@blamejs/blamejs-shop 0.3.4 → 0.3.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/admin.js +428 -6
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +14 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
- package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
- package/lib/vendor/blamejs/lib/a2a.js +4 -4
- package/lib/vendor/blamejs/lib/acme.js +3 -3
- package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
- package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
- package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
- package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
- package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
- package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
- package/lib/vendor/blamejs/lib/ai-input.js +4 -4
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
- package/lib/vendor/blamejs/lib/archive-read.js +25 -25
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
- package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
- package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
- package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
- package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
- package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
- package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
- package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
- package/lib/vendor/blamejs/lib/audit.js +2 -2
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
- package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
- package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
- package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
- package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
- package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/backup/index.js +7 -7
- package/lib/vendor/blamejs/lib/base32.js +8 -8
- package/lib/vendor/blamejs/lib/budr.js +2 -2
- package/lib/vendor/blamejs/lib/cache-status.js +2 -2
- package/lib/vendor/blamejs/lib/calendar.js +29 -29
- package/lib/vendor/blamejs/lib/cbor.js +12 -12
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
- package/lib/vendor/blamejs/lib/cert.js +5 -5
- package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
- package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
- package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
- package/lib/vendor/blamejs/lib/compliance.js +29 -29
- package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
- package/lib/vendor/blamejs/lib/cookies.js +1 -1
- package/lib/vendor/blamejs/lib/cose.js +13 -13
- package/lib/vendor/blamejs/lib/cra-report.js +1 -1
- package/lib/vendor/blamejs/lib/crdt.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
- package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
- package/lib/vendor/blamejs/lib/crypto.js +6 -6
- package/lib/vendor/blamejs/lib/csp.js +2 -2
- package/lib/vendor/blamejs/lib/cwt.js +4 -4
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
- package/lib/vendor/blamejs/lib/data-act.js +2 -2
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
- package/lib/vendor/blamejs/lib/db-query.js +1 -1
- package/lib/vendor/blamejs/lib/db.js +6 -6
- package/lib/vendor/blamejs/lib/dbsc.js +13 -13
- package/lib/vendor/blamejs/lib/did.js +17 -17
- package/lib/vendor/blamejs/lib/dora.js +4 -4
- package/lib/vendor/blamejs/lib/dsr.js +1 -1
- package/lib/vendor/blamejs/lib/early-hints.js +2 -2
- package/lib/vendor/blamejs/lib/eat.js +4 -4
- package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
- package/lib/vendor/blamejs/lib/external-db.js +1 -1
- package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
- package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
- package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
- package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
- package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
- package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
- package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
- package/lib/vendor/blamejs/lib/guard-email.js +19 -19
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
- package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
- package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
- package/lib/vendor/blamejs/lib/guard-html.js +7 -7
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
- package/lib/vendor/blamejs/lib/guard-image.js +4 -4
- package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
- package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
- package/lib/vendor/blamejs/lib/guard-json.js +12 -12
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
- package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
- package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
- package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
- package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
- package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
- package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
- package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
- package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
- package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
- package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-time.js +15 -15
- package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
- package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
- package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
- package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
- package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
- package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
- package/lib/vendor/blamejs/lib/http-client.js +13 -10
- package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
- package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
- package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
- package/lib/vendor/blamejs/lib/inbox.js +4 -4
- package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
- package/lib/vendor/blamejs/lib/json-path.js +3 -3
- package/lib/vendor/blamejs/lib/json-schema.js +1 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/link-header.js +1 -1
- package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
- package/lib/vendor/blamejs/lib/log.js +8 -3
- package/lib/vendor/blamejs/lib/lro.js +4 -4
- package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
- package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
- package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
- package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
- package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
- package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
- package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
- package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
- package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
- package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
- package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
- package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
- package/lib/vendor/blamejs/lib/mail-store.js +8 -8
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
- package/lib/vendor/blamejs/lib/mail.js +4 -4
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
- package/lib/vendor/blamejs/lib/mcp.js +15 -15
- package/lib/vendor/blamejs/lib/mdoc.js +2 -2
- package/lib/vendor/blamejs/lib/metrics.js +8 -8
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
- package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
- package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
- package/lib/vendor/blamejs/lib/network-dns.js +29 -29
- package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
- package/lib/vendor/blamejs/lib/network-tls.js +100 -98
- package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
- package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
- package/lib/vendor/blamejs/lib/observability.js +8 -8
- package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
- package/lib/vendor/blamejs/lib/openapi.js +1 -1
- package/lib/vendor/blamejs/lib/outbox.js +6 -6
- package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
- package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
- package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
- package/lib/vendor/blamejs/lib/problem-details.js +5 -5
- package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
- package/lib/vendor/blamejs/lib/queue.js +4 -2
- package/lib/vendor/blamejs/lib/redact.js +2 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
- package/lib/vendor/blamejs/lib/router.js +10 -10
- package/lib/vendor/blamejs/lib/safe-async.js +2 -2
- package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
- package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
- package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
- package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
- package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
- package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
- package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/lib/safe-url.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
- package/lib/vendor/blamejs/lib/sandbox.js +5 -5
- package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
- package/lib/vendor/blamejs/lib/self-update.js +3 -3
- package/lib/vendor/blamejs/lib/server-timing.js +3 -3
- package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
- package/lib/vendor/blamejs/lib/session.js +8 -8
- package/lib/vendor/blamejs/lib/sse.js +12 -5
- package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
- package/lib/vendor/blamejs/lib/storage.js +2 -2
- package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
- package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
- package/lib/vendor/blamejs/lib/subject.js +1 -1
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
- package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
- package/lib/vendor/blamejs/lib/test-harness.js +1 -1
- package/lib/vendor/blamejs/lib/tracing.js +1 -1
- package/lib/vendor/blamejs/lib/tsa.js +5 -5
- package/lib/vendor/blamejs/lib/uri-template.js +5 -5
- package/lib/vendor/blamejs/lib/vault/index.js +2 -2
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
- package/lib/vendor/blamejs/lib/vc.js +2 -2
- package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
- package/lib/vendor/blamejs/lib/watcher.js +4 -4
- package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
- package/lib/vendor/blamejs/lib/webhook.js +2 -2
- package/lib/vendor/blamejs/lib/websocket.js +5 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
- package/lib/vendor/blamejs/lib/ws-client.js +24 -24
- package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
- package/lib/vendor/blamejs/test/00-primitives.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
- package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
- package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
- package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
|
@@ -95,16 +95,16 @@ var DEFAULT_PROFILE = "strict";
|
|
|
95
95
|
var DEFAULT_PROTOCOL = "icap";
|
|
96
96
|
var DEFAULT_ICAP_SERVICE = "srv_clamav";
|
|
97
97
|
|
|
98
|
-
//
|
|
98
|
+
// ClamAV INSTREAM 4-byte length prefix.
