@dereekb/nestjs 13.10.8 → 13.10.9

package/index.cjs.js

@@ -1307,6 +1307,794 @@ var ENCRYPTED_FIELD_KEY_LENGTH = 32;
     return result;
 }
 
+function _array_like_to_array(arr, len) {
+    if (len == null || len > arr.length) len = arr.length;
+    for(var i = 0, arr2 = new Array(len); i < len; i++)arr2[i] = arr[i];
+    return arr2;
+}
+function _array_with_holes(arr) {
+    if (Array.isArray(arr)) return arr;
+}
+function _iterable_to_array_limit(arr, i) {
+    var _i = arr == null ? null : typeof Symbol !== "undefined" && arr[Symbol.iterator] || arr["@@iterator"];
+    if (_i == null) return;
+    var _arr = [];
+    var _n = true;
+    var _d = false;
+    var _s, _e;
+    try {
+        for(_i = _i.call(arr); !(_n = (_s = _i.next()).done); _n = true){
+            _arr.push(_s.value);
+            if (i && _arr.length === i) break;
+        }
+    } catch (err) {
+        _d = true;
+        _e = err;
+    } finally{
+        try {
+            if (!_n && _i["return"] != null) _i["return"]();
+        } finally{
+            if (_d) throw _e;
+        }
+    }
+    return _arr;
+}
+function _non_iterable_rest() {
+    throw new TypeError("Invalid attempt to destructure non-iterable instance.\\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.");
+}
+function _sliced_to_array(arr, i) {
+    return _array_with_holes(arr) || _iterable_to_array_limit(arr, i) || _unsupported_iterable_to_array(arr, i) || _non_iterable_rest();
+}
+function _unsupported_iterable_to_array(o, minLen) {
+    if (!o) return;
+    if (typeof o === "string") return _array_like_to_array(o, minLen);
+    var n = Object.prototype.toString.call(o).slice(8, -1);
+    if (n === "Object" && o.constructor) n = o.constructor.name;
+    if (n === "Map" || n === "Set") return Array.from(n);
+    if (n === "Arguments" || /^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n)) return _array_like_to_array(o, minLen);
+}
+/**
+ * 32-byte password padding string defined by ISO 32000 §7.6.3.3 (Algorithm 2).
+ * Used to pad short or empty user/owner passwords for the standard security handler.
+ */ var PDF_PASSWORD_PADDING = Buffer.from([
+    0x28,
+    0xbf,
+    0x4e,
+    0x5e,
+    0x4e,
+    0x75,
+    0x8a,
+    0x41,
+    0x64,
+    0x00,
+    0x4e,
+    0x56,
+    0xff,
+    0xfa,
+    0x01,
+    0x08,
+    0x2e,
+    0x2e,
+    0x00,
+    0xb6,
+    0xd0,
+    0x68,
+    0x3e,
+    0x80,
+    0x2f,
+    0x0c,
+    0xa9,
+    0xfe,
+    0x64,
+    0x53,
+    0x69,
+    0x7a
+]);
+/**
+ * Detects whether a PDF is unencrypted, write-protected (openable without a password
+ * but restricted from editing/printing), or fully encrypted (requires a password to open).
+ *
+ * Implements the user-password validation algorithms from ISO 32000-1 §7.6.3 (R≤4) and
+ * ISO 32000-2 §7.6.4.4 (R=5/6) using only the empty password. If the empty password
+ * validates successfully, the PDF is openable by anyone and only its modify/print/copy
+ * permissions are restricted; otherwise a non-empty user password is required.
+ *
+ * Supported security handlers:
+ * - Standard security handler, R=2,3,4 (RC4-40, RC4-128, AES-128 with crypt filters).
+ * - Standard security handler, R=5 (AES-256, deprecated Adobe extension).
+ * - Standard security handler, R=6 (AES-256, ISO 32000-2 / PDF 2.0).
+ *
+ * Unrecognised security handlers (e.g. PubSec, custom handlers) return
+ * `unknown_encrypted` so callers can choose whether to treat them as fully encrypted.
