@blamejs/blamejs-shop 0.3.5 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +3 -3
- package/lib/vendor/blamejs/CHANGELOG.md +14 -0
- package/lib/vendor/blamejs/api-snapshot.json +2 -2
- package/lib/vendor/blamejs/lib/_test/crypto-fixtures.js +3 -3
- package/lib/vendor/blamejs/lib/a2a-tasks.js +24 -24
- package/lib/vendor/blamejs/lib/a2a.js +4 -4
- package/lib/vendor/blamejs/lib/acme.js +3 -3
- package/lib/vendor/blamejs/lib/agent-idempotency.js +1 -1
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +8 -8
- package/lib/vendor/blamejs/lib/agent-posture-chain.js +2 -2
- package/lib/vendor/blamejs/lib/agent-saga.js +1 -1
- package/lib/vendor/blamejs/lib/agent-snapshot.js +1 -1
- package/lib/vendor/blamejs/lib/agent-stream.js +1 -1
- package/lib/vendor/blamejs/lib/agent-tenant.js +1 -1
- package/lib/vendor/blamejs/lib/agent-trace.js +3 -3
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -1
- package/lib/vendor/blamejs/lib/ai-dp.js +4 -4
- package/lib/vendor/blamejs/lib/ai-input.js +4 -4
- package/lib/vendor/blamejs/lib/ai-model-manifest.js +7 -7
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -3
- package/lib/vendor/blamejs/lib/archive-gz.js +2 -2
- package/lib/vendor/blamejs/lib/archive-read.js +25 -25
- package/lib/vendor/blamejs/lib/archive-tar-read.js +2 -2
- package/lib/vendor/blamejs/lib/archive-tar.js +20 -20
- package/lib/vendor/blamejs/lib/archive-wrap.js +10 -10
- package/lib/vendor/blamejs/lib/argon2-builtin.js +1 -1
- package/lib/vendor/blamejs/lib/asn1-der.js +45 -34
- package/lib/vendor/blamejs/lib/atomic-file.js +2 -2
- package/lib/vendor/blamejs/lib/audit-daily-review.js +3 -3
- package/lib/vendor/blamejs/lib/audit-sign.js +5 -5
- package/lib/vendor/blamejs/lib/audit-tools.js +1 -1
- package/lib/vendor/blamejs/lib/audit.js +2 -2
- package/lib/vendor/blamejs/lib/auth/acr-vocabulary.js +2 -2
- package/lib/vendor/blamejs/lib/auth/bot-challenge.js +3 -3
- package/lib/vendor/blamejs/lib/auth/ciba.js +7 -7
- package/lib/vendor/blamejs/lib/auth/dpop.js +3 -3
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +8 -8
- package/lib/vendor/blamejs/lib/auth/jar.js +11 -0
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +5 -5
- package/lib/vendor/blamejs/lib/auth/oauth.js +7 -9
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +10 -10
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +2 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +2 -2
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/saml.js +31 -43
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +5 -5
- package/lib/vendor/blamejs/lib/auth/status-list.js +10 -10
- package/lib/vendor/blamejs/lib/auth/step-up.js +1 -1
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +1 -1
- package/lib/vendor/blamejs/lib/backup/index.js +7 -7
- package/lib/vendor/blamejs/lib/base32.js +8 -8
- package/lib/vendor/blamejs/lib/budr.js +2 -2
- package/lib/vendor/blamejs/lib/cache-status.js +2 -2
- package/lib/vendor/blamejs/lib/calendar.js +29 -29
- package/lib/vendor/blamejs/lib/cbor.js +12 -12
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +1 -1
- package/lib/vendor/blamejs/lib/cert.js +5 -5
- package/lib/vendor/blamejs/lib/cloud-events.js +5 -5
- package/lib/vendor/blamejs/lib/cms-codec.js +21 -21
- package/lib/vendor/blamejs/lib/codepoint-class.js +12 -12
- package/lib/vendor/blamejs/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +4 -4
- package/lib/vendor/blamejs/lib/compliance.js +29 -29
- package/lib/vendor/blamejs/lib/content-credentials.js +38 -38
- package/lib/vendor/blamejs/lib/cookies.js +1 -1
- package/lib/vendor/blamejs/lib/cose.js +13 -13
- package/lib/vendor/blamejs/lib/cra-report.js +1 -1
- package/lib/vendor/blamejs/lib/crdt.js +1 -1
- package/lib/vendor/blamejs/lib/crypto-field.js +2 -2
- package/lib/vendor/blamejs/lib/crypto-xwing.js +7 -7
- package/lib/vendor/blamejs/lib/crypto.js +6 -6
- package/lib/vendor/blamejs/lib/csp.js +2 -2
- package/lib/vendor/blamejs/lib/cwt.js +4 -4
- package/lib/vendor/blamejs/lib/dark-patterns.js +2 -2
- package/lib/vendor/blamejs/lib/data-act.js +2 -2
- package/lib/vendor/blamejs/lib/db-file-lifecycle.js +4 -4
- package/lib/vendor/blamejs/lib/db-query.js +1 -1
- package/lib/vendor/blamejs/lib/db.js +6 -6
- package/lib/vendor/blamejs/lib/dbsc.js +13 -13
- package/lib/vendor/blamejs/lib/did.js +17 -17
- package/lib/vendor/blamejs/lib/dora.js +4 -4
- package/lib/vendor/blamejs/lib/dsr.js +1 -1
- package/lib/vendor/blamejs/lib/early-hints.js +2 -2
- package/lib/vendor/blamejs/lib/eat.js +4 -4
- package/lib/vendor/blamejs/lib/external-db-migrate.js +1 -1
- package/lib/vendor/blamejs/lib/external-db.js +1 -1
- package/lib/vendor/blamejs/lib/flag-cache.js +1 -1
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +2 -2
- package/lib/vendor/blamejs/lib/graphql-federation.js +13 -6
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +5 -5
- package/lib/vendor/blamejs/lib/guard-archive.js +24 -24
- package/lib/vendor/blamejs/lib/guard-cidr.js +34 -34
- package/lib/vendor/blamejs/lib/guard-csv.js +1 -1
- package/lib/vendor/blamejs/lib/guard-domain.js +10 -10
- package/lib/vendor/blamejs/lib/guard-dsn.js +4 -4
- package/lib/vendor/blamejs/lib/guard-email.js +19 -19
- package/lib/vendor/blamejs/lib/guard-event-bus-payload.js +4 -4
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +6 -6
- package/lib/vendor/blamejs/lib/guard-filename.js +7 -7
- package/lib/vendor/blamejs/lib/guard-graphql.js +9 -9
- package/lib/vendor/blamejs/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +4 -4
- package/lib/vendor/blamejs/lib/guard-html.js +7 -7
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +6 -6
- package/lib/vendor/blamejs/lib/guard-image.js +4 -4
- package/lib/vendor/blamejs/lib/guard-imap-command.js +17 -17
- package/lib/vendor/blamejs/lib/guard-jmap.js +20 -20
- package/lib/vendor/blamejs/lib/guard-json.js +12 -12
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +3 -3
- package/lib/vendor/blamejs/lib/guard-jwt.js +4 -4
- package/lib/vendor/blamejs/lib/guard-list-id.js +7 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +8 -8
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +4 -4
- package/lib/vendor/blamejs/lib/guard-mail-move.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mail-query.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-reply.js +3 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -6
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +25 -25
- package/lib/vendor/blamejs/lib/guard-markdown.js +31 -31
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-mime.js +1 -1
- package/lib/vendor/blamejs/lib/guard-oauth.js +3 -3
- package/lib/vendor/blamejs/lib/guard-pdf.js +6 -6
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +11 -11
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +5 -5
- package/lib/vendor/blamejs/lib/guard-regex.js +10 -10
