@blamejs/blamejs-shop 0.4.56 → 0.4.58
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/affiliates.js +35 -4
- package/lib/api-keys.js +17 -2
- package/lib/asset-manifest.json +1 -1
- package/lib/backorder.js +21 -4
- package/lib/click-and-collect.js +11 -2
- package/lib/credit-limits.js +132 -84
- package/lib/vendor/MANIFEST.json +426 -366
- package/lib/vendor/blamejs/.github/codeql/codeql-config.yml +25 -0
- package/lib/vendor/blamejs/.github/workflows/actions-lint.yml +3 -3
- package/lib/vendor/blamejs/.github/workflows/cflite_batch.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/cflite_pr.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/ci.yml +13 -13
- package/lib/vendor/blamejs/.github/workflows/codeql.yml +8 -7
- package/lib/vendor/blamejs/.github/workflows/npm-publish.yml +2 -2
- package/lib/vendor/blamejs/.github/workflows/release-container.yml +4 -4
- package/lib/vendor/blamejs/.github/workflows/scorecard.yml +1 -1
- package/lib/vendor/blamejs/.github/workflows/sha-to-tag-verify.yml +1 -1
- package/lib/vendor/blamejs/CHANGELOG.md +2 -0
- package/lib/vendor/blamejs/api-snapshot.json +1381 -4
- package/lib/vendor/blamejs/eslint.config.mjs +1 -0
- package/lib/vendor/blamejs/examples/wiki/lib/source-comment-block-validator.js +4 -1
- package/lib/vendor/blamejs/examples/wiki/lib/symbol-index.js +5 -2
- package/lib/vendor/blamejs/examples/wiki/routes/pages.js +4 -1
- package/lib/vendor/blamejs/fuzz/guard-text.fuzz.js +20 -0
- package/lib/vendor/blamejs/index.js +2 -0
- package/lib/vendor/blamejs/lib/a2a-tasks.js +7 -23
- package/lib/vendor/blamejs/lib/acme.js +6 -5
- package/lib/vendor/blamejs/lib/agent-event-bus.js +5 -4
- package/lib/vendor/blamejs/lib/agent-idempotency.js +2 -5
- package/lib/vendor/blamejs/lib/agent-orchestrator.js +2 -5
- package/lib/vendor/blamejs/lib/agent-saga.js +3 -5
- package/lib/vendor/blamejs/lib/agent-tenant.js +2 -5
- package/lib/vendor/blamejs/lib/ai-adverse-decision.js +2 -15
- package/lib/vendor/blamejs/lib/ai-capability.js +1 -6
- package/lib/vendor/blamejs/lib/ai-dp.js +1 -5
- package/lib/vendor/blamejs/lib/ai-input.js +2 -2
- package/lib/vendor/blamejs/lib/ai-pref.js +3 -8
- package/lib/vendor/blamejs/lib/ai-quota.js +3 -14
- package/lib/vendor/blamejs/lib/api-key.js +37 -28
- package/lib/vendor/blamejs/lib/archive-adapters.js +2 -4
- package/lib/vendor/blamejs/lib/archive-entry-policy.js +32 -0
- package/lib/vendor/blamejs/lib/archive-read.js +5 -17
- package/lib/vendor/blamejs/lib/archive-tar-read.js +5 -16
- package/lib/vendor/blamejs/lib/archive.js +2 -10
- package/lib/vendor/blamejs/lib/arg-parser.js +7 -6
- package/lib/vendor/blamejs/lib/asyncapi-traits.js +2 -6
- package/lib/vendor/blamejs/lib/atomic-file.js +108 -31
- package/lib/vendor/blamejs/lib/audit-chain.js +133 -53
- package/lib/vendor/blamejs/lib/audit-daily-review.js +24 -14
- package/lib/vendor/blamejs/lib/audit-emit.js +82 -0
- package/lib/vendor/blamejs/lib/audit-sign.js +257 -0
- package/lib/vendor/blamejs/lib/audit.js +84 -0
- package/lib/vendor/blamejs/lib/auth/access-lock.js +5 -27
- package/lib/vendor/blamejs/lib/auth/dpop.js +23 -35
- package/lib/vendor/blamejs/lib/auth/fido-mds3.js +9 -15
- package/lib/vendor/blamejs/lib/auth/jwt-external.js +26 -8
- package/lib/vendor/blamejs/lib/auth/jwt.js +13 -15
- package/lib/vendor/blamejs/lib/auth/lockout.js +6 -25
- package/lib/vendor/blamejs/lib/auth/oauth.js +67 -45
- package/lib/vendor/blamejs/lib/auth/oid4vci.js +55 -32
- package/lib/vendor/blamejs/lib/auth/oid4vp.js +3 -2
- package/lib/vendor/blamejs/lib/auth/openid-federation.js +6 -6
- package/lib/vendor/blamejs/lib/auth/passkey.js +3 -3
- package/lib/vendor/blamejs/lib/auth/password.js +7 -1
- package/lib/vendor/blamejs/lib/auth/saml.js +37 -27
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-holder.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc-issuer.js +2 -14
- package/lib/vendor/blamejs/lib/auth/sd-jwt-vc.js +1 -1
- package/lib/vendor/blamejs/lib/auth/status-list.js +7 -7
- package/lib/vendor/blamejs/lib/auth/step-up.js +6 -12
- package/lib/vendor/blamejs/lib/auth-bot-challenge.js +6 -37
- package/lib/vendor/blamejs/lib/backup/bundle.js +11 -18
- package/lib/vendor/blamejs/lib/backup/index.js +14 -47
- package/lib/vendor/blamejs/lib/bounded-map.js +112 -1
- package/lib/vendor/blamejs/lib/breach-deadline.js +1 -11
- package/lib/vendor/blamejs/lib/cache.js +7 -18
- package/lib/vendor/blamejs/lib/cbor.js +2 -1
- package/lib/vendor/blamejs/lib/cdn-cache-control.js +8 -9
- package/lib/vendor/blamejs/lib/cert.js +3 -10
- package/lib/vendor/blamejs/lib/chain-writer.js +162 -47
- package/lib/vendor/blamejs/lib/cli.js +5 -1
- package/lib/vendor/blamejs/lib/client-hints.js +7 -9
- package/lib/vendor/blamejs/lib/cloud-events.js +40 -31
- package/lib/vendor/blamejs/lib/cluster-storage.js +2 -38
- package/lib/vendor/blamejs/lib/cms-codec.js +2 -1
- package/lib/vendor/blamejs/lib/codepoint-class.js +67 -1
- package/lib/vendor/blamejs/lib/compliance-ai-act-logging.js +1 -6
- package/lib/vendor/blamejs/lib/compliance-ai-act-transparency.js +2 -4
- package/lib/vendor/blamejs/lib/compliance-eaa.js +1 -11
- package/lib/vendor/blamejs/lib/compliance-sanctions-fetcher.js +21 -28
- package/lib/vendor/blamejs/lib/compliance-sanctions.js +2 -14
- package/lib/vendor/blamejs/lib/compliance.js +2 -9
- package/lib/vendor/blamejs/lib/config-drift.js +2 -12
- package/lib/vendor/blamejs/lib/content-digest.js +10 -8
- package/lib/vendor/blamejs/lib/cookies.js +5 -11
- package/lib/vendor/blamejs/lib/cose.js +19 -11
- package/lib/vendor/blamejs/lib/cra-report.js +1 -11
- package/lib/vendor/blamejs/lib/crypto-field.js +5 -10
- package/lib/vendor/blamejs/lib/crypto.js +120 -3
- package/lib/vendor/blamejs/lib/csp.js +235 -3
- package/lib/vendor/blamejs/lib/daemon.js +42 -41
- package/lib/vendor/blamejs/lib/data-act.js +19 -9
- package/lib/vendor/blamejs/lib/db-query.js +6 -40
- package/lib/vendor/blamejs/lib/db.js +34 -12
- package/lib/vendor/blamejs/lib/dbsc.js +5 -6
- package/lib/vendor/blamejs/lib/ddl-change-control.js +18 -14
- package/lib/vendor/blamejs/lib/deprecate.js +4 -5
- package/lib/vendor/blamejs/lib/did.js +6 -2
- package/lib/vendor/blamejs/lib/dsr.js +8 -12
- package/lib/vendor/blamejs/lib/external-db-migrate.js +21 -22
- package/lib/vendor/blamejs/lib/external-db.js +14 -26
- package/lib/vendor/blamejs/lib/fda-21cfr11.js +12 -8
- package/lib/vendor/blamejs/lib/fdx.js +22 -18
- package/lib/vendor/blamejs/lib/file-upload.js +80 -66
- package/lib/vendor/blamejs/lib/flag-evaluation-context.js +5 -8
- package/lib/vendor/blamejs/lib/framework-error.js +12 -0
- package/lib/vendor/blamejs/lib/framework-schema.js +19 -0
- package/lib/vendor/blamejs/lib/fsm.js +7 -12
- package/lib/vendor/blamejs/lib/gate-contract.js +869 -38
- package/lib/vendor/blamejs/lib/gdpr-ropa.js +4 -13
- package/lib/vendor/blamejs/lib/graphql-federation.js +1 -1
- package/lib/vendor/blamejs/lib/guard-agent-registry.js +2 -1
- package/lib/vendor/blamejs/lib/guard-all.js +1 -0
- package/lib/vendor/blamejs/lib/guard-archive.js +9 -30
- package/lib/vendor/blamejs/lib/guard-auth.js +23 -80
- package/lib/vendor/blamejs/lib/guard-cidr.js +20 -96
- package/lib/vendor/blamejs/lib/guard-csv.js +135 -196
- package/lib/vendor/blamejs/lib/guard-domain.js +23 -106
- package/lib/vendor/blamejs/lib/guard-dsn.js +16 -13
- package/lib/vendor/blamejs/lib/guard-email.js +46 -53
- package/lib/vendor/blamejs/lib/guard-envelope.js +1 -1
- package/lib/vendor/blamejs/lib/guard-event-bus-topic.js +2 -1
- package/lib/vendor/blamejs/lib/guard-filename.js +12 -60
- package/lib/vendor/blamejs/lib/guard-graphql.js +28 -75
- package/lib/vendor/blamejs/lib/guard-html-wcag.js +15 -2
- package/lib/vendor/blamejs/lib/guard-html.js +65 -117
- package/lib/vendor/blamejs/lib/guard-idempotency-key.js +2 -1
- package/lib/vendor/blamejs/lib/guard-image.js +280 -77
- package/lib/vendor/blamejs/lib/guard-imap-command.js +8 -9
- package/lib/vendor/blamejs/lib/guard-json.js +87 -103
- package/lib/vendor/blamejs/lib/guard-jsonpath.js +20 -88
- package/lib/vendor/blamejs/lib/guard-jwt.js +32 -114
- package/lib/vendor/blamejs/lib/guard-list-id.js +2 -7
- package/lib/vendor/blamejs/lib/guard-list-unsubscribe.js +2 -7
- package/lib/vendor/blamejs/lib/guard-mail-compose.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mail-move.js +2 -1
- package/lib/vendor/blamejs/lib/guard-mail-query.js +5 -3
- package/lib/vendor/blamejs/lib/guard-mail-sieve.js +6 -7
- package/lib/vendor/blamejs/lib/guard-managesieve-command.js +5 -4