|
|
99
99
|
var CLAMAV_LENGTH_PREFIX_BYTES = 4;
|
|
100
100
|
|
|
101
|
-
//
|
|
101
|
+
// ClamAV INSTREAM chunk size for streaming.
|
|
102
102
|
var CLAMAV_CHUNK_BYTES = 65536;
|
|
103
103
|
|
|
104
104
|
var PROFILES = Object.freeze({
|
|
105
|
-
strict: { timeoutMs: C.TIME.seconds(30), maxMessageBytes: C.BYTES.mib(25), maxResponseBytes: C.BYTES.mib(50) }, //
|
|
106
|
-
balanced: { timeoutMs: C.TIME.seconds(60), maxMessageBytes: C.BYTES.mib(50), maxResponseBytes: C.BYTES.mib(100) }, //
|
|
107
|
-
permissive: { timeoutMs: C.TIME.seconds(120), maxMessageBytes: C.BYTES.mib(150), maxResponseBytes: C.BYTES.mib(300) }, //
|
|
105
|
+
strict: { timeoutMs: C.TIME.seconds(30), maxMessageBytes: C.BYTES.mib(25), maxResponseBytes: C.BYTES.mib(50) }, // operator-facing default mailbox cap
|
|
106
|
+
balanced: { timeoutMs: C.TIME.seconds(60), maxMessageBytes: C.BYTES.mib(50), maxResponseBytes: C.BYTES.mib(100) }, // operator-facing default mailbox cap
|
|
107
|
+
permissive: { timeoutMs: C.TIME.seconds(120), maxMessageBytes: C.BYTES.mib(150), maxResponseBytes: C.BYTES.mib(300) }, // operator-facing default mailbox cap
|
|
108
108
|
});
|
|
109
109
|
|
|
110
110
|
var COMPLIANCE_POSTURES = Object.freeze({
|
|
@@ -165,7 +165,7 @@ function create(opts) {
|
|
|
165
165
|
|
|
166
166
|
validateOpts.requireNonEmptyString(opts.host, "mail.scan.create.host",
|
|
167
167
|
MailScanError, "mail-scan/bad-host");
|
|
168
|
-
if (!numericBounds.isPositiveFiniteInt(opts.port) || opts.port > 65535) { //
|
|
168
|
+
if (!numericBounds.isPositiveFiniteInt(opts.port) || opts.port > 65535) { // TCP port-number range cap
|
|
169
169
|
throw new MailScanError("mail-scan/bad-port",
|
|
170
170
|
"mail.scan.create.port must be a positive integer in [1,65535]; got " +
|
|
171
171
|
numericBounds.shape(opts.port));
|
|
@@ -329,7 +329,7 @@ function create(opts) {
|
|
|
329
329
|
// RFC 3507 §4.4.3 — body is chunked-transfer; we write a single
|
|
330
330
|
// chunk + terminator for simplicity. The wire format is the same
|
|
331
331
|
// as HTTP/1.1 chunked: `<hex-length>\r\n<bytes>\r\n0\r\n\r\n`.
|
|
332
|
-
var lenHex = messageBytes.length.toString(16); //
|
|
332
|
+
var lenHex = messageBytes.length.toString(16); // hex radix
|
|
333
333
|
sock.write(lenHex + "\r\n");
|
|
334
334
|
sock.write(messageBytes);
|
|
335
335
|
sock.write("\r\n0\r\n\r\n");
|
|
@@ -73,7 +73,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
|
|
|
73
73
|
|
|
74
74
|
var DeliverError = defineClass("DeliverError");
|
|
75
75
|
|
|
76
|
-
var DEFAULT_PORT_SMTP = 25; //
|
|
76
|
+
var DEFAULT_PORT_SMTP = 25; // IANA SMTP port, not a byte literal
|
|
77
77
|
var DEFAULT_RETRY_BACKOFF_MS = Object.freeze([
|
|
78
78
|
C.TIME.minutes(1),
|
|
79
79
|
C.TIME.minutes(5),
|
|
@@ -83,7 +83,7 @@ var DEFAULT_RETRY_BACKOFF_MS = Object.freeze([
|
|
|
83
83
|
]);
|
|
84
84
|
var DEFAULT_MX_LOOKUP_TIMEOUT_MS = C.TIME.seconds(10);
|
|
85
85
|
var DEFAULT_PER_HOST_TIMEOUT_MS = C.TIME.seconds(60);
|
|
86
|
-
var MAX_RECIPIENTS_PER_CALL = 1000; //
|
|
86
|
+
var MAX_RECIPIENTS_PER_CALL = 1000; // manifest-size cap, not byte count
|
|
87
87
|
|
|
88
88
|
// ---- Outcome classifier ----
|
|
89
89
|
|
|
@@ -140,10 +140,10 @@ var DEFAULT_GREETING_VENDOR = "blamejs IMAP4rev2";
|
|
|
140
140
|
var pkgVersion = require("../package.json").version;
|
|
141
141
|
|
|
142
142
|
// Error-message clamp bytes — protocol-string clamp, not a byte count.
|
|
143
|
-
// Centralized so the
|
|
143
|
+
// Centralized so the marker lives in one place
|
|
144
144
|
// and the per-call sites read cleanly.
|
|
145
|
-
var ERR_CLAMP = 200; //
|
|
146
|
-
var LINE_PREVIEW = 80; //
|
|
145
|
+
var ERR_CLAMP = 200; // protocol-reply error-message clamp
|
|
146
|
+
var LINE_PREVIEW = 80; // audit-line preview clamp
|
|
147
147
|
|
|
148
148
|
// RFC 9051 §6.3.12 + RFC 5322 §3.3 date-time parser for IMAP APPEND.
|
|
149
149
|
// Format: `DD-Mon-YYYY HH:MM:SS ±HHMM` where Mon is the 3-letter
|
|
@@ -152,8 +152,8 @@ var LINE_PREVIEW = 80;
|
|
|
152
152
|
// millisecond epoch, or null on any parse failure — the caller emits
|
|
153
153
|
// `BAD` rather than silently using `Date.now()`.