+ *
+ * Lives in `@dereekb/nestjs` (rather than `@dereekb/util`) because it uses Node's
+ * built-in `node:crypto` module, which isn't available in the browser.
+ *
+ * @example
+ * ```ts
+ * const status = detectPdfEncryption(buffer);
+ *
+ * if (status === 'fully_encrypted') {
+ *   throw new Error('PDF requires a password to open.');
+ * }
+ * if (status === 'write_protected_only') {
+ *   // Safe to read, but not to mutate without the owner password.
+ * }
+ * ```
+ *
+ * @param buffer - PDF file contents.
+ * @returns The encryption status of the PDF.
+ */ function detectPdfEncryption(buffer) {
+    var result = 'unknown_encrypted';
+    var encryptIndex = findEncryptKeywordIndex(buffer);
+    if (encryptIndex < 0) {
+        result = 'none';
+    } else {
+        var dict = extractEncryptionDictionary(buffer, encryptIndex);
+        var info = dict ? parseEncryptionInfo(dict) : null;
+        if ((info === null || info === void 0 ? void 0 : info.filter) === 'Standard') {
+            var opensWithEmptyPassword = checkStandardHandlerEmptyPassword(info, buffer);
+            if (opensWithEmptyPassword !== null) {
+                result = opensWithEmptyPassword ? 'write_protected_only' : 'fully_encrypted';
+            }
+        }
+    }
+    return result;
+}
+function checkStandardHandlerEmptyPassword(info, buffer) {
+    var result = null;
+    if (info.R >= 2 && info.R <= 4) {
+        var fileId = extractFirstFileId(buffer);
+        if (fileId && info.O.length >= 32 && info.U.length >= 32) {
+            result = validateEmptyPasswordR2to4(info, fileId);
+        }
+    } else if (info.R === 5 && info.U.length >= 48) {
+        result = validateEmptyPasswordR5(info);
+    } else if (info.R === 6 && info.U.length >= 48) {
+        result = validateEmptyPasswordR6(info);
+    }
+    return result;
+}
+function isPdfWhitespaceByte(b) {
+    return b === 0x00 || b === 0x09 || b === 0x0a || b === 0x0c || b === 0x0d || b === 0x20;
+}
+function isPdfDelimiterByte(b) {
+    return b === 0x28 || b === 0x29 || b === 0x3c || b === 0x3e || b === 0x5b || b === 0x5d || b === 0x7b || b === 0x7d || b === 0x2f || b === 0x25;
+}
+function isPdfWhitespaceOrDelimiter(b) {
+    return isPdfWhitespaceByte(b) || isPdfDelimiterByte(b);
+}
+function skipPdfWhitespaceAndComments(buffer, start) {
+    var i = start;
+    while(i < buffer.length){
+        var b = buffer[i];
+        if (isPdfWhitespaceByte(b)) {
+            i++;
+        } else if (b === 0x25 /* % */ ) {
+            while(i < buffer.length && buffer[i] !== 0x0a && buffer[i] !== 0x0d)i++;
+        } else {
+            break;
+        }
+    }
+    return i;
+}
+function skipPdfLiteralString(buffer, start) {
+    var depth = 1;
+    var i = start + 1;
+    while(i < buffer.length && depth > 0){
+        var b = buffer[i];
+        if (b === 0x5c /* \ */ ) {
+            i += 2;
+        } else if (b === 0x28 /* ( */ ) {
+            depth++;
+            i++;
+        } else if (b === 0x29 /* ) */ ) {
+            depth--;
+            i++;
+        } else {
+            i++;
+        }
+    }
+    return i;
+}
+function skipPdfHexString(buffer, start) {
+    var i = start + 1;
+    while(i < buffer.length && buffer[i] !== 0x3e /* > */ )i++;
+    return i < buffer.length ? i + 1 : i;
+}
+function findDictEnd(buffer, start) {
+    var depth = 1;
+    var i = start;
+    var endIndex = -1;
+    while(i < buffer.length && endIndex < 0){
+        var b = buffer[i];
+        if (b === 0x3c && buffer[i + 1] === 0x3c) {
+            depth++;
+            i += 2;
+        } else if (b === 0x3e && buffer[i + 1] === 0x3e) {
+            depth--;
