@blamejs/blamejs-shop 0.4.56 → 0.4.57
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +2 -0
- package/lib/asset-manifest.json +1 -1
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -207,20 +207,24 @@ function _memoryStore() {
|
|
|
207
207
|
*/
|
|
208
208
|
function create(opts) {
|
|
209
209
|
opts = opts || {};
|
|
210
|
-
validateOpts(opts,
|
|
211
|
-
|
|
212
|
-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
216
|
-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
|
|
221
|
-
|
|
222
|
-
|
|
223
|
-
|
|
210
|
+
validateOpts.shape(opts, {
|
|
211
|
+
audit: function (value) {
|
|
212
|
+
validateOpts.auditShape(value, "ddlChangeControl",
|
|
213
|
+
DdlChangeControlError, "ddl-change-control/bad-audit");
|
|
214
|
+
},
|
|
215
|
+
signWith: { rule: "optional-function", code: "ddl-change-control/bad-signer" },
|
|
216
|
+
verifyWith: { rule: "optional-function", code: "ddl-change-control/bad-verifier" },
|
|
217
|
+
now: { rule: "optional-function", code: "ddl-change-control/bad-now" },
|
|
218
|
+
posture: { rule: "optional-string", code: "ddl-change-control/bad-posture" },
|
|
219
|
+
// approvers / windowSpec / store keep their own bespoke validation in
|
|
220
|
+
// the factory body (distinct error codes, floor semantics, the window
|
|
221
|
+
// grammar parser, the silent in-memory fallback) — declared here so the
|
|
222
|
+
// exhaustive contract accepts them while the body remains authoritative.
|
|
223
|
+
approvers: function () {},
|
|
224
|
+
windowSpec: function () {},
|
|
225
|
+
store: function () {},
|
|
226
|
+
selfApproval: { rule: "optional-boolean", code: "ddl-change-control/bad-self-approval" },
|
|
227
|
+
}, "ddlChangeControl", DdlChangeControlError, "ddl-change-control/bad-posture");
|
|
224
228
|
|
|
225
229
|
var approvers = 2;
|
|
226
230
|
if (opts.approvers !== undefined) {
|
|
@@ -48,6 +48,7 @@
|
|
|
48
48
|
|
|
49
49
|
var safeEnv = require("./parsers/safe-env");
|
|
50
50
|
var validateOpts = require("./validate-opts");
|
|
51
|
+
var boundedMap = require("./bounded-map");
|
|
51
52
|
var { FrameworkError } = require("./framework-error");
|
|
52
53
|
|
|
53
54
|
class DeprecateError extends FrameworkError {
|
|
@@ -131,9 +132,8 @@ function warn(name, opts) {
|
|
|
131
132
|
_validateOpts(opts, "warn");
|
|
132
133
|
|
|
133
134
|
var key = name + ":" + opts.since;
|
|
134
|
-
var entry =
|
|
135
|
-
|
|
136
|
-
entry = {
|
|
135
|
+
var entry = boundedMap.getOrInsert(_seen, key, function () {
|
|
136
|
+
return {
|
|
137
137
|
name: name,
|
|
138
138
|
since: opts.since,
|
|
139
139
|
removeIn: opts.removeIn,
|
|
@@ -142,8 +142,7 @@ function warn(name, opts) {
|
|
|
142
142
|
callCount: 0,
|
|
143
143
|
firstSeen: new Date().toISOString(),
|
|
144
144
|
};
|
|
145
|
-
|
|
146
|
-
}
|
|
145
|
+
});
|
|
147
146
|
entry.callCount++;
|
|
148
147
|
|
|
149
148
|
var mode = _modeFromEnv();
|
|
@@ -46,6 +46,7 @@
|
|
|
46
46
|
*/
|
|
47
47
|
|
|
48
48
|
var nodeCrypto = require("node:crypto");
|
|
49
|
+
var bCrypto = require("./crypto");
|
|
49
50
|
var safeJson = require("./safe-json");
|
|
50
51
|
var validateOpts = require("./validate-opts");
|
|
51
52
|
var { defineClass } = require("./framework-error");
|
|
@@ -380,8 +381,11 @@ function _jwkToKey(jwk) {
|
|
|
380
381
|
throw new DidError("did/unsupported-key",
|
|
381
382
|
"did: verificationMethod publicKeyJwk has unsupported kty/crv (" + jwk.kty + "/" + jwk.crv + ")");
|
|
382
383
|
}
|
|
383
|
-
|
|
384
|
-
|
|
384
|
+
return bCrypto.importPublicJwk(jwk, {
|
|
385
|
+
errorClass: DidError,
|
|
386
|
+
code: "did/bad-key",
|
|
387
|
+
messagePrefix: "did: verificationMethod publicKeyJwk is invalid: ",
|
|
388
|
+
});
|
|
385
389
|
}
|
|
386
390
|
|
|
387
391
|
// Extract verification methods from a DID document → KeyObjects.