- package/lib/vendor/blamejs/lib/guard-markdown.js +76 -110
- package/lib/vendor/blamejs/lib/guard-message-id.js +5 -6
- package/lib/vendor/blamejs/lib/guard-mime.js +20 -99
- package/lib/vendor/blamejs/lib/guard-oauth.js +19 -73
- package/lib/vendor/blamejs/lib/guard-pdf.js +65 -72
- package/lib/vendor/blamejs/lib/guard-pop3-command.js +12 -13
- package/lib/vendor/blamejs/lib/guard-posture-chain.js +2 -1
- package/lib/vendor/blamejs/lib/guard-regex.js +24 -99
- package/lib/vendor/blamejs/lib/guard-saga-config.js +2 -1
- package/lib/vendor/blamejs/lib/guard-shell.js +22 -87
- package/lib/vendor/blamejs/lib/guard-smtp-command.js +8 -11
- package/lib/vendor/blamejs/lib/guard-sql.js +15 -13
- package/lib/vendor/blamejs/lib/guard-stream-args.js +2 -1
- package/lib/vendor/blamejs/lib/guard-svg.js +95 -140
- package/lib/vendor/blamejs/lib/guard-template.js +23 -80
- package/lib/vendor/blamejs/lib/guard-tenant-id.js +2 -1
- package/lib/vendor/blamejs/lib/guard-text.js +592 -0
- package/lib/vendor/blamejs/lib/guard-time.js +27 -95
- package/lib/vendor/blamejs/lib/guard-uuid.js +21 -93
- package/lib/vendor/blamejs/lib/guard-xml.js +76 -106
- package/lib/vendor/blamejs/lib/guard-yaml.js +24 -60
- package/lib/vendor/blamejs/lib/http-client-cache.js +5 -12
- package/lib/vendor/blamejs/lib/http-client-cookie-jar.js +2 -4
- package/lib/vendor/blamejs/lib/http-client.js +8 -21
- package/lib/vendor/blamejs/lib/http-message-signature.js +3 -2
- package/lib/vendor/blamejs/lib/i18n-messageformat.js +5 -7
- package/lib/vendor/blamejs/lib/i18n.js +83 -26
- package/lib/vendor/blamejs/lib/inbox.js +8 -8
- package/lib/vendor/blamejs/lib/incident-report.js +3 -21
- package/lib/vendor/blamejs/lib/ip-utils.js +49 -6
- package/lib/vendor/blamejs/lib/jobs.js +3 -2
- package/lib/vendor/blamejs/lib/keychain.js +6 -18
- package/lib/vendor/blamejs/lib/legal-hold.js +6 -15
- package/lib/vendor/blamejs/lib/log-stream-cloudwatch.js +44 -112
- package/lib/vendor/blamejs/lib/log-stream-otlp-grpc.js +17 -14
- package/lib/vendor/blamejs/lib/log-stream-otlp.js +16 -80
- package/lib/vendor/blamejs/lib/log-stream-webhook.js +20 -92
- package/lib/vendor/blamejs/lib/mail-arc-sign.js +8 -3
- package/lib/vendor/blamejs/lib/mail-arf.js +3 -2
- package/lib/vendor/blamejs/lib/mail-auth.js +40 -66
- package/lib/vendor/blamejs/lib/mail-bimi.js +19 -39
- package/lib/vendor/blamejs/lib/mail-crypto-pgp.js +3 -2
- package/lib/vendor/blamejs/lib/mail-dav.js +8 -35
- package/lib/vendor/blamejs/lib/mail-deploy.js +6 -9
- package/lib/vendor/blamejs/lib/mail-dkim.js +19 -38
- package/lib/vendor/blamejs/lib/mail-greylist.js +15 -26
- package/lib/vendor/blamejs/lib/mail-helo.js +2 -3
- package/lib/vendor/blamejs/lib/mail-journal.js +2 -1
- package/lib/vendor/blamejs/lib/mail-mdn.js +4 -3
- package/lib/vendor/blamejs/lib/mail-rbl.js +5 -8
- package/lib/vendor/blamejs/lib/mail-scan.js +2 -2
- package/lib/vendor/blamejs/lib/mail-send-deliver.js +33 -20
- package/lib/vendor/blamejs/lib/mail-server-imap.js +32 -87
- package/lib/vendor/blamejs/lib/mail-server-jmap.js +35 -51
- package/lib/vendor/blamejs/lib/mail-server-managesieve.js +29 -83
- package/lib/vendor/blamejs/lib/mail-server-mx.js +33 -74
- package/lib/vendor/blamejs/lib/mail-server-net.js +177 -0
- package/lib/vendor/blamejs/lib/mail-server-pop3.js +30 -83
- package/lib/vendor/blamejs/lib/mail-server-rate-limit.js +30 -6
- package/lib/vendor/blamejs/lib/mail-server-submission.js +34 -73
- package/lib/vendor/blamejs/lib/mail-server-tls.js +89 -0
- package/lib/vendor/blamejs/lib/mail-spam-score.js +7 -8
- package/lib/vendor/blamejs/lib/mail-store.js +3 -2
- package/lib/vendor/blamejs/lib/mail.js +6 -11
- package/lib/vendor/blamejs/lib/markup-escape.js +31 -0
- package/lib/vendor/blamejs/lib/markup-tokenizer.js +54 -0
- package/lib/vendor/blamejs/lib/mcp-tool-registry.js +26 -23
- package/lib/vendor/blamejs/lib/mcp.js +1 -1
- package/lib/vendor/blamejs/lib/mdoc.js +11 -12
- package/lib/vendor/blamejs/lib/metrics.js +32 -30
- package/lib/vendor/blamejs/lib/middleware/age-gate.js +3 -23
- package/lib/vendor/blamejs/lib/middleware/api-encrypt.js +11 -22
- package/lib/vendor/blamejs/lib/middleware/assetlinks.js +2 -7
- package/lib/vendor/blamejs/lib/middleware/bearer-auth.js +2 -1
- package/lib/vendor/blamejs/lib/middleware/body-parser.js +31 -48
- package/lib/vendor/blamejs/lib/middleware/bot-disclose.js +7 -10
- package/lib/vendor/blamejs/lib/middleware/bot-guard.js +2 -10
- package/lib/vendor/blamejs/lib/middleware/csrf-protect.js +13 -2
- package/lib/vendor/blamejs/lib/middleware/daily-byte-quota.js +6 -26
- package/lib/vendor/blamejs/lib/middleware/deny-response.js +19 -1
- package/lib/vendor/blamejs/lib/middleware/fetch-metadata.js +7 -0
- package/lib/vendor/blamejs/lib/middleware/idempotency-key.js +4 -20
- package/lib/vendor/blamejs/lib/middleware/rate-limit.js +20 -28
- package/lib/vendor/blamejs/lib/middleware/scim-server.js +3 -2
- package/lib/vendor/blamejs/lib/middleware/security-headers.js +9 -1
- package/lib/vendor/blamejs/lib/middleware/security-txt.js +2 -6
- package/lib/vendor/blamejs/lib/middleware/tus-upload.js +12 -27
- package/lib/vendor/blamejs/lib/middleware/web-app-manifest.js +2 -7
- package/lib/vendor/blamejs/lib/migrations.js +4 -13
- package/lib/vendor/blamejs/lib/mime-parse.js +34 -17
- package/lib/vendor/blamejs/lib/module-loader.js +44 -0
- package/lib/vendor/blamejs/lib/money.js +105 -0
- package/lib/vendor/blamejs/lib/mtls-ca.js +116 -36
- package/lib/vendor/blamejs/lib/network-byte-quota.js +4 -18
- package/lib/vendor/blamejs/lib/network-dane.js +8 -6
- package/lib/vendor/blamejs/lib/network-dns-resolver.js +97 -6
- package/lib/vendor/blamejs/lib/network-dnssec.js +16 -16
- package/lib/vendor/blamejs/lib/network-heartbeat.js +3 -2
- package/lib/vendor/blamejs/lib/network-smtp-policy.js +29 -41
- package/lib/vendor/blamejs/lib/network-tls.js +40 -42
- package/lib/vendor/blamejs/lib/nis2-report.js +1 -11
- package/lib/vendor/blamejs/lib/nonce-store.js +81 -3
- package/lib/vendor/blamejs/lib/numeric-bounds.js +22 -8
- package/lib/vendor/blamejs/lib/object-store/azure-blob-bucket-ops.js +2 -6
- package/lib/vendor/blamejs/lib/object-store/azure-blob.js +5 -45
- package/lib/vendor/blamejs/lib/object-store/gcs.js +8 -71
- package/lib/vendor/blamejs/lib/object-store/http-put.js +1 -5
- package/lib/vendor/blamejs/lib/object-store/http-request.js +128 -0
- package/lib/vendor/blamejs/lib/object-store/sigv4-bucket-ops.js +2 -1
- package/lib/vendor/blamejs/lib/object-store/sigv4.js +9 -77
- package/lib/vendor/blamejs/lib/observability-otlp-exporter.js +9 -25
- package/lib/vendor/blamejs/lib/observability.js +95 -0
- package/lib/vendor/blamejs/lib/openapi-paths-builder.js +7 -3
- package/lib/vendor/blamejs/lib/otel-export.js +7 -10
- package/lib/vendor/blamejs/lib/outbox.js +43 -37
- package/lib/vendor/blamejs/lib/pagination.js +11 -15
- package/lib/vendor/blamejs/lib/parsers/safe-env.js +5 -4
- package/lib/vendor/blamejs/lib/parsers/safe-ini.js +10 -4
- package/lib/vendor/blamejs/lib/parsers/safe-toml.js +11 -9
- package/lib/vendor/blamejs/lib/parsers/safe-xml.js +2 -2
- package/lib/vendor/blamejs/lib/parsers/safe-yaml.js +7 -6
- package/lib/vendor/blamejs/lib/pick.js +63 -5
- package/lib/vendor/blamejs/lib/pipl-cn.js +69 -59
- package/lib/vendor/blamejs/lib/privacy-pass.js +8 -6
- package/lib/vendor/blamejs/lib/problem-details.js +2 -5
- package/lib/vendor/blamejs/lib/pubsub.js +4 -8
- package/lib/vendor/blamejs/lib/redact.js +2 -1
- package/lib/vendor/blamejs/lib/render.js +4 -2
- package/lib/vendor/blamejs/lib/request-helpers.js +133 -6
- package/lib/vendor/blamejs/lib/restore.js +5 -22
- package/lib/vendor/blamejs/lib/retention.js +3 -5
- package/lib/vendor/blamejs/lib/safe-async.js +457 -0
- package/lib/vendor/blamejs/lib/safe-buffer.js +137 -6
- package/lib/vendor/blamejs/lib/safe-decompress.js +2 -1
- package/lib/vendor/blamejs/lib/safe-dns.js +2 -1
- package/lib/vendor/blamejs/lib/safe-ical.js +12 -26
- package/lib/vendor/blamejs/lib/safe-json.js +7 -8
- package/lib/vendor/blamejs/lib/safe-jsonpath.js +6 -5
- package/lib/vendor/blamejs/lib/safe-mime.js +25 -29
- package/lib/vendor/blamejs/lib/safe-redirect.js +2 -5
- package/lib/vendor/blamejs/lib/safe-schema.js +7 -6
- package/lib/vendor/blamejs/lib/safe-sql.js +126 -0
- package/lib/vendor/blamejs/lib/safe-vcard.js +12 -26
- package/lib/vendor/blamejs/lib/sandbox-worker.js +9 -2
- package/lib/vendor/blamejs/lib/sandbox.js +3 -2