+            if (depth === 0) {
+                endIndex = i;
+            } else {
+                i += 2;
+            }
+        } else if (b === 0x28) {
+            i = skipPdfLiteralString(buffer, i);
+        } else if (b === 0x3c) {
+            i = skipPdfHexString(buffer, i);
+        } else if (b === 0x25) {
+            while(i < buffer.length && buffer[i] !== 0x0a && buffer[i] !== 0x0d)i++;
+        } else {
+            i++;
+        }
+    }
+    return endIndex >= 0 ? endIndex : i;
+}
+function decodePdfLiteralString(content) {
+    var out = [];
+    var i = 0;
+    while(i < content.length){
+        var b = content[i];
+        if (b !== 0x5c /* \ */ ) {
+            out.push(b);
+            i++;
+            continue;
+        }
+        i++;
+        if (i >= content.length) break;
+        var c = content[i];
+        if (c >= 0x30 && c <= 0x37) {
+            var oct = c - 0x30;
+            i++;
+            if (i < content.length && content[i] >= 0x30 && content[i] <= 0x37) {
+                oct = oct * 8 + (content[i] - 0x30);
+                i++;
+                if (i < content.length && content[i] >= 0x30 && content[i] <= 0x37) {
+                    oct = oct * 8 + (content[i] - 0x30);
+                    i++;
+                }
+            }
+            out.push(oct & 0xff);
+        } else if (c === 0x6e /* n */ ) {
+            out.push(0x0a);
+            i++;
+        } else if (c === 0x72 /* r */ ) {
+            out.push(0x0d);
+            i++;
+        } else if (c === 0x74 /* t */ ) {
+            out.push(0x09);
+            i++;
+        } else if (c === 0x62 /* b */ ) {
+            out.push(0x08);
+            i++;
+        } else if (c === 0x66 /* f */ ) {
+            out.push(0x0c);
+            i++;
+        } else if (c === 0x0a) {
+            i++;
+        } else if (c === 0x0d) {
+            i++;
+            if (i < content.length && content[i] === 0x0a) i++;
+        } else {
+            out.push(c);
+            i++;
+        }
+    }
+    return Buffer.from(out);
+}
+function decodePdfHexString(content) {
+    var hex = [];
+    var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
+    try {
+        for(var _iterator = content[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
+            var b = _step.value;
+            if (isPdfWhitespaceByte(b)) continue;
+            if (b >= 0x30 && b <= 0x39 || b >= 0x41 && b <= 0x46 || b >= 0x61 && b <= 0x66) hex.push(b);
+        }
+    } catch (err) {
+        _didIteratorError = true;
+        _iteratorError = err;
+    } finally{
+        try {
+            if (!_iteratorNormalCompletion && _iterator.return != null) {
+                _iterator.return();
+            }
+        } finally{
+            if (_didIteratorError) {
+                throw _iteratorError;
+            }
+        }
+    }
+    if (hex.length % 2 === 1) hex.push(0x30);
+    var out = Buffer.alloc(hex.length / 2);
+    for(var i = 0; i < out.length; i++){
+        out[i] = parseInt(String.fromCharCode(hex[i * 2], hex[i * 2 + 1]), 16);
+    }
+    return out;
+}
+function readPdfNumber(buffer, start) {
+    var i = start;
+    while(i < buffer.length && !isPdfWhitespaceOrDelimiter(buffer[i]))i++;
+    var result = null;
+    if (i > start) {
+        var text = buffer.toString('latin1', start, i);
+        var value = Number(text);
+        if (!Number.isNaN(value)) {
+            result = {
+                value: value,
+                end: i
+            };
+        }
+    }
+    return result;
+}
+function parsePdfDict(buffer, dictStart) {
+    // dictStart is the byte after `<<`.