- package/lib/vendor/blamejs/lib/guard-saga-config.js +5 -5
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +6 -6
- package/lib/vendor/blamejs/lib/guard-snapshot-envelope.js +3 -3
- package/lib/vendor/blamejs/lib/guard-stream-args.js +4 -4
- package/lib/vendor/blamejs/lib/guard-svg.js +11 -11
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +5 -5
- package/lib/vendor/blamejs/lib/guard-time.js +15 -15
- package/lib/vendor/blamejs/lib/guard-trace-context.js +4 -4
- package/lib/vendor/blamejs/lib/guard-uuid.js +11 -11
- package/lib/vendor/blamejs/lib/guard-xml.js +12 -12
- package/lib/vendor/blamejs/lib/guard-yaml.js +16 -16
- package/lib/vendor/blamejs/lib/honeytoken.js +5 -5
- package/lib/vendor/blamejs/lib/http-client-cache.js +18 -1
- package/lib/vendor/blamejs/lib/http-client.js +13 -10
- package/lib/vendor/blamejs/lib/http-message-signature.js +2 -2
- package/lib/vendor/blamejs/lib/iab-mspa.js +3 -3
- package/lib/vendor/blamejs/lib/iab-tcf.js +70 -70
- package/lib/vendor/blamejs/lib/inbox.js +4 -4
- package/lib/vendor/blamejs/lib/ip-utils.js +15 -15
- package/lib/vendor/blamejs/lib/jose-jwe-experimental.js +2 -2
- package/lib/vendor/blamejs/lib/json-path.js +3 -3
- package/lib/vendor/blamejs/lib/json-schema.js +1 -1
- package/lib/vendor/blamejs/lib/jsonapi.js +3 -3
- package/lib/vendor/blamejs/lib/jtd.js +2 -2
- package/lib/vendor/blamejs/lib/link-header.js +1 -1
- package/lib/vendor/blamejs/lib/local-db-thin.js +1 -1
- package/lib/vendor/blamejs/lib/log.js +8 -3
- package/lib/vendor/blamejs/lib/lro.js +4 -4
- package/lib/vendor/blamejs/lib/mail-agent.js +1 -1
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +6 -6
- package/lib/vendor/blamejs/lib/mail-auth.js +44 -44
- package/lib/vendor/blamejs/lib/mail-bimi.js +3 -3
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +53 -45
- package/lib/vendor/blamejs/lib/mail-crypto-smime.js +6 -6
- package/lib/vendor/blamejs/lib/mail-dav.js +1 -1
- package/lib/vendor/blamejs/lib/mail-deploy.js +40 -40
- package/lib/vendor/blamejs/lib/mail-dkim.js +12 -12
- package/lib/vendor/blamejs/lib/mail-greylist.js +12 -12
- package/lib/vendor/blamejs/lib/mail-helo.js +1 -1
- package/lib/vendor/blamejs/lib/mail-journal.js +8 -8
- package/lib/vendor/blamejs/lib/mail-rbl.js +7 -7
- package/lib/vendor/blamejs/lib/mail-scan.js +7 -7
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-imap.js +12 -12
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +18 -20
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-mx.js +17 -17
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +4 -4
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +2 -2
- package/lib/vendor/blamejs/lib/mail-server-submission.js +21 -21
- package/lib/vendor/blamejs/lib/mail-sieve.js +2 -2
- package/lib/vendor/blamejs/lib/mail-spam-score.js +5 -5
- package/lib/vendor/blamejs/lib/mail-srs.js +12 -12
- package/lib/vendor/blamejs/lib/mail-store-fts.js +2 -2
- package/lib/vendor/blamejs/lib/mail-store.js +8 -8
- package/lib/vendor/blamejs/lib/mail-unsubscribe.js +4 -4
- package/lib/vendor/blamejs/lib/mail.js +4 -4
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +4 -4
- package/lib/vendor/blamejs/lib/mcp.js +15 -15
- package/lib/vendor/blamejs/lib/mdoc.js +2 -2
- package/lib/vendor/blamejs/lib/metrics.js +8 -8
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +15 -3
- package/lib/vendor/blamejs/lib/middleware/ai-act-disclosure.js +11 -4
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +7 -7
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +5 -5
- package/lib/vendor/blamejs/lib/middleware/compose-pipeline.js +16 -16
- package/lib/vendor/blamejs/lib/middleware/csp-report.js +4 -4
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/dpop.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/headers.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/host-allowlist.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/nel.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/openapi-serve.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +14 -5
- package/lib/vendor/blamejs/lib/middleware/require-aal.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-bound-key.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/require-content-type.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-methods.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/require-step-up.js +2 -2
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +1 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +3 -3
- package/lib/vendor/blamejs/lib/middleware/sse.js +14 -8
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -12
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -2
- package/lib/vendor/blamejs/lib/network-byte-quota.js +1 -1
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +23 -23
- package/lib/vendor/blamejs/lib/network-dns.js +29 -29
- package/lib/vendor/blamejs/lib/network-dnssec.js +33 -33
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +10 -10
- package/lib/vendor/blamejs/lib/network-tls.js +100 -98
- package/lib/vendor/blamejs/lib/network-tsig.js +33 -33
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -1
- package/lib/vendor/blamejs/lib/ntp-check.js +3 -3
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +17 -17
- package/lib/vendor/blamejs/lib/observability-tracer.js +6 -6
- package/lib/vendor/blamejs/lib/observability.js +8 -8
- package/lib/vendor/blamejs/lib/openapi-yaml.js +1 -1
- package/lib/vendor/blamejs/lib/openapi.js +1 -1
- package/lib/vendor/blamejs/lib/outbox.js +6 -6
- package/lib/vendor/blamejs/lib/pqc-agent.js +4 -4
- package/lib/vendor/blamejs/lib/pqc-software.js +1 -1
- package/lib/vendor/blamejs/lib/privacy-pass.js +5 -5
- package/lib/vendor/blamejs/lib/problem-details.js +5 -5
- package/lib/vendor/blamejs/lib/promise-pool.js +1 -1
- package/lib/vendor/blamejs/lib/protobuf-encoder.js +9 -1
- package/lib/vendor/blamejs/lib/queue.js +4 -2
- package/lib/vendor/blamejs/lib/redact.js +2 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +1 -1
- package/lib/vendor/blamejs/lib/router.js +10 -10
- package/lib/vendor/blamejs/lib/safe-async.js +2 -2
- package/lib/vendor/blamejs/lib/safe-decompress.js +1 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +71 -71
- package/lib/vendor/blamejs/lib/safe-ical.js +19 -19
- package/lib/vendor/blamejs/lib/safe-icap.js +24 -24
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +2 -2
- package/lib/vendor/blamejs/lib/safe-mime.js +10 -10
- package/lib/vendor/blamejs/lib/safe-mount-info.js +3 -3
- package/lib/vendor/blamejs/lib/safe-redirect.js +1 -1
- package/lib/vendor/blamejs/lib/safe-sieve.js +23 -23
- package/lib/vendor/blamejs/lib/safe-smtp.js +1 -1
- package/lib/vendor/blamejs/lib/safe-url.js +1 -1
- package/lib/vendor/blamejs/lib/safe-vcard.js +14 -14
- package/lib/vendor/blamejs/lib/sandbox.js +5 -5
- package/lib/vendor/blamejs/lib/sec-cyber.js +1 -1