|
|
@@ -114,6 +114,7 @@ var bCrypto = require("./crypto");
|
|
|
114
114
|
var lazyRequire = require("./lazy-require");
|
|
115
115
|
var validateOpts = require("./validate-opts");
|
|
116
116
|
var safeSql = require("./safe-sql");
|
|
117
|
+
var boundedMap = require("./bounded-map");
|
|
117
118
|
var { defineClass } = require("./framework-error");
|
|
118
119
|
|
|
119
120
|
var DsrError = defineClass("DsrError", { alwaysPermanent: true });
|
|
@@ -372,10 +373,7 @@ function create(opts) {
|
|
|
372
373
|
} catch (_e) { /* drop-silent — audit sink */ }
|
|
373
374
|
}
|
|
374
375
|
|
|
375
|
-
|
|
376
|
-
try { observability().safeEvent("dsr." + verb, n || 1, labels || {}); }
|
|
377
|
-
catch (_e) { /* drop-silent */ }
|
|
378
|
-
}
|
|
376
|
+
var _emitMetric = observability().namespaced("dsr");
|
|
379
377
|
|
|
380
378
|
function _newTicketId() {
|
|
381
379
|
var ts = String(Date.now()).slice(-7); // last 7 chars of unix-ms timestamp; collision-resistant when paired with the random suffix
|
|
@@ -894,10 +892,10 @@ function memoryTicketStore() {
|
|
|
894
892
|
var byId = new Map();
|
|
895
893
|
return {
|
|
896
894
|
insert: async function (ticket) {
|
|
897
|
-
|
|
895
|
+
boundedMap.requireAbsent(byId, ticket.id, function () {
|
|
898
896
|
throw new DsrError("dsr/duplicate-ticket-id",
|
|
899
897
|
"memoryTicketStore: duplicate ticket id " + ticket.id);
|
|
900
|
-
}
|
|
898
|
+
});
|
|
901
899
|
byId.set(ticket.id, Object.assign({}, ticket));
|
|
902
900
|
},
|
|
903
901
|
get: async function (id) {
|
|
@@ -919,10 +917,10 @@ function memoryTicketStore() {
|
|
|
919
917
|
return out;
|
|
920
918
|
},
|
|
921
919
|
update: async function (id, ticket) {
|
|
922
|
-
|
|
920
|
+
boundedMap.requirePresent(byId, id, function () {
|
|
923
921
|
throw new DsrError("dsr/ticket-not-found",
|
|
924
922
|
"memoryTicketStore: ticket " + id + " not found for update");
|
|
925
|
-
}
|
|
923
|
+
});
|
|
926
924
|
byId.set(id, Object.assign({}, ticket));
|
|
927
925
|
},
|
|
928
926
|
delete: async function (id) {
|
|
@@ -1023,10 +1021,8 @@ function _ensureDsrSealTable() {
|
|
|
1023
1021
|
function dbTicketStore(opts) {
|
|
1024
1022
|
opts = opts || {};
|
|
1025
1023
|
var db = opts.db;
|
|
1026
|
-
|
|
1027
|
-
|
|
1028
|
-
"dbTicketStore: opts.db must be a b.db-shaped handle (with runSql + prepare)");
|
|
1029
|
-
}
|
|
1024
|
+
validateOpts.requireMethods(db, ["runSql", "prepare"],
|
|
1025
|
+
"dbTicketStore: opts.db (b.db-shaped handle)", DsrError, "dsr/bad-db");
|
|
1030
1026
|
var tableRaw = opts.table || "dsr_tickets";
|
|
1031
1027
|
var qTable, qEmailIdx, qStatusIdx;
|
|
1032
1028
|
try {
|
|
@@ -49,6 +49,7 @@
|
|
|
49
49
|
* - externaldb.migrate.lock.released { holder }
|
|
50
50
|
*/
|
|
51
51
|
var nodePath = require("node:path");
|
|
52
|
+
var moduleLoader = require("./module-loader");
|
|
52
53
|
var atomicFile = require("./atomic-file");
|
|
53
54
|
var canonicalJson = require("./canonical-json");
|
|
54
55
|
var { sha3Hash } = require("./crypto");
|
|
@@ -379,19 +380,10 @@ function _list(dir) {
|
|
|
379
380
|
}
|
|
380
381
|
|
|
381
382
|
function _loadMigration(file, dir) {
|
|
382
|
-
var
|
|
383
|
-
|
|
384
|
-
// new content. Matches lib/migrations.js semantics.