+    var entries = new Map();
+    var i = skipPdfWhitespaceAndComments(buffer, dictStart);
+    var result = null;
+    var aborted = false;
+    while(i < buffer.length && !aborted && result === null){
+        if (buffer[i] === 0x3e && buffer[i + 1] === 0x3e) {
+            result = {
+                entries: entries,
+                end: i + 2
+            };
+        } else if (buffer[i] !== 0x2f /* / */ ) {
+            aborted = true;
+        } else {
+            var nameStart = i + 1;
+            var nameEnd = nameStart;
+            while(nameEnd < buffer.length && !isPdfWhitespaceOrDelimiter(buffer[nameEnd]))nameEnd++;
+            var name = buffer.toString('latin1', nameStart, nameEnd);
+            i = skipPdfWhitespaceAndComments(buffer, nameEnd);
+            if (i >= buffer.length) {
+                aborted = true;
+            } else {
+                var valueResult = readPdfValue(buffer, i);
+                if (!valueResult) {
+                    aborted = true;
+                } else {
+                    entries.set(name, valueResult.entry);
+                    i = skipPdfWhitespaceAndComments(buffer, valueResult.end);
+                }
+            }
+        }
+    }
+    return result;
+}
+function readPdfValue(buffer, start) {
+    var b = buffer[start];
+    var result;
+    if (b === 0x3c && buffer[start + 1] === 0x3c) {
+        result = readPdfDictValue(buffer, start);
+    } else if (b === 0x3c) {
+        result = readPdfHexStringValue(buffer, start);
+    } else if (b === 0x28) {
+        result = readPdfLiteralStringValue(buffer, start);
+    } else if (b === 0x5b /* [ */ ) {
+        result = readPdfArrayValue(buffer, start);
+    } else if (b === 0x2f /* / */ ) {
+        result = readPdfNameValue(buffer, start);
+    } else {
+        result = readPdfTokenOrRefValue(buffer, start);
+    }
+    return result;
+}
+function readPdfDictValue(buffer, start) {
+    var dictEnd = findDictEnd(buffer, start + 2);
+    var end = dictEnd < buffer.length && buffer[dictEnd] === 0x3e && buffer[dictEnd + 1] === 0x3e ? dictEnd + 2 : dictEnd;
+    return {
+        entry: {
+            type: 'dict',
+            raw: buffer.subarray(start, end)
+        },
+        end: end
+    };
+}
+function readPdfHexStringValue(buffer, start) {
+    var end = skipPdfHexString(buffer, start);
+    return {
+        entry: {
+            type: 'string',
+            raw: decodePdfHexString(buffer.subarray(start + 1, end - 1))
+        },
+        end: end
+    };
+}
+function readPdfLiteralStringValue(buffer, start) {
+    var end = skipPdfLiteralString(buffer, start);
+    return {
+        entry: {
+            type: 'string',
+            raw: decodePdfLiteralString(buffer.subarray(start + 1, end - 1))
+        },
+        end: end
+    };
+}
+function readPdfArrayValue(buffer, start) {
+    var depth = 1;
+    var i = start + 1;
+    while(i < buffer.length && depth > 0){
+        var c = buffer[i];
+        if (c === 0x5b) {
+            depth++;
+            i++;
+        } else if (c === 0x5d) {
+            depth--;
+            i++;
+        } else if (c === 0x28) {
+            i = skipPdfLiteralString(buffer, i);
+        } else if (c === 0x3c && buffer[i + 1] === 0x3c) {
+            var e = findDictEnd(buffer, i + 2);
+            i = e < buffer.length && buffer[e] === 0x3e && buffer[e + 1] === 0x3e ? e + 2 : e;
+        } else if (c === 0x3c) {
+            i = skipPdfHexString(buffer, i);
+        } else if (c === 0x25) {
+            while(i < buffer.length && buffer[i] !== 0x0a && buffer[i] !== 0x0d)i++;
+        } else {
+            i++;
+        }
+    }
+    return {
+        entry: {
+            type: 'array',
+            raw: buffer.subarray(start, i)
+        },
+        end: i
+    };
+}
+function readPdfNameValue(buffer, start) {
+    var i = start + 1;
+    while(i < buffer.length && !isPdfWhitespaceOrDelimiter(buffer[i]))i++;
+    return {
+        entry: {
+            type: 'name',
+            raw: buffer.subarray(start + 1, i)
+        },
+        end: i
+    };
+}
+function readPdfTokenOrRefValue(buffer, start) {
+    // Number, boolean, null, or indirect reference like `12 0 R`.
