@eggjs/cookies 3.0.1 → 4.0.0-beta.13

package/README.md

@@ -1,16 +1,10 @@
 # @eggjs/cookies
 
 [![NPM version][npm-image]][npm-url]
-[![build status][ci-image]][ci-url]
-[![Test coverage][codecov-image]][codecov-url]
 [![npm download][download-image]][download-url]
 
 [npm-image]: https://img.shields.io/npm/v/@eggjs/cookies.svg?style=flat-square
 [npm-url]: https://npmjs.org/package/@eggjs/cookies
-[ci-image]: https://github.com/eggjs/egg-cookies/actions/workflows/nodejs.yml/badge.svg
-[ci-url]: https://github.com/eggjs/egg-cookies/actions/workflows/nodejs.yml
-[codecov-image]: https://codecov.io/gh/eggjs/egg-cookies/branch/master/graph/badge.svg
-[codecov-url]: https://codecov.io/gh/eggjs/egg-cookies
 [download-image]: https://img.shields.io/npm/dm/@eggjs/cookies.svg?style=flat-square
 [download-url]: https://npmjs.org/package/@eggjs/cookies
 
@@ -53,6 +47,6 @@ cookies.set('foo', longText);
 
 ## Contributors
 
-[![Contributors](https://contrib.rocks/image?repo=eggjs/egg-cookies)](https://github.com/eggjs/egg-cookies/graphs/contributors)
+[![Contributors](https://contrib.rocks/image?repo=eggjs/egg)](https://github.com/eggjs/egg/graphs/contributors)
 
 Made with [contributors-img](https://contrib.rocks).

package/README.zh-CN.md

@@ -1,16 +1,10 @@
 # @eggjs/cookies
 
 [![NPM version][npm-image]][npm-url]
-[![build status][ci-image]][ci-url]
-[![Test coverage][codecov-image]][codecov-url]
 [![npm download][download-image]][download-url]
 
 [npm-image]: https://img.shields.io/npm/v/@eggjs/cookies.svg?style=flat-square
 [npm-url]: https://npmjs.org/package/@eggjs/cookies
-[ci-image]: https://github.com/eggjs/egg-cookies/actions/workflows/nodejs.yml/badge.svg
-[ci-url]: https://github.com/eggjs/egg-cookies/actions/workflows/nodejs.yml
-[codecov-image]: https://codecov.io/gh/eggjs/egg-cookies/branch/master/graph/badge.svg
-[codecov-url]: https://codecov.io/gh/eggjs/egg-cookies
 [download-image]: https://img.shields.io/npm/dm/@eggjs/cookies.svg?style=flat-square
 [download-url]: https://npmjs.org/package/@eggjs/cookies
 
@@ -34,8 +28,8 @@ ctx.cookies.set('key', 'value', options);
 全局默认配置：
 
 - autoChips - `Boolean` 是否开启 [CHIPS](https://developers.google.com/privacy-sandbox/3pcd/chips#security_design) 的自动适配方案，
-会自动给 Cookie 新增一个 `_CHIPS-` 为前缀的分区 Cookie，优先读取非分区 Cookie，读取失败则尝试读取 `_CHIPS-` 前缀的同名 Cookie 适配三方 Cookie 禁止逻辑。
-一旦 `cookies.set` 设置 `partitioned=true`，那么会强制忽略 `autoChips` 参数。
+  会自动给 Cookie 新增一个 `_CHIPS-` 为前缀的分区 Cookie，优先读取非分区 Cookie，读取失败则尝试读取 `_CHIPS-` 前缀的同名 Cookie 适配三方 Cookie 禁止逻辑。
+  一旦 `cookies.set` 设置 `partitioned=true`，那么会强制忽略 `autoChips` 参数。
 
 ## 设置 cookie
 
@@ -71,6 +65,6 @@ ctx.cookies.set('key', 'value', options);
 
 ## Contributors
 
-[![Contributors](https://contrib.rocks/image?repo=eggjs/egg-cookies)](https://github.com/eggjs/egg-cookies/graphs/contributors)
+[![Contributors](https://contrib.rocks/image?repo=eggjs/egg)](https://github.com/eggjs/egg/graphs/contributors)
 
 Made with [contributors-img](https://contrib.rocks).

