@dp-pcs/ogp 0.8.1 → 0.8.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contribution-signing.d.ts","sourceRoot":"","sources":["../../src/daemon/contribution-signing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;
|
|
1
|
+
{"version":3,"file":"contribution-signing.d.ts","sourceRoot":"","sources":["../../src/daemon/contribution-signing.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,mBAAmB,EAAE,cAAc,EAAE,MAAM,eAAe,CAAC;AAoBzE,4DAA4D;AAC5D,MAAM,WAAW,qBAAqB;IACpC,EAAE,EAAE,MAAM,CAAC;IACX,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,mFAAmF;AACnF,MAAM,WAAW,sBAAsB;IACrC,EAAE,EAAE,MAAM,CAAC;IACX,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,SAAS,EAAE,MAAM,CAAC;CACnB;AAED,MAAM,WAAW,WAAW;IAC1B,SAAS,EAAE,MAAM,CAAC;IAClB,QAAQ,EAAE,MAAM,CAAC;IACjB,SAAS,EAAE,MAAM,CAAC;IAClB,OAAO,EAAE,MAAM,CAAC;IAChB,QAAQ,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;IAC/B,cAAc,CAAC,EAAE,cAAc,CAAC;CACjC;AAED,MAAM,WAAW,aAAa;IAC5B,EAAE,EAAE,OAAO,CAAC;IACZ,MAAM,CAAC,EAAE,MAAM,CAAC;IAChB,MAAM,CAAC,EAAE,mBAAmB,CAAC;CAC9B;AAED;;;GAGG;AACH,wBAAgB,uBAAuB,CACrC,MAAM,EAAE,WAAW,EACnB,aAAa,EAAE,MAAM,GACpB;IAAE,MAAM,EAAE,mBAAmB,CAAC;IAAC,IAAI,EAAE,sBAAsB,CAAA;CAAE,CAoC/D;AAED;;;;;;GAMG;AACH,wBAAgB,wBAAwB,CACtC,IAAI,EAAE,sBAAsB,GAAG,SAAS,GAAG,IAAI,EAC/C,gBAAgB,CAAC,EAAE,MAAM,EACzB,iBAAiB,CAAC,EAAE,MAAM,GACzB,aAAa,CA6Cf"}
|
|
@@ -1,5 +1,15 @@
|
|
|
1
1
|
import { ulid } from 'ulid';
|
|
2
2
|
import { signCanonical, verifyCanonical } from '../shared/signing.js';
|
|
3
|
+
// Peers are identified by a 32-char public-key prefix (BUILD-111). The federation
|
|
4
|
+
// transport sets message.from to this prefix, while a signed contribution's authorId
|
|
5
|
+
// is the full SPKI hex key. Normalize both to this canonical form before comparing
|
|
6
|
+
// sender identity. Kept as a local constant (must equal CANONICAL_PEER_ID_LENGTH in
|
|
7
|
+
// peers.ts) to avoid coupling this signing module to the peer store for one number;
|
|
8
|
+
// the comment is the guard against silent drift if peers.ts ever changes the length.