- package/lib/vendor/blamejs/lib/self-update-standalone-verifier.js +3 -3
- package/lib/vendor/blamejs/lib/self-update.js +3 -3
- package/lib/vendor/blamejs/lib/server-timing.js +3 -3
- package/lib/vendor/blamejs/lib/session-device-binding.js +7 -7
- package/lib/vendor/blamejs/lib/session.js +8 -8
- package/lib/vendor/blamejs/lib/sse.js +12 -5
- package/lib/vendor/blamejs/lib/standard-webhooks.js +4 -4
- package/lib/vendor/blamejs/lib/storage.js +2 -2
- package/lib/vendor/blamejs/lib/stream-throttle.js +3 -3
- package/lib/vendor/blamejs/lib/structured-fields.js +15 -15
- package/lib/vendor/blamejs/lib/subject.js +1 -1
- package/lib/vendor/blamejs/lib/tcpa-10dlc.js +1 -1
- package/lib/vendor/blamejs/lib/tenant-quota.js +3 -3
- package/lib/vendor/blamejs/lib/test-harness.js +1 -1
- package/lib/vendor/blamejs/lib/tracing.js +1 -1
- package/lib/vendor/blamejs/lib/tsa.js +5 -5
- package/lib/vendor/blamejs/lib/uri-template.js +5 -5
- package/lib/vendor/blamejs/lib/vault/index.js +2 -2
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +4 -4
- package/lib/vendor/blamejs/lib/vc.js +2 -2
- package/lib/vendor/blamejs/lib/vendor-data.js +1 -1
- package/lib/vendor/blamejs/lib/watcher.js +4 -4
- package/lib/vendor/blamejs/lib/web-push-vapid.js +21 -21
- package/lib/vendor/blamejs/lib/webhook.js +2 -2
- package/lib/vendor/blamejs/lib/websocket.js +5 -5
- package/lib/vendor/blamejs/lib/worker-pool.js +3 -3
- package/lib/vendor/blamejs/lib/ws-client.js +24 -24
- package/lib/vendor/blamejs/lib/xml-c14n.js +2 -2
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.x.json +1248 -0
- package/lib/vendor/blamejs/release-notes/v0.14.0.json +43 -0
- package/lib/vendor/blamejs/release-notes/v0.14.1.json +60 -0
- package/lib/vendor/blamejs/release-notes/v0.14.2.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.3.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.4.json +18 -0
- package/lib/vendor/blamejs/release-notes/v0.14.5.json +18 -0
- package/lib/vendor/blamejs/test/00-primitives.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/age-gate.test.js +22 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/auth-jar.test.js +29 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +105 -9
- package/lib/vendor/blamejs/test/layer-0-primitives/compliance-ai-act.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/graphql-federation.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/http-client-cache.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-crypto-pgp.test.js +7 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/network-tls.test.js +11 -5
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-registry.test.js +34 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sse.test.js +12 -0
- package/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.13.0.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.1.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.10.json +0 -44
- package/lib/vendor/blamejs/release-notes/v0.13.11.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.12.json +0 -36
- package/lib/vendor/blamejs/release-notes/v0.13.13.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.14.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.15.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.16.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.17.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.18.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.19.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.2.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.20.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.21.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.22.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.23.json +0 -42
- package/lib/vendor/blamejs/release-notes/v0.13.24.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.25.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.26.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.27.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.28.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.29.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.3.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.30.json +0 -30
- package/lib/vendor/blamejs/release-notes/v0.13.31.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.32.json +0 -34
- package/lib/vendor/blamejs/release-notes/v0.13.33.json +0 -26
- package/lib/vendor/blamejs/release-notes/v0.13.34.json +0 -48
- package/lib/vendor/blamejs/release-notes/v0.13.35.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.36.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.37.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.38.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.39.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.4.json +0 -23
- package/lib/vendor/blamejs/release-notes/v0.13.40.json +0 -22
- package/lib/vendor/blamejs/release-notes/v0.13.41.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.42.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.43.json +0 -39
- package/lib/vendor/blamejs/release-notes/v0.13.44.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.45.json +0 -31
- package/lib/vendor/blamejs/release-notes/v0.13.46.json +0 -35
- package/lib/vendor/blamejs/release-notes/v0.13.5.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.6.json +0 -18
- package/lib/vendor/blamejs/release-notes/v0.13.7.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.8.json +0 -27
- package/lib/vendor/blamejs/release-notes/v0.13.9.json +0 -27
|
@@ -574,7 +574,7 @@ function _parseMultipartHeaders(rawHeaders) {
|
|
|
574
574
|
var line = lines[i];
|
|
575
575
|
if (!line) continue;
|
|
576
576
|
var first = line.charCodeAt(0);
|
|
577
|
-
if (first === 32 || first === 9) { //
|
|
577
|
+
if (first === 32 || first === 9) { // SP/HTAB obs-fold sentinels
|
|
578
578
|
throw new BodyParserError(
|
|
579
579
|
"body-parser/multipart-obs-fold",
|
|
580
580
|
"multipart part header uses obsolete line folding (RFC 9112 §5.2)",
|
|
@@ -587,7 +587,7 @@ function _parseMultipartHeaders(rawHeaders) {
|
|
|
587
587
|
var v = line.slice(idx + 1).trim();
|
|
588
588
|
for (var j = 0; j < v.length; j++) {
|
|
589
589
|
var c = v.charCodeAt(j);
|
|
590
|
-
if (c === 0 || c === 10 || c === 13) { //
|
|
590
|
+
if (c === 0 || c === 10 || c === 13) { // NUL/LF/CR forbidden in field-value (RFC 9110 §5.5)
|
|
591
591
|
throw new BodyParserError(
|
|
592
592
|
"body-parser/multipart-bad-header-value",
|
|
593
593
|
"multipart part header `" + k + "` contains CR/LF/NUL (RFC 9110 §5.5)",
|
|
@@ -674,8 +674,8 @@ async function _parseMultipart(req, opts, ctParams) {
|
|
|
674
674
|
// newlines) drive quadratic match cost in scanners. Refuse at
|
|
675
675
|
// the parse boundary so the rest of the engine doesn't have to
|
|
676
676
|
// defend against them.