|
|
385
|
-
try { delete require.cache[require.resolve(fullPath)]; } catch (_e) { /* not yet cached */ }
|
|
386
|
-
var mod;
|
|
387
|
-
// Operator-supplied migration file — dynamic by design, won't survive
|
|
388
|
-
// SEA / pkg bundling. External DB migration tooling is host-CLI scope,
|
|
389
|
-
// not framework-internal scope.
|
|
390
|
-
try { mod = require(fullPath); } // allow:dynamic-require — operator-supplied migration
|
|
391
|
-
catch (e) {
|
|
392
|
-
throw _err("externaldb-migrate/load-failed",
|
|
383
|
+
var mod = moduleLoader.requireFresh(nodePath.join(dir, file), function (e) {
|
|
384
|
+
return _err("externaldb-migrate/load-failed",
|
|
393
385
|
"migration '" + file + "' failed to load: " + ((e && e.message) || String(e)));
|
|
394
|
-
}
|
|
386
|
+
});
|
|
395
387
|
if (!mod || typeof mod.up !== "function") {
|
|
396
388
|
throw _err("externaldb-migrate/missing-up",
|
|
397
389
|
"migration '" + file + "' must export an `up(xdb, ctx)` function");
|
|
@@ -437,16 +429,23 @@ function _resolveBackendName(opts) {
|
|
|
437
429
|
|
|
438
430
|
function create(opts) {
|
|
439
431
|
opts = opts || {};
|
|
440
|
-
validateOpts(opts,
|
|
441
|
-
|
|
442
|
-
|
|
443
|
-
|
|
444
|
-
|
|
445
|
-
|
|
446
|
-
|
|
447
|
-
|
|
448
|
-
|
|
449
|
-
|
|
432
|
+
validateOpts.shape(opts, {
|
|
433
|
+
dir: { rule: "required-string", code: "externaldb-migrate/no-dir",
|
|
434
|
+
label: "externalDb.migrate.create: opts.dir (path to migrations directory)" },
|
|
435
|
+
staleAfterMs: { rule: "optional-non-negative", code: "externaldb-migrate/bad-stale",
|
|
436
|
+
label: "externalDb.migrate: staleAfterMs" },
|
|
437
|
+
audit: function (value) {
|
|
438
|
+
validateOpts.auditShape(value, "externalDb.migrate", ExternalDbMigrateError, "externaldb-migrate/bad-audit");
|
|
439
|
+
},
|
|
440
|
+
schemaIntrospect: { rule: "optional-function", code: "externaldb-migrate/bad-introspect",
|
|
441
|
+
label: "externalDb.migrate: schemaIntrospect" },
|
|
442
|
+
backend: { rule: "optional-string", code: "externaldb-migrate/bad-backend",
|
|
443
|
+
label: "externalDb.migrate: backend (externalDb backend name)" },
|
|
444
|
+
ranBy: { rule: "optional-string", code: "externaldb-migrate/bad-ran-by",
|
|
445
|
+
label: "externalDb.migrate: ranBy (schema-history actor)" },
|
|
446
|
+
signHistory: { rule: "optional-boolean", code: "externaldb-migrate/bad-sign-history",
|
|
447
|
+
label: "externalDb.migrate: signHistory" },
|
|
448
|
+
}, "externalDb.migrate", ExternalDbMigrateError, "externaldb-migrate/bad-opt");
|
|
450
449
|
var dir = opts.dir;
|
|
451
450
|
var audit = opts.audit || null;
|
|
452
451
|
var schemaIntrospect = typeof opts.schemaIntrospect === "function"
|
|
@@ -36,7 +36,9 @@
|
|
|
36
36
|
* External-database integration for app data — Postgres / MySQL / SQLite / MongoDB connection pooling, retry, circuit breaker, classification routing, residency enforcement, and audit hooks.
|
|
37
37
|
*/
|
|
38
38
|
var retryHelper = require("./retry");
|
|
39
|
+
var safeBuffer = require("./safe-buffer");
|
|
39
40
|
var bCrypto = require("./crypto");
|
|
41
|
+
var numericBounds = require("./numeric-bounds");
|
|
40
42
|
var C = require("./constants");
|
|
41
43
|
var dbRoleContext = require("./db-role-context");
|
|
42
44
|
var externalDbMigrate = require("./external-db-migrate");
|
|
@@ -45,6 +47,7 @@ var { boot } = require("./log");
|
|
|
45
47
|
var safeAsync = require("./safe-async");
|
|
46
48
|
var safeSql = require("./safe-sql");
|
|
47
49
|
var validateOpts = require("./validate-opts");
|
|
50
|
+
var codepointClass = require("./codepoint-class");
|
|
48
51
|
var { ExternalDbError } = require("./framework-error");
|
|
49
52
|
|
|
50
53
|
var log = boot("external-db");
|
|
@@ -417,11 +420,7 @@ function _otelDbAttributes(b, sql, includeStatement) {
|
|
|
417
420
|
// legitimately-quoted relation name still surfaces in the audit row.