- package/lib/vendor/blamejs/lib/scheduler.js +5 -12
- package/lib/vendor/blamejs/lib/sec-cyber.js +82 -37
- package/lib/vendor/blamejs/lib/seeders.js +4 -11
- package/lib/vendor/blamejs/lib/self-update.js +92 -69
- package/lib/vendor/blamejs/lib/session-device-binding.js +112 -66
- package/lib/vendor/blamejs/lib/session.js +194 -6
- package/lib/vendor/blamejs/lib/sql.js +225 -78
- package/lib/vendor/blamejs/lib/sse.js +6 -10
- package/lib/vendor/blamejs/lib/static.js +136 -98
- package/lib/vendor/blamejs/lib/storage.js +4 -2
- package/lib/vendor/blamejs/lib/structured-fields.js +275 -16
- package/lib/vendor/blamejs/lib/tenant-quota.js +2 -20
- package/lib/vendor/blamejs/lib/tsa.js +11 -15
- package/lib/vendor/blamejs/lib/validate-opts.js +154 -8
- package/lib/vendor/blamejs/lib/vault/seal-pem-file.js +30 -48
- package/lib/vendor/blamejs/lib/vault-aad.js +3 -2
- package/lib/vendor/blamejs/lib/vc.js +2 -7
- package/lib/vendor/blamejs/lib/vex.js +35 -13
- package/lib/vendor/blamejs/lib/web-push-vapid.js +23 -20
- package/lib/vendor/blamejs/lib/webhook-dispatcher.js +706 -0
- package/lib/vendor/blamejs/lib/webhook.js +43 -18
- package/lib/vendor/blamejs/lib/websocket-channels.js +9 -7
- package/lib/vendor/blamejs/lib/websocket.js +7 -3
- package/lib/vendor/blamejs/lib/worm.js +2 -3
- package/lib/vendor/blamejs/lib/ws-client.js +8 -10
- package/lib/vendor/blamejs/package.json +1 -1
- package/lib/vendor/blamejs/release-notes/v0.15.13.json +81 -0
- package/lib/vendor/blamejs/scripts/check-changelog-extract.js +1 -1
- package/lib/vendor/blamejs/test/00-primitives.js +136 -7
- package/lib/vendor/blamejs/test/10-state.js +9 -3
- package/lib/vendor/blamejs/test/30-chain.js +40 -0
- package/lib/vendor/blamejs/test/helpers/check.js +18 -0
- package/lib/vendor/blamejs/test/helpers/db.js +4 -0
- package/lib/vendor/blamejs/test/helpers/index.js +1 -0
- package/lib/vendor/blamejs/test/integration/audit-chain-external-db.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/audit-stack-postgres.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/data-layer-mysql.test.js +8 -1
- package/lib/vendor/blamejs/test/integration/data-layer-pg.test.js +1 -1
- package/lib/vendor/blamejs/test/integration/framework-schema-mysql.test.js +2 -1
- package/lib/vendor/blamejs/test/integration/webhook-dispatcher-pg.test.js +269 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/atomic-file-fd-read.test.js +149 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-framework-namespaces.test.js +51 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-sign-anchor.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/audit-use-store.test.js +55 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/backup-object-store-adapter.test.js +2 -2
- package/lib/vendor/blamejs/test/layer-0-primitives/bot-guard.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/bounded-map.test.js +129 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/chain-writer-multichain.test.js +107 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/cli-api-key.test.js +12 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/codebase-patterns.test.js +2788 -3214
- package/lib/vendor/blamejs/test/layer-0-primitives/codepoint-class.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-base64url.test.js +63 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/crypto-hash-stream.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-builder.test.js +50 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/csp-nonce.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/daemon.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/defineguard-resolve-opts.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/flag.test.js +9 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/gate-contract-content-gate.test.js +290 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-csv.test.js +84 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-email.test.js +78 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-filename.test.js +23 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-gate-disposition-coverage.test.js +93 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-html.test.js +60 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-image.test.js +184 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-imap-command.test.js +0 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-json.test.js +54 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-managesieve-command.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-markdown.test.js +45 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pdf.test.js +101 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-pop3-command.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-svg.test.js +76 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-text.test.js +365 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-xml.test.js +35 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/guard-yaml.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/i18n.test.js +20 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/inbox.test.js +15 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/ip-utils.test.js +83 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-arf.test.js +10 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-auth.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-dkim.test.js +36 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-greylist.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-server-tls.test.js +39 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mail-store.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mime-parse.test.js +106 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/money.test.js +17 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/mtls-ca-revocation.test.js +98 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/nonce-store-release.test.js +77 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/observability.test.js +48 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/rate-limit-memory-getorinsert.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/request-helpers.test.js +88 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-async-loops.test.js +278 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-buffer-linear-scans.test.js +37 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/safe-jsonpath.test.js +14 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sandbox.test.js +19 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/security-headers.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/self-update.test.js +2 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-device-binding.test.js +18 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/session-extensions.test.js +1 -1
- package/lib/vendor/blamejs/test/layer-0-primitives/session-valid-from.test.js +73 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/sql.test.js +100 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/structured-fields.test.js +80 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/validate-opts-shape.test.js +235 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook-dispatcher.test.js +374 -0
- package/lib/vendor/blamejs/test/layer-0-primitives/webhook.test.js +75 -8
- package/lib/vendor/blamejs/test/layer-5-integration/guard-host-integration.test.js +3 -3
- package/package.json +1 -1
|
@@ -489,84 +489,147 @@ function _httpDate(date) {
|
|
|
489
489
|
}
|
|
490
490
|
|
|
491
491
|
function _validateCreateOpts(opts) {
|
|
492
|
-
|
|
493
|
-
|
|
492
|
+
// Declarative per-field validation. shape() runs requireObject(opts)
|
|
493
|
+
// itself (same "opts must be an object" / BAD_OPT contract the inline
|
|
494
|
+
// requireObject produced), then dispatches each field. A field whose
|
|
495
|
+
// check is one of the rule tokens maps to the token directly; a field
|
|
496
|
+
// with a bespoke message (mountPath / hashedPathPattern), a
|
|
497
|
+
// duck-typed-handle shape (permissions / cache / fileType / retention /
|
|
498
|
+
// revokeStore — each carrying its own operator-facing description), a
|
|
499
|
+
// numeric bound, or an audit/observability shape uses the
|
|
500
|
+
// validator-function hatch so the exact thrown code + message + label
|
|
501
|
+
// are preserved. Cross-field business logic (root existence,
|
|
502
|
+
// allowedFileTypes↔fileType wiring, the contentSafety map, the
|
|
503
|
+
// mountType enum, the quota↔cache requirement) stays below shape.