|
|
677
|
-
if (boundary.length > 70 || //
|
|
678
|
-
!/^[A-Za-z0-9'()+_,\-./:=?]{1,70}$/.test(boundary)) { //
|
|
677
|
+
if (boundary.length > 70 || // RFC 2046 §5.1.1 boundary length cap
|
|
678
|
+
!/^[A-Za-z0-9'()+_,\-./:=?]{1,70}$/.test(boundary)) { // RFC 2046 §5.1.1 bchars + cap
|
|
679
679
|
throw new BodyParserError(
|
|
680
680
|
"body-parser/multipart-bad-boundary",
|
|
681
681
|
"multipart boundary violates RFC 2046 §5.1.1 (1-70 chars, bcharsnospace grammar)",
|
|
@@ -1353,7 +1353,7 @@ function create(opts) {
|
|
|
1353
1353
|
outcome: "denied",
|
|
1354
1354
|
metadata: {
|
|
1355
1355
|
code: e.code || null,
|
|
1356
|
-
message: (e && e.message) ? String(e.message).slice(0, 256) : "", //
|
|
1356
|
+
message: (e && e.message) ? String(e.message).slice(0, 256) : "", // diagnostic-message clamp characters, not bytes
|
|
1357
1357
|
},
|
|
1358
1358
|
});
|
|
1359
1359
|
} catch (_e) { /* audit best-effort */ }
|
|
@@ -85,20 +85,20 @@ var ComposePipelineError = defineClass("ComposePipelineError", { alwaysPermanent
|
|
|
85
85
|
// 60-89 : application handlers
|
|
86
86
|
// >= 90 : error-handler (must be last; trailing catch)
|
|
87
87
|
var CANONICAL_POSITIONS = Object.freeze({
|
|
88
|
-
requestId: 5, //
|
|
89
|
-
apiEncrypt: 10, //
|
|
90
|
-
bodyParser: 20, //
|
|
91
|
-
cspNonce: 22, //
|
|
92
|
-
securityHeaders: 25, //
|
|
93
|
-
csrf: 30, //
|
|
94
|
-
idempotency: 30, //
|
|
95
|
-
fetchMetadata: 32, //
|
|
96
|
-
rateLimit: 40, //
|
|
97
|
-
botGuard: 42, //
|
|
98
|
-
requireAuth: 50, //
|
|
99
|
-
attachUser: 52, //
|
|
100
|
-
handler: 60, // allow:raw-
|
|
101
|
-
errorHandler: 90, //
|
|
88
|
+
requestId: 5, // canonical position bucket
|
|
89
|
+
apiEncrypt: 10, // canonical position bucket
|
|
90
|
+
bodyParser: 20, // canonical position bucket
|
|
91
|
+
cspNonce: 22, // canonical position bucket
|
|
92
|
+
securityHeaders: 25, // canonical position bucket
|
|
93
|
+
csrf: 30, // canonical position bucket
|
|
94
|
+
idempotency: 30, // canonical position bucket (same as csrf)
|
|
95
|
+
fetchMetadata: 32, // canonical position bucket
|
|
96
|
+
rateLimit: 40, // canonical position bucket
|
|
97
|
+
botGuard: 42, // canonical position bucket
|
|
98
|
+
requireAuth: 50, // canonical position bucket
|
|
99
|
+
attachUser: 52, // canonical position bucket
|
|
100
|
+
handler: 60, // allow:raw-time-literal — pipeline position int, not seconds
|
|
101
|
+
errorHandler: 90, // canonical position bucket
|
|
102
102
|
});
|
|
103
103
|
|
|
104
104
|
/**
|
|
@@ -154,7 +154,7 @@ function composePipeline(entries, opts) {
|
|
|
154
154
|
throw new ComposePipelineError("compose-pipeline/bad-entry",
|
|
155
155
|
"composePipeline: entry at index " + i + " must be an object");
|
|
156
156
|
}
|
|
157
|
-
if (typeof e.name !== "string" || e.name.length === 0 || e.name.length > 64) { //
|
|
157
|
+
if (typeof e.name !== "string" || e.name.length === 0 || e.name.length > 64) { // middleware-name cap
|
|
158
158
|
throw new ComposePipelineError("compose-pipeline/bad-entry",
|
|
159
159
|
"composePipeline: entries[" + i + "].name must be a non-empty string ≤ 64 bytes");
|
|
160
160
|
}
|
|
@@ -187,7 +187,7 @@ function composePipeline(entries, opts) {
|
|
|
187
187
|
// natural sequential flow. Use 100 so canonical positions
|
|
188
188
|
// (5..90) can interleave without colliding when an operator
|
|
189
189
|
// mixes named + unnamed entries.
|
|
190
|
-
position = (i + 1) * 100; //
|
|
190
|
+
position = (i + 1) * 100; // index→position scale; canonical-pos ceiling is 90
|
|
191
191
|
}
|
|
192
192
|
|
|
193
193
|
if (Object.prototype.hasOwnProperty.call(seenPositions, position)) {
|
|
@@ -125,7 +125,7 @@ function create(opts) {
|
|
|
125
125
|
|
|
126
126
|
return async function cspReport(req, res, _next) {
|
|
127
127
|
if (req.method !== "POST") {
|
|
128
|
-
res.writeHead(405, { "Allow": "POST" }); //
|
|
128
|
+
res.writeHead(405, { "Allow": "POST" }); // HTTP 405 status
|
|
129
129
|
res.end();
|
|
130
130
|
return;
|
|
131
131
|
}
|
|
@@ -133,14 +133,14 @@ function create(opts) {
|
|
|
133
133
|
try {
|
|
134
134
|
body = await safeBuffer.boundedChunkCollector(req, { maxBytes: maxBytes });
|
|
135
135
|
} catch (_e) {
|
|
136
|
-
res.writeHead(413); //
|
|
136
|
+
res.writeHead(413); // HTTP 413 status
|
|
137
137
|
res.end();
|
|
138
138
|
return;
|
|
139
139
|
}
|
|
140
140
|
var parsed;
|
|
141
141
|
try { parsed = safeJson.parse(body.toString("utf8")); }
|
|
142
142
|
catch (_e) {
|
|
143
|
-
res.writeHead(400); //
|
|
143
|
+
res.writeHead(400); // HTTP 400 status
|
|
144
144
|
res.end();
|
|
145
145
|
return;
|
|
146
146
|
}
|
|
@@ -159,7 +159,7 @@ function create(opts) {
|
|
|
159
159
|
try { onReport(normalized); } catch (_e) { /* hook best-effort */ }
|
|
160
160
|
}
|
|
161
161
|
}
|
|
162
|
-
res.writeHead(204); //
|
|
162
|
+
res.writeHead(204); // HTTP 204 status
|
|
163
163
|
res.end();
|
|
164
164
|
};
|
|
165
165
|
}
|
|
@@ -199,7 +199,7 @@ function create(opts) {
|
|
|
199
199
|
var keys = Object.keys(req.headers);
|
|
200
200
|
for (var hi = 0; hi < keys.length; hi++) {
|
|
201
201
|
var v = req.headers[keys[hi]];
|
|
202
|
-
inboundBytes += keys[hi].length + 2 + (typeof v === "string" ? v.length : 0) + 2; //
|
|
202
|
+
inboundBytes += keys[hi].length + 2 + (typeof v === "string" ? v.length : 0) + 2; // ": " + "\r\n" overhead
|
|
203
203
|
}
|
|
204
204
|
}
|
|
205
205
|
if (req.headers && req.headers["content-length"]) {
|
|
@@ -55,7 +55,7 @@ function _writeUnauthorized(res, errorCode, description, freshNonce) {
|
|
|
55
55
|
// RFC 9449 §7 — error code is invalid_dpop_proof OR use_dpop_nonce.