package/dist/cookie.d.ts

@@ -0,0 +1,69 @@
+//#region src/cookie.d.ts
+interface CookieSetOptions {
+  /**
+   * The path for the cookie to be set in
+   */
+  path?: string | null;
+  /**
+   * The domain for the cookie
+   */
+  domain?: string | (() => string);
+  /**
+   * Is overridable
+   */
+  overwrite?: boolean;
+  /**
+   * Is the same site
+   */
+  sameSite?: string | boolean;
+  /**
+   * Encrypt the cookie's value or not
+   */
+  encrypt?: boolean;
+  /**
+   * Max age for browsers
+   */
+  maxAge?: number;
+  /**
+   * Expire time
+   */
+  expires?: Date;
+  /**
+   * Is for http only
+   */
+  httpOnly?: boolean;
+  /**
+   * Encrypt the cookie's value or not
+   */
+  secure?: boolean;
+  /**
+   * Once `true` and secure set to `true`, ignore the secure error in a none-ssl environment.
+   */
+  ignoreSecureError?: boolean;
+  /**
+   * Is it signed or not.
+   */
+  signed?: boolean | number;
+  /**
+   * Is it partitioned or not.
+   */
+  partitioned?: boolean;
+  /**
+   * Remove unpartitioned same name cookie or not.
+   */
+  removeUnpartitioned?: boolean;
+  /**
+   * The cookie priority.
+   */
+  priority?: 'low' | 'medium' | 'high' | 'LOW' | 'MEDIUM' | 'HIGH';
+}
+declare class Cookie {
+  name: string;
+  value: string;
+  readonly attrs: CookieSetOptions;
+  constructor(name: string, value?: string | null, attrs?: CookieSetOptions);
+  toString(): string;
+  toHeader(): string;
+}
+//#endregion
+export { Cookie, CookieSetOptions };

package/dist/cookie.js

@@ -0,0 +1,77 @@
+import assert from "node:assert";
+
+//#region src/cookie.ts
+/**
+* RegExp to match field-content in RFC 7230 sec 3.2
+*
+* field-content = field-vchar [ 1*( SP / HTAB ) field-vchar ]
+* field-vchar   = VCHAR / obs-text
+* obs-text      = %x80-FF
+*/
+const fieldContentRegExp = /^[\u0009\u0020-\u007e\u0080-\u00ff]+$/;
+/**
+* RegExp to match Same-Site cookie attribute value.
+* https://en.wikipedia.org/wiki/HTTP_cookie#SameSite_cookie
+*/
+const sameSiteRegExp = /^(?:none|lax|strict)$/i;
+/**
+* RegExp to match Priority cookie attribute value.
+*/
+const PRIORITY_REGEXP = /^(?:low|medium|high)$/i;
+var Cookie = class {
+	name;
+	value;
+	attrs;
+	constructor(name, value, attrs) {
+		assert(fieldContentRegExp.test(name), "argument name is invalid");
+		assert(!value || fieldContentRegExp.test(value), "argument value is invalid");
+		this.name = name;
+		this.value = value ?? "";
+		this.attrs = mergeDefaultAttrs(attrs);
+		assert(!this.attrs.path || fieldContentRegExp.test(this.attrs.path), "argument option path is invalid");
+		if (typeof this.attrs.domain === "function") this.attrs.domain = this.attrs.domain();
+		assert(!this.attrs.domain || fieldContentRegExp.test(this.attrs.domain), "argument option domain is invalid");
+		assert(!this.attrs.sameSite || this.attrs.sameSite === true || sameSiteRegExp.test(this.attrs.sameSite), "argument option sameSite is invalid");
+		assert(!this.attrs.priority || PRIORITY_REGEXP.test(this.attrs.priority), "argument option priority is invalid");
+		if (!value) {
+			this.attrs.expires = /* @__PURE__ */ new Date(0);
+			this.attrs.maxAge = void 0;
+		}
+	}
+	toString() {
+		return this.name + "=" + this.value;
+	}
+	toHeader() {
+		let header = this.toString();
+		const attrs = this.attrs;
+		if (attrs.path) header += "; path=" + attrs.path;
+		const maxAge = typeof attrs.maxAge === "string" ? parseInt(attrs.maxAge, 10) : attrs.maxAge;
+		if (maxAge) {
+			header += "; max-age=" + Math.round(maxAge / 1e3);
+			attrs.expires = new Date(Date.now() + maxAge);
+		}
+		if (attrs.expires) header += "; expires=" + attrs.expires.toUTCString();
+		if (attrs.domain) header += "; domain=" + attrs.domain;
+		if (attrs.priority) header += "; priority=" + attrs.priority.toLowerCase();
+		if (attrs.sameSite) header += "; samesite=" + (attrs.sameSite === true ? "strict" : attrs.sameSite.toLowerCase());
+		if (attrs.secure) header += "; secure";
+		if (attrs.httpOnly) header += "; httponly";
+		if (attrs.partitioned) header += "; partitioned";
+		return header;
+	}
+};
+function mergeDefaultAttrs(attrs) {
+	return {
+		path: "/",
+		httpOnly: true,
+		secure: false,
+		overwrite: false,
+		sameSite: false,
+		partitioned: false,
+		priority: void 0,
+		...attrs
+	};
+}
+
+//#endregion
+export { Cookie };