|
|
9
|
+
const CANONICAL_PEER_ID_LENGTH = 32;
|
|
10
|
+
function canonicalPeerId(key) {
|
|
11
|
+
return key.length > CANONICAL_PEER_ID_LENGTH ? key.substring(0, CANONICAL_PEER_ID_LENGTH) : key;
|
|
12
|
+
}
|
|
3
13
|
/**
|
|
4
14
|
* Contributions are durable artifacts, not ephemeral handshake messages, so we
|
|
5
15
|
* disable verifyCanonical's default 5-minute max-age check by passing an
|
|
@@ -69,7 +79,8 @@ export function verifySignedContribution(wire, expectedSenderId, expectedProject
|
|
|
69
79
|
const vr = verifyCanonical({ payloadStr, signature }, canonical.authorId, { maxAgeMs: CONTRIBUTION_MAX_AGE_MS });
|
|
70
80
|
if (!vr.ok)
|
|
71
81
|
return { ok: false, reason: vr.reason ?? 'bad-signature' };
|
|
72
|
-
if (expectedSenderId !== undefined &&
|
|
82
|
+
if (expectedSenderId !== undefined &&
|
|
83
|
+
canonicalPeerId(canonical.authorId) !== canonicalPeerId(expectedSenderId)) {
|
|
73
84
|
return { ok: false, reason: 'sender-mismatch' };
|
|
74
85
|
}
|
|
75
86
|
if (expectedProjectId !== undefined && canonical.projectId !== expectedProjectId) {
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"contribution-signing.js","sourceRoot":"","sources":["../../src/daemon/contribution-signing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGtE;;;;GAIG;AACH,MAAM,uBAAuB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AAqCxD;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAmB,EACnB,aAAqB;IAErB,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC;IAClB,MAAM,SAAS,GAA0B;QACvC,EAAE;QACF,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;KAC3C,CAAC;IAE3B,MAAM,GAAG,GAAG,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,iDAAiD;IACtG,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;IAExC,MAAM,MAAM,GAAwB;QAClC,EAAE;QACF,SAAS;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,SAAS;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,QAAQ,EAAE,IAAI;KACf,CAAC;IAEF,MAAM,IAAI,GAA2B;QACnC,EAAE;QACF,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS;QACT,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAA+C,EAC/C,gBAAyB,EACzB,iBAA0B;IAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC5F,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACvC,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAErF,IAAI,SAAgC,CAAC;IACrC,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA0B,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACjE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,EAAE,GAAG,eAAe,CACxB,EAAE,UAAU,EAAE,SAAS,EAAE,EACzB,SAAS,CAAC,QAAQ,EAClB,EAAE,QAAQ,EAAE,uBAAuB,EAAE,CACtC,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;IAEvE,
|
|
1
|
+