|
|
418
421
|
var _RELATION_RE = /\b(?:FROM|INTO|UPDATE|JOIN|TABLE|COPY)\s+((?:"[^"]+"|`[^`]+`|[A-Za-z_][\w$]*)(?:\.(?:"[^"]+"|`[^`]+`|[A-Za-z_][\w$]*))?)/ig;
|
|
419
422
|
function _hasControlChar(s) {
|
|
420
|
-
|
|
421
|
-
var c = s.charCodeAt(i);
|
|
422
|
-
if (c < 0x20 || c === 0x7f) return true;
|
|
423
|
-
}
|
|
424
|
-
return false;
|
|
423
|
+
return codepointClass.firstControlCharOffset(s, { forbidTab: true }) !== -1;
|
|
425
424
|
}
|
|
426
425
|
function _extractTargetRelation(sql) {
|
|
427
426
|
if (typeof sql !== "string" || sql.length === 0) return null;
|
|
@@ -747,7 +746,7 @@ function init(opts) {
|
|
|
747
746
|
throw _err("INVALID_CONFIG",
|
|
748
747
|
"backend '" + name + "': applicationName must not contain CR, LF, or NUL characters", true);
|
|
749
748
|
}
|
|
750
|
-
if (applicationName
|
|
749
|
+
if (safeBuffer.byteLengthOf(applicationName) > C.BYTES.bytes(63)) {
|
|
751
750
|
throw _err("INVALID_CONFIG",
|
|
752
751
|
"backend '" + name + "': applicationName exceeds Postgres 63-byte limit (got " +
|
|
753
752
|
applicationName.length + ")", true);
|
|
@@ -1440,7 +1439,7 @@ function _buildSessionGucsStatements(sessionGucs) {
|
|
|
1440
1439
|
// that bloats query logs and consumes max_stack_depth. The cap
|
|
1441
1440
|
// is generous for legitimate tenant identifiers but rejects
|
|
1442
1441
|
// amplification.
|
|
1443
|
-
if (value
|
|
1442
|
+
if (safeBuffer.byteLengthOf(value) > C.BYTES.kib(4)) {
|
|
1444
1443
|
throw _err("INVALID_SESSION_GUCS",
|
|
1445
1444
|
"sessionGucs['" + name + "']: value exceeds 4 KiB cap (got " +
|
|
1446
1445
|
value.length + " chars)", true);
|
|
@@ -1725,11 +1724,9 @@ function _buildReplicas(backendName, cfg) {
|
|
|
1725
1724
|
"backend '" + backendName + "': replicas[" + i + "].query must be a function", true);
|
|
1726
1725
|
}
|
|
1727
1726
|
var weight = r.weight !== undefined ? r.weight : 1;
|
|
1728
|
-
|
|
1729
|
-
|
|
1730
|
-
|
|
1731
|
-
"backend '" + backendName + "': replicas[" + i + "].weight must be a positive integer", true);
|
|
1732
|
-
}
|
|
1727
|
+
numericBounds.requirePositiveFiniteInt(weight,
|
|
1728
|
+
"backend '" + backendName + "': replicas[" + i + "].weight", ExternalDbError,
|
|
1729
|
+
"INVALID_CONFIG", null, { permanent: true });
|
|
1733
1730
|
var replicaTag = r.residencyTag || "unrestricted";
|
|
1734
1731
|
var allowCrossBorder = r.allowCrossBorder === true;
|
|
1735
1732
|
if (!_residencyCompatible(primaryTag, replicaTag) && !allowCrossBorder) {
|
|
@@ -2066,15 +2063,9 @@ function configurePool(backendName, opts) {
|
|
|
2066
2063
|
"configurePool: unknown option '" + k + "'. Allowed: " + allowed.join(", "), true);
|
|
2067
2064
|
}
|
|
2068
2065
|
}
|
|
2069
|
-
|
|
2070
|
-
|
|
2071
|
-
|
|
2072
|
-
"configurePool: " + name + " must be a positive integer, got " + JSON.stringify(value), true);
|
|
2073
|
-
}
|
|
2074
|
-
}
|
|
2075
|
-
if (opts.min !== undefined) _requirePosInt("min", opts.min);
|
|
2076
|
-
if (opts.max !== undefined) _requirePosInt("max", opts.max);
|
|
2077
|
-
if (opts.idleTimeoutMs !== undefined) _requirePosInt("idleTimeoutMs", opts.idleTimeoutMs);
|
|
2066
|
+
numericBounds.requireAllPositiveFiniteIntIfPresent(opts,
|
|
2067
|
+
["min", "max", "idleTimeoutMs"], "configurePool", ExternalDbError,
|
|
2068
|
+
"INVALID_CONFIG", { permanent: true });
|
|
2078
2069
|
if (opts.min !== undefined && opts.max !== undefined && opts.min > opts.max) {
|
|
2079
2070
|
