|
});
|
|
181
181
|
check("network access should refuse", false);
|
|
182
182
|
} catch (e) {
|
|
@@ -21,12 +21,6 @@ var check = helpers.check;
|
|
|
21
21
|
var setupTestDb = helpers.setupTestDb;
|
|
22
22
|
var teardownTestDb = helpers.teardownTestDb;
|
|
23
23
|
|
|
24
|
-
function _waitMicrotasks(n) {
|
|
25
|
-
var p = Promise.resolve();
|
|
26
|
-
for (var i = 0; i < (n || 5); i++) p = p.then(function () { return new Promise(function (r) { setImmediate(r); }); });
|
|
27
|
-
return p;
|
|
28
|
-
}
|
|
29
|
-
|
|
30
24
|
async function testSingleNodeNoTickClaim() {
|
|
31
25
|
// No opts.cluster wired → tick-claim path skipped entirely. fires
|
|
32
26
|
// increments normally, tickClaimLost stays 0, no rows in the ticks
|
|
@@ -38,7 +32,10 @@ async function testSingleNodeNoTickClaim() {
|
|
|
38
32
|
var sched = b.scheduler.create({ audit: false });
|
|
39
33
|
sched.schedule({ name: "single", every: 60000, run: async function () { fired++; } });
|
|
40
34
|
sched._fireOnce("single");
|
|
41
|
-
await
|
|
35
|
+
await helpers.waitUntil(function () {
|
|
36
|
+
var t = sched.list()[0];
|
|
37
|
+
return t && t.fires === 1;
|
|
38
|
+
}, { timeoutMs: 5000, label: "scheduler single-node: fire callback completed" });
|
|
42
39
|
var listed = sched.list()[0];
|
|
43
40
|
check("single-node: fires increments", listed.fires === 1);
|
|
44
41
|
check("single-node: tickClaimLost stays 0", listed.tickClaimLost === 0);
|
|
@@ -69,7 +66,10 @@ async function testClusterWinnerInsertsTickRow() {
|
|
|
69
66
|
var nominalRun = task.nextRun;
|
|
70
67
|
|
|
71
68
|
sched._fireOnce("winner");
|
|
72
|
-
await
|
|
69
|
+
await helpers.waitUntil(function () {
|
|
70
|
+
var t = sched.list()[0];
|
|
71
|
+
return t && t.fires === 1;
|
|
72
|
+
}, { timeoutMs: 5000, label: "scheduler winner: tick-claim won + fire completed" });
|
|
73
73
|
|
|
74
74
|
var listed = sched.list()[0];
|
|
75
75
|
check("winner: fires increments", listed.fires === 1);
|
|
@@ -116,7 +116,13 @@ async function testClusterLoserSkipsAndCounts() {
|
|
|
116
116
|
);
|
|
117
117
|
|
|
118
118
|
sched._fireOnce("loser");
|
|
119
|
-
|
|
119
|
+
// The lost tick-claim is observable as tickClaimLost incrementing —
|
|
120
|
+
// poll on that rather than a fixed tick budget. Once it lands, the
|
|
121
|
+
// skipped run (fires stays 0) is guaranteed.
|
|
122
|
+
await helpers.waitUntil(function () {
|
|
123
|
+
var t = sched.list()[0];
|
|
124
|
+
return t && t.tickClaimLost === 1;
|
|
125
|
+
}, { timeoutMs: 5000, label: "scheduler loser: tick-claim lost recorded" });
|
|
120
126
|
|
|
121
127
|
var listed = sched.list()[0];
|
|
122
128
|
check("loser: fires stays 0", listed.fires === 0);
|
|
@@ -16,12 +16,6 @@ var check = helpers.check;
|
|
|
16
16
|
var setupTestDb = helpers.setupTestDb;
|
|
17
17
|
var teardownTestDb = helpers.teardownTestDb;
|
|
18
18
|
|
|
19
|
-
function _waitMicrotasks(n) {
|
|
20
|
-
var p = Promise.resolve();
|
|
21
|
-
for (var i = 0; i < (n || 5); i++) p = p.then(function () { return new Promise(function (r) { setImmediate(r); }); });
|
|
22
|
-
return p;
|
|
23
|
-
}
|
|
24
|
-
|
|
25
19
|
// Minimal connection mock — EventEmitter with .send() that captures
|
|
26
20
|
// what was sent. Mirrors the WebSocketConnection surface that
|
|
27
21
|
// websocket-channels actually touches (.send + .on('close')).
|
package/package.json
CHANGED