{"version":3,"file":"contribution-signing.js","sourceRoot":"","sources":["../../src/daemon/contribution-signing.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,IAAI,EAAE,MAAM,MAAM,CAAC;AAC5B,OAAO,EAAE,aAAa,EAAE,eAAe,EAAE,MAAM,sBAAsB,CAAC;AAGtE,kFAAkF;AAClF,qFAAqF;AACrF,mFAAmF;AACnF,oFAAoF;AACpF,oFAAoF;AACpF,qFAAqF;AACrF,MAAM,wBAAwB,GAAG,EAAE,CAAC;AACpC,SAAS,eAAe,CAAC,GAAW;IAClC,OAAO,GAAG,CAAC,MAAM,GAAG,wBAAwB,CAAC,CAAC,CAAC,GAAG,CAAC,SAAS,CAAC,CAAC,EAAE,wBAAwB,CAAC,CAAC,CAAC,CAAC,GAAG,CAAC;AAClG,CAAC;AAED;;;;GAIG;AACH,MAAM,uBAAuB,GAAG,MAAM,CAAC,gBAAgB,CAAC;AAqCxD;;;GAGG;AACH,MAAM,UAAU,uBAAuB,CACrC,MAAmB,EACnB,aAAqB;IAErB,MAAM,EAAE,GAAG,IAAI,EAAE,CAAC;IAClB,MAAM,SAAS,GAA0B;QACvC,EAAE;QACF,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,GAAG,CAAC,MAAM,CAAC,QAAQ,KAAK,SAAS,IAAI,EAAE,QAAQ,EAAE,MAAM,CAAC,QAAQ,EAAE,CAAC;KAC3C,CAAC;IAE3B,MAAM,GAAG,GAAG,aAAa,CAAC,SAAS,EAAE,aAAa,CAAC,CAAC,CAAC,iDAAiD;IACtG,MAAM,SAAS,GAAG,GAAG,CAAC,OAAO,CAAC,SAAS,CAAC;IAExC,MAAM,MAAM,GAAwB;QAClC,EAAE;QACF,SAAS;QACT,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,cAAc,EAAE,MAAM,CAAC,cAAc;QACrC,SAAS,EAAE,MAAM,CAAC,SAAS;QAC3B,KAAK,EAAE,MAAM,CAAC,SAAS;QACvB,OAAO,EAAE,MAAM,CAAC,OAAO;QACvB,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS,EAAE,GAAG,CAAC,SAAS;QACxB,QAAQ,EAAE,IAAI;KACf,CAAC;IAEF,MAAM,IAAI,GAA2B;QACnC,EAAE;QACF,QAAQ,EAAE,MAAM,CAAC,QAAQ;QACzB,SAAS;QACT,UAAU,EAAE,GAAG,CAAC,UAAU;QAC1B,SAAS,EAAE,GAAG,CAAC,SAAS;KACzB,CAAC;IAEF,OAAO,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;AAC1B,CAAC;AAED;;;;;;GAMG;AACH,MAAM,UAAU,wBAAwB,CACtC,IAA+C,EAC/C,gBAAyB,EACzB,iBAA0B;IAE1B,IAAI,CAAC,IAAI,IAAI,OAAO,IAAI,KAAK,QAAQ;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IAC5F,MAAM,EAAE,UAAU,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC;IACvC,IAAI,CAAC,UAAU,IAAI,CAAC,SAAS;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,uBAAuB,EAAE,CAAC;IAErF,IAAI,SAAgC,CAAC;IACrC,IAAI,CAAC;QACH,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC,UAAU,CAA0B,CAAC;IAC9D,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,aAAa,EAAE,CAAC;IAC9C,CAAC;IACD,IAAI,CAAC,SAAS,CAAC,QAAQ,IAAI,CAAC,SAAS,CAAC,EAAE,IAAI,CAAC,SAAS,CAAC,SAAS,EAAE,CAAC;QACjE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,sBAAsB,EAAE,CAAC;IACvD,CAAC;IAED,MAAM,EAAE,GAAG,eAAe,CACxB,EAAE,UAAU,EAAE,SAAS,EAAE,EACzB,SAAS,CAAC,QAAQ,EAClB,EAAE,QAAQ,EAAE,uBAAuB,EAAE,CACtC,CAAC;IACF,IAAI,CAAC,EAAE,CAAC,EAAE;QAAE,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,EAAE,CAAC,MAAM,IAAI,eAAe,EAAE,CAAC;IAEvE,IACE,gBAAgB,KAAK,SAAS;QAC9B,eAAe,CAAC,SAAS,CAAC,QAAQ,CAAC,KAAK,eAAe,CAAC,gBAAgB,CAAC,EACzE,CAAC;QACD,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,iBAAiB,EAAE,CAAC;IAClD,CAAC;IAED,IAAI,iBAAiB,KAAK,SAAS,IAAI,SAAS,CAAC,SAAS,KAAK,iBAAiB,EAAE,CAAC;QACjF,OAAO,EAAE,EAAE,EAAE,KAAK,EAAE,MAAM,EAAE,kBAAkB,EAAE,CAAC;IACnD,CAAC;IAED,MAAM,MAAM,GAAwB;QAClC,EAAE,EAAE,SAAS,CAAC,EAAE;QAChB,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,SAAS,EAAE,SAAS,CAAC,SAAS;QAC9B,KAAK,EAAE,SAAS,CAAC,SAAS;QAC1B,OAAO,EAAE,SAAS,CAAC,OAAO;QAC1B,QAAQ,EAAE,SAAS,CAAC,QAAQ;QAC5B,SAAS;QACT,QAAQ,EAAE,IAAI;KACf,CAAC;IACF,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE,CAAC;AAC9B,CAAC"}
|
package/package.json
CHANGED