@blamejs/core 0.14.1 → 0.14.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/CHANGELOG.md +4 -0
- package/lib/_test/crypto-fixtures.js +3 -3
- package/lib/a2a-tasks.js +18 -18
- package/lib/a2a.js +4 -4
- package/lib/acme.js +3 -3
- package/lib/agent-idempotency.js +1 -1
- package/lib/agent-orchestrator.js +8 -8
- package/lib/agent-posture-chain.js +2 -2
- package/lib/agent-saga.js +1 -1
- package/lib/agent-snapshot.js +1 -1
- package/lib/agent-stream.js +1 -1
- package/lib/agent-tenant.js +1 -1
- package/lib/agent-trace.js +3 -3
- package/lib/ai-capability.js +1 -1
- package/lib/ai-dp.js +4 -4
- package/lib/ai-input.js +3 -3
- package/lib/ai-model-manifest.js +7 -7
- package/lib/ai-pref.js +3 -3
- package/lib/archive-gz.js +2 -2
- package/lib/archive-read.js +25 -25
- package/lib/archive-tar-read.js +2 -2
- package/lib/archive-tar.js +20 -20
- package/lib/archive-wrap.js +10 -10
- package/lib/argon2-builtin.js +1 -1
- package/lib/asn1-der.js +34 -34
- package/lib/atomic-file.js +2 -2
- package/lib/audit-daily-review.js +3 -3
- package/lib/audit-sign.js +5 -5
- package/lib/audit-tools.js +1 -1
- package/lib/audit.js +2 -2
- package/lib/auth/acr-vocabulary.js +2 -2
- package/lib/auth/bot-challenge.js +3 -3
- package/lib/auth/ciba.js +7 -7
- package/lib/auth/dpop.js +3 -3
- package/lib/auth/fido-mds3.js +8 -8
- package/lib/auth/jwt-external.js +5 -5
- package/lib/auth/oauth.js +2 -2
- package/lib/auth/oid4vci.js +9 -9
- package/lib/auth/oid4vp.js +2 -2
- package/lib/auth/openid-federation.js +2 -2
- package/lib/auth/passkey.js +3 -3
- package/lib/auth/saml.js +23 -23
- package/lib/auth/sd-jwt-vc-disclosure.js +1 -1
- package/lib/auth/sd-jwt-vc.js +4 -4
- package/lib/auth/status-list.js +10 -10
- package/lib/auth/step-up.js +1 -1
- package/lib/auth-bot-challenge.js +1 -1
- package/lib/backup/index.js +7 -7
- package/lib/base32.js +8 -8
- package/lib/budr.js +2 -2
- package/lib/cache-status.js +2 -2
- package/lib/calendar.js +23 -23
- package/lib/cbor.js +12 -12
- package/lib/cdn-cache-control.js +1 -1
- package/lib/cert.js +5 -5
- package/lib/cloud-events.js +5 -5
- package/lib/cms-codec.js +21 -21
- package/lib/codepoint-class.js +12 -12
- package/lib/compliance-sanctions-fuzzy.js +4 -4
- package/lib/compliance-sanctions.js +4 -4
- package/lib/compliance.js +29 -29
- package/lib/content-credentials.js +36 -36
- package/lib/cookies.js +1 -1
- package/lib/cose.js +13 -13
- package/lib/cra-report.js +1 -1
- package/lib/crdt.js +1 -1
- package/lib/crypto-field.js +2 -2
- package/lib/crypto-xwing.js +7 -7
- package/lib/crypto.js +6 -6
- package/lib/csp.js +2 -2
- package/lib/cwt.js +4 -4
- package/lib/dark-patterns.js +2 -2
- package/lib/data-act.js +2 -2
- package/lib/db-file-lifecycle.js +4 -4
- package/lib/db-query.js +1 -1
- package/lib/db.js +6 -6
- package/lib/dbsc.js +13 -13
- package/lib/did.js +17 -17
- package/lib/dora.js +4 -4
- package/lib/dsr.js +1 -1
- package/lib/early-hints.js +2 -2
- package/lib/eat.js +4 -4
- package/lib/external-db-migrate.js +1 -1
- package/lib/external-db.js +1 -1
- package/lib/flag-cache.js +1 -1
- package/lib/flag-evaluation-context.js +2 -2
- package/lib/graphql-federation.js +5 -5
- package/lib/guard-agent-registry.js +5 -5
- package/lib/guard-archive.js +24 -24
- package/lib/guard-cidr.js +33 -33
- package/lib/guard-csv.js +1 -1
- package/lib/guard-domain.js +10 -10
- package/lib/guard-dsn.js +4 -4
- package/lib/guard-email.js +19 -19
- package/lib/guard-event-bus-payload.js +4 -4
- package/lib/guard-event-bus-topic.js +6 -6
- package/lib/guard-filename.js +7 -7
- package/lib/guard-graphql.js +9 -9
- package/lib/guard-html-wcag-tagwalk.js +1 -1
- package/lib/guard-html-wcag.js +4 -4
- package/lib/guard-html.js +7 -7
- package/lib/guard-idempotency-key.js +6 -6
- package/lib/guard-image.js +4 -4
- package/lib/guard-imap-command.js +17 -17
- package/lib/guard-jmap.js +20 -20
- package/lib/guard-json.js +12 -12
- package/lib/guard-jsonpath.js +3 -3
- package/lib/guard-jwt.js +4 -4
- package/lib/guard-list-id.js +7 -7
- package/lib/guard-list-unsubscribe.js +8 -8
- package/lib/guard-mail-compose.js +4 -4
- package/lib/guard-mail-move.js +5 -5
- package/lib/guard-mail-query.js +3 -3
- package/lib/guard-mail-reply.js +3 -3
- package/lib/guard-mail-sieve.js +6 -6
- package/lib/guard-managesieve-command.js +25 -25
- package/lib/guard-markdown.js +31 -31
- package/lib/guard-message-id.js +5 -5
- package/lib/guard-mime.js +1 -1
- package/lib/guard-oauth.js +3 -3
- package/lib/guard-pdf.js +6 -6
- package/lib/guard-pop3-command.js +11 -11
- package/lib/guard-posture-chain.js +5 -5
- package/lib/guard-regex.js +10 -10
- package/lib/guard-saga-config.js +5 -5
- package/lib/guard-smtp-command.js +6 -6
- package/lib/guard-snapshot-envelope.js +3 -3
- package/lib/guard-stream-args.js +4 -4
- package/lib/guard-svg.js +11 -11
- package/lib/guard-tenant-id.js +5 -5
- package/lib/guard-time.js +15 -15
- package/lib/guard-trace-context.js +4 -4
- package/lib/guard-uuid.js +11 -11
- package/lib/guard-xml.js +12 -12
- package/lib/guard-yaml.js +16 -16
- package/lib/honeytoken.js +5 -5
- package/lib/http-client.js +1 -1
- package/lib/http-message-signature.js +2 -2
- package/lib/iab-mspa.js +3 -3
- package/lib/iab-tcf.js +70 -70
- package/lib/inbox.js +4 -4
- package/lib/ip-utils.js +15 -15
- package/lib/jose-jwe-experimental.js +2 -2
- package/lib/json-path.js +3 -3
- package/lib/json-schema.js +1 -1
- package/lib/jsonapi.js +3 -3
- package/lib/jtd.js +2 -2
- package/lib/link-header.js +1 -1
- package/lib/local-db-thin.js +1 -1
- package/lib/log.js +1 -1
- package/lib/lro.js +4 -4
- package/lib/mail-agent.js +1 -1