|
|
154
154
|
var IMAP_MONTHS = Object.freeze({
|
|
155
|
-
jan: 0, feb: 1, mar: 2, apr: 3, may: 4, jun: 5, //
|
|
156
|
-
jul: 6, aug: 7, sep: 8, oct: 9, nov: 10, dec: 11, //
|
|
155
|
+
jan: 0, feb: 1, mar: 2, apr: 3, may: 4, jun: 5, // month-index table (0-5)
|
|
156
|
+
jul: 6, aug: 7, sep: 8, oct: 9, nov: 10, dec: 11, // month-index table (6-11)
|
|
157
157
|
});
|
|
158
158
|
var IMAP_DT_RE = /^\s*(\d{1,2})-([A-Za-z]{3})-(\d{4})\s+(\d{2}):(\d{2}):(\d{2})\s+([+-])(\d{2})(\d{2})\s*$/;
|
|
159
159
|
function _parseImapDateTime(s) {
|
|
@@ -195,10 +195,10 @@ function _parseImapDateTime(s) {
|
|
|
195
195
|
// oversize.
|
|
196
196
|
function _validateMailboxName(name, opts) {
|
|
197
197
|
if (typeof name !== "string" || name.length === 0) return false;
|
|
198
|
-
if (name.length > 1024) return false; //
|
|
198
|
+
if (name.length > 1024) return false; // mailbox name cap
|
|
199
199
|
for (var i = 0; i < name.length; i += 1) {
|
|
200
200
|
var c = name.charCodeAt(i);
|
|
201
|
-
if (c < 0x20 || c === 0x7F) return false; //
|
|
201
|
+
if (c < 0x20 || c === 0x7F) return false; // control-byte refusal
|
|
202
202
|
}
|
|
203
203
|
if (name.indexOf("..") !== -1) return false;
|
|
204
204
|
if (name === "/" || name[0] === "/" || name[name.length - 1] === "/") return false;
|
|
@@ -311,7 +311,7 @@ function create(opts) {
|
|
|
311
311
|
}
|
|
312
312
|
rawSocket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
|
|
313
313
|
|
|
314
|
-
var connectionId = "imapconn-" + bCrypto.generateToken(8); //
|
|
314
|
+
var connectionId = "imapconn-" + bCrypto.generateToken(8); // connection-id length
|
|
315
315
|
var socket = rawSocket;
|
|
316
316
|
connections.add(socket);
|
|
317
317
|
|
|
@@ -655,8 +655,8 @@ function create(opts) {
|
|
|
655
655
|
// exercise them; each handler refuses gracefully when the operator
|
|
656
656
|
// backend doesn't supply the corresponding hook).
|
|
657
657
|
caps.push("NOTIFY"); // RFC 5465
|
|
658
|
-
caps.push("METADATA"); // RFC 5464 — per-mailbox annotations //
|
|
659
|
-
caps.push("METADATA-SERVER"); // RFC 5464 §3.1 — server-wide annotations //
|
|
658
|
+
caps.push("METADATA"); // RFC 5464 — per-mailbox annotations // RFC number in comment
|
|
659
|
+
caps.push("METADATA-SERVER"); // RFC 5464 §3.1 — server-wide annotations // RFC number in comment
|
|
660
660
|
caps.push("CATENATE"); // RFC 4469 — APPEND from existing parts
|
|
661
661
|
// NB: COMPRESS=DEFLATE (RFC 4978) intentionally NOT advertised —
|
|
662
662
|
// CRIME-class compression-oracle attack on the encrypted IMAP
|
|
@@ -1369,7 +1369,7 @@ function create(opts) {
|
|
|
1369
1369
|
while (pi < partsBody.length && /\s/.test(partsBody[pi])) pi += 1;
|
|
1370
1370
|
if (pi >= partsBody.length) break;
|
|
1371
1371
|
if (/^URL\b/i.test(partsBody.slice(pi))) {
|
|
1372
|
-
pi += 3; //
|
|
1372
|
+
pi += 3; // length of literal "URL" keyword
|
|
1373
1373
|
while (pi < partsBody.length && /\s/.test(partsBody[pi])) pi += 1;
|
|
1374
1374
|
if (partsBody[pi] !== "\"") {
|
|
1375
1375
|
_writeTagged(socket, tag, "BAD APPEND CATENATE URL value must be quoted-string");
|
|
@@ -1818,7 +1818,7 @@ function create(opts) {
|
|
|
1818
1818
|
throw new MailServerImapError("mail-server-imap/already-listening",
|
|
1819
1819
|
"listen: already listening");
|
|
1820
1820
|
}
|
|
1821
|
-
var port = listenOpts.port === undefined ? 143 : listenOpts.port; //
|
|
1821
|
+
var port = listenOpts.port === undefined ? 143 : listenOpts.port; // RFC 9051 IMAP port (IANA)
|
|
1822
1822
|
var address = listenOpts.address || "0.0.0.0";
|
|
1823
1823
|
tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
|
|
1824
1824
|
return new Promise(function (resolve, reject) {
|
|
@@ -133,9 +133,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
|
|
|
133
133
|
var MailServerJmapError = defineClass("MailServerJmapError", { alwaysPermanent: true });
|
|
134
134
|
|
|
135
135
|
var DEFAULT_PROFILE = "strict";
|
|
136
|
-
var WELL_KNOWN_PATH = "/.well-known/jmap";
|
|
137
136
|
void C; // reserved for future cap constants
|
|
138
|
-
void WELL_KNOWN_PATH;
|
|
139
137
|
|
|
140
138
|
/**
|
|
141
139
|
* @primitive b.mail.server.jmap.create
|
|
@@ -232,7 +230,7 @@ function create(opts) {
|
|
|
232
230
|
tenantScope: opts.tenantScope || null,
|
|
233
231
|
agentTenantId: opts.agentTenantId || null,
|
|
234
232
|
});
|
|
235
|
-
var sessionState = bCrypto.generateToken(16); //
|
|
233
|
+
var sessionState = bCrypto.generateToken(16); // opaque session-state token length
|
|
236
234
|
|
|
237
235
|
function _emit(action, metadata, outcome) {
|
|
238
236
|
try {
|
|
@@ -262,7 +260,7 @@ function create(opts) {
|
|
|
262
260
|
for (var k = 0; k < keys.length; k += 1) {
|
|
263
261
|
var key = keys[k];
|
|
264
262
|
var val = args[key];
|
|
265
|
-
if (key.charCodeAt(0) === 0x23) { //
|
|
263
|
+
if (key.charCodeAt(0) === 0x23) { // `#` (0x23) is the JMAP back-ref-key prefix
|
|
266
264
|
// `#<srcClientId>` → key strips the `#`; value is { resultOf, name, path }
|
|
267
265
|
var targetKey = key.slice(1);
|
|
268
266
|
if (!val || typeof val !== "object" || Array.isArray(val) ||
|
|
@@ -443,11 +441,11 @@ function create(opts) {
|
|
|
443
441
|
// re-auth flow (a 400 looks like a malformed request, which it
|
|
444
442
|
// isn't). Everything else stays 400 per RFC 8620 §3.6.1.