throw _err("INVALID_CONFIG", "configurePool: min must be <= max", true);
|
|
2080
2071
|
}
|
|
@@ -2146,11 +2137,8 @@ function _connectAs(rawConnect, query, opts) {
|
|
|
2146
2137
|
throw _err("INVALID_CONFIG", "connectAs: applicationName must be a string", true);
|
|
2147
2138
|
}
|
|
2148
2139
|
if (opts.statementTimeoutMs !== undefined) {
|
|
2149
|
-
|
|
2150
|
-
|
|
2151
|
-
throw _err("INVALID_CONFIG",
|
|
2152
|
-
"connectAs: statementTimeoutMs must be a positive integer", true);
|
|
2153
|
-
}
|
|
2140
|
+
numericBounds.requirePositiveFiniteIntIfPresent(opts.statementTimeoutMs,
|
|
2141
|
+
"connectAs: statementTimeoutMs", ExternalDbError, "INVALID_CONFIG", { permanent: true });
|
|
2154
2142
|
}
|
|
2155
2143
|
if (opts.gucs !== undefined && (typeof opts.gucs !== "object" || opts.gucs === null)) {
|
|
2156
2144
|
throw _err("INVALID_CONFIG", "connectAs: gucs must be an object", true);
|
|
@@ -181,14 +181,18 @@ function posture(opts) {
|
|
|
181
181
|
"audit", "signWith", "verifyWith", "meanings", "gxpNamespaces",
|
|
182
182
|
"interceptAudit", "now",
|
|
183
183
|
], "fda21cfr11.posture");
|
|
184
|
-
validateOpts.
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
184
|
+
validateOpts.shape(opts, {
|
|
185
|
+
audit: function (value) {
|
|
186
|
+
validateOpts.auditShape(value, "fda21cfr11.posture",
|
|
187
|
+
Fda21Cfr11Error, "fda21cfr11/bad-audit");
|
|
188
|
+
},
|
|
189
|
+
signWith: { rule: "optional-function", code: "fda21cfr11/bad-signer" },
|
|
190
|
+
verifyWith: { rule: "optional-function", code: "fda21cfr11/bad-verifier" },
|
|
191
|
+
now: { rule: "optional-function", code: "fda21cfr11/bad-now" },
|
|
192
|
+
meanings: { rule: "optional-string-array", code: "fda21cfr11/bad-meanings" },
|
|
193
|
+
gxpNamespaces: { rule: "optional-string-array", code: "fda21cfr11/bad-gxp-namespaces" },
|
|
194
|
+
interceptAudit: { rule: "optional-boolean", code: "fda21cfr11/bad-intercept-audit" },
|
|
195
|
+
}, "fda21cfr11.posture", Fda21Cfr11Error, "fda21cfr11/bad-opts");
|
|
192
196
|
|
|
193
197
|
var auditMod = opts.audit && typeof opts.audit.safeEmit === "function" ? opts.audit : null;
|
|
194
198
|
var signWith = typeof opts.signWith === "function" ? opts.signWith : null;
|
|
@@ -168,10 +168,13 @@ function bind(opts) {
|
|
|
168
168
|
throw FdxError.factory("fdx/bad-auth-server",
|
|
169
169
|
"fdx.bind: authServer object required");
|
|
170
170
|
}
|
|
171
|
-
validateOpts.
|
|
172
|
-
"fdx.bind: authServer.issuer"
|
|
173
|
-
|
|
174
|
-
|
|
171
|
+
validateOpts.shape(opts.authServer, {
|
|
172
|
+
issuer: { rule: "required-string", code: "BAD_ISSUER", label: "fdx.bind: authServer.issuer" },
|
|
173
|
+
jwksUri: { rule: "required-string", code: "BAD_JWKS_URI", label: "fdx.bind: authServer.jwksUri" },
|
|
174
|
+
}, "fdx.bind: authServer", FdxError, "fdx/bad-auth-server",
|
|
175
|
+
// fapi2 is forwarded verbatim to fapi2.assertOAuthConfig, which owns
|
|
176
|
+
// its shape ({ pkce, dpop?, mtls?, par }) — validated there, not here.
|
|
177
|
+
{ allow: ["fapi2"] });
|
|
175
178
|
|
|
176
179
|
if (!Array.isArray(opts.resources) || opts.resources.length === 0) {
|
|
177
180
|
throw FdxError.factory("fdx/bad-resources",
|
|
@@ -315,20 +318,21 @@ function consentReceipt(opts) {
|
|
|
315
318
|
if (!opts || typeof opts !== "object") {
|
|
316
319
|
throw FdxError.factory("fdx/bad-opts", "fdx.consentReceipt: opts required");
|
|
317
320
|
}
|
|
318
|
-
validateOpts.