- package/lib/mail-arc-sign.js +6 -6
- package/lib/mail-auth.js +43 -43
- package/lib/mail-bimi.js +3 -3
- package/lib/mail-crypto-pgp.js +31 -31
- package/lib/mail-crypto-smime.js +5 -5
- package/lib/mail-dav.js +1 -1
- package/lib/mail-deploy.js +39 -39
- package/lib/mail-dkim.js +11 -11
- package/lib/mail-greylist.js +12 -12
- package/lib/mail-helo.js +1 -1
- package/lib/mail-journal.js +8 -8
- package/lib/mail-rbl.js +7 -7
- package/lib/mail-scan.js +7 -7
- package/lib/mail-send-deliver.js +2 -2
- package/lib/mail-server-imap.js +12 -12
- package/lib/mail-server-jmap.js +16 -16
- package/lib/mail-server-managesieve.js +4 -4
- package/lib/mail-server-mx.js +17 -17
- package/lib/mail-server-pop3.js +4 -4
- package/lib/mail-server-rate-limit.js +2 -2
- package/lib/mail-server-submission.js +21 -21
- package/lib/mail-sieve.js +2 -2
- package/lib/mail-spam-score.js +5 -5
- package/lib/mail-srs.js +12 -12
- package/lib/mail-store-fts.js +2 -2
- package/lib/mail-store.js +8 -8
- package/lib/mail-unsubscribe.js +4 -4
- package/lib/mail.js +4 -4
- package/lib/mcp-tool-registry.js +4 -4
- package/lib/mcp.js +9 -9
- package/lib/mdoc.js +2 -2
- package/lib/metrics.js +8 -8
- package/lib/middleware/age-gate.js +1 -1
- package/lib/middleware/api-encrypt.js +7 -7
- package/lib/middleware/assetlinks.js +2 -2
- package/lib/middleware/asyncapi-serve.js +2 -2
- package/lib/middleware/bearer-auth.js +5 -5
- package/lib/middleware/body-parser.js +5 -5
- package/lib/middleware/compose-pipeline.js +15 -15
- package/lib/middleware/csp-report.js +4 -4
- package/lib/middleware/daily-byte-quota.js +1 -1
- package/lib/middleware/dpop.js +1 -1
- package/lib/middleware/headers.js +2 -2
- package/lib/middleware/host-allowlist.js +1 -1
- package/lib/middleware/idempotency-key.js +12 -12
- package/lib/middleware/nel.js +1 -1
- package/lib/middleware/openapi-serve.js +2 -2
- package/lib/middleware/protected-resource-metadata.js +2 -2
- package/lib/middleware/require-aal.js +1 -1
- package/lib/middleware/require-bound-key.js +2 -2
- package/lib/middleware/require-content-type.js +1 -1
- package/lib/middleware/require-methods.js +1 -1
- package/lib/middleware/require-step-up.js +2 -2
- package/lib/middleware/scim-server.js +1 -1
- package/lib/middleware/security-txt.js +3 -3
- package/lib/middleware/tus-upload.js +12 -12
- package/lib/middleware/web-app-manifest.js +2 -2
- package/lib/network-byte-quota.js +1 -1
- package/lib/network-dns-resolver.js +23 -23
- package/lib/network-dns.js +29 -29
- package/lib/network-dnssec.js +33 -33
- package/lib/network-smtp-policy.js +10 -10
- package/lib/network-tls.js +87 -87
- package/lib/network-tsig.js +33 -33
- package/lib/nis2-report.js +1 -1
- package/lib/ntp-check.js +3 -3
- package/lib/observability-otlp-exporter.js +17 -17
- package/lib/observability-tracer.js +6 -6
- package/lib/observability.js +8 -8
- package/lib/openapi-yaml.js +1 -1
- package/lib/openapi.js +1 -1
- package/lib/outbox.js +6 -6
- package/lib/pqc-agent.js +4 -4
- package/lib/pqc-software.js +1 -1
- package/lib/privacy-pass.js +5 -5
- package/lib/problem-details.js +5 -5
- package/lib/promise-pool.js +1 -1
- package/lib/protobuf-encoder.js +1 -1
- package/lib/redact.js +2 -2
- package/lib/request-helpers.js +1 -1
- package/lib/router.js +10 -10
- package/lib/safe-async.js +2 -2
- package/lib/safe-dns.js +71 -71
- package/lib/safe-ical.js +19 -19
- package/lib/safe-icap.js +24 -24
- package/lib/safe-jsonpath.js +2 -2
- package/lib/safe-mime.js +10 -10
- package/lib/safe-mount-info.js +3 -3
- package/lib/safe-redirect.js +1 -1
- package/lib/safe-sieve.js +23 -23
- package/lib/safe-smtp.js +1 -1
- package/lib/safe-vcard.js +14 -14
- package/lib/sandbox.js +5 -5
- package/lib/sec-cyber.js +1 -1
- package/lib/self-update-standalone-verifier.js +3 -3
- package/lib/self-update.js +3 -3
- package/lib/server-timing.js +3 -3
- package/lib/session-device-binding.js +7 -7
- package/lib/session.js +8 -8
- package/lib/standard-webhooks.js +4 -4
- package/lib/storage.js +2 -2
- package/lib/stream-throttle.js +1 -1
- package/lib/structured-fields.js +15 -15
- package/lib/subject.js +1 -1
- package/lib/tcpa-10dlc.js +1 -1
- package/lib/tenant-quota.js +3 -3
- package/lib/test-harness.js +1 -1
- package/lib/tracing.js +1 -1
- package/lib/tsa.js +5 -5
- package/lib/uri-template.js +5 -5
- package/lib/vault/index.js +2 -2
- package/lib/vault/seal-pem-file.js +4 -4
- package/lib/vc.js +2 -2
- package/lib/vendor-data.js +1 -1
- package/lib/watcher.js +4 -4
- package/lib/web-push-vapid.js +21 -21
- package/lib/webhook.js +2 -2
- package/lib/websocket.js +3 -3
- package/lib/worker-pool.js +3 -3
- package/lib/ws-client.js +24 -24
- package/lib/xml-c14n.js +2 -2
- package/package.json +1 -1
- package/sbom.cdx.json +6 -6
|
@@ -79,8 +79,8 @@ var { SessionDeviceBindingError } = require("./framework-error");
|
|
|
79
79
|
var observability = lazyRequire(function () { return require("./observability"); });
|
|
80
80
|
|
|
81
81
|
var DEFAULT_TTL_MS = C.TIME.days(7);
|
|
82
|
-
var DEFAULT_IP_V4_PREFIX = 24; //
|
|
83
|
-
var DEFAULT_IP_V6_PREFIX = 48; //
|
|
82
|
+
var DEFAULT_IP_V4_PREFIX = 24; // IPv4 /24 fingerprint mask in bits
|
|
83
|
+
var DEFAULT_IP_V6_PREFIX = 48; // IPv6 /48 fingerprint mask in bits
|
|
84
84
|
var FINGERPRINT_BYTES = C.BYTES.bytes(32);
|
|
85
85
|
|
|
86
86
|
var ALLOWED_OPTS = [
|
|
@@ -150,7 +150,7 @@ function _ipPrefix(ip, bits) {
|
|
|
150
150
|
// Naive expansion — keep the first ceil(v6Bits/16) groups intact
|
|
151
151
|
// and zero the rest. Sufficient for fingerprint stability; not a
|
|
152
152
|
// canonical IPv6 representation.