|
|
445
443
|
if (response && response.type === "urn:ietf:params:jmap:error:forbidden") {
|
|
446
|
-
res.statusCode = 401; //
|
|
444
|
+
res.statusCode = 401; // HTTP status codes
|
|
447
445
|
} else if (response && response.type) {
|
|
448
|
-
res.statusCode = 400; //
|
|
446
|
+
res.statusCode = 400; // HTTP status codes
|
|
449
447
|
} else {
|
|
450
|
-
res.statusCode = 200; //
|
|
448
|
+
res.statusCode = 200; // HTTP status codes
|
|
451
449
|
}
|
|
452
450
|
res.setHeader("Content-Type", "application/json; charset=utf-8");
|
|
453
451
|
res.end(JSON.stringify(response));
|
|
@@ -596,8 +594,8 @@ function create(opts) {
|
|
|
596
594
|
pingN = 0;
|
|
597
595
|
} else {
|
|
598
596
|
pingN = parseInt(params.ping, 10);
|
|
599
|
-
if (!isFinite(pingN) || pingN < 5) pingN = 30; //
|
|
600
|
-
if (pingN > 900) pingN = 900; // allow:raw-
|
|
597
|
+
if (!isFinite(pingN) || pingN < 5) pingN = 30; // RFC 8620 §7.3 default ping seconds
|
|
598
|
+
if (pingN > 900) pingN = 900; // allow:raw-time-literal — explicit max-ping cap (15 minutes)
|
|
601
599
|
}
|
|
602
600
|
|
|
603
601
|
// SSE wire headers per the HTML5 spec § "Server-sent events"
|
|
@@ -613,7 +611,7 @@ function create(opts) {
|
|
|
613
611
|
// the current session state so a fresh subscriber can compare
|
|
614
612
|
// against its cached `state` to know whether a missed update
|
|
615
613
|
// happened during the (re)connect.
|
|
616
|
-
res.write("retry: 5000\n\n"); //
|
|
614
|
+
res.write("retry: 5000\n\n"); // SSE reconnect-after hint (5s)
|
|
617
615
|
res.write(": connected\n\n");
|
|
618
616
|
|
|
619
617
|
var closed = false;
|
|
@@ -678,7 +676,7 @@ function create(opts) {
|
|
|
678
676
|
}
|
|
679
677
|
unsubscribe = typeof unsub === "function" ? unsub : null;
|
|
680
678
|
if (!pingDisabled) {
|
|
681
|
-
pingTimer = setInterval(_pingTick, pingN * 1000); // allow:raw-time-literal — seconds → ms conversion
|
|
679
|
+
pingTimer = setInterval(_pingTick, pingN * 1000); // allow:raw-time-literal — seconds → ms conversion
|
|
682
680
|
if (pingTimer && typeof pingTimer.unref === "function") pingTimer.unref();
|
|
683
681
|
}
|
|
684
682
|
})
|
|
@@ -709,12 +707,12 @@ function create(opts) {
|
|
|
709
707
|
// RFC 8620 §1.2 — JMAP `Id` is a non-empty string of < 256 octets in
|
|
710
708
|
// `[A-Za-z0-9_-]`. The earlier shape capped at 64 chars which refused
|
|
711
709
|
// legitimate-shape accounts; widen to the full spec maximum.
|
|
712
|
-
var MAX_JMAP_ID_LEN = 255; //
|
|
710
|
+
var MAX_JMAP_ID_LEN = 255; // RFC 8620 §1.2 Id max length
|
|
713
711
|
var JMAP_ID_RE = /^[A-Za-z0-9_-]{1,255}$/;
|
|
714
712
|
// Anti-polynomial: bound the URL length BEFORE any regex / split runs
|
|
715
713
|
// (CodeQL flags `\/+` on uncontrolled input). Headers + URL paths in
|
|
716
714
|
// practice stay well under 8 KiB; over-long URLs refuse outright.
|
|
717
|
-
var MAX_URL_LEN = 8192; //
|
|
715
|
+
var MAX_URL_LEN = 8192; // 8 KiB URL cap
|
|
718
716
|
|
|
719
717
|
// Strip a query string + walk the path producing non-empty segments,
|
|
720
718
|
// WITHOUT any unbounded regex. Returns an empty array when the URL
|
|
@@ -729,7 +727,7 @@ function create(opts) {
|
|
|
729
727
|
var cur = "";
|
|
730
728
|
for (var i = 0; i < pathOnly.length; i += 1) {
|
|
731
729
|
var ch = pathOnly.charCodeAt(i);
|
|
732
|
-
if (ch === 0x2f) { //
|
|
730
|
+
if (ch === 0x2f) { // '/' (0x2f)
|
|
733
731
|
if (cur.length > 0) { out.push(cur); cur = ""; }
|
|
734
732
|
} else {
|
|
735
733
|
cur += pathOnly[i];
|
|
@@ -821,7 +819,7 @@ function create(opts) {
|
|
|
821
819
|
throw new MailServerJmapError("mail-server-jmap/bad-upload-result",
|
|
822
820
|
"uploadBlob backend MUST return { blobId, type?, size? }");
|
|
823
821
|
}
|
|
824
|
-
res.statusCode = 201; //
|
|
822
|
+
res.statusCode = 201; // HTTP 201 Created
|
|
825
823
|
res.setHeader("Content-Type", "application/json; charset=utf-8");
|
|
826
824
|
res.end(JSON.stringify({
|
|
827
825
|
accountId: accountId,
|
|
@@ -844,7 +842,7 @@ function create(opts) {
|
|
|
844
842
|
req.on("error", function () {
|
|
845
843
|
if (!refused) {
|
|
846
844
|
refused = true;
|
|
847
|
-
try { res.statusCode = 400; res.end(); } //
|
|
845
|
+
try { res.statusCode = 400; res.end(); } // HTTP 400
|
|
848
846
|
catch (_e) { /* silent-catch: socket already torn down */ }
|
|
849
847
|
}
|
|
850
848
|
});
|
|
@@ -1019,7 +1017,7 @@ function create(opts) {
|
|
|
1019
1017
|
// RFC 8887 §3.1 — server MUST select `jmap` if offered. Refuse the
|
|
1020
1018
|
// connection cleanly if subprotocol negotiation came back null.
