@dainprotocol/tunnel 1.1.0 → 1.1.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/client/index.js +1 -1
- package/dist/server/index.js +11 -5
- package/package.json +10 -12
package/dist/client/index.js
CHANGED
|
@@ -27,7 +27,7 @@ class DainTunnel extends events_1.EventEmitter {
|
|
|
27
27
|
throw new Error('Invalid API key format. Expected: sk_agent_{agentId}_{orgId}_{secret}');
|
|
28
28
|
}
|
|
29
29
|
this.apiKey = apiKey;
|
|
30
|
-
this.tunnelId = parsed.agentId
|
|
30
|
+
this.tunnelId = `${parsed.orgId}_${parsed.agentId}`; // orgId_agentId to prevent collisions
|
|
31
31
|
this.secret = parsed.secret; // secret for HMAC signatures
|
|
32
32
|
}
|
|
33
33
|
/**
|
package/dist/server/index.js
CHANGED
|
@@ -202,17 +202,23 @@ class DainTunnelServer {
|
|
|
202
202
|
ws.close(1008, "Invalid API key format");
|
|
203
203
|
return;
|
|
204
204
|
}
|
|
205
|
-
// Validate HMAC signature
|
|
205
|
+
// Validate HMAC signature using constant-time comparison
|
|
206
206
|
const expectedSignature = (0, crypto_1.createHmac)('sha256', parsed.secret)
|
|
207
207
|
.update(challenge)
|
|
208
208
|
.digest('hex');
|
|
209
|
-
|
|
209
|
+
// Convert to buffers for timing-safe comparison
|
|
210
|
+
const expectedSigBuffer = Buffer.from(expectedSignature, 'hex');
|
|
211
|
+
const receivedSigBuffer = Buffer.from(signature, 'hex');
|
|
212
|
+
// Constant-time comparison to prevent timing attacks
|
|
213
|
+
if (expectedSigBuffer.length !== receivedSigBuffer.length ||
|
|
214
|
+
!(0, crypto_1.timingSafeEqual)(expectedSigBuffer, receivedSigBuffer)) {
|
|
210
215
|
ws.close(1008, "Invalid signature");
|
|
211
216
|
return;
|
|
212
217
|
}
|
|
213
|
-
// Verify that tunnelId matches
|
|
214
|
-
|
|
215
|
-
|
|
218
|
+
// Verify that tunnelId matches orgId_agentId from the API key
|
|
219
|
+
const expectedTunnelId = `${parsed.orgId}_${parsed.agentId}`;
|
|
220
|
+
if (tunnelId !== expectedTunnelId) {
|
|
221
|
+
ws.close(1008, `Tunnel ID does not match API key. Expected: ${expectedTunnelId}, Got: ${tunnelId}`);
|
|
216
222
|
return;
|
|
217
223
|
}
|
|
218
224
|
// If tunnel already exists, remove old one
|
package/package.json
CHANGED
|
@@ -1,25 +1,17 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@dainprotocol/tunnel",
|
|
3
|
-
"version": "1.1.
|
|
3
|
+
"version": "1.1.2",
|
|
4
4
|
"description": "",
|
|
5
5
|
"main": "dist/index.js",
|
|
6
6
|
"private": false,
|
|
7
7
|
"publishConfig": {
|
|
8
8
|
"access": "public"
|
|
9
9
|
},
|
|
10
|
-
"scripts": {
|
|
11
|
-
"build": "tsc",
|
|
12
|
-
"build:types": "tsc --emitDeclarationOnly",
|
|
13
|
-
"test": "jest",
|
|
14
|
-
"test:watch": "jest --watch",
|
|
15
|
-
"prepublishOnly": "npm run build && npm run build:types",
|
|
16
|
-
"start-server": "ts-node src/server/start.ts"
|
|
17
|
-
},
|
|
18
10
|
"keywords": [],
|
|
19
11
|
"author": "Ryan",
|
|
20
12
|
"license": "ISC",
|
|
21
13
|
"dependencies": {
|
|
22
|
-
"@dainprotocol/service-sdk": "^1.3.
|
|
14
|
+
"@dainprotocol/service-sdk": "^1.3.3",
|
|
23
15
|
"@types/body-parser": "^1.19.5",
|
|
24
16
|
"@types/cors": "^2.8.17",
|
|
25
17
|
"@types/eventsource": "^3.0.0",
|
|
@@ -28,7 +20,6 @@
|
|
|
28
20
|
"@types/uuid": "^10.0.0",
|
|
29
21
|
"@types/ws": "^8.5.12",
|
|
30
22
|
"body-parser": "^1.20.2",
|
|
31
|
-
"bs58": "^6.0.0",
|
|
32
23
|
"cors": "^2.8.5",
|
|
33
24
|
"dotenv": "^16.4.5",
|
|
34
25
|
"eventsource": "^3.0.6",
|
|
@@ -77,5 +68,12 @@
|
|
|
77
68
|
"./dist/server/*.d.ts"
|
|
78
69
|
]
|
|
79
70
|
}
|
|
71
|
+
},
|
|
72
|
+
"scripts": {
|
|
73
|
+
"build": "tsc",
|
|
74
|
+
"build:types": "tsc --emitDeclarationOnly",
|
|
75
|
+
"test": "jest",
|
|
76
|
+
"test:watch": "jest --watch",
|
|
77
|
+
"start-server": "ts-node src/server/start.ts"
|
|
80
78
|
}
|
|
81
|
-
}
|
|
79
|
+
}
|