|
|
153
|
-
var keepGroups = Math.ceil(v6Bits / 16); //
|
|
153
|
+
var keepGroups = Math.ceil(v6Bits / 16); // IPv6 group width in bits
|
|
154
154
|
var kept = groups.slice(0, keepGroups).join(":");
|
|
155
155
|
return "v6:" + kept + "/" + v6Bits;
|
|
156
156
|
}
|
|
@@ -158,7 +158,7 @@ function _ipPrefix(ip, bits) {
|
|
|
158
158
|
var parts = ip.split(".");
|
|
159
159
|
if (parts.length !== 4) return "v4:" + ip + "/" + bits;
|
|
160
160
|
var v4Bits = bits;
|
|
161
|
-
var keepOctets = Math.floor(v4Bits / 8); //
|
|
161
|
+
var keepOctets = Math.floor(v4Bits / 8); // IPv4 octet width in bits
|
|
162
162
|
var maskedOctets = parts.slice(0, keepOctets);
|
|
163
163
|
while (maskedOctets.length < 4) maskedOctets.push("0");
|
|
164
164
|
return "v4:" + maskedOctets.join(".") + "/" + v4Bits;
|
|
@@ -185,9 +185,9 @@ function create(opts) {
|
|
|
185
185
|
}
|
|
186
186
|
|
|
187
187
|
var ipBits = opts.ipPrefixBits || {};
|
|
188
|
-
var v4Bits = typeof ipBits.v4 === "number" && isFinite(ipBits.v4) && ipBits.v4 >= 0 && ipBits.v4 <= 32 //
|
|
188
|
+
var v4Bits = typeof ipBits.v4 === "number" && isFinite(ipBits.v4) && ipBits.v4 >= 0 && ipBits.v4 <= 32 // IPv4 max prefix length in bits
|
|
189
189
|
? ipBits.v4 : DEFAULT_IP_V4_PREFIX;
|
|
190
|
-
var v6Bits = typeof ipBits.v6 === "number" && isFinite(ipBits.v6) && ipBits.v6 >= 0 && ipBits.v6 <= 128 //
|
|
190
|
+
var v6Bits = typeof ipBits.v6 === "number" && isFinite(ipBits.v6) && ipBits.v6 >= 0 && ipBits.v6 <= 128 // IPv6 max prefix length in bits
|
|
191
191
|
? ipBits.v6 : DEFAULT_IP_V6_PREFIX;
|
|
192
192
|
|
|
193
193
|
var ttlMs = opts.ttlMs !== undefined ? opts.ttlMs : DEFAULT_TTL_MS;
|
|
@@ -242,7 +242,7 @@ function create(opts) {
|
|
|
242
242
|
function _hashTokenForAudit(token) {
|
|
243
243
|
// Don't put the raw session id in the audit log. SHAKE256 to a
|
|
244
244
|
// stable short label.
|
|
245
|
-
return nodeCrypto.createHash("sha3-256").update("bj-session-device:" + token).digest("hex").slice(0, 16); //
|
|
245
|
+
return nodeCrypto.createHash("sha3-256").update("bj-session-device:" + token).digest("hex").slice(0, 16); // sha3-256 hex truncation length in chars
|
|
246
246
|
}
|
|
247
247
|
|
|
248
248
|
function _resolveBoundKey(req) {
|
package/lib/session.js
CHANGED
|
@@ -208,16 +208,16 @@ var DEFAULT_FINGERPRINT_FIELDS = ["clientIp", "userAgent", "acceptLanguage"];
|
|
|
208
208
|
// fingerprint field for custom mask widths.
|
|
209
209
|
//
|
|
210
210
|
// Protocol constants — named so the bit-arithmetic stays readable.
|
|
211
|
-
var IP_BITS_PER_BYTE = 8; //
|
|
211
|
+
var IP_BITS_PER_BYTE = 8; // bits per byte; protocol constant, not a byte size
|
|
212
212
|
var IPV4_OCTET_COUNT = 4;
|
|
213
|
-
var IPV4_OCTET_RANGE = 256; //
|
|
214
|
-
var IPV4_TOTAL_BITS = 32; //
|
|
215
|
-
var IPV4_DEFAULT_PREFIX = 24; //
|
|
216
|
-
var IPV6_GROUP_COUNT = 8; //
|
|
217
|
-
var IPV6_BYTE_COUNT = 16; //
|
|
218
|
-
var IPV6_DEFAULT_PREFIX = 64; //
|
|
213
|
+
var IPV4_OCTET_RANGE = 256; // 0..255 inclusive; v4 octet domain
|
|
214
|
+
var IPV4_TOTAL_BITS = 32; // IPv4 address width in bits
|
|
215
|
+
var IPV4_DEFAULT_PREFIX = 24; // /24 carrier-NAT pool stride
|
|
216
|
+
var IPV6_GROUP_COUNT = 8; // 8 16-bit groups in v6
|
|
217
|
+
var IPV6_BYTE_COUNT = 16; // 16 bytes in v6
|
|
218
|
+
var IPV6_DEFAULT_PREFIX = 64; // /64 customer LAN per RFC 4291 §2.5.4
|
|
219
219
|
var BYTE_MASK = 0xff;
|
|
220
|
-
var HEX_RADIX = 16; //
|
|
220
|
+
var HEX_RADIX = 16; // base-16 radix
|
|
221
221
|
var V4_MAPPED_V6_PREFIX = "::ffff:";
|
|
222
222
|
|
|
223
223
|
function _maskIpv4(ip, prefix) {
|
package/lib/standard-webhooks.js
CHANGED
|
@@ -32,7 +32,7 @@ var { defineClass } = require("./framework-error");
|
|
|
32
32
|
|
|
33
33
|
var StandardWebhooksError = defineClass("StandardWebhooksError", { alwaysPermanent: true });
|
|
34
34
|
|
|
35
|
-
var DEFAULT_TOLERANCE_SEC = 300; // allow:raw-time-literal
|
|
35
|
+
var DEFAULT_TOLERANCE_SEC = 300; // allow:raw-time-literal — 5min default per StandardWebhooks §3.2
|
|
36
36
|
|
|
37
37
|
/**
|
|
38
38
|
* @primitive b.standardWebhooks.sign
|
|
@@ -58,7 +58,7 @@ function sign(opts) {
|
|
|
58
58
|
opts = validateOpts.requireObject(opts, "standardWebhooks.sign",
|
|
59
59
|
StandardWebhooksError, "standard-webhooks/bad-opts");
|
|
60
60
|
validateOpts(opts, ["id", "timestamp", "body", "secret"], "standardWebhooks.sign");
|
|
61
|
-
if (!Buffer.isBuffer(opts.secret) || opts.secret.length < 32) { //
|
|
61
|
+
if (!Buffer.isBuffer(opts.secret) || opts.secret.length < 32) { // 32-byte HMAC secret floor
|
|
62
62
|
throw new StandardWebhooksError("standard-webhooks/bad-secret",
|
|
63
63
|
"sign: opts.secret must be a Buffer (>= 32 bytes)");
|
|
64
64
|
}
|
|
@@ -67,7 +67,7 @@ function sign(opts) {
|
|
|
67
67
|
"sign: opts.body must be a non-empty Buffer or string");
|
|
68
68
|
}
|
|
69
69
|
var bodyBuf = Buffer.isBuffer(opts.body) ? opts.body : Buffer.from(opts.body, "utf8");
|
|
70
|
-
var id = opts.id || ("msg_" + bCrypto.generateToken(32)); //
|
|
70
|
+
var id = opts.id || ("msg_" + bCrypto.generateToken(32)); // 32-char id token
|
|
71
71
|
var timestamp = typeof opts.timestamp === "number"
|
|
72
72
|
? opts.timestamp
|
|
73
73
|
: Math.floor(Date.now() / 1000); // allow:raw-time-literal — wall-clock seconds
|
|
@@ -118,7 +118,7 @@ function verify(opts) {
|
|
|
118
118
|
throw new StandardWebhooksError("standard-webhooks/bad-headers",
|
|
119
119
|
"verify: opts.headers required");
|
|
120
120
|
}
|
|
121
|
-
if (!Buffer.isBuffer(opts.secret) || opts.secret.length < 32) { //
|
|
121
|
+
if (!Buffer.isBuffer(opts.secret) || opts.secret.length < 32) { // 32-byte HMAC secret floor
|
|
122
122
|
throw new StandardWebhooksError("standard-webhooks/bad-secret",
|
|
123
123
|
"verify: opts.secret must be a Buffer (>= 32 bytes)");
|
|
124
124
|
}
|
package/lib/storage.js
CHANGED
|
@@ -861,7 +861,7 @@ function _requireInit() {
|
|
|
861
861
|
// assembly; that gate is the operator's surrounding handler.