|
|
1021
1019
|
if (conn.subprotocol !== "jmap") {
|
|
1022
|
-
try { conn.close(1002, "RFC 8887 requires Sec-WebSocket-Protocol: jmap"); } //
|
|
1020
|
+
try { conn.close(1002, "RFC 8887 requires Sec-WebSocket-Protocol: jmap"); } // RFC 6455 protocol-error close code
|
|
1023
1021
|
catch (_e) { /* silent-catch: closed */ }
|
|
1024
1022
|
return null;
|
|
1025
1023
|
}
|
|
@@ -1302,7 +1300,7 @@ function emailSubmissionSetHandler(opts) {
|
|
|
1302
1300
|
throw new MailServerJmapError("mail-server-jmap/no-identities",
|
|
1303
1301
|
"emailSubmissionSetHandler: opts.identities(accountId) function is required (returns Array<{id,email}>)");
|
|
1304
1302
|
}
|
|
1305
|
-
var maxRecipients = opts.maxRecipients || 1000; //
|
|
1303
|
+
var maxRecipients = opts.maxRecipients || 1000; // recipient cap mirrors b.mail.send.deliver
|
|
1306
1304
|
if (typeof maxRecipients !== "number" || !isFinite(maxRecipients) || maxRecipients < 1) {
|
|
1307
1305
|
throw new MailServerJmapError("mail-server-jmap/bad-max-recipients",
|
|
1308
1306
|
"emailSubmissionSetHandler: opts.maxRecipients MUST be a positive integer");
|
|
@@ -1422,7 +1420,7 @@ function emailSubmissionSetHandler(opts) {
|
|
|
1422
1420
|
return {
|
|
1423
1421
|
accountId: accountId,
|
|
1424
1422
|
oldState: args.ifInState || null,
|
|
1425
|
-
newState: bCrypto.generateToken(16), //
|
|
1423
|
+
newState: bCrypto.generateToken(16), // opaque state token length
|
|
1426
1424
|
created: Object.keys(created).length > 0 ? created : null,
|
|
1427
1425
|
notCreated: Object.keys(notCreated).length > 0 ? notCreated : null,
|
|
1428
1426
|
updated: Object.keys(updated).length > 0 ? updated : null,
|
|
@@ -1519,7 +1517,7 @@ function emailSubmissionSetHandler(opts) {
|
|
|
1519
1517
|
};
|
|
1520
1518
|
}
|
|
1521
1519
|
|
|
1522
|
-
var newId = bCrypto.generateToken(12); //
|
|
1520
|
+
var newId = bCrypto.generateToken(12); // JMAP-server-assigned id
|
|
1523
1521
|
return {
|
|
1524
1522
|
id: newId,
|
|
1525
1523
|
identityId: sub.identityId,
|
|
@@ -145,12 +145,12 @@ var MailServerManageSieveError = defineClass("MailServerManageSieveError",
|
|
|
145
145
|
{ alwaysPermanent: true });
|
|
146
146
|
|
|
147
147
|
// RFC 5804 §1 default port (IANA-assigned).
|
|
148
|
-
var DEFAULT_PORT = 4190; //
|
|
149
|
-
var DEFAULT_MAX_LINE_BYTES = 8192; //
|
|
148
|
+
var DEFAULT_PORT = 4190; // RFC 5804 §1 / IANA managesieve port
|
|
149
|
+
var DEFAULT_MAX_LINE_BYTES = 8192; // matches guardManageSieveCommand strict cap
|
|
150
150
|
var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
|
|
151
151
|
var DEFAULT_GREETING_VENDOR = "blamejs ManageSieve";
|
|
152
152
|
|
|
153
|
-
var ERR_CLAMP = 200; //
|
|
153
|
+
var ERR_CLAMP = 200; // protocol-reply error-message clamp
|
|
154
154
|
|
|
155
155
|
/**
|
|
156
156
|
* @primitive b.mail.server.managesieve.create
|
|
@@ -260,7 +260,7 @@ function create(opts) {
|
|
|
260
260
|
try { rawSocket.destroy(); } catch (_e2) { /* idempotent */ }
|
|
261
261
|
return;
|
|
262
262
|
}
|
|
263
|
-
var connectionId = "msvconn-" + bCrypto.generateToken(8); //
|
|
263
|
+
var connectionId = "msvconn-" + bCrypto.generateToken(8); // connection-id length
|
|
264
264
|
var socket = rawSocket;
|
|
265
265
|
connections.add(socket);
|
|
266
266
|
// Single close handler covers BOTH operator-driven `_close(socket)`
|
|
@@ -150,7 +150,7 @@ var MailServerMxError = defineClass("MailServerMxError", { alwaysPermanent: true
|
|
|
150
150
|
// RFC 5321 §4.5.3.1 — wire-protocol limits.