|
|
319
|
-
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
329
|
-
|
|
330
|
-
|
|
331
|
-
|
|
321
|
+
validateOpts.shape(opts, {
|
|
322
|
+
dataProvider: { rule: "required-string", code: "BAD_DATA_PROVIDER" },
|
|
323
|
+
consumerRef: { rule: "required-string", code: "BAD_CONSUMER_REF" },
|
|
324
|
+
thirdParty: { rule: "required-string", code: "BAD_THIRD_PARTY" },
|
|
325
|
+
revocationUrl: { rule: "required-string", code: "BAD_REVOCATION_URL" },
|
|
326
|
+
scopes: function (value) {
|
|
327
|
+
if (!Array.isArray(value) || value.length === 0) {
|
|
328
|
+
throw FdxError.factory("fdx/bad-scopes",
|
|
329
|
+
"fdx.consentReceipt: scopes must be a non-empty array");
|
|
330
|
+
}
|
|
331
|
+
},
|
|
332
|
+
durationMs: function (value, label) {
|
|
333
|
+
numericBounds.requirePositiveFiniteIntIfPresent(value, label, FdxError, "BAD_DURATION");
|
|
334
|
+
},
|
|
335
|
+
}, "fdx.consentReceipt", FdxError, "fdx/bad-opts");
|
|
332
336
|
|
|
333
337
|
var issuedAt = Date.now();
|
|
334
338
|
var expiresAt = issuedAt + (opts.durationMs || C.TIME.weeks(52));
|
|
@@ -259,73 +259,87 @@ function _validateUploadId(id) {
|
|
|
259
259
|
}
|
|
260
260
|
|
|
261
261
|
function _validateCreateOpts(opts) {
|
|
262
|
-
validateOpts.
|
|
263
|
-
|
|
264
|
-
|
|
265
|
-
|
|
266
|
-
|
|
267
|
-
|
|
268
|
-
|
|
269
|
-
|
|
270
|
-
|
|
271
|
-
|
|
272
|
-
|
|
273
|
-
"
|
|
274
|
-
|
|
275
|
-
|
|
276
|
-
|
|
277
|
-
|
|
278
|
-
|
|
279
|
-
|
|
280
|
-
|
|
281
|
-
|
|
282
|
-
|
|
283
|
-
|
|
284
|
-
|
|
285
|
-
|
|
286
|
-
|
|
287
|
-
|
|
288
|
-
|
|
289
|
-
(
|
|
290
|
-
|
|
291
|
-
"fileUpload.create: allowedFileTypes is set but fileType primitive is not wired " +
|
|
292
|
-
"(pass fileType: b.fileType so the framework can sniff magic bytes at finalize)");
|
|
293
|
-
}
|
|
294
|
-
// permissions — when set, must expose check(actor, scope) → boolean.
|
|
295
|
-
validateOpts.optionalObjectWithMethod(opts.permissions, "check",
|
|
296
|
-
"fileUpload.create: permissions", FileUploadError, "BAD_OPT",
|
|
297
|
-
"must be a b.permissions instance (check fn)");
|
|
298
|
-
// contentSafety — extension-keyed gate map for per-extension content
|
|
299
|
-
// validation. Default behaviour: when undefined, the framework wires
|
|
300
|
-
// b.guardAll.byExtension({ profile: "strict" }) automatically so every
|
|
301
|
-
// shipped guard is ON by default. Explicit opt-out: contentSafety:
|
|
302
|
-
// null (audited at create() time so a security review can reconstruct
|
|
303
|
-
// which deploys disabled the default-on protection).
|
|
304
|
-
// Example: contentSafety: { ".csv": b.guardCsv.gate({ profile: "strict" }) }
|
|
305
|
-
if (opts.contentSafety !== undefined && opts.contentSafety !== null) {
|
|
306
|
-
validateOpts.optionalPlainObject(opts.contentSafety,
|
|
307
|
-
"fileUpload.create: contentSafety", FileUploadError, "BAD_OPT",
|
|
308
|
-
"must be a plain { ext: gate } object, null to opt out, or " +
|
|
309
|
-
"undefined for the default-on b.guardAll wiring");
|
|
310
|
-
var safetyKeys = Object.keys(opts.contentSafety);
|
|
311
|
-
for (var sk = 0; sk < safetyKeys.length; sk++) {
|
|
312
|
-
var ext = safetyKeys[sk];
|
|
313
|
-
var g = opts.contentSafety[ext];
|
|
314
|
-
if (!g || typeof g.check !== "function") {
|
|
262
|
+
validateOpts.shape(opts, {
|
|
263
|
+
stagingDir: function (v, label) {
|
|
264
|
+
validateOpts.requireNonEmptyString(v, label, FileUploadError);
|
|
265
|
+
if (!nodePath.isAbsolute(v)) {
|
|
266
|
+
throw _err("BAD_OPT", "fileUpload.create: stagingDir must be an absolute path, got " +
|
|
267
|
+
JSON.stringify(v));
|
|
268
|
+
}
|
|
269
|
+
},
|
|
270
|
+
onFinalize: "optional-function",
|
|
271
|
+
onChunk: "optional-function",
|
|
272
|
+
// Byte / count caps — finite positive ints; TTL/idle windows allow 0.