+    var i = start;
+    while(i < buffer.length && !isPdfWhitespaceOrDelimiter(buffer[i]))i++;
+    var tokenEnd = i;
+    var token = buffer.toString('latin1', start, tokenEnd);
+    var referenceEnd = readIndirectReferenceEnd(buffer, tokenEnd);
+    var result;
+    if (referenceEnd !== null) {
+        result = {
+            entry: {
+                type: 'ref',
+                raw: buffer.subarray(start, referenceEnd)
+            },
+            end: referenceEnd
+        };
+    } else if (token === 'true' || token === 'false') {
+        result = {
+            entry: {
+                type: 'boolean',
+                raw: buffer.subarray(start, tokenEnd)
+            },
+            end: tokenEnd
+        };
+    } else if (token === 'null') {
+        result = {
+            entry: {
+                type: 'null',
+                raw: buffer.subarray(start, tokenEnd)
+            },
+            end: tokenEnd
+        };
+    } else {
+        result = {
+            entry: {
+                type: 'number',
+                raw: buffer.subarray(start, tokenEnd)
+            },
+            end: tokenEnd
+        };
+    }
+    return result;
+}
+function readIndirectReferenceEnd(buffer, tokenEnd) {
+    // Probe ahead for `GEN R` after a leading object number to detect `N G R`.
+    var result = null;
+    var probe = skipPdfWhitespaceAndComments(buffer, tokenEnd);
+    if (probe < buffer.length) {
+        var c = buffer[probe];
+        if (c >= 0x30 && c <= 0x39) {
+            var secondEnd = probe;
+            while(secondEnd < buffer.length && !isPdfWhitespaceOrDelimiter(buffer[secondEnd]))secondEnd++;
+            var probe2 = skipPdfWhitespaceAndComments(buffer, secondEnd);
+            if (probe2 < buffer.length && buffer[probe2] === 0x52 /* R */  && (probe2 + 1 === buffer.length || isPdfWhitespaceOrDelimiter(buffer[probe2 + 1]))) {
+                result = probe2 + 1;
+            }
+        }
+    }
+    return result;
+}
+function findEncryptKeywordIndex(buffer) {
+    var marker = util.PDF_ENCRYPT_MARKER;
+    var last = -1;
+    var pos = 0;
+    while(true){
+        var found = buffer.indexOf(marker, pos);
+        if (found < 0) break;
+        var next = buffer[found + marker.length];
+        // Avoid matching `/EncryptMetadata` (a different name).
+        var isAlpha = next >= 0x41 && next <= 0x5a || next >= 0x61 && next <= 0x7a;
+        if (!isAlpha) last = found;
+        pos = found + marker.length;
+    }
+    return last;
+}
+function extractEncryptionDictionary(buffer, encryptIndex) {
+    var result = null;
+    var i = encryptIndex + util.PDF_ENCRYPT_MARKER.length;
+    i = skipPdfWhitespaceAndComments(buffer, i);
+    if (i < buffer.length) {
+        if (buffer[i] === 0x3c && buffer[i + 1] === 0x3c) {
+            // Inline dictionary.
+            var dictEnd = findDictEnd(buffer, i + 2);
+            result = buffer.subarray(i, dictEnd + 2);
+        } else {
+            // Indirect reference: `N G R`.