|
|
151
151
|
var DEFAULT_MAX_LINE_BYTES = C.BYTES.kib(1);
|
|
152
152
|
var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
|
|
153
|
-
var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; //
|
|
153
|
+
var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // RFC 5321 §4.5.3.1.8 recipient cap
|
|
154
154
|
var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
|
|
155
155
|
var DEFAULT_GREETING = "blamejs ESMTP";
|
|
156
156
|
|
|
@@ -161,18 +161,18 @@ var REPLY_220_READY = "220";
|
|
|
161
161
|
var REPLY_221_BYE = "221";
|
|
162
162
|
var REPLY_250_OK = "250";
|
|
163
163
|
var REPLY_354_START_INPUT = "354";
|
|
164
|
-
var REPLY_421_SERVICE_NOT_AVAIL = "421"; //
|
|
165
|
-
var REPLY_450_MAILBOX_BUSY = "450"; //
|
|
166
|
-
var REPLY_451_LOCAL_ERROR = "451"; //
|
|
167
|
-
var REPLY_452_INSUFFICIENT_STG = "452"; //
|
|
168
|
-
var REPLY_500_SYNTAX = "500"; //
|
|
169
|
-
var REPLY_501_BAD_ARGS = "501"; //
|
|
170
|
-
var REPLY_502_NOT_IMPLEMENTED = "502"; //
|
|
171
|
-
var REPLY_503_BAD_SEQUENCE = "503"; //
|
|
172
|
-
var REPLY_530_AUTH_REQUIRED = "530"; //
|
|
173
|
-
var REPLY_550_MAILBOX_UNAVAIL = "550"; //
|
|
174
|
-
var REPLY_552_SIZE_EXCEEDED = "552"; //
|
|
175
|
-
var REPLY_554_TRANSACTION_FAILED = "554"; //
|
|
164
|
+
var REPLY_421_SERVICE_NOT_AVAIL = "421"; // SMTP transient code
|
|
165
|
+
var REPLY_450_MAILBOX_BUSY = "450"; // SMTP transient code (greylist tempfail)
|
|
166
|
+
var REPLY_451_LOCAL_ERROR = "451"; // SMTP transient code
|
|
167
|
+
var REPLY_452_INSUFFICIENT_STG = "452"; // SMTP transient code
|
|
168
|
+
var REPLY_500_SYNTAX = "500"; // SMTP permanent code
|
|
169
|
+
var REPLY_501_BAD_ARGS = "501"; // SMTP permanent code
|
|
170
|
+
var REPLY_502_NOT_IMPLEMENTED = "502"; // SMTP permanent code
|
|
171
|
+
var REPLY_503_BAD_SEQUENCE = "503"; // SMTP permanent code
|
|
172
|
+
var REPLY_530_AUTH_REQUIRED = "530"; // SMTP permanent code
|
|
173
|
+
var REPLY_550_MAILBOX_UNAVAIL = "550"; // SMTP permanent code
|
|
174
|
+
var REPLY_552_SIZE_EXCEEDED = "552"; // SMTP permanent code
|
|
175
|
+
var REPLY_554_TRANSACTION_FAILED = "554"; // SMTP permanent code
|
|
176
176
|
|
|
177
177
|
var RE_MAIL_FROM = /^MAIL\s+FROM:\s*<([^>]*)>(?:\s+(.*))?$/i;
|
|
178
178
|
var RE_RCPT_TO = /^RCPT\s+TO:\s*<([^>]+)>(?:\s+.*)?$/i;
|
|
@@ -346,7 +346,7 @@ function create(opts) {
|
|
|
346
346
|
}
|
|
347
347
|
socket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
|
|
348
348
|
|
|
349
|
-
var connectionId = "mxconn-" + bCrypto.generateToken(8); //
|
|
349
|
+
var connectionId = "mxconn-" + bCrypto.generateToken(8); // connection-id length
|
|
350
350
|
connections.add(socket);
|
|
351
351
|
|
|
352
352
|
// Backpressure observer — `_writeReply` flips `_bpEmitted` after
|
|
@@ -520,7 +520,7 @@ function create(opts) {
|
|
|
520
520
|
err.code === "guard-smtp-command/bare-cr" ||
|
|
521
521
|
err.code === "guard-smtp-command/nul-byte") {
|
|
522
522
|
_emit("mail.server.mx.smtp_smuggling_detected",
|
|
523
|
-
{ connectionId: state.id, code: err.code, line: line.slice(0, 200) }, //
|
|
523
|
+
{ connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // audit-log line truncation
|
|
524
524
|
"denied");
|
|
525
525
|
}
|
|
526
526
|
_writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Syntax error (" + (err.code || "bad-line") + ")");
|
|
@@ -936,7 +936,7 @@ function create(opts) {
|
|
|
936
936
|
// for observability. Bounded to keep the audit metadata size
|
|
937
937
|
// predictable; the per-IP recipient-failure rate-limit elsewhere
|
|
938
938
|
// bounds long-run scanner damage.
|
|
939
|
-
var MAX_REFUSED_RCPTS_PER_TXN = 32; //
|
|
939
|
+
var MAX_REFUSED_RCPTS_PER_TXN = 32; // bounded audit-metadata list cap
|
|
940
940
|
function _trackRefusedRcpt(state, rcpt, reason) {
|
|
941
941
|
if (!Array.isArray(state.refusedRcpts)) state.refusedRcpts = [];
|
|
942
942
|
if (state.refusedRcpts.length >= MAX_REFUSED_RCPTS_PER_TXN) return;
|
|
@@ -968,7 +968,7 @@ function create(opts) {
|
|
|
968
968
|
}
|
|
969
969
|
// Port 0 (ephemeral, test mode) must NOT fall back to 25 — the
|
|
970
970
|
// `|| 25` short-circuit was a footgun on the test path.
|
|
971
|
-
var port = listenOpts.port === undefined ? 25 : listenOpts.port; //
|
|
971
|
+
var port = listenOpts.port === undefined ? 25 : listenOpts.port; // SMTP MX port (IANA)
|
|
972
972
|
var address = listenOpts.address || "0.0.0.0";
|
|
973
973
|
tcpServer = net.createServer(function (socket) {
|
|
974
974
|
_handleConnection(socket);
|
|
@@ -119,7 +119,7 @@ var audit = lazyRequire(function () { return require("./audit"); });
|
|
|
119
119
|
|
|
120
120
|
var MailServerPop3Error = defineClass("MailServerPop3Error", { alwaysPermanent: true });
|
|
121
121
|
|
|
122
|
-
var DEFAULT_MAX_LINE_BYTES = 1024; //
|
|
122
|
+
var DEFAULT_MAX_LINE_BYTES = 1024; // RFC 2449 §4 line cap (permissive)
|
|
123
123
|
var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(10);
|
|
124
124
|
// RFC 1939 §6 — UPDATE-state commit (the actual delete on QUIT) is
|
|
125
125
|
// the only place the backend writes; a hung commitPop3Drop leaves
|
|
@@ -130,7 +130,7 @@ var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(10);
|
|
|
130
130
|
var DEFAULT_COMMIT_TIMEOUT_MS = C.TIME.seconds(30);
|
|
131
131
|
var DEFAULT_GREETING_VENDOR = "blamejs POP3";
|
|
132
132
|
|
|
133
|
-
var ERR_CLAMP = 200; //
|
|
133
|
+
var ERR_CLAMP = 200; // protocol-reply error-message clamp
|
|
134
134
|
|
|
135
135
|
/**
|
|
136
136
|
* @primitive b.mail.server.pop3.create
|
|
@@ -263,7 +263,7 @@ function create(opts) {
|
|
|
263
263
|
try { rawSocket.destroy(); } catch (_e2) { /* idempotent */ }
|
|
264
264
|
return;
|
|
265
265
|
}
|
|
266
|
-
var connectionId = "pop3conn-" + bCrypto.generateToken(8); //
|
|
266
|
+
var connectionId = "pop3conn-" + bCrypto.generateToken(8); // connection-id length
|
|
267
267
|
var socket = rawSocket;
|
|
268
268
|
connections.add(socket);
|
|
269
269
|
// Single close handler covers BOTH operator-driven `_close(socket)`
|
|
@@ -876,7 +876,7 @@ function create(opts) {
|
|
|
876
876
|
throw new MailServerPop3Error("mail-server-pop3/already-listening",
|
|
877
877
|
"listen: already listening");
|
|
878
878
|
}
|
|
879
|
-
var port = listenOpts.port === undefined ? 110 : listenOpts.port; //
|
|
879
|
+
var port = listenOpts.port === undefined ? 110 : listenOpts.port; // RFC 1939 POP3 port (IANA)
|
|
880
880
|
var address = listenOpts.address || "0.0.0.0";
|
|
881
881
|
tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
|
|
882
882
|
return new Promise(function (resolve, reject) {
|
|
@@ -98,7 +98,7 @@ var DEFAULTS = Object.freeze({
|
|
|
98
98
|
maxConcurrentConnectionsPerIp: 10,
|
|
99
99
|
connectionsPerIpPerMinute: 60, // allow:raw-time-literal — connection count, not a time value
|
|
100
100
|
authFailuresPerIpPer15Min: 10,
|
|
101
|
-
minBytesPerSecond: 100, //
|
|
101
|
+
minBytesPerSecond: 100, // slow-loris byte-rate floor
|
|
102
102
|
// RCPT-TO recipient-failure cap defends against the 550-vs-250
|
|
103
103
|
// enumeration shape (RFC 5321 §3.5 — RCPT-TO surfaces the
|
|
104
104
|
// mailbox-exists oracle; an attacker that hammers RCPT TO can
|
|
@@ -106,7 +106,7 @@ var DEFAULTS = Object.freeze({
|
|
|
106
106
|
// Per-IP, per-minute. Tuned higher than auth-failure since
|
|
107
107
|
// legitimate senders can RCPT-TO multiple recipients per message;
|
|
108
108
|
// operator overrides via `rcptFailuresPerIpPerMinute`.