|
|
504
|
+
validateOpts.shape(opts, {
|
|
505
|
+
root: "required-string",
|
|
506
|
+
mountPath: function (value, _label, errorClass, code) {
|
|
507
|
+
// empty string is operator-permissible: "no mount, root is request URL"
|
|
508
|
+
if (typeof value === "string" && value.length === 0) return;
|
|
509
|
+
if (value !== undefined && value !== null && typeof value !== "string") {
|
|
510
|
+
throw errorClass.factory(code, "staticServe.create: mountPath must be a string");
|
|
511
|
+
}
|
|
512
|
+
},
|
|
513
|
+
hashedPathPattern: function (value, _label, errorClass, code) {
|
|
514
|
+
if (value !== undefined && value !== null && !(value instanceof RegExp)) {
|
|
515
|
+
throw errorClass.factory(code, "staticServe.create: hashedPathPattern must be a RegExp");
|
|
516
|
+
}
|
|
517
|
+
},
|
|
518
|
+
// indexFile === null is the operator's "disable" sentinel; the helper
|
|
519
|
+
// returns null/undefined unchanged so we keep that semantic.
|
|
520
|
+
indexFile: "optional-string",
|
|
521
|
+
defaultMaxAge: function (value, label, errorClass, code) {
|
|
522
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(value, label, errorClass, code);
|
|
523
|
+
},
|
|
524
|
+
contentTypes: "optional-plain-object",
|
|
525
|
+
// contentSafety — extension-keyed gate map. undefined → the framework
|
|
526
|
+
// wires b.guardAll.byExtension({ profile: "strict" }) so every shipped
|
|
527
|
+
// guard is ON by default; null is the explicit opt-out (audited at
|
|
528
|
+
// create() time); a plain { ext: gate } object validates each value is a
|
|
529
|
+
// gate (a .check fn). The label / code / message match the prior inline
|
|
530
|
+
// check exactly so a test asserting them still holds.
|
|
531
|
+
contentSafety: function (value, _label, errorClass, code) {
|
|
532
|
+
if (value === undefined || value === null) return;
|
|
533
|
+
validateOpts.optionalPlainObject(value,
|
|
534
|
+
"staticServe.create: contentSafety", errorClass, code,
|
|
535
|
+
"must be a plain { ext: gate } object, null to opt out, or " +
|
|
536
|
+
"undefined for the default-on b.guardAll wiring");
|
|
537
|
+
var safetyKeys = Object.keys(value);
|
|
538
|
+
for (var sk = 0; sk < safetyKeys.length; sk++) {
|
|
539
|
+
var ext = safetyKeys[sk];
|
|
540
|
+
var g = value[ext];
|
|
541
|
+
if (!g || typeof g.check !== "function") {
|
|
542
|
+
throw errorClass.factory(code,
|
|
543
|
+
"staticServe.create: contentSafety[" + JSON.stringify(ext) +
|
|
544
|
+
"] must be a gate (b.guardCsv.gate / b.guardHtml.gate / etc.)");
|
|
545
|
+
}
|
|
546
|
+
}
|
|
547
|
+
},
|
|
548
|
+
permissions: function (value, label, errorClass, code) {
|
|
549
|
+
validateOpts.optionalObjectWithMethod(value, "check", label, errorClass, code,
|
|
550
|
+
"must be a b.permissions instance (check fn)");
|
|
551
|
+
},
|
|
552
|
+
cache: function (value, label, errorClass, code) {
|
|
553
|
+
validateOpts.optionalObjectWithMethod(value, "get", label, errorClass, code,
|
|
554
|
+
"must be a b.cache instance (used for cluster-shared bandwidth + concurrency tracking)");
|
|
555
|
+
},
|
|
556
|
+
fileType: function (value, label, errorClass, code) {
|
|
557
|
+
validateOpts.optionalObjectWithMethod(value, "detect", label, errorClass, code,
|
|
558
|
+
"must be a b.fileType instance (magic-byte MIME detection)");
|
|
559
|
+
},
|
|
560
|
+
retention: function (value, label, errorClass, code) {
|
|
561
|
+
validateOpts.optionalObjectWithMethod(value, "isServable", label, errorClass, code,
|
|
562
|
+
"must expose isServable(absPath, ctx) → boolean (compliance retention check)");
|
|
563
|
+
},
|
|
564
|
+
revokeStore: function (value, label, errorClass, code) {
|
|
565
|
+
validateOpts.optionalObjectWithMethod(value, "isRevoked", label, errorClass, code,
|
|
566
|
+
"must expose isRevoked(key) and revoke(key) for force-revoke support");
|
|
567
|
+
},
|
|
568
|
+
allowedFileTypes: "optional-string-array",
|
|
569
|
+
audit: function (value, _label, errorClass, _code) {
|
|
570
|
+
validateOpts.auditShape(value, "staticServe.create", errorClass);
|
|
571
|
+
},
|
|
572
|
+
observability: function (value, _label, errorClass, _code) {
|
|
573
|
+
validateOpts.observabilityShape(value, "staticServe.create", errorClass);
|
|
574
|
+
},
|
|
575
|
+
onServe: "optional-function",
|
|
576
|
+
onError: "optional-function",
|
|
577
|
+
acceptRanges: "optional-boolean",
|
|
578
|
+
auditSuccess: "optional-boolean",
|
|
579
|
+
auditFailures: "optional-boolean",
|
|
580
|
+
safeAttachmentForRiskyMimes: "optional-boolean",
|
|
581
|
+
forceAttachmentForNonText: "optional-boolean",
|
|
582
|
+
safeRenderSvg: "optional-boolean",
|
|
583
|
+
safeRenderPdf: "optional-boolean",
|
|
584
|
+
maxBytesPerActorPerWindowMs: function (value, label, errorClass, code) {
|
|
585
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(value, label, errorClass, code);
|
|
586
|
+
},
|
|
587
|
+
maxBytesAllActorsPerWindowMs: function (value, label, errorClass, code) {
|
|
588
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(value, label, errorClass, code);
|
|
589
|
+
},
|
|
590
|
+
bandwidthWindowMs: function (value, label, errorClass, code) {
|
|
591
|
+
numericBounds.requirePositiveFiniteIntIfPresent(value, label, errorClass, code);
|
|
592
|
+
},
|
|
593
|
+
maxConcurrentDownloadsPerActor: function (value, label, errorClass, code) {
|
|
594
|
+
numericBounds.requireNonNegativeFiniteIntIfPresent(value, label, errorClass, code);
|
|
595
|
+
},
|
|
596
|
+
maxIdleMs: function (value, label, errorClass, code) {
|
|
597
|
+
numericBounds.requirePositiveFiniteIntIfPresent(value, label, errorClass, code);
|
|
598
|
+
},
|
|
599
|
+
// maxRangeBytes — per-range byte cap (slowloris-range defense). A
|
|
600
|
+
// positive finite integer caps Range requests; Infinity is the
|
|
601
|
+
// documented opt-out, so the numericBounds finite-int helpers (which
|
|
602
|
+
// reject Infinity) can't be used directly here.
|
|
603
|
+
maxRangeBytes: function (value, label, errorClass, code) {
|
|
604
|
+
if (value === undefined || value === null || value === Infinity) return;
|
|
605
|
+
numericBounds.requirePositiveFiniteInt(value, label, errorClass, code);
|
|
606
|
+
},
|
|
607
|
+
}, "staticServe.create", StaticServeError, "BAD_OPT", {
|
|
608
|
+
// contentSafetyDisabledReason (audit-row string) and mountType (curated
|
|
609
|
+
// | user-content enum) carry dedicated cross-field validation below
|
|
610
|
+
// shape — the audit reason read and the enum throw whose exact message a
|
|
611
|
+
// test asserts. Listing them here keeps that bespoke logic the single
|
|
612
|
+
// validator rather than re-checking the same key inside shape.
