npm - @ecodev/natural - Versions diffs - 68.0.3 → 68.0.4 - Mend

@ecodev/natural 68.0.3 → 68.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/fesm2022/ecodev-natural.mjs +24 -8
package/fesm2022/ecodev-natural.mjs.map +1 -1
package/package.json +1 -1

package/fesm2022/ecodev-natural.mjs CHANGED Viewed

@@ -11508,11 +11508,15 @@ const naturalProviders = [
     localStorageProvider,
 ];
+// Keep those strings obfuscated, to make it harder to CTRL+F things in compiled code
+const cannotSignAGraphQLQueryThatIsUsingFormDataButThatIsMissingTheKeyOperations = atob('Q2Fubm90IHNpZ24gYSBHcmFwaFFMIHF1ZXJ5IHRoYXQgaXMgdXNpbmcgRm9ybURhdGEgYnV0IHRoYXQgaXMgbWlzc2luZyB0aGUga2V5IGBvcGVyYXRpb25zYA==');
+const graphqlQuerySignerRequiresANonEmptyKeyConfigureItInLocalPphpUnderSignedQueries = atob('Z3JhcGhxbFF1ZXJ5U2lnbmVyIHJlcXVpcmVzIGEgbm9uLWVtcHR5IGtleS4gQ29uZmlndXJlIGl0IGluIGxvY2FsLnBocCB1bmRlciBzaWduZWRRdWVyaWVzLg==');
+const xSignature = atob('WC1TaWduYXR1cmU=');
 function getOperations(req) {
     if (req.body instanceof FormData) {
         const operations = req.body.get('operations');
         if (typeof operations !== 'string') {
-            throw new Error('Cannot sign a GraphQL query that is using FormData but that is missing the key `operations`');
+            throw new Error(cannotSignAGraphQLQueryThatIsUsingFormDataButThatIsMissingTheKeyOperations);
         }
         return operations;
     }
@@ -11529,20 +11533,32 @@ function graphqlQuerySigner(key) {
     // Validates the configuration exactly 1 time (not for
     // every query), and if not reject **all** HTTP requests
     if (!key) {
-        return () => throwError(() => new Error('graphqlQuerySigner requires a non-empty key. Configure it in local.php under signedQueries.'));
+        return () => {
+            return throwError(() => new Error(graphqlQuerySignerRequiresANonEmptyKeyConfigureItInLocalPphpUnderSignedQueries));
+        };
     }
     return (req, next) => {
         const mustSign = req.method === 'POST' && /\/graphql(\?|$)/.exec(req.url);
         if (!mustSign) {
             return next(req);
         }
-        const operations = getOperations(req);
-        const timestamp = Math.round(Date.now() / 1000);
-        const payload = timestamp + operations;
-        return from(hmacSha256(key, payload)).pipe(switchMap(hash => {
-            const header = `v1.${timestamp}.${hash}`;
+        return of(req).pipe(map$1(req => {
+            const timestamp = Math.round(Date.now() / 1000);
+            const operations = getOperations(req);
+            return {
+                operations: operations,
+                timestamp: timestamp,
+                payload: timestamp + operations,
+            };
+        }), switchMap(async (data) => {
+            return {
+                ...data,
+                hash: await hmacSha256(key, data.payload),
+            };
+        }), switchMap(data => {
+            const header = `v1.${data.timestamp}.${data.hash}`;
             const signedRequest = req.clone({
-                headers: req.headers.set('X-Signature', header),
+                headers: req.headers.set(xSignature, header),
             });
             return next(signedRequest);
         }));