|
|
56
56
|
var challenge = 'DPoP error="' + errorCode + '", error_description="' +
|
|
57
57
|
description.replace(/"/g, "'") + '"';
|
|
58
|
-
var headers = { //
|
|
58
|
+
var headers = { // HTTP 401 status
|
|
59
59
|
"Content-Type": "application/json; charset=utf-8",
|
|
60
60
|
"Content-Length": Buffer.byteLength(body),
|
|
61
61
|
"WWW-Authenticate": challenge,
|
|
@@ -104,7 +104,7 @@ function _detectIssues(headers, opts) {
|
|
|
104
104
|
}
|
|
105
105
|
for (var ci = 0; ci < v.length; ci += 1) {
|
|
106
106
|
var cc = v.charCodeAt(ci);
|
|
107
|
-
if (cc === 0x0D || cc === 0x0A || cc === 0x00) { //
|
|
107
|
+
if (cc === 0x0D || cc === 0x0A || cc === 0x00) { // CR / LF / NUL forbidden in header value
|
|
108
108
|
issues.push({
|
|
109
109
|
kind: "header-value-control-byte", severity: "high", header: name,
|
|
110
110
|
snippet: "header `" + name + "` value contains CR / LF / NUL " +
|
|
@@ -200,7 +200,7 @@ function create(opts) {
|
|
|
200
200
|
var refuseOnHigh = opts.refuseOnHigh !== false && mode === "enforce";
|
|
201
201
|
var audit = opts.audit || null;
|
|
202
202
|
var resolved = {
|
|
203
|
-
maxHeaderCount: opts.maxHeaderCount || 100, //
|
|
203
|
+
maxHeaderCount: opts.maxHeaderCount || 100, // header count ceiling
|
|
204
204
|
maxValueBytes: opts.maxValueBytes || 8 * 1024, // allow:raw-byte-literal — header value cap (8 KiB)
|
|
205
205
|
trustProxy: !!opts.trustProxy,
|
|
206
206
|
};
|
|
@@ -131,7 +131,7 @@ function create(opts) {
|
|
|
131
131
|
hosts.push(n);
|
|
132
132
|
}
|
|
133
133
|
|
|
134
|
-
var denyStatus = (typeof opts.denyStatus === "number") ? opts.denyStatus : 421; //
|
|
134
|
+
var denyStatus = (typeof opts.denyStatus === "number") ? opts.denyStatus : 421; // HTTP 421 status
|
|
135
135
|
var denyBody = typeof opts.denyBody === "string" ? opts.denyBody : "Misdirected Request";
|
|
136
136
|
var auditOn = opts.audit !== false;
|
|
137
137
|
|
|
@@ -69,8 +69,8 @@ var DEFAULT_METHODS = Object.freeze(["POST", "PUT", "PATCH", "DELETE"]);
|
|
|
69
69
|
// control chars, length 1..255 (typical client implementations cap
|
|
70
70
|
// at 36 for UUID + a few extra for vendor prefixes; 255 is the
|
|
71
71
|
// upper bound that still fits a single HTTP header line).
|
|
72
|
-
var KEY_RE = /^[\x21-\x7E]+$/; //
|
|
73
|
-
var KEY_MAX_LEN = 255; //
|
|
72
|
+
var KEY_RE = /^[\x21-\x7E]+$/; // printable ASCII codepoint range
|
|
73
|
+
var KEY_MAX_LEN = 255; // draft §2 upper bound
|
|
74
74
|
|
|
75
75
|
/**
|
|
76
76
|
* @primitive b.middleware.idempotencyKey.memoryStore
|
|
@@ -101,7 +101,7 @@ function memoryStore(opts) {
|
|
|
101
101
|
opts = opts || {};
|
|
102
102
|
numericBounds.requirePositiveFiniteIntIfPresent(
|
|
103
103
|
opts.maxEntries, "memoryStore.maxEntries", IdempotencyError, "idempotency/bad-max-entries");
|
|
104
|
-
var maxEntries = opts.maxEntries !== undefined ? opts.maxEntries : 10000; //
|
|
104
|
+
var maxEntries = opts.maxEntries !== undefined ? opts.maxEntries : 10000; // default in-memory cap, not bytes
|
|
105
105
|
var data = new Map();
|
|
106
106
|
return {
|
|
107
107
|
get: function (key) {
|
|
@@ -705,7 +705,7 @@ function create(opts) {
|
|
|
705
705
|
var missing = problemDetails().create({
|
|
706
706
|
type: problemDetails().getBase() + "/idempotency/missing-key",
|
|
707
707
|
title: "Idempotency-Key header required",
|
|
708
|
-
status: 400, //
|
|
708
|
+
status: 400, // HTTP status 400 Bad Request
|
|
709
709
|
detail: "This endpoint requires an Idempotency-Key header (draft-ietf-httpapi-idempotency-key).",
|
|
710
710
|
});
|
|
711
711
|
_emitAudit("idempotency.missing_key", { method: method, path: req.url }, "denied");
|
|
@@ -716,7 +716,7 @@ function create(opts) {
|
|
|
716
716
|
var bad = problemDetails().create({
|
|
717
717
|
type: problemDetails().getBase() + "/idempotency/bad-key",
|
|
718
718
|
title: "Idempotency-Key malformed",
|
|
719
|
-
status: 400, //
|
|
719
|
+
status: 400, // HTTP status 400
|
|
720
720
|
detail: "Idempotency-Key must be ASCII printable, length 1.." + KEY_MAX_LEN + " (draft §2).",
|
|
721
721
|
});
|
|
722
722
|
_emitAudit("idempotency.bad_key", { method: method, keyLen: key.length }, "denied");
|
|
@@ -781,7 +781,7 @@ function create(opts) {
|
|
|
781
781
|
var missingBody = problemDetails().create({
|
|
782
782
|
type: problemDetails().getBase() + "/idempotency/missing-body-fingerprint",
|
|
783
783
|
title: "Idempotency body fingerprint unavailable",
|
|
784
|
-
status: 400, //
|
|
784
|
+
status: 400, // HTTP status 400 Bad Request
|
|
785
785
|
detail: "The idempotency middleware could not derive a body fingerprint for this " +
|
|
786
786
|
"request. Mount body-parser BEFORE the idempotency middleware, OR provide an " +
|
|
787
787
|
"opts.bodyFingerprint(req) hook. To restore the pre-0.9.58 method+path-only " +
|
|
@@ -809,7 +809,7 @@ function create(opts) {
|
|
|
809
809
|
var mismatch = problemDetails().create({
|
|
810
810
|
type: problemDetails().getBase() + "/idempotency/key-reuse-mismatch",
|
|
811
811
|
title: "Idempotency-Key reused with different request",
|
|
812
|
-
status: 422, //
|
|
812
|
+
status: 422, // HTTP status 422 Unprocessable Content (RFC 9110)
|
|
813
813
|
detail: "The Idempotency-Key matches a prior request but the request body/method/path differs (draft §4.3).",
|
|
814
814
|
});
|
|
815
815
|
_emitAudit("idempotency.key_reuse_mismatch",
|
|
@@ -865,10 +865,10 @@ function create(opts) {
|
|
|
865
865
|
if (!captured) {
|
|
866
866
|
captured = true;
|
|
867
867
|
_pushChunk(chunk, encoding);
|
|
868
|
-
var status = res.statusCode || 200; //
|
|
868
|
+
var status = res.statusCode || 200; // default HTTP status 200
|
|
869
869
|
// Only persist 2xx-4xx responses; 5xx is transient infra
|
|
870
870
|
// failure that should be retried fresh, not replayed.
|
|
871
|
-
if (!oversized && status >= 200 && status < 500) { //
|
|
871
|
+
if (!oversized && status >= 200 && status < 500) { // HTTP status class boundaries
|
|
872
872
|
var headerMap = {};
|
|
873
873
|
try {
|
|
874
874
|
var allHeaders = typeof res.getHeaders === "function" ? res.getHeaders() : {};
|
|
@@ -913,13 +913,13 @@ function _hashKey(key) {
|
|
|
913
913
|
// Hash before logging — operator's audit chain shouldn't carry raw
|
|
914
914
|
// idempotency keys (clients sometimes inadvertently put PII / order
|
|
915
915
|
// numbers in them).