|
|
613
|
+
allow: ["contentSafetyDisabledReason", "mountType"],
|
|
614
|
+
});
|
|
615
|
+
|
|
494
616
|
if (!nodeFs.existsSync(opts.root)) {
|
|
495
617
|
throw _err("BAD_OPT", "staticServe.create: root does not exist: " + opts.root);
|
|
496
618
|
}
|
|
497
|
-
if (typeof opts.mountPath === "string" && opts.mountPath.length === 0) {
|
|
498
|
-
// empty string is operator-permissible: "no mount, root is request URL"
|
|
499
|
-
} else if (opts.mountPath !== undefined && opts.mountPath !== null &&
|
|
500
|
-
typeof opts.mountPath !== "string") {
|
|
501
|
-
throw _err("BAD_OPT", "staticServe.create: mountPath must be a string");
|
|
502
|
-
}
|
|
503
|
-
if (opts.hashedPathPattern !== undefined && opts.hashedPathPattern !== null &&
|
|
504
|
-
!(opts.hashedPathPattern instanceof RegExp)) {
|
|
505
|
-
throw _err("BAD_OPT", "staticServe.create: hashedPathPattern must be a RegExp");
|
|
506
|
-
}
|
|
507
|
-
// indexFile === null is the operator's "disable" sentinel; the helper
|
|
508
|
-
// returns null/undefined unchanged so we keep that semantic.
|
|
509
|
-
validateOpts.optionalNonEmptyString(opts.indexFile,
|
|
510
|
-
"staticServe.create: indexFile", StaticServeError, "BAD_OPT");
|
|
511
|
-
numericBounds.requireNonNegativeFiniteIntIfPresent(opts.defaultMaxAge,
|
|
512
|
-
"staticServe.create: defaultMaxAge", StaticServeError, "BAD_OPT");
|
|
513
|
-
validateOpts.optionalPlainObject(opts.contentTypes,
|
|
514
|
-
"staticServe.create: contentTypes", StaticServeError, "BAD_OPT");
|
|
515
|
-
validateOpts.optionalObjectWithMethod(opts.permissions, "check",
|
|
516
|
-
"staticServe.create: permissions", StaticServeError, "BAD_OPT",
|
|
517
|
-
"must be a b.permissions instance (check fn)");
|
|
518
|
-
validateOpts.optionalObjectWithMethod(opts.cache, "get",
|
|
519
|
-
"staticServe.create: cache", StaticServeError, "BAD_OPT",
|
|
520
|
-
"must be a b.cache instance (used for cluster-shared bandwidth + concurrency tracking)");
|
|
521
|
-
validateOpts.optionalObjectWithMethod(opts.fileType, "detect",
|
|
522
|
-
"staticServe.create: fileType", StaticServeError, "BAD_OPT",
|
|
523
|
-
"must be a b.fileType instance (magic-byte MIME detection)");
|
|
524
|
-
validateOpts.optionalObjectWithMethod(opts.retention, "isServable",
|
|
525
|
-
"staticServe.create: retention", StaticServeError, "BAD_OPT",
|
|
526
|
-
"must expose isServable(absPath, ctx) → boolean (compliance retention check)");
|
|
527
|
-
validateOpts.optionalObjectWithMethod(opts.revokeStore, "isRevoked",
|
|
528
|
-
"staticServe.create: revokeStore", StaticServeError, "BAD_OPT",
|
|
529
|
-
"must expose isRevoked(key) and revoke(key) for force-revoke support");
|
|
530
|
-
validateOpts.optionalNonEmptyStringArray(opts.allowedFileTypes,
|
|
531
|
-
"staticServe.create: allowedFileTypes", StaticServeError, "BAD_OPT");
|
|
532
619
|
if (Array.isArray(opts.allowedFileTypes) && opts.allowedFileTypes.length > 0 &&
|
|
533
620
|
(!opts.fileType || typeof opts.fileType.detect !== "function")) {
|
|
534
621
|
throw _err("BAD_OPT",
|
|
535
622
|
"staticServe.create: allowedFileTypes is set but fileType primitive is not wired " +
|
|
536
623
|
"(pass fileType: b.fileType so the framework can sniff magic bytes before serving)");
|
|
537
624
|
}
|
|
538
|
-
|
|
539
|
-
|
|
540
|
-
|
|
541
|
-
|
|
542
|
-
// contentSafety
|
|
543
|
-
//
|
|
544
|
-
//
|
|
545
|
-
// Explicit opt-out: contentSafety: null (audited at create() time so
|
|
546
|
-
// a security review can reconstruct which deploys disabled the
|
|
547
|
-
// default-on protection).
|
|
625
|
+
// contentSafety — extension-keyed gate map; validated in the shape above
|
|
626
|
+
// (plain { ext: gate } object / null opt-out / undefined default-on).
|
|
627
|
+
// When undefined, the framework wires b.guardAll.byExtension({ profile:
|
|
628
|
+
// "strict" }) automatically so every shipped guard is ON by default;
|
|
629
|
+
// contentSafety: null is the explicit opt-out, audited at create() time so
|
|
630
|
+
// a security review can reconstruct which deploys disabled the default-on
|
|
631
|
+
// protection.
|
|
548
632
|
// Example: contentSafety: { ".csv": b.guardCsv.gate({ profile: "strict" }) }
|
|
549
|
-
if (opts.contentSafety !== undefined && opts.contentSafety !== null) {
|
|
550
|
-
validateOpts.optionalPlainObject(opts.contentSafety,
|
|
551
|
-
"staticServe.create: contentSafety", StaticServeError, "BAD_OPT",
|
|
552
|
-
"must be a plain { ext: gate } object, null to opt out, or " +
|
|
553
|
-
"undefined for the default-on b.guardAll wiring");
|
|
554
|
-
var safetyKeys = Object.keys(opts.contentSafety);
|
|
555
|
-
for (var sk = 0; sk < safetyKeys.length; sk++) {
|
|
556
|
-
var ext = safetyKeys[sk];
|
|
557
|
-
var g = opts.contentSafety[ext];
|
|
558
|
-
if (!g || typeof g.check !== "function") {
|
|
559
|
-
throw _err("BAD_OPT",
|
|
560
|
-
"staticServe.create: contentSafety[" + JSON.stringify(ext) +
|
|
561
|
-
"] must be a gate (b.guardCsv.gate / b.guardHtml.gate / etc.)");
|
|
562
|
-
}
|
|
563
|
-
}
|
|
564
|
-
}
|
|
565
|
-
validateOpts.optionalBoolean(opts.acceptRanges, "staticServe.create: acceptRanges", StaticServeError);
|
|
566
|
-
validateOpts.optionalBoolean(opts.auditSuccess, "staticServe.create: auditSuccess", StaticServeError);
|
|
567
|
-
validateOpts.optionalBoolean(opts.auditFailures, "staticServe.create: auditFailures", StaticServeError);
|
|
568
|
-
validateOpts.optionalBoolean(opts.safeAttachmentForRiskyMimes,
|
|
569
|
-
"staticServe.create: safeAttachmentForRiskyMimes", StaticServeError);
|
|
570
633
|
// mountType — config-time enum. A typo ("usercontent", "uploads")
|
|
571
634
|
// would silently fall back to the curated default and serve untrusted
|
|
572
635
|
// HTML inline, so THROW at boot rather than mis-type the mount.
|
|
@@ -576,22 +639,6 @@ function _validateCreateOpts(opts) {
|
|
|
576
639
|
"staticServe.create: mountType must be 'curated' (default) or " +
|
|
577
640
|
"'user-content'; got " + JSON.stringify(opts.mountType));
|
|
578
641
|
}
|
|
579
|
-
validateOpts.optionalBoolean(opts.forceAttachmentForNonText,
|
|
580
|
-
"staticServe.create: forceAttachmentForNonText", StaticServeError);
|
|
581
|
-
validateOpts.optionalBoolean(opts.safeRenderSvg,
|
|
582
|
-
"staticServe.create: safeRenderSvg", StaticServeError);
|
|
583
|
-
validateOpts.optionalBoolean(opts.safeRenderPdf,
|
|
584
|
-
"staticServe.create: safeRenderPdf", StaticServeError);
|
|
585
|
-
numericBounds.requireNonNegativeFiniteIntIfPresent(opts.maxBytesPerActorPerWindowMs,
|
|
586
|
-
"staticServe.create: maxBytesPerActorPerWindowMs", StaticServeError, "BAD_OPT");
|
|
587
|
-
numericBounds.requireNonNegativeFiniteIntIfPresent(opts.maxBytesAllActorsPerWindowMs,
|
|
588
|
-
"staticServe.create: maxBytesAllActorsPerWindowMs", StaticServeError, "BAD_OPT");
|
|
589
|
-
numericBounds.requirePositiveFiniteIntIfPresent(opts.bandwidthWindowMs,
|
|
590
|
-
"staticServe.create: bandwidthWindowMs", StaticServeError, "BAD_OPT");
|
|
591
|
-
numericBounds.requireNonNegativeFiniteIntIfPresent(opts.maxConcurrentDownloadsPerActor,
|
|
592
|
-
"staticServe.create: maxConcurrentDownloadsPerActor", StaticServeError, "BAD_OPT");
|
|
593
|
-
numericBounds.requirePositiveFiniteIntIfPresent(opts.maxIdleMs,
|
|
594
|
-
"staticServe.create: maxIdleMs", StaticServeError, "BAD_OPT");
|
|
595
642
|
// Quotas require a cache for cluster-shared coordination.