|
|
273
|
+
maxFileBytes: "optional-positive-finite-int",
|
|
274
|
+
maxChunkBytes: "optional-positive-finite-int",
|
|
275
|
+
maxStreamReassemblyBytes: "optional-positive-finite-int",
|
|
276
|
+
maxStagingBytes: "optional-positive-finite-int",
|
|
277
|
+
maxActiveUploadsPerActor: "optional-positive-finite-int",
|
|
278
|
+
maxChunks: "optional-positive-finite-int",
|
|
279
|
+
incompleteTtlMs: "optional-non-negative-finite-int",
|
|
280
|
+
maxIdleMs: "optional-non-negative-finite-int",
|
|
281
|
+
audit: function (v) { validateOpts.auditShape(v, "fileUpload.create", FileUploadError); },
|
|
282
|
+
observability: function (v) { validateOpts.observabilityShape(v, "fileUpload.create", FileUploadError); },
|
|
283
|
+
clock: "optional-function",
|
|
284
|
+
// allowedFileTypes — operator's MIME allowlist. Empty / undefined
|
|
285
|
+
// disables the gate. Setting it without wiring a fileType primitive
|
|
286
|
+
// is a misconfig — the gate would have nothing to enforce against.
|
|
287
|
+
allowedFileTypes: function (v, label) {
|
|
288
|
+
validateOpts.optionalNonEmptyStringArray(v, label, FileUploadError, "BAD_OPT");
|
|
289
|
+
if (Array.isArray(v) && v.length > 0 &&
|
|
290
|
+
(!opts.fileType || typeof opts.fileType.detect !== "function")) {
|
|
315
291
|
throw _err("BAD_OPT",
|
|
316
|
-
"fileUpload.create:
|
|
317
|
-
"
|
|
292
|
+
"fileUpload.create: allowedFileTypes is set but fileType primitive is not wired " +
|
|
293
|
+
"(pass fileType: b.fileType so the framework can sniff magic bytes at finalize)");
|
|
318
294
|
}
|
|
319
|
-
}
|
|
320
|
-
|
|
321
|
-
|
|
322
|
-
|
|
323
|
-
|
|
324
|
-
|
|
325
|
-
|
|
326
|
-
|
|
327
|
-
|
|
328
|
-
|
|
295
|
+
},
|
|
296
|
+
// permissions — when set, must expose check(actor, scope) → boolean.
|
|
297
|
+
permissions: function (v, label) {
|
|
298
|
+
validateOpts.optionalObjectWithMethod(v, "check", label, FileUploadError, "BAD_OPT",
|
|
299
|
+
"must be a b.permissions instance (check fn)");
|
|
300
|
+
},
|
|
301
|
+
// contentSafety — extension-keyed gate map for per-extension content
|
|
302
|
+
// validation. Default behaviour: when undefined, the framework wires
|
|
303
|
+
// b.guardAll.byExtension({ profile: "strict" }) automatically so every
|
|
304
|
+
// shipped guard is ON by default. Explicit opt-out: contentSafety:
|
|
305
|
+
// null (audited at create() time so a security review can reconstruct
|
|
306
|
+
// which deploys disabled the default-on protection).
|
|
307
|
+
// Example: contentSafety: { ".csv": b.guardCsv.gate({ profile: "strict" }) }
|
|
308
|
+
contentSafety: function (v, label) {
|
|
309
|
+
if (v === undefined || v === null) return;
|
|
310
|
+
validateOpts.optionalPlainObject(v, label, FileUploadError, "BAD_OPT",
|
|
311
|
+
"must be a plain { ext: gate } object, null to opt out, or " +
|
|
312
|
+
"undefined for the default-on b.guardAll wiring");
|
|
313
|
+
var safetyKeys = Object.keys(v);
|
|
314
|
+
for (var sk = 0; sk < safetyKeys.length; sk++) {
|
|
315
|
+
var ext = safetyKeys[sk];
|
|
316
|
+
var g = v[ext];
|
|
317
|
+
if (!g || typeof g.check !== "function") {
|
|
318
|
+
throw _err("BAD_OPT",
|
|
319
|
+
"fileUpload.create: contentSafety[" + JSON.stringify(ext) +
|
|
320
|
+
"] must be a gate (b.guardCsv.gate / b.guardHtml.gate / etc.)");
|
|
321
|
+
}
|
|
322
|
+
}
|
|
323
|
+
},
|
|
324
|
+
// filenameSafety — single gate for filename validation. Default: on.