|
|
916
|
-
return nodeCrypto.createHash("sha3-256").update(key, "utf8").digest("hex").slice(0, 16); //
|
|
916
|
+
return nodeCrypto.createHash("sha3-256").update(key, "utf8").digest("hex").slice(0, 16); // log-truncation length, not bytes
|
|
917
917
|
}
|
|
918
918
|
|
|
919
919
|
function _redactKey(key) {
|
|
920
920
|
if (typeof key !== "string") return "<non-string>";
|
|
921
|
-
if (key.length <= 8) return "<short:" + key.length + ">"; //
|
|
922
|
-
return key.slice(0, 4) + "..." + key.slice(-2) + " (len=" + key.length + ")"; //
|
|
921
|
+
if (key.length <= 8) return "<short:" + key.length + ">"; // log-redaction length threshold
|
|
922
|
+
return key.slice(0, 4) + "..." + key.slice(-2) + " (len=" + key.length + ")"; // log-redaction prefix/suffix lengths
|
|
923
923
|
}
|
|
924
924
|
|
|
925
925
|
/**
|
|
@@ -149,7 +149,7 @@ function create(opts) {
|
|
|
149
149
|
// honor secure-origin report endpoints. Refusing at config-time so
|
|
150
150
|
// an operator typo (`http://`) surfaces at boot, not as silent
|
|
151
151
|
// never-fires-in-production.
|
|
152
|
-
if (opts.collectorUrl.slice(0, 8) !== "https://") { //
|
|
152
|
+
if (opts.collectorUrl.slice(0, 8) !== "https://") { // string-prefix length, not bytes
|
|
153
153
|
throw new TypeError(
|
|
154
154
|
"middleware.nel: opts.collectorUrl must be https:// (browsers " +
|
|
155
155
|
"ignore non-secure NEL collectors); got " + opts.collectorUrl);
|
|
@@ -113,7 +113,7 @@ function create(opts) {
|
|
|
113
113
|
function _writeBody(req, res, body, etag, contentType) {
|
|
114
114
|
var requestEtag = (req.headers && req.headers["if-none-match"]) || null;
|
|
115
115
|
if (requestEtag && requestEtag === etag) {
|
|
116
|
-
res.writeHead(304, { "ETag": etag, "Cache-Control": cacheControl }); //
|
|
116
|
+
res.writeHead(304, { "ETag": etag, "Cache-Control": cacheControl }); // HTTP 304
|
|
117
117
|
res.end();
|
|
118
118
|
return;
|
|
119
119
|
}
|
|
@@ -126,7 +126,7 @@ function create(opts) {
|
|
|
126
126
|
if (accessControl === "public") {
|
|
127
127
|
headers["Access-Control-Allow-Origin"] = "*";
|
|
128
128
|
}
|
|
129
|
-
res.writeHead(200, headers); //
|
|
129
|
+
res.writeHead(200, headers); // HTTP 200
|
|
130
130
|
res.end(body);
|
|
131
131
|
}
|
|
132
132
|
|
|
@@ -214,8 +214,8 @@ function create(opts) {
|
|
|
214
214
|
var signAlgo = null;
|
|
215
215
|
if (sm.alg === "ES256") { signAlgo = "sha256"; signParams.dsaEncoding = "ieee-p1363"; }
|
|
216
216
|
else if (sm.alg === "ES384") { signAlgo = "sha384"; signParams.dsaEncoding = "ieee-p1363"; }
|
|
217
|
-
else if (sm.alg === "PS256") { signAlgo = "sha256"; signParams.padding = nodeCrypto.constants.RSA_PKCS1_PSS_PADDING; signParams.saltLength = 32; } //
|
|
218
|
-
else if (sm.alg === "PS384") { signAlgo = "sha384"; signParams.padding = nodeCrypto.constants.RSA_PKCS1_PSS_PADDING; signParams.saltLength = 48; } //
|
|
217
|
+
else if (sm.alg === "PS256") { signAlgo = "sha256"; signParams.padding = nodeCrypto.constants.RSA_PKCS1_PSS_PADDING; signParams.saltLength = 32; } // RFC 7518 PS256 salt
|
|
218
|
+
else if (sm.alg === "PS384") { signAlgo = "sha384"; signParams.padding = nodeCrypto.constants.RSA_PKCS1_PSS_PADDING; signParams.saltLength = 48; } // RFC 7518 PS384 salt
|
|
219
219
|
var sig = nodeCrypto.sign(signAlgo, Buffer.from(input, "ascii"), signParams);
|
|
220
220
|
signedJwt = input + "." + _b64url(sig);
|
|
221
221
|
}
|
|
@@ -364,6 +364,7 @@ function _resolveBackend(opts) {
|
|
|
364
364
|
* statusOnLimit: number, // default 429
|
|
365
365
|
* bodyOnLimit: string, // default "Too Many Requests"
|
|
366
366
|
* header: boolean, // default true
|
|
367
|
+
* headerPrefix: string, // default "X-RateLimit-" — builds <prefix>Limit / <prefix>Remaining (e.g. "RateLimit-" for the IETF draft names)
|
|
367
368
|
* skipPaths: Array<string|RegExp>,
|
|
368
369
|
* scope: "global"|"per-route",
|
|
369
370
|
* backend: "memory"|"cluster"|{ take, reset },
|
|
@@ -390,7 +391,7 @@ function _resolveBackend(opts) {
|
|
|
390
391
|
function create(opts) {
|
|
391
392
|
opts = opts || {};
|
|
392
393
|
validateOpts(opts, [
|
|
393
|
-
"keyFn", "statusOnLimit", "bodyOnLimit", "header", "skipPaths", "scope",
|
|
394
|
+
"keyFn", "statusOnLimit", "bodyOnLimit", "header", "headerPrefix", "skipPaths", "scope",
|
|
394
395
|
"backend", "trustProxy", "algorithm",
|
|
395
396
|
// memory backend (token-bucket)
|
|
396
397
|
"burst", "refillPerSecond",
|
|
@@ -404,6 +405,14 @@ function create(opts) {
|
|
|
404
405
|
var statusOnLimit = opts.statusOnLimit || 429;
|
|
405
406
|
var bodyOnLimit = opts.bodyOnLimit !== undefined ? opts.bodyOnLimit : "Too Many Requests";
|
|
406
407
|
var emitHeaders = opts.header !== false;
|
|
408
|
+
// headerPrefix (default "X-RateLimit-") builds the limit/remaining header
|
|
409
|
+
// names as <prefix>Limit / <prefix>Remaining. The X-RateLimit-* family is a
|
|
410
|
+
// de-facto convention, not RFC-pinned — operators matching the IETF draft
|
|
411
|
+
// pass "RateLimit-", or a gateway's own prefix. Kept as a matched pair.
|
|
412
|
+
var headerPrefix = (typeof opts.headerPrefix === "string" && opts.headerPrefix.length > 0)
|
|
413
|
+
? opts.headerPrefix : "X-RateLimit-";
|
|
414
|
+
var limitHeader = headerPrefix + "Limit";
|
|
415
|
+
var remainingHeader = headerPrefix + "Remaining";
|
|
407
416
|
var skipPaths = opts.skipPaths || [];
|
|
408
417
|
// Throw at create(): each entry must be a string prefix or a RegExp.
|
|
409
418
|
// Anything else would crash _shouldSkip with TypeError on the first request.