|
|
596
643
|
if ((opts.maxBytesPerActorPerWindowMs > 0 ||
|
|
597
644
|
opts.maxBytesAllActorsPerWindowMs > 0 ||
|
|
@@ -701,20 +748,11 @@ async function integrity(absPath) {
|
|
|
701
748
|
|
|
702
749
|
function create(opts) {
|
|
703
750
|
opts = opts || {};
|
|
704
|
-
// The
|
|
705
|
-
//
|
|
706
|
-
//
|
|
707
|
-
validateOpts(opts, [
|
|
708
|
-
|
|
709
|
-
"indexFile", "defaultMaxAge", "contentTypes",
|
|
710
|
-
"permissions", "cache", "fileType", "retention", "revokeStore",
|
|
711
|
-
"allowedFileTypes", "audit", "observability", "onServe", "onError",
|
|
712
|
-
"acceptRanges", "auditSuccess", "auditFailures",
|
|
713
|
-
"maxBytesPerActorPerWindowMs", "maxBytesAllActorsPerWindowMs",
|
|
714
|
-
"bandwidthWindowMs", "maxConcurrentDownloadsPerActor", "maxIdleMs",
|
|
715
|
-
"contentSafety", "contentSafetyDisabledReason",
|
|
716
|
-
"mountType", "forceAttachmentForNonText", "safeRenderSvg", "safeRenderPdf",
|
|
717
|
-
], "staticServe.create");
|
|
751
|
+
// The exhaustive shape() in _validateCreateOpts is the authoritative
|
|
752
|
+
// unknown-key gate: any opt not declared in its schema (nor listed in
|
|
753
|
+
// its options.allow pass-through) is rejected as an unknown opt, so the
|
|
754
|
+
// typo-catching the v0.6.x `validateOpts(opts, [...allowed])` call gave
|
|
755
|
+
// is now subsumed by the per-field validation below.
|
|
718
756
|
_validateCreateOpts(opts);
|
|
719
757
|
var cfg = validateOpts.applyDefaults(opts, DEFAULTS);
|
|
720
758
|
var root = nodePath.resolve(opts.root);
|
|
@@ -38,10 +38,12 @@
|
|
|
38
38
|
* Filesystem-and-cloud-backed object storage with sealed per-file encryption keys, classification routing, and residency enforcement.
|
|
39
39
|
*/
|
|
40
40
|
var C = require("./constants");
|
|
41
|
+
var safeBuffer = require("./safe-buffer");
|
|
41
42
|
var { generateBytes, encryptPacked, decryptPacked } = require("./crypto");
|
|
42
43
|
var objectStore = require("./object-store");
|
|
43
44
|
var lazyRequire = require("./lazy-require");
|
|
44
45
|
var numericBounds = require("./numeric-bounds");
|
|
46
|
+
var codepointClass = require("./codepoint-class");
|
|
45
47
|
var canonicalJson = require("./canonical-json");
|
|
46
48
|
var { StorageError } = require("./framework-error");
|
|
47
49
|
|
|
@@ -950,7 +952,7 @@ function _validateAssemblyId(id) {
|
|
|
950
952
|
for (var i = 0; i < id.length; i += 1) {
|
|
951
953
|
var c = id.charCodeAt(i);
|
|
952
954
|
// Refuse: C0 (0x00-0x1F), DEL (0x7F), slash, backslash, dot-prefix
|
|
953
|
-
if (c
|
|
955
|
+
if (codepointClass.isForbiddenControlChar(c, { forbidTab: true }) || c === 0x2F || c === 0x5C) {
|
|
954
956
|
throw _err("INVALID_ARGUMENT",
|
|
955
957
|
"chunkScratch: assemblyId carries forbidden character at byte " + i, true);
|
|
956
958
|
}
|
|
@@ -1083,7 +1085,7 @@ function chunkScratch(opts) {
|
|
|
1083
1085
|
if (!Buffer.isBuffer(args.data)) {
|
|
1084
1086
|
throw _err("INVALID_ARGUMENT", "chunkScratch.saveChunk: data must be a Buffer", true);
|
|
1085
1087
|
}
|
|
1086
|
-
if (args.data
|
|
1088
|
+
if (safeBuffer.byteLengthOf(args.data) > maxChunkBytes) {
|
|
1087
1089
|
throw _err("INVALID_ARGUMENT",
|
|
1088
1090
|
"chunkScratch.saveChunk: chunk exceeds maxChunkBytes (" + args.data.length + " > " + maxChunkBytes + ")", true);
|
|
1089
1091
|
}
|
|
@@ -70,6 +70,7 @@
|
|
|
70
70
|
// node:util is a builtin (no lib require cycle) — used for strict UTF-8
|
|
71
71
|
// validation of RFC 9651 Display Strings.
|
|
72
72
|
var TextDecoder = require("node:util").TextDecoder;
|
|
73
|
+
var codepointClass = require("./codepoint-class");
|
|
73
74
|
|
|
74
75
|
function splitTopLevel(s, sep) {
|
|
75
76
|
if (typeof s !== "string") return [];
|
|
@@ -103,6 +104,261 @@ function splitTopLevel(s, sep) {
|
|
|
103
104
|
return out;
|
|
104
105
|
}
|
|
105
106
|
|
|
107
|
+
/**
|
|
108
|
+
* @primitive b.structuredFields.splitUnquoted
|
|
109
|
+
* @signature b.structuredFields.splitUnquoted(s, sep)
|
|
110
|
+
* @since 0.15.13
|
|
111
|
+
* @status stable
|
|
112
|
+
* @related b.structuredFields.splitTopLevel
|
|
113
|
+
*
|
|
114
|
+
* Split `s` on every `sep` that falls OUTSIDE a `"..."` quoted run — the
|
|
115
|
+
* iCalendar / vCard variant of the quote-aware splitter. A `"` toggles the
|
|
116
|
+
* quoted state and there is NO backslash escaping of the quote (RFC 5545
|
|
117
|
+
* 3.1.1 / RFC 6350 3.3 QSAFE-CHAR excludes DQUOTE, so a `"` always opens or
|
|
118
|
+
* closes a run). This is deliberately simpler than `splitTopLevel`, which
|
|
119
|
+
* honours HTTP structured-field backslash-quote escapes; the two are NOT
|
|
120
|
+
* interchangeable. Accepts any single-character separator.
|
|
121
|
+
*
|
|
122
|
+
* @example
|
|
123
|
+
* b.structuredFields.splitUnquoted('a;b="x;y";c', ";");
|
|
124
|
+
* // returns ['a', 'b="x;y"', 'c']
|
|
125
|
+
*/
|
|
126
|
+
function splitUnquoted(s, sep) {
|
|
127
|
+
var out = [];
|
|
128
|
+
var inQ = false;
|
|
129
|
+
var start = 0;
|
|
130
|
+
for (var i = 0; i < s.length; i++) {
|
|
131
|
+
var c = s.charAt(i);
|
|
132
|
+
if (c === '"') { inQ = !inQ; continue; }
|
|
133
|
+
if (c === sep && !inQ) {
|
|
134
|
+
out.push(s.slice(start, i));
|
|
135
|
+
start = i + 1;
|
|
136
|
+
}
|
|
137
|
+
}
|
|
138
|
+
out.push(s.slice(start));
|
|
139
|
+
return out;
|
|
140
|
+
}
|
|
141
|
+
|
|
142
|
+
/**
|
|
143
|
+
* @primitive b.structuredFields.stripDoubleQuotes
|
|
144
|
+
* @signature b.structuredFields.stripDoubleQuotes(s)
|
|
145
|
+
* @since 0.15.13
|
|
146
|
+
* @status stable
|
|
147
|
+
* @related b.structuredFields.splitUnquoted, b.structuredFields.unquoteSfString
|
|
148
|
+
*
|
|
149
|
+
* Strip ONE layer of surrounding `"` from `s` when both ends are a double
|
|
150
|
+
* quote (length ≥ 2), otherwise return `s` unchanged. The plain DQUOTE
|
|
151
|
+
* unwrap used by the iCal / vCard parsers for a quoted parameter value —
|
|
152
|
+
* no backslash-escape processing (RFC 5545 3.1 / RFC 6350 5: a quoted
|
|
153
|
+
* param value is QSAFE-CHAR, which excludes DQUOTE, so there is nothing to
|
|
154
|
+
* unescape). Distinct from `unquoteSfString`, which decodes HTTP
|
|
155
|
+
* structured-field `\"` / `\\` escapes.
|
|
156
|
+
*
|
|
157
|
+
* @example
|
|
158
|
+
* b.structuredFields.stripDoubleQuotes('"a;b"');
|
|
159
|
+
* // returns 'a;b'
|
|
160
|
+
*
|
|
161
|
+
* b.structuredFields.stripDoubleQuotes('plain');
|
|
162
|
+
* // returns 'plain'
|
|
163
|
+
*/
|
|
164
|
+
function stripDoubleQuotes(s) {
|
|
165
|
+
if (s.length >= 2 && s.charAt(0) === '"' && s.charAt(s.length - 1) === '"') {
|
|
166
|
+
return s.slice(1, -1);
|
|
167
|
+
}
|
|
168
|
+
return s;
|
|
169
|
+
}
|
|
170
|
+
|
|
171
|
+
/**
|
|
172
|
+
* @primitive b.structuredFields.unfoldHeaderContinuations
|
|
173
|
+
* @signature b.structuredFields.unfoldHeaderContinuations(value)
|
|
174
|
+
* @since 0.15.13
|
|
175
|
+
* @status stable
|
|
176
|
+
* @related b.structuredFields.parseTagList
|
|
177
|
+
*
|
|
178
|
+
* Collapse RFC 5322 folding whitespace — a CRLF (or bare LF) followed by one
|
|
179
|
+
* or more spaces/tabs — back to a single space, reversing the line folding a
|
|
180
|
+
* header value may carry in transit. Used before parsing DKIM / ARC /
|
|
181
|
+
* Authentication-Results tag lists, where a folded `b=` / `bh=` value must be
|
|
182
|
+
* rejoined before its base64 is read.