+            result = resolveIndirectEncryptionDictionary(buffer, i);
+        }
+    }
+    return result;
+}
+function resolveIndirectEncryptionDictionary(buffer, start) {
+    var result = null;
+    var numResult = readPdfNumber(buffer, start);
+    if (numResult) {
+        var afterFirst = skipPdfWhitespaceAndComments(buffer, numResult.end);
+        var genResult = readPdfNumber(buffer, afterFirst);
+        if (genResult) {
+            var afterSecond = skipPdfWhitespaceAndComments(buffer, genResult.end);
+            if (buffer[afterSecond] === 0x52 /* R */ ) {
+                var objStart = findIndirectObjectStart(buffer, numResult.value, genResult.value);
+                if (objStart >= 0) {
+                    var dictStart = buffer.indexOf('<<', objStart);
+                    if (dictStart >= 0) {
+                        var dictEnd = findDictEnd(buffer, dictStart + 2);
+                        result = buffer.subarray(dictStart, dictEnd + 2);
+                    }
+                }
+            }
+        }
+    }
+    return result;
+}
+function findIndirectObjectStart(buffer, objNum, objGen) {
+    var text = buffer.toString('latin1');
+    var re = new RegExp("(?:^|[\\r\\n\\s])".concat(objNum, "\\s+").concat(objGen, "\\s+obj\\b"));
+    var match = re.exec(text);
+    return match ? match.index + match[0].length : -1;
+}
+function parseEncryptionInfo(dictBuffer) {
+    // `dictBuffer` is the full `<< ... >>`; pass the body to parsePdfDict.
+    var result = null;
+    var isDict = dictBuffer.length >= 4 && dictBuffer[0] === 0x3c && dictBuffer[1] === 0x3c;
+    var parsed = isDict ? parsePdfDict(dictBuffer, 2) : null;
+    if (parsed) {
+        var _readNameValue, _readNumberValue, _readNumberValue1, _readNumberValue2, _readStringValue, _readStringValue1, _readNumberValue3, _readBooleanValue;
+        var entries = parsed.entries;
+        var filter = (_readNameValue = readNameValue(entries.get('Filter'))) !== null && _readNameValue !== void 0 ? _readNameValue : '';
+        var V = (_readNumberValue = readNumberValue(entries.get('V'))) !== null && _readNumberValue !== void 0 ? _readNumberValue : 0;
+        var R = (_readNumberValue1 = readNumberValue(entries.get('R'))) !== null && _readNumberValue1 !== void 0 ? _readNumberValue1 : 0;
+        var Length = (_readNumberValue2 = readNumberValue(entries.get('Length'))) !== null && _readNumberValue2 !== void 0 ? _readNumberValue2 : V >= 5 ? 256 : 40;
+        var O = (_readStringValue = readStringValue(entries.get('O'))) !== null && _readStringValue !== void 0 ? _readStringValue : Buffer.alloc(0);
+        var U = (_readStringValue1 = readStringValue(entries.get('U'))) !== null && _readStringValue1 !== void 0 ? _readStringValue1 : Buffer.alloc(0);
+        var P = (_readNumberValue3 = readNumberValue(entries.get('P'))) !== null && _readNumberValue3 !== void 0 ? _readNumberValue3 : 0;
+        var encryptMetadataEntry = entries.get('EncryptMetadata');
+        var encryptMetadata = encryptMetadataEntry ? (_readBooleanValue = readBooleanValue(encryptMetadataEntry)) !== null && _readBooleanValue !== void 0 ? _readBooleanValue : true : true;
+        if (R !== 0 && V !== 0) {
+            result = {
+                filter: filter,
+                V: V,
+                R: R,
+                Length: Length,
+                O: O,
+                U: U,
+                P: P,
+                encryptMetadata: encryptMetadata
+            };
+        }
+    }
+    return result;
+}
+function readNumberValue(entry) {
+    var result = null;
+    if ((entry === null || entry === void 0 ? void 0 : entry.type) === 'number') {
+        var value = Number(entry.raw.toString('latin1'));
+        if (!Number.isNaN(value)) {
+            result = value;
+        }
+    }
+    return result;
+}
+function readNameValue(entry) {
+    return (entry === null || entry === void 0 ? void 0 : entry.type) === 'name' ? entry.raw.toString('latin1') : null;
+}
+function readStringValue(entry) {
+    return (entry === null || entry === void 0 ? void 0 : entry.type) === 'string' ? entry.raw : null;
+}
+function readBooleanValue(entry) {
+    return entry.type === 'boolean' ? entry.raw.toString('latin1') === 'true' : null;
+}
+function extractFirstFileId(buffer) {
+    // The /ID array lives in the trailer or the cross-reference stream dictionary.