|
|
325
|
+
// Operator opts out with filenameSafety: null (audited).
|
|
326
|
+
filenameSafety: function (v, label) {
|
|
327
|
+
if (v === undefined || v === null) return;
|
|
328
|
+
validateOpts.optionalObjectWithMethod(v, "check", label, FileUploadError, "BAD_OPT",
|
|
329
|
+
"must be a gate (b.guardFilename.gate(...)), null to opt out, or " +
|
|
330
|
+
"undefined for the default-on wiring");
|
|
331
|
+
},
|
|
332
|
+
// fileType — magic-byte sniffer (b.fileType) consumed at finalize when
|
|
333
|
+
// allowedFileTypes is set; validated here so it can't be passed un-typed.
|
|
334
|
+
fileType: function (v, label) {
|
|
335
|
+
if (v === undefined || v === null) return;
|
|
336
|
+
validateOpts.optionalObjectWithMethod(v, "detect", label, FileUploadError, "BAD_OPT",
|
|
337
|
+
"must be a b.fileType instance (detect fn)");
|
|
338
|
+
},
|
|
339
|
+
// Reason strings recorded when a default-on safety is explicitly disabled.
|
|
340
|
+
contentSafetyDisabledReason: "optional-string",
|
|
341
|
+
filenameSafetyDisabledReason: "optional-string",
|
|
342
|
+
}, "fileUpload.create", FileUploadError, "BAD_OPT", { exhaustive: true });
|
|
329
343
|
}
|
|
330
344
|
|
|
331
345
|
/**
|
|
@@ -698,7 +712,7 @@ function create(opts) {
|
|
|
698
712
|
throw _err("EMPTY_CHUNK",
|
|
699
713
|
"fileUpload.acceptChunk: body is empty (0 bytes)");
|
|
700
714
|
}
|
|
701
|
-
if (body
|
|
715
|
+
if (safeBuffer.byteLengthOf(body) > maxChunkBytes) {
|
|
702
716
|
_emitObs("fileUpload.chunk_too_large", 1);
|
|
703
717
|
throw _err("CHUNK_TOO_LARGE",
|
|
704
718
|
"fileUpload.acceptChunk: chunk body is " + body.length +
|
|
@@ -17,6 +17,7 @@
|
|
|
17
17
|
*/
|
|
18
18
|
|
|
19
19
|
var nodeCrypto = require("node:crypto");
|
|
20
|
+
var pick = require("./pick");
|
|
20
21
|
var validateOpts = require("./validate-opts");
|
|
21
22
|
var lazyRequire = require("./lazy-require");
|
|
22
23
|
var { defineClass } = require("./framework-error");
|
|
@@ -33,7 +34,7 @@ function _normalize(input, label) {
|
|
|
33
34
|
var out = {};
|
|
34
35
|
for (var key in input) {
|
|
35
36
|
if (!Object.prototype.hasOwnProperty.call(input, key)) continue;
|
|
36
|
-
if (key
|
|
37
|
+
if (pick.isPoisonedKey(key)) {
|
|
37
38
|
continue; // poisoned-keys defense
|
|
38
39
|
}
|
|
39
40
|
out[key] = input[key];
|
|
@@ -55,12 +56,8 @@ function merge(base, overlay) {
|
|
|
55
56
|
var b = _normalize(base, "merge.base");
|
|
56
57
|
var o = _normalize(overlay, "merge.overlay");
|
|
57
58
|
var out = {};
|
|
58
|
-
|
|
59
|
-
|
|
60
|
-
}
|
|
61
|
-
for (var k2 in o) {
|
|
62
|
-
if (Object.prototype.hasOwnProperty.call(o, k2)) out[k2] = o[k2];
|
|
63
|
-
}
|
|
59
|
+
validateOpts.assignOwnEnumerable(out, b);
|
|
60
|
+
validateOpts.assignOwnEnumerable(out, o);
|
|
64
61
|
return Object.freeze(out);
|
|
65
62
|
}
|
|
66
63
|
|
|
@@ -110,7 +107,7 @@ function fromRequest(req, opts) {
|
|
|
110
107
|
if (opts.extra && typeof opts.extra === "object") {
|
|
111
108
|
for (var k in opts.extra) {
|
|
112
109
|
if (Object.prototype.hasOwnProperty.call(opts.extra, k)) {
|
|
113
|
-
if (k
|
|
110
|
+
if (pick.isPoisonedKey(k)) continue;
|
|
114
111
|
ctx[k] = opts.extra[k];
|
|
115
112
|
}
|
|
116
113
|
}
|