|
|
183
|
+
*
|
|
184
|
+
* @example
|
|
185
|
+
* b.structuredFields.unfoldHeaderContinuations("v=DKIM1;\r\n k=rsa");
|
|
186
|
+
* // returns "v=DKIM1; k=rsa"
|
|
187
|
+
*/
|
|
188
|
+
function unfoldHeaderContinuations(value) {
|
|
189
|
+
return String(value).replace(/\r?\n[ \t]+/g, " ");
|
|
190
|
+
}
|
|
191
|
+
|
|
192
|
+
/**
|
|
193
|
+
* @primitive b.structuredFields.parseKeyValuePiece
|
|
194
|
+
* @signature b.structuredFields.parseKeyValuePiece(piece, kvSep?, lowerKey?)
|
|
195
|
+
* @since 0.15.13
|
|
196
|
+
* @status stable
|
|
197
|
+
* @related b.structuredFields.parseTagList, b.structuredFields.splitTopLevel
|
|
198
|
+
*
|
|
199
|
+
* Parse ONE already-split list piece into a `{ key, value }` pair: `key` is the
|
|
200
|
+
* text before the first `kvSep` (default "="), trimmed and — unless `lowerKey`
|
|
201
|
+
* is `false` — lower-cased; `value` is the raw remainder (the caller trims /
|
|
202
|
+
* unquotes / sf-string-parses it per its own grammar). A piece with NO `kvSep`
|
|
203
|
+
* is a "bare" item — `value` is null — which the caller handles per its grammar
|
|
204
|
+
* (skip it, or treat as a flag-style directive).
|
|
205
|
+
*
|
|
206
|
+
* The shared per-pair step behind every `key=value` list parser: the naive
|
|
207
|
+
* `parseTagList` loop AND the quote-aware parsers that first `splitTopLevel`
|
|
208
|
+
* then parse each piece (Cache-Control directives, Client-Hints brand params,
|
|
209
|
+
* Content-Type parameters). `lowerKey:false` serves the rare grammar whose key
|
|
210
|
+
* is case-sensitive (a verbatim tag-list passthrough).
|
|
211
|
+
*
|
|
212
|
+
* @example
|
|
213
|
+
* b.structuredFields.parseKeyValuePiece("Max-Age=60"); // → { key: "max-age", value: "60" }
|
|
214
|
+
* b.structuredFields.parseKeyValuePiece("no-store"); // → { key: "no-store", value: null }
|
|
215
|
+
* b.structuredFields.parseKeyValuePiece("Key=a=b", "=", false); // → { key: "Key", value: "a=b" }
|
|
216
|
+
*/
|
|
217
|
+
function parseKeyValuePiece(piece, kvSep, lowerKey) {
|
|
218
|
+
var sep = kvSep || "=";
|
|
219
|
+
var at = piece.indexOf(sep);
|
|
220
|
+
var rawKey = (at === -1 ? piece : piece.slice(0, at)).trim();
|
|
221
|
+
var key = lowerKey === false ? rawKey : rawKey.toLowerCase();
|
|
222
|
+
return { key: key, value: at === -1 ? null : piece.slice(at + sep.length) };
|
|
223
|
+
}
|
|
224
|
+
|
|
225
|
+
/**
|
|
226
|
+
* @primitive b.structuredFields.parseTagList
|
|
227
|
+
* @signature b.structuredFields.parseTagList(input, opts?)
|
|
228
|
+
* @since 0.15.13
|
|
229
|
+
* @status stable
|
|
230
|
+
* @related b.structuredFields.splitTopLevel
|
|
231
|
+
*
|
|
232
|
+
* Parse a NAIVE delimited `key<kvSep>value` tag list into an ordered
|
|
233
|
+
* array of `[key, value]` pairs. This is the non-quote-aware sibling
|
|
234
|
+
* of `splitTopLevel`: it is for grammars whose RFC forbids the DQUOTE
|
|
235
|
+
* structured-string form, so a bare `split` is correct and a
|
|
236
|
+
* quote-aware walk would be wrong — DKIM (RFC 6376 §3.2), DMARC
|
|
237
|
+
* (RFC 7489 §6.4), ARC (RFC 8617 §4), BIMI (RFC 9091 §4), and the
|
|
238
|
+
* MTA-STS policy grammar (RFC 8461, line/colon delimited).
|
|
239
|
+
*
|
|
240
|
+
* Pairs are returned (not a map) so a caller whose grammar permits a
|
|
241
|
+
* repeated key — MTA-STS `mx:` lines list one host each — keeps every
|
|
242
|
+
* occurrence; a caller wanting last-wins map semantics folds the
|
|
243
|
+
* pairs into a plain object itself. Order is preserved, so a caller
|
|
244
|
+
* that throws on a malformed value throws at the same point it would
|
|
245
|
+
* have mid-loop.
|
|
246
|
+
*
|
|
247
|
+
* Entries that are empty after trimming, or carry no `kvSep`, are
|
|
248
|
+
* skipped (matching every shipped parser's prior behavior).
|
|
249
|
+
*
|
|
250
|
+
* @opts
|
|
251
|
+
* sep: string|RegExp, // entry separator. default: ";" (MTA-STS uses /\r?\n/)
|
|
252
|
+
* kvSep: string, // key/value separator. default: "=" (MTA-STS uses ":")
|
|
253
|
+
* unfold: boolean, // collapse CRLF+WSP folds to a space first (DKIM FWS). default: false
|
|
254
|
+
* stripValueWs: boolean, // strip all whitespace inside each value (DKIM/ARC FWS). default: false
|
|
255
|
+
* lowerKey: boolean, // lower-case each key. default: true (set false to preserve case)
|
|
256
|
+
*
|
|
257
|
+
* @example
|
|
258
|
+
* b.structuredFields.parseTagList("v=DKIM1; k=rsa; p=MIGf");
|
|
259
|
+
* // → [ ["v", "DKIM1"], ["k", "rsa"], ["p", "MIGf"] ]
|
|
260
|
+
*
|
|
261
|
+
* b.structuredFields.parseTagList("version:STSv1\nmx:a.example\nmx:b.example",
|
|
262
|
+
* { sep: /\r?\n/, kvSep: ":" });
|
|
263
|
+
* // → [ ["version","STSv1"], ["mx","a.example"], ["mx","b.example"] ]
|
|
264
|
+
*/
|
|
265
|
+
function parseTagList(input, opts) {
|
|
266
|
+
opts = opts || {};
|
|
267
|
+
var sep = opts.sep === undefined ? ";" : opts.sep;
|
|
268
|
+
var kvSep = opts.kvSep === undefined ? "=" : opts.kvSep;
|
|
269
|
+
var s = String(input);
|
|
270
|
+
if (opts.unfold) s = unfoldHeaderContinuations(s);
|
|
271
|
+
var kvps = parseKeyValuePieces(s.split(sep), 0, kvSep, opts.lowerKey);
|
|
272
|
+
var out = [];
|
|
273
|
+
forEachKeyValue(kvps, function (key, val) {
|
|
274
|
+
if (opts.stripValueWs) val = val.replace(/\s+/g, "");
|
|
275
|
+
out.push([key, val]);
|
|
276
|
+
});
|
|
277
|
+
return out;
|
|
278
|
+
}
|
|
279
|
+
|
|
280
|
+
/**
|
|
281
|
+
* @primitive b.structuredFields.parseKeyValuePieces
|
|
282
|
+
* @signature b.structuredFields.parseKeyValuePieces(pieces, startIndex?, kvSep?, lowerKey?)
|
|
283
|
+
* @since 0.15.13
|
|
284
|
+
* @status stable
|
|
285
|
+
* @related b.structuredFields.parseKeyValuePiece, b.structuredFields.parseTagList
|
|
286
|
+
*
|
|
287
|
+
* Iterate an already-split list of structured-field pieces, trimming each,
|
|
288
|
+
* dropping empties, and parsing the survivors into `{ key, value }` records
|
|
289
|
+
* via `parseKeyValuePiece`. `startIndex` skips a leading non-pair token (the
|
|
290
|
+
* media type in a `Content-Type`, the brand in a `Sec-CH-UA` member); `kvSep`
|
|
291
|
+
* overrides the default `"="`; `lowerKey:false` preserves key case for a
|
|
292
|
+
* case-sensitive grammar.
|
|
293
|
+
*
|
|
294
|
+
* The split is left to the caller because the boundary discipline differs by
|
|
295
|
+
* grammar — `splitTopLevel` honours quotes/parens for RFC 8941 lists, while a
|
|
296
|
+
* plain `String(value).split(";")` is right where inner separators cannot be
|
|
297
|
+
* quoted. Per-piece dispatch (unquote, numeric coercion, poisoned-key drops)
|
|
298
|
+
* stays with the caller; this owns only the uniform iterate-trim-skip-parse
|
|
299
|
+
* spine the parsers shared verbatim.