|
|
109
|
-
rcptFailuresPerIpPerMinute: 50, //
|
|
109
|
+
rcptFailuresPerIpPerMinute: 50, // RCPT enumeration bound
|
|
110
110
|
disabled: false,
|
|
111
111
|
});
|
|
112
112
|
|
|
@@ -123,31 +123,31 @@ var MailServerSubmissionError = defineClass("MailServerSubmissionError", { alway
|
|
|
123
123
|
|
|
124
124
|
var DEFAULT_MAX_LINE_BYTES = C.BYTES.kib(1);
|
|
125
125
|
var DEFAULT_MAX_MESSAGE_BYTES = C.BYTES.mib(50);
|
|
126
|
-
var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; //
|
|
126
|
+
var DEFAULT_MAX_RCPTS_PER_MESSAGE = 100; // RFC 5321 §4.5.3.1.8 recipient cap
|
|
127
127
|
var DEFAULT_IDLE_TIMEOUT_MS = C.TIME.minutes(5);
|
|
128
128
|
var DEFAULT_GREETING = "blamejs Submission";
|
|
129
129
|
var DEFAULT_AUTH_MECHANISMS = Object.freeze(["PLAIN", "LOGIN"]);
|
|
130
130
|
|
|
131
131
|
var REPLY_220_READY = "220";
|
|
132
132
|
var REPLY_221_BYE = "221";
|
|
133
|
-
var REPLY_235_AUTH_OK = "235"; //
|
|
133
|
+
var REPLY_235_AUTH_OK = "235"; // SMTP AUTH success code
|
|
134
134
|
var REPLY_250_OK = "250";
|
|
135
|
-
var REPLY_334_AUTH_CHALLENGE = "334"; //
|
|
135
|
+
var REPLY_334_AUTH_CHALLENGE = "334"; // SMTP AUTH challenge code
|
|
136
136
|
var REPLY_354_START_INPUT = "354";
|
|
137
|
-
var REPLY_421_SERVICE_NOT_AVAIL = "421"; //
|
|
138
|
-
var REPLY_451_LOCAL_ERROR = "451"; //
|
|
139
|
-
var REPLY_452_INSUFFICIENT_STG = "452"; //
|
|
140
|
-
var REPLY_500_SYNTAX = "500"; //
|
|
141
|
-
var REPLY_501_BAD_ARGS = "501"; //
|
|
142
|
-
var REPLY_502_NOT_IMPLEMENTED = "502"; //
|
|
143
|
-
var REPLY_503_BAD_SEQUENCE = "503"; //
|
|
144
|
-
var REPLY_530_AUTH_REQUIRED = "530"; //
|
|
145
|
-
var REPLY_535_AUTH_FAILED = "535"; //
|
|
146
|
-
var REPLY_538_AUTH_NEEDS_TLS = "538"; //
|
|
147
|
-
var REPLY_550_MAILBOX_UNAVAIL = "550"; //
|
|
148
|
-
var REPLY_552_SIZE_EXCEEDED = "552"; //
|
|
149
|
-
var REPLY_553_SENDER_REJECTED = "553"; //
|
|
150
|
-
var REPLY_554_TRANSACTION_FAILED = "554"; //
|
|
137
|
+
var REPLY_421_SERVICE_NOT_AVAIL = "421"; // SMTP transient code
|
|
138
|
+
var REPLY_451_LOCAL_ERROR = "451"; // SMTP transient code
|
|
139
|
+
var REPLY_452_INSUFFICIENT_STG = "452"; // SMTP transient code
|
|
140
|
+
var REPLY_500_SYNTAX = "500"; // SMTP permanent code
|
|
141
|
+
var REPLY_501_BAD_ARGS = "501"; // SMTP permanent code
|
|
142
|
+
var REPLY_502_NOT_IMPLEMENTED = "502"; // SMTP permanent code
|
|
143
|
+
var REPLY_503_BAD_SEQUENCE = "503"; // SMTP permanent code
|
|
144
|
+
var REPLY_530_AUTH_REQUIRED = "530"; // SMTP permanent code
|
|
145
|
+
var REPLY_535_AUTH_FAILED = "535"; // RFC 4954 §6 AUTH refusal
|
|
146
|
+
var REPLY_538_AUTH_NEEDS_TLS = "538"; // RFC 4954 §4 AUTH-needs-TLS
|
|
147
|
+
var REPLY_550_MAILBOX_UNAVAIL = "550"; // SMTP permanent code (recipient-policy refusal shape)
|
|
148
|
+
var REPLY_552_SIZE_EXCEEDED = "552"; // SMTP permanent code
|
|
149
|
+
var REPLY_553_SENDER_REJECTED = "553"; // identity-binding mismatch
|
|
150
|
+
var REPLY_554_TRANSACTION_FAILED = "554"; // SMTP permanent code
|
|
151
151
|
|
|
152
152
|
var RE_MAIL_FROM = /^MAIL\s+FROM:\s*<([^>]*)>(?:\s+(.*))?$/i;
|
|
153
153
|
var RE_RCPT_TO = /^RCPT\s+TO:\s*<([^>]+)>(?:\s+.*)?$/i;
|
|
@@ -159,7 +159,7 @@ var RE_AUTH = /^AUTH\s+([A-Za-z0-9_-]{1,32})(?:\s+(.*))?$/i;
|
|
|
159
159
|
// SIMD-accelerated needle scan over the haystack without an
|
|
160
160
|
// interpreter-level char-by-char walk, and the 4-byte literal
|
|
161
161
|
// `_CRLF_CRLF` is a module-level singleton so the JIT folds it.