+    // Walk the buffer right-to-left to find the most recent /ID array.
+    var result = null;
+    var pos = buffer.length;
+    var done = false;
+    while(pos > 0 && !done){
+        var found = buffer.lastIndexOf('/ID', pos);
+        if (found < 0) {
+            done = true;
+        } else {
+            var after = found + 3;
+            var isExactName = after >= buffer.length || isPdfWhitespaceOrDelimiter(buffer[after]);
+            if (isExactName) {
+                var i = skipPdfWhitespaceAndComments(buffer, after);
+                if (buffer[i] === 0x5b /* [ */ ) {
+                    i = skipPdfWhitespaceAndComments(buffer, i + 1);
+                    var valueResult = readPdfValue(buffer, i);
+                    if ((valueResult === null || valueResult === void 0 ? void 0 : valueResult.entry.type) === 'string') {
+                        result = valueResult.entry.raw;
+                        done = true;
+                    }
+                }
+            }
+            if (!done) {
+                pos = found - 1;
+            }
+        }
+    }
+    return result;
+}
+// MARK: Standard security handler — empty-password validation
+function rc4(key, data) {
+    var S = new Uint8Array(256);
+    for(var i = 0; i < 256; i++)S[i] = i;
+    var j = 0;
+    for(var i1 = 0; i1 < 256; i1++){
+        j = j + S[i1] + key[i1 % key.length] & 0xff;
+        var t = S[i1];
+        S[i1] = S[j];
+        S[j] = t;
+    }
+    var out = Buffer.alloc(data.length);
+    var ii = 0;
+    var jj = 0;
+    var _iteratorNormalCompletion = true, _didIteratorError = false, _iteratorError = undefined;
+    try {
+        for(var _iterator = data.entries()[Symbol.iterator](), _step; !(_iteratorNormalCompletion = (_step = _iterator.next()).done); _iteratorNormalCompletion = true){
+            var _step_value = _sliced_to_array(_step.value, 2), n = _step_value[0], byte = _step_value[1];
+            ii = ii + 1 & 0xff;
+            jj = jj + S[ii] & 0xff;
+            var t1 = S[ii];
+            S[ii] = S[jj];
+            S[jj] = t1;
+            out[n] = byte ^ S[S[ii] + S[jj] & 0xff];
+        }
+    } catch (err) {
+        _didIteratorError = true;
+        _iteratorError = err;
+    } finally{
+        try {
+            if (!_iteratorNormalCompletion && _iterator.return != null) {
+                _iterator.return();
+            }
+        } finally{
+            if (_didIteratorError) {
+                throw _iteratorError;
+            }
+        }
+    }
+    return out;
+}
+function computeFileEncryptionKeyR2to4(info, password, fileId) {
+    var padded = Buffer.alloc(32);
+    password.copy(padded, 0, 0, Math.min(password.length, 32));
+    if (password.length < 32) PDF_PASSWORD_PADDING.copy(padded, password.length, 0, 32 - password.length);
+    var md5 = node_crypto.createHash('md5');
+    md5.update(padded);
+    md5.update(info.O);
+    var pBytes = Buffer.alloc(4);
+    pBytes.writeInt32LE(info.P | 0, 0);
+    md5.update(pBytes);
+    md5.update(fileId);
+    if (info.R >= 4 && !info.encryptMetadata) md5.update(Buffer.from([
+        0xff,
+        0xff,
+        0xff,
+        0xff
+    ]));
+    var key = md5.digest();
+    var keyBytes = Math.min(Math.floor(info.Length / 8), key.length);
+    if (info.R >= 3) {
+        for(var i = 0; i < 50; i++){
+            key = node_crypto.createHash('md5').update(key.subarray(0, keyBytes)).digest();
+        }
+    }
+    return key.subarray(0, keyBytes);