|
|
300
|
+
*
|
|
301
|
+
* @opts
|
|
302
|
+
* startIndex: number, // default: 0 — first piece treated as a key/value pair
|
|
303
|
+
* kvSep: string, // default: "=" — key/value separator within a piece
|
|
304
|
+
* lowerKey: boolean, // default: true — lower-case each parsed key
|
|
305
|
+
*
|
|
306
|
+
* @example
|
|
307
|
+
* var kvps = b.structuredFields.parseKeyValuePieces(
|
|
308
|
+
* b.structuredFields.splitTopLevel("max-age=600, immutable", ","));
|
|
309
|
+
* // → [ { key: "max-age", value: "600" }, { key: "immutable", value: null } ]
|
|
310
|
+
*/
|
|
311
|
+
function parseKeyValuePieces(pieces, startIndex, kvSep, lowerKey) {
|
|
312
|
+
var out = [];
|
|
313
|
+
for (var i = startIndex || 0; i < pieces.length; i += 1) {
|
|
314
|
+
var p = pieces[i].trim();
|
|
315
|
+
if (p.length === 0) continue;
|
|
316
|
+
out.push(parseKeyValuePiece(p, kvSep, lowerKey));
|
|
317
|
+
}
|
|
318
|
+
return out;
|
|
319
|
+
}
|
|
320
|
+
|
|
321
|
+
/**
|
|
322
|
+
* @primitive b.structuredFields.forEachKeyValue
|
|
323
|
+
* @signature b.structuredFields.forEachKeyValue(kvps, handler)
|
|
324
|
+
* @since 0.15.13
|
|
325
|
+
* @status stable
|
|
326
|
+
* @related b.structuredFields.parseKeyValuePieces, b.structuredFields.parseTagList
|
|
327
|
+
*
|
|
328
|
+
* Consume the `{ key, value }` records from `parseKeyValuePieces`: skip
|
|
329
|
+
* the bare entries (those with a `null` value — a key that carried no
|
|
330
|
+
* separator), trim each surviving value, and invoke
|
|
331
|
+
* `handler(key, trimmedValue, index)`. The mirror of
|
|
332
|
+
* `parseKeyValuePieces` on the consuming side — that primitive owns the
|
|
333
|
+
* parse spine, this owns the iterate-skip-bare-trim spine every header
|
|
334
|
+
* parser repeated verbatim before dispatching.
|
|
335
|
+
*
|
|
336
|
+
* Per-key dispatch (sf-string unquoting, numeric coercion, poisoned-key
|
|
337
|
+
* drops, building a typed result) stays in the handler — a handler that
|
|
338
|
+
* `return`s skips the current entry, exactly like a `continue`. Parsers
|
|
339
|
+
* that instead treat a bare key as meaningful (a value-less directive)
|
|
340
|
+
* iterate the records directly rather than calling this.
|
|
341
|
+
*
|
|
342
|
+
* @example
|
|
343
|
+
* var b = require("blamejs");
|
|
344
|
+
*
|
|
345
|
+
* var out = {};
|
|
346
|
+
* var kvps = b.structuredFields.parseKeyValuePieces("a=1; b=2".split(";"));
|
|
347
|
+
* b.structuredFields.forEachKeyValue(kvps, function (key, value) {
|
|
348
|
+
* out[key] = value;
|
|
349
|
+
* });
|
|
350
|
+
* // out → { a: "1", b: "2" }
|
|
351
|
+
*/
|
|
352
|
+
function forEachKeyValue(kvps, handler) {
|
|
353
|
+
if (typeof handler !== "function") {
|
|
354
|
+
throw new TypeError("structuredFields.forEachKeyValue: handler must be a function");
|
|
355
|
+
}
|
|
356
|
+
for (var i = 0; i < kvps.length; i += 1) {
|
|
357
|
+
if (kvps[i].value === null) continue;
|
|
358
|
+
handler(kvps[i].key, kvps[i].value.trim(), i);
|
|
359
|
+
}
|
|
360
|
+
}
|
|
361
|
+
|
|
106
362
|
/**
|
|
107
363
|
* @primitive b.structuredFields.refuseControlBytes
|
|
108
364
|
* @signature b.structuredFields.refuseControlBytes(value, opts)
|
|
@@ -155,22 +411,18 @@ function refuseControlBytes(value, opts) {
|
|
|
155
411
|
if (!opts.label || typeof opts.label !== "string") {
|
|
156
412
|
throw new TypeError("refuseControlBytes: opts.label (non-empty string) is required");
|
|
157
413
|
}
|
|
158
|
-
var allowHt = opts.allowHt !== false;
|
|
159
|
-
|
|
160
|
-
var
|
|
161
|
-
|
|
162
|
-
|
|
163
|
-
|
|
164
|
-
|
|
165
|
-
|
|
166
|
-
|
|
167
|
-
|
|
168
|
-
// matches every framework-error class generated by `defineClass`.
|
|
169
|
-
if (opts.useNativeError === true) {
|
|
170
|
-
throw new opts.ErrorClass(msg);
|
|
171
|
-
}
|
|
172
|
-
throw new opts.ErrorClass(opts.code, msg);
|
|
414
|
+
var allowHt = opts.allowHt !== false; // ASCII HT (folding whitespace) permitted unless allowHt === false
|
|
415
|
+
if (codepointClass.firstControlCharOffset(value, { forbidTab: !allowHt }) !== -1) { // C0 + DEL codepoint range
|
|
416
|
+
var msg = opts.label + ": value contains control characters (C0 / DEL)";
|
|
417
|
+
// opts.useNativeError === true → call the ErrorClass with a
|
|
418
|
+
// single-arg `message` (matches native Error / TypeError /
|
|
419
|
+
// RangeError signatures used by defensive request-shape
|
|
420
|
+
// readers). Default false → call with (code, message) which
|
|
421
|
+
// matches every framework-error class generated by `defineClass`.
|
|
422
|
+
if (opts.useNativeError === true) {
|
|
423
|
+
throw new opts.ErrorClass(msg);
|
|
173
424
|
}
|
|
425
|
+
throw new opts.ErrorClass(opts.code, msg);
|
|
174
426
|
}
|
|
175
427
|
}
|
|
176
428
|
|
|
@@ -271,7 +523,7 @@ function containsControlBytes(value, opts) {
|
|
|
271
523
|
for (var i = 0; i < value.length; i += 1) {
|
|
272
524
|
var cc = value.charCodeAt(i);
|
|
273
525
|
if (allowHt && cc === 9) continue; // ASCII HT (folding whitespace)
|
|
274
|
-
if (cc
|
|
526
|
+
if (codepointClass.isForbiddenControlChar(cc, { forbidTab: true })) return true; // C0 + DEL codepoint range
|
|
275
527
|
}
|
|
276
528
|
return false;
|
|
277
529
|
}
|
|
@@ -707,6 +959,13 @@ function serialize(value, type, opts) {
|
|
|
707
959
|
|
|
708
960
|
module.exports = {
|
|
709
961
|
splitTopLevel: splitTopLevel,
|
|
962
|
+
splitUnquoted: splitUnquoted,
|
|
963
|
+
stripDoubleQuotes: stripDoubleQuotes,
|
|
964
|
+
parseTagList: parseTagList,
|
|
965
|
+
unfoldHeaderContinuations: unfoldHeaderContinuations,
|
|
966
|
+
parseKeyValuePiece: parseKeyValuePiece,
|
|
967
|
+
parseKeyValuePieces: parseKeyValuePieces,
|
|
968
|
+
forEachKeyValue: forEachKeyValue,
|
|
710
969
|
refuseControlBytes: refuseControlBytes,
|
|
711
970
|
containsControlBytes: containsControlBytes,
|
|
712
971
|
unquoteSfString: unquoteSfString,
|
|
@@ -183,16 +183,7 @@ function create(opts) {
|
|
|
183
183
|
return defaultBytesCap;
|
|
184
184
|
}
|
|
185
185
|
|
|
186
|
-
|
|
187
|
-
if (!auditOn) return;
|
|
188
|
-
try {
|
|
189
|
-
audit().safeEmit({
|
|
190
|
-
action: action,
|
|
191
|
-
outcome: outcome,
|
|
192
|
-
metadata: metadata || {},
|
|
193
|
-
});
|
|
194
|
-
} catch (_e) { /* audit best-effort */ }
|
|
195
|
-
}
|
|
186
|
+
var _emitAudit = audit().namespaced(null, { audit: auditOn });
|
|
196
187
|
|
|
197
188
|
function _emitMetric(name, n) {
|
|
198
189
|
try { observability().safeEvent(name, n || 1, {}); }
|
|
@@ -375,16 +366,7 @@ function budget(opts) {
|
|
|
375
366
|
return c;
|
|
376
367
|
}
|
|
377
368
|
|
|
378
|
-
|
|
379
|
-
if (!auditOn) return;
|
|
380
|
-
try {
|
|
381
|
-
audit().safeEmit({
|
|
382
|
-
action: action,
|
|
383
|
-
outcome: outcome,
|
|
384
|
-
metadata: metadata || {},
|
|
385
|
-
});
|
|
386
|
-
} catch (_e) { /* audit best-effort */ }
|
|
387
|
-
}
|
|
369
|
+
var _emitAudit = audit().namespaced(null, { audit: auditOn });
|
|
388
370
|
|
|
389
371
|
function _emitMetric(name, n) {
|
|
390
372
|
try { observability().safeEvent(name, n || 1, {}); }
|