|
|
162
|
-
var _CRLF_CRLF = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a]); //
|
|
162
|
+
var _CRLF_CRLF = Buffer.from([0x0d, 0x0a, 0x0d, 0x0a]); // RFC 5322 §2.1 header/body separator
|
|
163
163
|
function _findHeaderEnd(buf) {
|
|
164
164
|
return buf.indexOf(_CRLF_CRLF);
|
|
165
165
|
}
|
|
@@ -408,7 +408,7 @@ function create(opts) {
|
|
|
408
408
|
}
|
|
409
409
|
rawSocket.once("close", function () { rateLimit.releaseConnection(remoteAddress); });
|
|
410
410
|
|
|
411
|
-
var connectionId = "submitconn-" + bCrypto.generateToken(8); //
|
|
411
|
+
var connectionId = "submitconn-" + bCrypto.generateToken(8); // connection-id length
|
|
412
412
|
var socket = implicitTls
|
|
413
413
|
? new nodeTls.TLSSocket(rawSocket, { isServer: true, secureContext: opts.tlsContext })
|
|
414
414
|
: rawSocket;
|
|
@@ -623,7 +623,7 @@ function create(opts) {
|
|
|
623
623
|
err.code === "guard-smtp-command/bare-cr" ||
|
|
624
624
|
err.code === "guard-smtp-command/nul-byte") {
|
|
625
625
|
_emit("mail.server.submission.smtp_smuggling_detected",
|
|
626
|
-
{ connectionId: state.id, code: err.code, line: line.slice(0, 200) }, //
|
|
626
|
+
{ connectionId: state.id, code: err.code, line: line.slice(0, 200) }, // audit-log line truncation
|
|
627
627
|
"denied");
|
|
628
628
|
}
|
|
629
629
|
_writeReply(socket, REPLY_500_SYNTAX, "5.5.2 Syntax error (" + (err.code || "bad-line") + ")");
|
|
@@ -1319,7 +1319,7 @@ function create(opts) {
|
|
|
1319
1319
|
// Port 0 (ephemeral, test mode) must NOT fall back to the protocol
|
|
1320
1320
|
// default — the `|| <default>` short-circuit was a footgun on the
|
|
1321
1321
|
// test path.
|
|
1322
|
-
var defaultPort = implicitTls ? 465 : 587; //
|
|
1322
|
+
var defaultPort = implicitTls ? 465 : 587; // RFC 8314 implicit-TLS / RFC 6409 submission ports
|
|
1323
1323
|
var port = listenOpts.port === undefined ? defaultPort : listenOpts.port;
|
|
1324
1324
|
var address = listenOpts.address || "0.0.0.0";
|
|
1325
1325
|
tcpServer = net.createServer(function (socket) { _handleConnection(socket); });
|
|
@@ -64,8 +64,8 @@ var validateOpts = require("./validate-opts");
|
|
|
64
64
|
|
|
65
65
|
var MailSieveError = defineClass("MailSieveError", { alwaysPermanent: true });
|
|
66
66
|
|
|
67
|
-
var DEFAULT_GAS_UNITS = 10000; //
|
|
68
|
-
var MAX_GAS_UNITS = 1_000_000; //
|
|
67
|
+
var DEFAULT_GAS_UNITS = 10000; // operation cap
|
|
68
|
+
var MAX_GAS_UNITS = 1_000_000; // operator opt-up cap
|
|
69
69
|
|
|
70
70
|
// ---- env helpers ---------------------------------------------------------
|
|
71
71
|
|
|
@@ -77,15 +77,15 @@ var MailSpamScoreError = defineClass("MailSpamScoreError", { alwaysPermanent: tr
|
|
|
77
77
|
|
|
78
78
|
var DEFAULT_PROFILE = "strict";
|
|
79
79
|
|
|
80
|
-
//
|
|
80
|
+
// reason-tag length cap defends outbound
|
|
81
81
|
// header / audit-store from hostile expansion via compromised scorer.
|
|
82
82
|
var MAX_REASON_BYTES = 256;
|
|
83
83
|
|
|
84
|
-
//
|
|
84
|
+
// reason-list count cap, defends audit volume.
|
|
85
85
|
var MAX_REASONS = 32;
|
|
86
86
|
|
|
87
87
|
var PROFILES = Object.freeze({
|
|
88
|
-
strict: { threshold: 5.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES }, //
|
|
88
|
+
strict: { threshold: 5.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES }, // matches SpamAssassin default required_score
|
|
89
89
|
balanced: { threshold: 7.5, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES },
|
|
90
90
|
permissive: { threshold: 10.0, maxReasons: MAX_REASONS, maxReasonBytes: MAX_REASON_BYTES },
|
|
91
91
|
});
|
|
@@ -256,10 +256,10 @@ function _sanitizeReasons(reasons, caps) {
|
|
|
256
256
|
// header.
|
|
257
257
|
for (var c = 0; c < r.length; c += 1) {
|
|
258
258
|
var cc = r.charCodeAt(c);
|
|
259
|
-
if (cc < 0x20 || cc === 0x7f) { //
|
|
259
|
+
if (cc < 0x20 || cc === 0x7f) { // RFC 5234 CTL refusal range
|
|
260
260
|
throw new MailSpamScoreError("mail-spam-score/control-byte",
|
|
261
261
|
"mail.spamScore.score: reasons[" + i + "] contains control byte 0x" +
|
|
262
|
-
cc.toString(16)); //
|
|
262
|
+
cc.toString(16)); // hex radix
|
|
263
263
|
}
|
|
264
264
|
}
|
|
265
265
|
out.push(r);
|