+}
+function validateEmptyPasswordR2to4(info, fileId) {
+    var password = Buffer.alloc(0);
+    var key = computeFileEncryptionKeyR2to4(info, password, fileId);
+    var matches;
+    if (info.R === 2) {
+        var expected = rc4(key, PDF_PASSWORD_PADDING);
+        matches = constantTimeEquals(expected, info.U.subarray(0, 32));
+    } else {
+        var computed = node_crypto.createHash('md5').update(PDF_PASSWORD_PADDING).update(fileId).digest();
+        computed = rc4(key, computed);
+        for(var i = 1; i <= 19; i++){
+            var xorKey = Buffer.alloc(key.length);
+            for(var j = 0; j < key.length; j++)xorKey[j] = key[j] ^ i;
+            computed = rc4(xorKey, computed);
+        }
+        matches = constantTimeEquals(computed, info.U.subarray(0, 16));
+    }
+    return matches;
+}
+function validateEmptyPasswordR5(info) {
+    var validationSalt = info.U.subarray(32, 40);
+    var computed = node_crypto.createHash('sha256').update(validationSalt).digest();
+    return constantTimeEquals(computed, info.U.subarray(0, 32));
+}
+function validateEmptyPasswordR6(info) {
+    var validationSalt = info.U.subarray(32, 40);
+    var password = Buffer.alloc(0);
+    var computed = pdfAlgorithm2B(Buffer.concat([
+        password,
+        validationSalt
+    ]), password, Buffer.alloc(0));
+    return constantTimeEquals(computed, info.U.subarray(0, 32));
+}
+function pdfAlgorithm2B(input, password, userKey) {
+    var K = node_crypto.createHash('sha256').update(input).digest();
+    var round = 0;
+    var lastE = Buffer.alloc(0);
+    while(true){
+        var part = Buffer.concat([
+            password,
+            K,
+            userKey
+        ]);
+        var K1 = Buffer.alloc(part.length * 64);
+        for(var i = 0; i < 64; i++)part.copy(K1, i * part.length);
+        var cipher = node_crypto.createCipheriv('aes-128-cbc', K.subarray(0, 16), K.subarray(16, 32));
+        cipher.setAutoPadding(false);
+        var E = Buffer.concat([
+            cipher.update(K1),
+            cipher.final()
+        ]);
+        lastE = E;
+        var n = 0;
+        for(var i1 = 0; i1 < 16; i1++)n = (n * 256 + E[i1]) % 3;
+        if (n === 0) K = node_crypto.createHash('sha256').update(E).digest();
+        else if (n === 1) K = node_crypto.createHash('sha384').update(E).digest();
+        else K = node_crypto.createHash('sha512').update(E).digest();
+        round++;
+        if (round >= 64 && lastE[lastE.length - 1] <= round - 32) break;
+    }
+    return K.subarray(0, 32);
+}
+function constantTimeEquals(a, b) {
+    var result = false;
+    if (a.length === b.length) {
+        var diff = 0;
+        for(var i = 0; i < a.length; i++)diff |= a[i] ^ b[i];
+        result = diff === 0;
+    }
+    return result;
+}
+
 exports.AppModuleWithWebhooksEnabled = AppModuleWithWebhooksEnabled;
 exports.CLIENT_WEB_APP_URL_ENV_VAR = CLIENT_WEB_APP_URL_ENV_VAR;
 exports.ClientAppServiceConfig = ClientAppServiceConfig;
@@ -1327,6 +2115,7 @@ exports.consumeWebhooksWithRawBodyMiddleware = consumeWebhooksWithRawBodyMiddlew
 exports.createAES256GCMEncryption = createAES256GCMEncryption;
 exports.createAesStringEncryptionProvider = createAesStringEncryptionProvider;
 exports.decryptValue = decryptValue;
+exports.detectPdfEncryption = detectPdfEncryption;
 exports.encryptValue = encryptValue;
 exports.injectionTokensFromProviders = injectionTokensFromProviders;
 exports.isLocalhost = isLocalhost;