|
|
862
862
|
|
|
863
863
|
var ASSEMBLY_ID_MAX_LEN = 128;
|
|
864
|
-
var CHUNK_INDEX_MAX = 100000; //
|
|
864
|
+
var CHUNK_INDEX_MAX = 100000; // chunk-index cap (not bytes, not seconds)
|
|
865
865
|
var CHUNK_BYTES_DEFAULT = C.BYTES.mib(16);
|
|
866
866
|
var STALE_DEFAULT_MS = C.TIME.hours(24);
|
|
867
867
|
|
|
@@ -1005,7 +1005,7 @@ function chunkScratch(opts) {
|
|
|
1005
1005
|
var backendOverride = opts.backend;
|
|
1006
1006
|
|
|
1007
1007
|
function _chunkKey(assemblyId, chunkIndex) {
|
|
1008
|
-
return rootKeyPrefix + "/" + assemblyId + "/" + String(chunkIndex).padStart(8, "0") + ".chunk"; //
|
|
1008
|
+
return rootKeyPrefix + "/" + assemblyId + "/" + String(chunkIndex).padStart(8, "0") + ".chunk"; // 8-digit zero-pad covers CHUNK_INDEX_MAX
|
|
1009
1009
|
}
|
|
1010
1010
|
function _pickOpts() {
|
|
1011
1011
|
return backendOverride ? { backend: backendOverride } : {};
|
package/lib/stream-throttle.js
CHANGED
|
@@ -72,7 +72,7 @@ var StreamThrottleError = defineClass("StreamThrottleError", { alwaysPermanent:
|
|
|
72
72
|
// memory cap or protocol-byte literal; the framework's C.TIME / C.BYTES
|
|
73
73
|
// helpers don't apply.
|
|
74
74
|
var MS_PER_SECOND = 1000; // allow:raw-byte-literal — ms/sec unit conversion // allow:raw-time-literal — ms/sec unit conversion
|
|
75
|
-
var NS_PER_MS = 1e6; //
|
|
75
|
+
var NS_PER_MS = 1e6; // ns/ms unit conversion
|
|
76
76
|
var MS_PER_SECOND_HRTIME = 1000; // allow:raw-byte-literal — hrtime seconds→ms // allow:raw-time-literal — hrtime seconds→ms
|
|
77
77
|
|
|
78
78
|
/**
|
package/lib/structured-fields.js
CHANGED
|
@@ -158,8 +158,8 @@ function refuseControlBytes(value, opts) {
|
|
|
158
158
|
var allowHt = opts.allowHt !== false;
|
|
159
159
|
for (var i = 0; i < value.length; i += 1) {
|
|
160
160
|
var cc = value.charCodeAt(i);
|
|
161
|
-
if (allowHt && cc === 9) continue; //
|
|
162
|
-
if (cc < 32 || cc === 127) { //
|
|
161
|
+
if (allowHt && cc === 9) continue; // ASCII HT (folding whitespace)
|
|
162
|
+
if (cc < 32 || cc === 127) { // C0 + DEL codepoint range
|
|
163
163
|
var msg = opts.label + ": value contains control characters (C0 / DEL)";
|
|
164
164
|
// opts.useNativeError === true → call the ErrorClass with a
|
|
165
165
|
// single-arg `message` (matches native Error / TypeError /
|
|
@@ -234,8 +234,8 @@ function containsControlBytes(value, opts) {
|
|
|
234
234
|
var allowHt = !opts || opts.allowHt !== false;
|
|
235
235
|
for (var i = 0; i < value.length; i += 1) {
|
|
236
236
|
var cc = value.charCodeAt(i);
|
|
237
|
-
if (allowHt && cc === 9) continue; //
|
|
238
|
-
if (cc < 32 || cc === 127) return true; //
|
|
237
|
+
if (allowHt && cc === 9) continue; // ASCII HT (folding whitespace)
|
|
238
|
+
if (cc < 32 || cc === 127) return true; // C0 + DEL codepoint range
|
|
239
239
|
}
|
|
240
240
|
return false;
|
|
241
241
|
}
|
|
@@ -311,11 +311,11 @@ function _parseNumber(cx, E) {
|
|
|
311
311
|
var c = cx.s.charAt(cx.i);
|
|
312
312
|
if (_isDigit(c)) { num += c; cx.i += 1; }
|
|
313
313
|
else if (type === "integer" && c === ".") {
|
|
314
|
-
if (num.length > 12) throw E("structured-fields/parse", "integer part of a decimal exceeds 12 digits"); //
|
|
314
|
+
if (num.length > 12) throw E("structured-fields/parse", "integer part of a decimal exceeds 12 digits"); // RFC 8941 §4.2.4 decimal integer-part cap
|
|
315
315
|
num += "."; type = "decimal"; cx.i += 1;
|
|
316
316
|
} else break;
|
|
317
|
-
if (type === "integer" && num.length > 15) throw E("structured-fields/parse", "integer exceeds 15 digits"); //
|
|
318
|
-
if (type === "decimal" && num.length > 16) throw E("structured-fields/parse", "decimal exceeds the digit limit"); //
|
|
317
|
+
if (type === "integer" && num.length > 15) throw E("structured-fields/parse", "integer exceeds 15 digits"); // §3.3.1 integer digit cap
|
|
318
|
+
if (type === "decimal" && num.length > 16) throw E("structured-fields/parse", "decimal exceeds the digit limit"); // 12 int + "." + 3 frac
|
|
319
319
|
}
|
|
320
320
|
if (type === "integer") return sign * parseInt(num, 10);
|
|
321
321
|
if (num.charAt(num.length - 1) === ".") throw E("structured-fields/parse", "decimal must not end with '.'");
|
|
@@ -336,7 +336,7 @@ function _parseString(cx, E) {
|
|
|
336
336
|
} else if (c === "\"") { return out; }
|
|
337
337
|
else {
|
|
338
338
|
var cc = c.charCodeAt(0);
|
|
339
|
-
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/parse", "non-printable character in string"); //
|
|
339
|
+
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/parse", "non-printable character in string"); // RFC 8941 §4.2.5 printable-ASCII range
|
|
340
340
|
out += c;
|
|
341
341
|
}
|
|
342
342
|
}
|
|
@@ -395,7 +395,7 @@ function _parseDisplayString(cx, E) {
|
|
|
395
395
|
var c = cx.s.charAt(cx.i); cx.i += 1;
|
|
396
396
|
if (c === "%") {
|
|
397
397
|
var h = cx.s.substr(cx.i, 2);
|
|
398
|
-
if (h.length !== 2 || !/^[0-9a-f]{2}$/.test(h)) throw E("structured-fields/parse", "display string escape must be %<lowercase-hex><lowercase-hex>"); //
|
|
398
|
+
if (h.length !== 2 || !/^[0-9a-f]{2}$/.test(h)) throw E("structured-fields/parse", "display string escape must be %<lowercase-hex><lowercase-hex>"); // RFC 9651 §4.2.10 two-hex-digit escape
|
|
399
399
|
bytes.push(parseInt(h, 16));
|
|
400
400
|
cx.i += 2;
|
|
401
401
|
} else if (c === "\"") {
|
|
@@ -403,7 +403,7 @@ function _parseDisplayString(cx, E) {
|
|
|
403
403
|
catch (_e) { throw E("structured-fields/parse", "display string is not valid UTF-8"); }
|
|
404
404
|
} else {
|
|
405
405
|
var cc = c.charCodeAt(0);
|
|
406
|
-
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/parse", "display string contains a raw non-printable / non-ASCII character"); //
|
|
406
|
+
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/parse", "display string contains a raw non-printable / non-ASCII character"); // RFC 9651 §4.2.10 printable-ASCII range
|
|
407
407
|
bytes.push(cc);
|
|
408
408
|
}
|
|
409
409
|
}
|
|
@@ -542,8 +542,8 @@ function parse(input, type, opts) {