|
|
@@ -429,8 +438,8 @@ function create(opts) {
|
|
|
429
438
|
|
|
430
439
|
function _writeBlocked(req, res, k, verdict) {
|
|
431
440
|
if (emitHeaders && typeof res.setHeader === "function") {
|
|
432
|
-
res.setHeader(
|
|
433
|
-
res.setHeader(
|
|
441
|
+
res.setHeader(limitHeader, String(verdict.limit));
|
|
442
|
+
res.setHeader(remainingHeader, String(verdict.remaining));
|
|
434
443
|
if (verdict.retryAfter > 0) res.setHeader("Retry-After", String(verdict.retryAfter));
|
|
435
444
|
}
|
|
436
445
|
try {
|
|
@@ -459,8 +468,8 @@ function create(opts) {
|
|
|
459
468
|
|
|
460
469
|
function _handle(verdict) {
|
|
461
470
|
if (emitHeaders && typeof res.setHeader === "function") {
|
|
462
|
-
res.setHeader(
|
|
463
|
-
res.setHeader(
|
|
471
|
+
res.setHeader(limitHeader, String(verdict.limit));
|
|
472
|
+
res.setHeader(remainingHeader, String(verdict.remaining));
|
|
464
473
|
}
|
|
465
474
|
if (!verdict.allowed) return _writeBlocked(req, res, k, verdict);
|
|
466
475
|
next();
|
|
@@ -36,7 +36,7 @@ function _writeUnauthorized(res, requiredBand, actualBand, realm) {
|
|
|
36
36
|
});
|
|
37
37
|
var realmStr = realm ? ' realm="' + realm + '"' : "";
|
|
38
38
|
var challenge = "AAL-StepUp" + realmStr + ', required="' + requiredBand + '"';
|
|
39
|
-
res.writeHead(401, { //
|
|
39
|
+
res.writeHead(401, { // HTTP 401 status
|
|
40
40
|
"Content-Type": "application/json; charset=utf-8",
|
|
41
41
|
"Content-Length": Buffer.byteLength(body),
|
|
42
42
|
"WWW-Authenticate": challenge,
|
|
@@ -215,12 +215,12 @@ function create(opts) {
|
|
|
215
215
|
var presented;
|
|
216
216
|
try { presented = getter(req); }
|
|
217
217
|
catch (e) {
|
|
218
|
-
return _refuse(res, 400, "bound-field-getter-threw", { //
|
|
218
|
+
return _refuse(res, 400, "bound-field-getter-threw", { // HTTP 400
|
|
219
219
|
field: fieldName, error: (e && e.message) || String(e),
|
|
220
220
|
});
|
|
221
221
|
}
|
|
222
222
|
if (typeof presented !== "string" || presented.length === 0) {
|
|
223
|
-
return _refuse(res, 400, "bound-field-missing", { //
|
|
223
|
+
return _refuse(res, 400, "bound-field-missing", { // HTTP 400
|
|
224
224
|
field: fieldName, keyId: record.id || null,
|
|
225
225
|
});
|
|
226
226
|
}
|
|
@@ -91,7 +91,7 @@ function create(allowed, opts) {
|
|
|
91
91
|
if (bare.length > 0 && normalized.indexOf(bare) !== -1) return next();
|
|
92
92
|
if (!res.headersSent) {
|
|
93
93
|
var body = "Unsupported Media Type";
|
|
94
|
-
res.writeHead(415, { //
|
|
94
|
+
res.writeHead(415, { // HTTP 415 status
|
|
95
95
|
"Accept": normalized.join(", "),
|
|
96
96
|
"Content-Type": "text/plain; charset=utf-8",
|
|
97
97
|
"Content-Length": Buffer.byteLength(body),
|
|
@@ -75,7 +75,7 @@ function create(allowed, opts) {
|
|
|
75
75
|
if (normalized.indexOf(m) !== -1) return next();
|
|
76
76
|
if (!res.headersSent) {
|
|
77
77
|
var body = "Method Not Allowed";
|
|
78
|
-
res.writeHead(405, { //
|
|
78
|
+
res.writeHead(405, { // HTTP 405 status
|
|
79
79
|
"Allow": allowHeader,
|
|
80
80
|
"Content-Type": "text/plain; charset=utf-8",
|
|
81
81
|
"Content-Length": Buffer.byteLength(body),
|
|
@@ -67,7 +67,7 @@ function _defaultGetClaims(req) {
|
|
|
67
67
|
function _writeChallenge(res, challenge, body, statusCode) {
|
|
68
68
|
if (res.headersSent) return;
|
|
69
69
|
var json = JSON.stringify(body);
|
|
70
|
-
res.writeHead(statusCode, { //
|
|
70
|
+
res.writeHead(statusCode, { // HTTP status passthrough
|
|
71
71
|
"Content-Type": "application/json; charset=utf-8",
|
|
72
72
|
"Content-Length": Buffer.byteLength(json),
|
|
73
73
|
"WWW-Authenticate": challenge,
|
|
@@ -218,7 +218,7 @@ function create(opts) {
|
|
|
218
218
|
error: stepUp().INSUFFICIENT_USER_AUTHENTICATION,
|
|
219
219
|
error_description: errorDesc || "A higher level of authentication is required",
|
|
220
220
|
},
|
|
221
|
-
401 //
|
|
221
|
+
401 // HTTP 401
|
|
222
222
|
);
|
|
223
223
|
};
|
|
224
224
|
}
|
|
@@ -61,7 +61,7 @@ function create(opts) {
|
|
|
61
61
|
if (opts.groups) _validateResourceImpl(opts.groups, "groups");
|
|
62
62
|
|
|
63
63
|
var basePath = opts.basePath || "/scim/v2";
|
|
64
|
-
var maxPageSize = opts.maxPageSize || 200; //
|
|
64
|
+
var maxPageSize = opts.maxPageSize || 200; // page-size count, not bytes
|
|
65
65
|
var bearer = opts.bearer || null;
|
|
66
66
|
|
|
67
67
|
function middleware(req, res, next) {
|
|
@@ -144,15 +144,15 @@ function create(opts) {
|
|
|
144
144
|
(alsoAtRoot && path === "/security.txt");
|
|
145
145
|
if (!matches) return next();
|
|
146
146
|
if (req.method !== "GET" && req.method !== "HEAD") {
|
|
147
|
-
res.writeHead(405, { //
|
|
147
|
+
res.writeHead(405, { // HTTP 405 status
|
|
148
148
|
"Allow": "GET, HEAD",
|
|
149
149
|
"Content-Type": "text/plain; charset=utf-8",
|
|
150
|
-
"Content-Length": 18, //
|
|
150
|
+
"Content-Length": 18, // len of "Method Not Allowed"
|
|
151
151
|
});
|
|
152
152
|
res.end("Method Not Allowed");
|
|
153
153
|
return;
|
|
154
154
|
}
|
|
155
|
-
res.writeHead(200, { //
|
|
155
|
+
res.writeHead(200, { // HTTP 200 status
|
|
156
156
|
"Content-Type": "text/plain; charset=utf-8",
|
|
157
157
|
"Content-Length": bodyBuf.length,
|
|
158
158
|
"Cache-Control": "public, max-age=86400",
|
|
@@ -90,6 +90,7 @@ function _formatEvent(msg) {
|
|
|
90
90
|
* {
|
|
91
91
|
* heartbeatMs: number|false, // default 15000
|
|
92
92
|
* headers: object, // extra response headers
|
|
93
|
+
* proxyBuffer: boolean, // default true — sets X-Accel-Buffering: no; false to suppress
|
|
93
94
|
* }
|
|
94
95
|
*
|
|
95
96
|
* @example
|
|
@@ -105,13 +106,17 @@ function create(handler, opts) {
|
|
|
105
106
|
throw new Error("middleware.sse: handler must be a function (channel, req) => ...");
|
|
106
107
|
}
|
|
107
108
|
opts = opts || {};
|
|
108
|
-
validateOpts(opts, ["heartbeatMs", "headers"], "middleware.sse");
|
|
109
|
+
validateOpts(opts, ["heartbeatMs", "headers", "proxyBuffer"], "middleware.sse");
|
|
109
110
|
var heartbeatMs = opts.heartbeatMs === false ? 0
|
|
110
111
|
: (opts.heartbeatMs != null ? opts.heartbeatMs : DEFAULT_HEARTBEAT_MS);
|
|
111
112
|
if (heartbeatMs !== 0 && (typeof heartbeatMs !== "number" || !isFinite(heartbeatMs) || heartbeatMs <= 0)) {
|
|
112
113
|
throw new Error("middleware.sse: heartbeatMs must be a positive finite number or false");
|
|
113
114
|
}
|
|
114
115
|
var extraHeaders = opts.headers || {};
|
|
116
|
+
// proxyBuffer (default true) sets `X-Accel-Buffering: no` (the nginx hint
|
|
117
|
+
// that disables proxy buffering). Pass false when not behind nginx, or
|
|
118
|
+
// when buffering is controlled at the load balancer, to suppress it.