|
|
|
542
542
|
|
|
543
543
|
function _serDecimal(v, E) {
|
|
544
544
|
if (!isFinite(v)) throw E("structured-fields/serialize", "cannot serialize a non-finite decimal");
|
|
545
|
-
var n = Math.round(v * 1000) / 1000; // allow:raw-
|
|
546
|
-
if (Math.abs(Math.trunc(n)).toString().length > 12) throw E("structured-fields/serialize", "decimal integer part exceeds 12 digits"); //
|
|
545
|
+
var n = Math.round(v * 1000) / 1000; // allow:raw-time-literal — RFC 8941 §4.1.5 decimal scale 10^3 (3 fractional digits), not a size or duration
|
|
546
|
+
if (Math.abs(Math.trunc(n)).toString().length > 12) throw E("structured-fields/serialize", "decimal integer part exceeds 12 digits"); // §4.1.5 cap
|
|
547
547
|
var s = n.toString();
|
|
548
548
|
if (s.indexOf(".") === -1) s += ".0"; // a Decimal must carry a fractional part
|
|
549
549
|
return s;
|
|
@@ -559,8 +559,8 @@ function _serDisplayString(s, E) {
|
|
|
559
559
|
var bytes = Buffer.from(s, "utf8"), out = "%\"";
|
|
560
560
|
for (var i = 0; i < bytes.length; i += 1) {
|
|
561
561
|
var b = bytes[i];
|
|
562
|
-
if (b >= 0x20 && b <= 0x7e && b !== 0x25 && b !== 0x22) out += String.fromCharCode(b); //
|
|
563
|
-
else out += "%" + (b < 0x10 ? "0" : "") + b.toString(16); //
|
|
562
|
+
if (b >= 0x20 && b <= 0x7e && b !== 0x25 && b !== 0x22) out += String.fromCharCode(b); // RFC 9651 §4.1.10 printable ASCII except % and "
|
|
563
|
+
else out += "%" + (b < 0x10 ? "0" : "") + b.toString(16); // lowercase 2-hex escape
|
|
564
564
|
}
|
|
565
565
|
return out + "\"";
|
|
566
566
|
}
|
|
@@ -585,7 +585,7 @@ function _serBareItem(v, E) {
|
|
|
585
585
|
var out = "\"";
|
|
586
586
|
for (var i = 0; i < v.length; i += 1) {
|
|
587
587
|
var c = v.charAt(i), cc = v.charCodeAt(i);
|
|
588
|
-
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/serialize", "string contains a non-printable character"); //
|
|
588
|
+
if (cc < 0x20 || cc > 0x7e) throw E("structured-fields/serialize", "string contains a non-printable character"); // §4.1.6 printable-ASCII range
|
|
589
589
|
if (c === "\\" || c === "\"") out += "\\";
|
|
590
590
|
out += c;
|
|
591
591
|
}
|
package/lib/subject.js
CHANGED
|
@@ -478,7 +478,7 @@ function eraseHard(subjectId, opts) {
|
|
|
478
478
|
perTable[spec.name] = deleted;
|
|
479
479
|
// REINDEX the table so B-tree pages holding the deleted row's
|
|
480
480
|
// index entries are rebuilt — closes the F-RTBF-2 residual class.
|
|
481
|
-
try { db().runSql('REINDEX "' + spec.name + '"'); } //
|
|
481
|
+
try { db().runSql('REINDEX "' + spec.name + '"'); } // table name comes from FRAMEWORK_SCHEMA
|
|
482
482
|
catch (_e) { /* cluster mode / unsupported dialect */ }
|
|
483
483
|
}
|
|
484
484
|
_markErased(subjectId);
|
package/lib/tcpa-10dlc.js
CHANGED
|
@@ -65,7 +65,7 @@ var audit = require("./audit");
|
|
|
65
65
|
var { defineClass } = require("./framework-error");
|
|
66
66
|
var Tcpa10dlcError = defineClass("Tcpa10dlcError", { alwaysPermanent: true });
|
|
67
67
|
|
|
68
|
-
var E164_RE = /^\+[1-9][0-9]{6,14}$/; //
|
|
68
|
+
var E164_RE = /^\+[1-9][0-9]{6,14}$/; // E.164 length range, not bytes
|
|
69
69
|
var DISCLOSURE_PARTIES = ["first-party", "carrier-affiliate", "campaign-registrar"];
|
|
70
70
|
|
|
71
71
|
var records = new Map(); // phoneE164 → record
|
package/lib/tenant-quota.js
CHANGED
|
@@ -62,8 +62,8 @@ var observability = lazyRequire(function () { return require("./observability");
|
|
|
62
62
|
|
|
63
63
|
var DEFAULT_CACHE_TTL_MS = C.TIME.seconds(30);
|
|
64
64
|
var DEFAULT_WINDOW_MS = C.TIME.minutes(1);
|
|
65
|
-
var DEFAULT_QPS_CAP = 100; //
|
|
66
|
-
var DEFAULT_ROWS_READ = 50000; //
|
|
65
|
+
var DEFAULT_QPS_CAP = 100; // request count, not bytes
|
|
66
|
+
var DEFAULT_ROWS_READ = 50000; // row count, not bytes
|
|
67
67
|
var DEFAULT_BYTES_CAP = C.BYTES.gib(1);
|
|
68
68
|
|
|
69
69
|
// ---- Per-tenant storage cap (assert / snapshot / list) ----
|
|
@@ -523,7 +523,7 @@ function instrumentQuery(opts) {
|
|
|
523
523
|
claimedTenant: opts.tenantId,
|
|
524
524
|
table: opts.table || null,
|
|
525
525
|
rowCount: crossover.length,
|
|
526
|
-
sample: crossover.slice(0, 5), //
|
|
526
|
+
sample: crossover.slice(0, 5), // sample size, not bytes
|
|
527
527
|
},
|
|
528
528
|
});
|
|
529
529
|
} catch (_e) { /* audit best-effort */ }
|
package/lib/test-harness.js
CHANGED
|
@@ -156,7 +156,7 @@ async function start(opts) {
|
|
|
156
156
|
// even under SMOKE_PARALLEL=64 fan-out. Prefix surfaces the
|
|
157
157
|
// process owner for grep-on-leak diagnosis.
|
|
158
158
|
var prefix = nodePath.join(os.tmpdir(),
|
|
159
|
-
"blamejs-harness-" + bCrypto.generateToken(4) + "-"); //
|
|
159
|
+
"blamejs-harness-" + bCrypto.generateToken(4) + "-"); // 4-byte token (8 hex) suffix
|
|
160
160
|
dataDir = nodeFs.mkdtempSync(prefix);
|
|
161
161
|
weCreatedDataDir = true;
|
|
162
162
|
}
|
package/lib/tracing.js
CHANGED
|
@@ -330,7 +330,7 @@ function create(opts) {
|
|
|
330
330
|
spanInst.end = function () {
|
|
331
331
|
if (ended) return;
|
|
332
332
|
ended = true;
|
|
333
|
-
try { tracer._pop && tracer._pop(); } //
|
|
333
|
+
try { tracer._pop && tracer._pop(); } // passthrough tracer lifecycle
|
|
334
334
|
catch (_e) { /* best-effort */ }
|
|
335
335
|
try { origEnd(); }
|
|
336
336
|
catch (_e) { /* best-effort */ }
|
package/lib/tsa.js
CHANGED
|
@@ -180,7 +180,7 @@ function buildRequest(data, opts) {
|
|
|
180
180
|
|
|
181
181
|
var nonce = null;
|
|
182
182
|
if (opts.nonce !== false) {
|
|
183
|
-
nonce = Buffer.isBuffer(opts.nonce) ? opts.nonce : nodeCrypto.randomBytes(8); //
|
|
183
|
+
nonce = Buffer.isBuffer(opts.nonce) ? opts.nonce : nodeCrypto.randomBytes(8); // RFC 3161 nonce: 64-bit random
|
|
184
184
|
children.push(asn1.writeInteger(nonce));
|
|
185
185
|
}
|
|
186
186
|
// certReq DEFAULTS TRUE (RFC 3161 §2.4.1) — encode the boolean unless
|
|
@@ -264,7 +264,7 @@ function parseResponse(der) {
|
|
|
264
264
|
}
|
|
265
265
|
|
|
266
266
|
// PKIFailureInfo bit names (RFC 3161 §2.4.2 / RFC 2510).
|
|
267
|
-
var FAIL_INFO_BITS = { //
|
|
267
|
+
var FAIL_INFO_BITS = { // RFC 3161 PKIFailureInfo bit positions
|
|
268
268
|
0: "badAlg", 2: "badRequest", 5: "badDataFormat", 14: "timeNotAvailable",
|
|
269
269
|
15: "unacceptedPolicy", 16: "unacceptedExtension", 17: "addInfoNotAvailable", 25: "systemFailure",
|
|
270
270
|
};
|
|
@@ -274,9 +274,9 @@ function _decodeFailInfo(bitStringNode) {
|
|
|
274
274
|
if (v.length <= 1) return out; // first byte = unused-bit count
|
|
275
275
|
var bits = v.slice(1);
|
|
276
276
|
for (var byteIdx = 0; byteIdx < bits.length; byteIdx += 1) {
|
|
277
|
-
for (var b = 0; b < 8; b += 1) { //
|
|
277
|
+
for (var b = 0; b < 8; b += 1) { // 8 bits per byte
|
|
278
278
|
if (bits[byteIdx] & (0x80 >> b)) {
|
|
279
|
-
var pos = byteIdx * 8 + b; //
|
|
279
|
+
var pos = byteIdx * 8 + b; // 8 bits per byte
|
|
280
280
|
out.push(FAIL_INFO_BITS[pos] || ("bit" + pos));
|
|
281
281
|
}
|
|
282
282
|
}
|
|
@@ -363,7 +363,7 @@ function _parseAccuracy(node) {
|
|
|
363
363
|
function _ctxInt(node) {
|
|
364
364
|
// [n] IMPLICIT INTEGER — value bytes are the integer content directly.
|
|
365
365
|
var v = node.value, n = 0;
|
|
366
|
-
for (var i = 0; i < v.length; i += 1) n = (n * 256) + v[i]; //
|
|
366
|
+
for (var i = 0; i < v.length; i += 1) n = (n * 256) + v[i]; // base-256 integer accumulation
|
|
367
367
|
return n;
|
|
368
368
|
}
|
|
369
369
|
|
package/lib/uri-template.js
CHANGED
|
@@ -32,7 +32,7 @@ var { defineClass } = require("./framework-error");
|
|
|
32
32
|
|
|
33
33
|
var UriTemplateError = defineClass("UriTemplateError", { alwaysPermanent: true });
|
|
34
34
|
|
|
35
|
-
var MAX_PREFIX = 10000; //
|
|
35
|
+
var MAX_PREFIX = 10000; // RFC 6570 caps prefix length at 9999
|
|
36
36
|
|
|
37
37
|
// Operator table (RFC 6570 §2.2 / §3.2.1). first = prefix when any value is
|
|
38
38
|
// present; sep = separator between values; named = emit "name=value";
|
|
@@ -68,15 +68,15 @@ function _pctEncode(str, allowReserved) {
|
|
|
68
68
|
// which RFC 6570 unreserved-only expansion must escape.
|
|
69
69
|
var cp = str.codePointAt(i);
|
|
70
70
|
var bytes = Buffer.from(String.fromCodePoint(cp), "utf8");
|
|
71
|
-
for (var b = 0; b < bytes.length; b++) out += "%" + bytes[b].toString(16).toUpperCase().padStart(2, "0"); //
|
|
72
|
-
if (cp > 0xFFFF) i++; // consumed a surrogate pair //
|
|
71
|
+
for (var b = 0; b < bytes.length; b++) out += "%" + bytes[b].toString(16).toUpperCase().padStart(2, "0"); // hex radix
|
|
72
|
+
if (cp > 0xFFFF) i++; // consumed a surrogate pair // BMP boundary for surrogate-pair detection
|
|
73
73
|
}
|
|
74
74
|
return out;
|
|
75
75
|
}
|
|
76
76
|
|
|
77
77
|
function _allDigits(s) {
|
|
78
78
|
if (s.length === 0) return false;
|
|
79
|
-
for (var i = 0; i < s.length; i++) { var c = s.charCodeAt(i); if (c < 48 || c > 57) return false; } //
|
|
79
|
+
for (var i = 0; i < s.length; i++) { var c = s.charCodeAt(i); if (c < 48 || c > 57) return false; } // ASCII '0'..'9' code-point bounds
|
|
80
80
|
return true;
|
|
81
81
|
}
|
|
82
82
|
|
|
@@ -219,7 +219,7 @@ function _sliceChars(s, n) {
|
|
|
219
219
|
for (var i = 0; i < s.length && count < n; i++) {
|
|
220
220
|
var cp = s.codePointAt(i);
|
|
221
221
|
out += String.fromCodePoint(cp);
|
|
222
|
-
if (cp > 0xFFFF) i++; //
|
|
222
|
+
if (cp > 0xFFFF) i++; // BMP boundary for surrogate pairs
|
|
223
223
|
count++;
|
|
224
224
|
}
|
|
225
225
|
return out;
|
package/lib/vault/index.js
CHANGED
|
@@ -120,14 +120,14 @@ function _readOrCreateDerivedHashSalt() {
|
|
|
120
120
|
}
|
|
121
121
|
if (nodeFs.existsSync(paths.derivedHashSalt)) {
|
|
122
122
|
var raw = atomicFile.readSync(paths.derivedHashSalt);
|
|
123
|
-
if (raw.length !== 32) { //
|
|
123
|
+
if (raw.length !== 32) { // 32-byte (256-bit) salt
|
|
124
124
|
throw new VaultError("vault/derived-hash-salt-corrupted",
|
|
125
125
|
"vault.derived-hash-salt must be exactly 32 bytes; got " + raw.length);
|
|
126
126
|
}
|
|
127
127
|
return raw;
|
|
128
128
|
}
|
|
129
129
|
var nodeCrypto = require("node:crypto");
|
|
130
|
-
var salt = nodeCrypto.randomBytes(32); //
|
|
130
|
+
var salt = nodeCrypto.randomBytes(32); // 32-byte salt
|
|
131
131
|
atomicFile.writeSync(paths.derivedHashSalt, salt, { fileMode: 0o600 });
|
|
132
132
|
log("generated per-deployment derivedHash salt at " + paths.derivedHashSalt);
|
|
133
133
|
return salt;
|
|
@@ -230,10 +230,10 @@ function sealPemFile(opts) {
|
|
|
230
230
|
if (process.platform !== "win32") {
|
|
231
231
|
try {
|
|
232
232
|
var dirStat = nodeFs.statSync(destDir);
|
|
233
|
-
if ((dirStat.mode & 0o022) !== 0) { //
|
|
233
|
+
if ((dirStat.mode & 0o022) !== 0) { // POSIX mode mask
|
|
234
234
|
throw new SealPemFileError("seal-pem-file/parent-dir-writable",
|
|
235
235
|
"destination parent dir '" + destDir + "' is group/other-writable " +
|
|
236
|
-
"(mode " + (dirStat.mode & 0o777).toString(8) + //
|
|
236
|
+
"(mode " + (dirStat.mode & 0o777).toString(8) + // POSIX mode mask
|
|
237
237
|
") — refuse to seal; chmod 0700 the dir");
|
|
238
238
|
}
|
|
239
239
|
} catch (e) {
|
|
@@ -242,9 +242,9 @@ function sealPemFile(opts) {
|
|
|
242
242
|
}
|
|
243
243
|
}
|
|
244
244
|
var sealed = vault().seal(plaintextBytes);
|
|
245
|
-
nodeFs.writeFileSync(markerPath, String(Date.now()), { mode: 0o600 }); //
|
|
245
|
+
nodeFs.writeFileSync(markerPath, String(Date.now()), { mode: 0o600 }); // POSIX file mode
|
|
246
246
|
try {
|
|
247
|
-
atomicFile.writeSync(destination, sealed, { fileMode: 0o600 }); //
|
|
247
|
+
atomicFile.writeSync(destination, sealed, { fileMode: 0o600 }); // POSIX file mode
|
|
248
248
|
} catch (e) {
|
|
249
249
|
try { nodeFs.unlinkSync(markerPath); } catch (_e) { /* best-effort */ }
|
|
250
250
|
throw e;
|
package/lib/vc.js
CHANGED
|