|
|
119
|
+
var proxyBuffer = opts.proxyBuffer !== false;
|
|
115
120
|
|
|
116
121
|
return async function sseMiddleware(req, res) {
|
|
117
122
|
if (typeof res.writeHead !== "function" || typeof res.write !== "function") {
|
|
@@ -119,13 +124,14 @@ function create(handler, opts) {
|
|
|
119
124
|
// unusual. Fail closed rather than silently dropping the handler.
|
|
120
125
|
throw new Error("middleware.sse: res does not support writeHead/write — wire SSE only on HTTP routes");
|
|
121
126
|
}
|
|
122
|
-
var
|
|
123
|
-
"Content-Type":
|
|
124
|
-
"Cache-Control":
|
|
125
|
-
"Connection":
|
|
126
|
-
|
|
127
|
-
|
|
128
|
-
|
|
127
|
+
var baseHeaders = {
|
|
128
|
+
"Content-Type": "text/event-stream; charset=utf-8",
|
|
129
|
+
"Cache-Control": "no-cache, no-transform",
|
|
130
|
+
"Connection": "keep-alive",
|
|
131
|
+
};
|
|
132
|
+
// Disable nginx response buffering when terminating behind it.
|
|
133
|
+
if (proxyBuffer) baseHeaders["X-Accel-Buffering"] = "no";
|
|
134
|
+
var headers = Object.assign(baseHeaders, extraHeaders);
|
|
129
135
|
// Append Vary: Accept so a proxy doesn't serve a cached non-SSE
|
|
130
136
|
// response on the same URL to a future client.
|
|
131
137
|
res.writeHead(requestHelpers.HTTP_STATUS.OK, headers);
|
|
@@ -59,18 +59,18 @@ var TUS_ID_BYTES = C.BYTES.bytes(18);
|
|
|
59
59
|
|
|
60
60
|
// HTTP status codes used by TUS — hoisted to named constants so the
|
|
61
61
|
// raw-byte-literal detector doesn't fire on every status path.
|
|
62
|
-
var STATUS_OK = 200; //
|
|
63
|
-
var STATUS_CREATED = 201; //
|
|
64
|
-
var STATUS_NO_CONTENT = 204; //
|
|
65
|
-
var STATUS_BAD_REQUEST = 400; //
|
|
66
|
-
var STATUS_NOT_FOUND = 404; //
|
|
67
|
-
var STATUS_METHOD_NOT_ALLOWED = 405; //
|
|
68
|
-
var STATUS_CONFLICT = 409; //
|
|
69
|
-
var STATUS_PRECONDITION_FAILED = 412; //
|
|
70
|
-
var STATUS_PAYLOAD_TOO_LARGE = 413; //
|
|
71
|
-
var STATUS_UNSUPPORTED_MEDIA = 415; //
|
|
72
|
-
var STATUS_CHECKSUM_MISMATCH = 460; //
|
|
73
|
-
var STATUS_INTERNAL_ERROR = 500; //
|
|
62
|
+
var STATUS_OK = 200; // HTTP status
|
|
63
|
+
var STATUS_CREATED = 201; // HTTP status
|
|
64
|
+
var STATUS_NO_CONTENT = 204; // HTTP status
|
|
65
|
+
var STATUS_BAD_REQUEST = 400; // HTTP status
|
|
66
|
+
var STATUS_NOT_FOUND = 404; // HTTP status
|
|
67
|
+
var STATUS_METHOD_NOT_ALLOWED = 405; // HTTP status
|
|
68
|
+
var STATUS_CONFLICT = 409; // HTTP status
|
|
69
|
+
var STATUS_PRECONDITION_FAILED = 412; // HTTP status
|
|
70
|
+
var STATUS_PAYLOAD_TOO_LARGE = 413; // HTTP status
|
|
71
|
+
var STATUS_UNSUPPORTED_MEDIA = 415; // HTTP status
|
|
72
|
+
var STATUS_CHECKSUM_MISMATCH = 460; // TUS-specific status (§3.5)
|
|
73
|
+
var STATUS_INTERNAL_ERROR = 500; // HTTP status
|
|
74
74
|
|
|
75
75
|
var TusError = defineClass("TusError", { alwaysPermanent: true });
|
|
76
76
|
|
|
@@ -136,7 +136,7 @@ function create(opts) {
|
|
|
136
136
|
if (!matches) return next();
|
|
137
137
|
if (req.method !== "GET" && req.method !== "HEAD") {
|
|
138
138
|
var bodyMsg = "Method Not Allowed";
|
|
139
|
-
res.writeHead(405, { //
|
|
139
|
+
res.writeHead(405, { // HTTP 405 status
|
|
140
140
|
"Allow": "GET, HEAD",
|
|
141
141
|
"Content-Type": "text/plain; charset=utf-8",
|
|
142
142
|
"Content-Length": Buffer.byteLength(bodyMsg),
|
|
@@ -144,7 +144,7 @@ function create(opts) {
|
|
|
144
144
|
res.end(bodyMsg);
|
|
145
145
|
return;
|
|
146
146
|
}
|
|
147
|
-
res.writeHead(200, { //
|
|
147
|
+
res.writeHead(200, { // HTTP 200 status
|
|
148
148
|
"Content-Type": "application/manifest+json",
|
|
149
149
|
"Content-Length": bodyBuf.length,
|
|
150
150
|
"Cache-Control": "public, max-age=86400",
|
|
@@ -48,7 +48,7 @@ var observability = lazyRequire(function () { return require("./observability");
|
|
|
48
48
|
|
|
49
49
|
var ByteQuotaError = defineClass("ByteQuotaError", { alwaysPermanent: true });
|
|
50
50
|
|
|
51
|
-
var BINS_PER_DAY = 24; //
|
|
51
|
+
var BINS_PER_DAY = 24; // 24 hours in a day
|
|
52
52
|
var BIN_MS = C.TIME.hours(1);
|
|
53
53
|
|
|
54
54
|
function _hourBin(nowMs) { return Math.floor(nowMs / BIN_MS); }
|