@@ -54,9 +54,9 @@ var COSE_CONTENT_TYPE = "application/vc";
|
|
|
54
54
|
var VP_JOSE_TYP = "vp+jwt";
|
|
55
55
|
var VP_COSE_TYP = "application/vp+cose";
|
|
56
56
|
var VP_COSE_CONTENT_TYPE = "application/vp";
|
|
57
|
-
var MAX_PRESENTATION_CREDENTIALS = 64; //
|
|
57
|
+
var MAX_PRESENTATION_CREDENTIALS = 64; // bounded count of enveloped VCs per presentation
|
|
58
58
|
var ENVELOPED_VC_TYPE = "EnvelopedVerifiableCredential";
|
|
59
|
-
var HDR_COSE_TYP = 16; //
|
|
59
|
+
var HDR_COSE_TYP = 16; // COSE "typ" header label (RFC 9596)
|
|
60
60
|
|
|
61
61
|
// JOSE signature algorithms (final RFC 7518 / 8037), mapped to node
|
|
62
62
|
// verify parameters. ECDSA uses the IEEE-P1363 fixed-width encoding JOSE
|
package/lib/vendor-data.js
CHANGED
|
@@ -501,7 +501,7 @@ if (_deferFlag === "1") {
|
|
|
501
501
|
action: "vendor-data.boot_verify_deferred",
|
|
502
502
|
outcome: "denied",
|
|
503
503
|
metadata: {
|
|
504
|
-
reason: _deferReason.slice(0, 256), //
|
|
504
|
+
reason: _deferReason.slice(0, 256), // audit metadata truncation limit
|
|
505
505
|
vendorDataKnown: Object.keys(KNOWN_VENDOR_DATA),
|
|
506
506
|
},
|
|
507
507
|
});
|
package/lib/watcher.js
CHANGED
|
@@ -65,12 +65,12 @@ var DEFAULT_DEBOUNCE_MS = 100;
|
|
|
65
65
|
// explicitly via `mode: "poll"`. Default cadence is 1s per tick;
|
|
66
66
|
// pollMaxFiles caps the per-tick walk so a misconfigured root can't
|
|
67
67
|
// stall the event loop by stat'ing 100k files every second.
|
|
68
|
-
var DEFAULT_POLL_INTERVAL_MS = 1000; //
|
|
69
|
-
var DEFAULT_POLL_MAX_FILES = 50000; //
|
|
68
|
+
var DEFAULT_POLL_INTERVAL_MS = 1000; // 1-second poll cadence
|
|
69
|
+
var DEFAULT_POLL_MAX_FILES = 50000; // per-tick stat cap
|
|
70
70
|
// Per-watcher event count cap before we self-terminate as a safety net
|
|
71
71
|
// against runaway directories that emit millions of events per minute.
|
|
72
72
|
// Operators with legitimate high-churn directories raise this via opts.
|
|
73
|
-
var DEFAULT_MAX_PENDING = 10000; //
|
|
73
|
+
var DEFAULT_MAX_PENDING = 10000; // pending-event queue cap
|
|
74
74
|
|
|
75
75
|
// ---- glob-style matcher ----
|
|
76
76
|
//
|
|
@@ -520,7 +520,7 @@ function create(opts) {
|
|
|
520
520
|
throw new WatcherError("watcher/start-failed",
|
|
521
521
|
"watcher.create: initial poll walk failed: " + ((e && e.message) || String(e)));
|
|
522
522
|
}
|
|
523
|
-
pollTimer = setInterval(_pollTick, pollIntervalMs); // allow:
|
|
523
|
+
pollTimer = setInterval(_pollTick, pollIntervalMs); // allow:timer-no-unref — .unref() called immediately below; timer doesn't pin the event loop
|
|
524
524
|
if (typeof pollTimer.unref === "function") pollTimer.unref();
|
|
525
525
|
} else {
|
|
526
526
|
try {
|
package/lib/web-push-vapid.js
CHANGED
|
@@ -64,7 +64,7 @@ function generateVapidKeypair() {
|
|
|
64
64
|
var pubKeyObj = nodeCrypto.createPublicKey(kp.publicKey);
|
|
65
65
|
var jwk = pubKeyObj.export({ format: "jwk" });
|
|
66
66
|
var raw = Buffer.concat([
|
|
67
|
-
Buffer.from([0x04]), //
|
|
67
|
+
Buffer.from([0x04]), // uncompressed point prefix per SEC1 §2.3.3
|
|
68
68
|
Buffer.from(jwk.x, "base64url"),
|
|
69
69
|
Buffer.from(jwk.y, "base64url"),
|
|
70
70
|
]);
|
|
@@ -153,31 +153,31 @@ function buildVapidAuthHeader(opts) {
|
|
|
153
153
|
// node:crypto produces DER-encoded ECDSA signature; JWT ES256
|
|
154
154
|
// requires the raw 64-byte r||s shape. Convert.
|
|
155
155
|
var derSig = nodeCrypto.sign("sha256", Buffer.from(signingInput, "utf8"), keyObj);
|
|
156
|
-
var rawSig = _ecdsaDerToRaw(derSig, 32); //
|
|
156
|
+
var rawSig = _ecdsaDerToRaw(derSig, 32); // 32-byte P-256 component
|
|
157
157
|
var token = signingInput + "." + bCrypto.toBase64Url(rawSig);
|
|
158
158
|
return "vapid t=" + token + ", k=" + opts.publicKeyB64Url;
|
|
159
159
|
}
|
|
160
160
|
|
|
161
161
|
function _ecdsaDerToRaw(der, componentLen) {
|
|
162
162
|
// ECDSA-Sig-Value DER = SEQUENCE { r INTEGER, s INTEGER }.
|
|
163
|
-
if (der[0] !== 0x30) { //
|
|
163
|
+
if (der[0] !== 0x30) { // ASN.1 SEQUENCE tag
|
|
164
164
|
throw new WebPushError("web-push/bad-sig",
|
|
165
165
|
"ECDSA signature is not a DER SEQUENCE");
|
|
166
166
|
}
|
|
167
167
|
var off = 2;
|
|
168
|
-
if (der[1] & 0x80) off = 2 + (der[1] & 0x7f); //
|
|
169
|
-
if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing r INTEGER"); //
|
|
168
|
+
if (der[1] & 0x80) off = 2 + (der[1] & 0x7f); // long-form length byte
|
|
169
|
+
if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing r INTEGER"); // ASN.1 INTEGER tag
|
|
170
170
|
var rLen = der[off + 1];
|
|
171
171
|
var rStart = off + 2;
|
|
172
172
|
var r = der.slice(rStart, rStart + rLen);
|
|
173
173
|
off = rStart + rLen;
|
|
174
|
-
if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing s INTEGER"); //
|
|
174
|
+
if (der[off] !== 0x02) throw new WebPushError("web-push/bad-sig", "missing s INTEGER"); // ASN.1 INTEGER tag
|
|
175
175
|
var sLen = der[off + 1];
|
|
176
176
|
var sStart = off + 2;
|
|
177
177
|
var s = der.slice(sStart, sStart + sLen);
|
|
178
178
|
// Trim leading zero pad (DER requires it when high bit set; JWT raw doesn't).
|
|
179
|
-
if (r.length > componentLen && r[0] === 0x00) r = r.slice(1); //
|
|
180
|
-
if (s.length > componentLen && s[0] === 0x00) s = s.slice(1); //
|
|
179
|
+
if (r.length > componentLen && r[0] === 0x00) r = r.slice(1); // DER sign-bit pad
|
|
180
|
+
if (s.length > componentLen && s[0] === 0x00) s = s.slice(1); // DER sign-bit pad
|
|
181
181
|
var out = Buffer.alloc(componentLen * 2);
|
|
182
182
|
r.copy(out, componentLen - r.length);
|
|
183
183
|
s.copy(out, componentLen * 2 - s.length);
|
|
@@ -245,12 +245,12 @@ function encrypt(opts) {
|
|
|
245
245
|
}
|
|
246
246
|
// Decode the subscription's p256dh + auth.
|
|
247
247
|
var recipientPubRaw = Buffer.from(opts.subscription.keys.p256dh, "base64url");
|
|
248
|
-
if (recipientPubRaw.length !== 65 || recipientPubRaw[0] !== 0x04) { //
|
|
248
|
+
if (recipientPubRaw.length !== 65 || recipientPubRaw[0] !== 0x04) { // uncompressed P-256 point shape per SEC1 §2.3.3
|
|
249
249
|
throw new WebPushError("web-push/bad-p256dh",
|
|
250
250
|
"encrypt: p256dh must be a 65-byte uncompressed P-256 point");
|
|
251
251
|
}
|
|
252
252
|
var authSecret = Buffer.from(opts.subscription.keys.auth, "base64url");
|
|
253
|
-
if (authSecret.length !== 16) { //
|
|
253
|
+
if (authSecret.length !== 16) { // RFC 8291 §3.2 auth_secret length
|
|
254
254
|
throw new WebPushError("web-push/bad-auth",
|
|
255
255
|
"encrypt: auth must be a 16-byte secret (got " + authSecret.length + ")");
|
|
256
256
|
}
|
|
@@ -259,7 +259,7 @@ function encrypt(opts) {
|
|
|
259
259
|
ephemeral.generateKeys();
|
|
260
260
|
var ephemeralPubRaw = ephemeral.getPublicKey(); // uncompressed 65 bytes
|
|
261
261
|
// ECDH shared secret.
|
|
262
|
-
var sharedSecret = ephemeral.computeSecret(recipientPubRaw); //
|
|
262
|
+
var sharedSecret = ephemeral.computeSecret(recipientPubRaw); // ECDH shared secret (32 bytes per P-256)
|
|
263
263
|
// RFC 8291 §3.4 two-stage HKDF:
|
|
264
264
|
// PRK_key = HKDF-Extract(salt=auth_secret, IKM=ECDH_shared)
|
|
265
265
|
// key_info = "WebPush: info\x00" || ua_public || as_public
|
|
@@ -276,23 +276,23 @@ function encrypt(opts) {
|
|
|
276
276
|
recipientPubRaw,
|
|
277
277
|
ephemeralPubRaw,
|
|
278
278
|
]);
|
|
279
|
-
var ikm = _hkdf(authSecret, sharedSecret, keyInfo, 32); //
|
|
280
|
-
var salt = nodeCrypto.randomBytes(16); //
|
|
281
|
-
var cek = _hkdf(salt, ikm, Buffer.from("Content-Encoding: aes128gcm\x00", "utf8"), 16); //
|
|
282
|
-
var nonce = _hkdf(salt, ikm, Buffer.from("Content-Encoding: nonce\x00", "utf8"), 12); //
|
|
279
|
+
var ikm = _hkdf(authSecret, sharedSecret, keyInfo, 32); // 256-bit IKM
|
|
280
|
+
var salt = nodeCrypto.randomBytes(16); // RFC 8188 §2.2 16-byte salt
|
|
281
|
+
var cek = _hkdf(salt, ikm, Buffer.from("Content-Encoding: aes128gcm\x00", "utf8"), 16); // 128-bit AEAD key
|
|
282
|
+
var nonce = _hkdf(salt, ikm, Buffer.from("Content-Encoding: nonce\x00", "utf8"), 12); // 96-bit AEAD nonce
|
|
283
283
|
// RFC 8188 §2 padding: plaintext || 0x02 (delimiter for single-record).
|
|
284
284
|
// RFC 8291 mandates single-record (record_size > plaintext+padding+tag).
|
|
285
|
-
var padded = Buffer.concat([plaintext, Buffer.from([0x02])]); //
|
|
285
|
+
var padded = Buffer.concat([plaintext, Buffer.from([0x02])]); // RFC 8188 single-record delimiter
|
|
286
286
|
var cipher = nodeCrypto.createCipheriv("aes-128-gcm", cek, nonce);
|
|
287
287
|
var ct = Buffer.concat([cipher.update(padded), cipher.final()]);
|
|
288
288
|
var tag = cipher.getAuthTag();
|
|
289
289
|
// RFC 8188 §2.1 header: salt(16) || rs(4 big-endian) || idlen(1) || keyid
|
|
290
290
|
// For RFC 8291 the keyid is the as_public (ephemeral pubkey, 65 bytes).
|
|
291
|
-
var rs = padded.length + 16; //
|
|
292
|
-
var header = Buffer.alloc(16 + 4 + 1); //
|
|
291
|
+
var rs = padded.length + 16; // record size = plaintext + tag length
|
|
292
|
+
var header = Buffer.alloc(16 + 4 + 1); // salt + rs + idlen layout
|
|
293
293
|
salt.copy(header, 0);
|
|
294
|
-
header.writeUInt32BE(rs, 16); //
|
|
295
|
-
header[20] = ephemeralPubRaw.length; //
|
|
294
|
+
header.writeUInt32BE(rs, 16); // salt offset
|
|
295
|
+
header[20] = ephemeralPubRaw.length; // rs offset
|
|
296
296
|
var body = Buffer.concat([header, ephemeralPubRaw, ct, tag]);
|
|
297
297
|
var ttlSec = opts.ttlSec || (28 * 24 * 3600); // allow:raw-time-literal — RFC 8030 §5.2 default
|
|
298
298
|
return {
|
|
@@ -309,7 +309,7 @@ function _hkdf(salt, ikm, info, length) {
|
|
|
309
309
|
// RFC 5869 HKDF-Extract + Expand using SHA-256 (per RFC 8291 / 8188).
|
|
310
310
|
var prk = nodeCrypto.createHmac("sha256", salt).update(ikm).digest();
|
|
311
311
|
// Expand with one-byte counter (length <= 32 always in this use).
|
|
312
|
-
var t = Buffer.concat([info, Buffer.from([0x01])]); //
|
|
312
|
+
var t = Buffer.concat([info, Buffer.from([0x01])]); // HKDF counter start
|
|
313
313
|
var out = nodeCrypto.createHmac("sha256", prk).update(t).digest();
|
|
314
314
|
return out.slice(0, length);
|
|
315
315
|
}
|
package/lib/webhook.js
CHANGED
|
@@ -751,7 +751,7 @@ function _writeError(res, status, code, message) {
|
|
|
751
751
|
// b.crypto.timingSafeEqual — never `===`.
|
|
752
752
|
|
|
753
753
|
var STRIPE_HMAC_ALG = "hmac-sha256-stripe";
|
|
754
|
-
var STRIPE_SIG_MAX_HEX = 256; //
|
|
754
|
+
var STRIPE_SIG_MAX_HEX = 256; // hex-char anti-DoS cap, not bytes
|
|
755
755
|
var STRIPE_DEFAULT_TOLERANCE_MS = C.TIME.minutes(5); // RFC 3161-ish 5 minute window default
|
|
756
756
|
var STRIPE_MIN_TOLERANCE_MS = C.TIME.seconds(30); // refuse below 30s
|
|
757
757
|
|
|
@@ -764,7 +764,7 @@ function _parseStripeSignatureHeader(header) {
|
|
|
764
764
|
throw new WebhookError("webhook/bad-stripe-header",
|
|
765
765
|
"verify: Stripe-Signature header must be a non-empty string");
|
|
766
766
|
}
|
|
767
|
-
if (header.length > 4096) { //
|
|
767
|
+
if (header.length > 4096) { // anti-DoS header cap
|
|
768
768
|
throw new WebhookError("webhook/bad-stripe-header",
|
|
769
769
|
"verify: Stripe-Signature header exceeds 4096 bytes");
|
|
770
770
|
}
|