package/dist/cookies.d.ts

@@ -0,0 +1,47 @@
+import { Keygrip } from "./keygrip.js";
+import { CookieSetOptions } from "./cookie.js";
+
+//#region src/cookies.d.ts
+interface DefaultCookieOptions extends CookieSetOptions {
+  /**
+   * Auto get and set `_CHIPS-` prefix cookie to adaptation CHIPS mode (The default value is false).
+   */
+  autoChips?: boolean;
+}
+interface CookieGetOptions {
+  /**
+   * Whether to sign or not (The default value is true).
+   */
+  signed?: boolean;
+  /**
+   * Encrypt the cookie's value or not (The default value is false).
+   */
+  encrypt?: boolean;
+}
+/**
+ * cookies for egg
+ * extend pillarjs/cookies, add encrypt and decrypt
+ */
+declare class Cookies {
+  #private;
+  readonly ctx: Record<string, any>;
+  readonly app: Record<string, any>;
+  readonly secure: boolean;
+  constructor(ctx: Record<string, any>, keys: string[], defaultCookieOptions?: DefaultCookieOptions);
+  get keys(): Keygrip;
+  /**
+   * get cookie value by name
+   * @param  {String} name - cookie's name
+   * @param  {Object} opts - cookies' options
+   *            - {Boolean} signed - default to true
+   *            - {Boolean} encrypt - default to false
+   * @return {String} value - cookie's value
+   */
+  get(name: string, opts?: CookieGetOptions): string | undefined;
+  _get(name: string, opts: CookieGetOptions): string | undefined;
+  set(name: string, value: string | null, opts?: CookieSetOptions): this;
+  isSameSiteNoneCompatible(userAgent: string): boolean;
+  isPartitionedCompatible(userAgent: string): boolean;
+}
+//#endregion
+export { CookieGetOptions, Cookies, DefaultCookieOptions };

package/dist/cookies.js

@@ -0,0 +1,231 @@
+import { Keygrip } from "./keygrip.js";
+import { Cookie } from "./cookie.js";
+import { CookieError } from "./error.js";
+import assert from "node:assert";
+import { base64decode, base64encode } from "utility";
+import { isSameSiteNoneCompatible } from "should-send-same-site-none";
+
+//#region src/cookies.ts
+const keyCache = /* @__PURE__ */ new Map();
+/**
+* cookies for egg
+* extend pillarjs/cookies, add encrypt and decrypt
+*/
+var Cookies = class {
+	#keysArray;
+	#keys;
+	#defaultCookieOptions;
+	#autoChips;
+	ctx;
+	app;
+	secure;
+	#parseChromiumResult;
+	constructor(ctx, keys, defaultCookieOptions) {
+		this.#keysArray = keys;
+		this.#defaultCookieOptions = defaultCookieOptions;
+		this.#autoChips = defaultCookieOptions?.autoChips;
+		this.ctx = ctx;
+		this.secure = this.ctx.secure;
+		this.app = ctx.app;
+	}
+	get keys() {
+		if (!this.#keys) {
+			assert(Array.isArray(this.#keysArray), ".keys required for encrypt/sign cookies");
+			const cache = keyCache.get(this.#keysArray);
+			if (cache) this.#keys = cache;
+			else {
+				this.#keys = new Keygrip(this.#keysArray);
+				keyCache.set(this.#keysArray, this.#keys);
+			}
+		}
+		return this.#keys;
+	}
+	/**
+	* get cookie value by name
+	* @param  {String} name - cookie's name
+	* @param  {Object} opts - cookies' options
+	*            - {Boolean} signed - default to true
+	*            - {Boolean} encrypt - default to false
+	* @return {String} value - cookie's value
+	*/
+	get(name, opts = {}) {
+		let value = this._get(name, opts);
+		if (value === void 0 && this.#autoChips) value = this._get(this.#formatChipsCookieName(name), opts);
+		return value;
+	}
+	_get(name, opts) {
+		const signed = computeSigned(opts);
+		const header = this.ctx.get("cookie");
+		if (!header) return;
+		const match = header.match(getPattern(name));
+		if (!match) return;
+		let value = match[1];
+		if (!opts.encrypt && !signed) return value;
+		if (signed) {
+			const sigName = name + ".sig";
+			const sigValue = this.get(sigName, { signed: false });
+			if (!sigValue) return;
+			const raw = name + "=" + value;
+			const index = this.keys.verify(raw, sigValue);
+			if (index < 0) {
+				this.set(sigName, null, {
+					path: "/",
+					signed: false,
+					overwrite: true
+				});
+				return;
+			}
+			if (index > 0) this.set(sigName, this.keys.sign(raw), {
+				signed: false,
+				overwrite: true
+			});
+			return value;
+		}
+		value = base64decode(value, true, "buffer");
+		const res = this.keys.decrypt(value);
+		return res ? res.value.toString() : void 0;
+	}
+	set(name, value, opts) {
+		opts = {
+			...this.#defaultCookieOptions,
+			...opts
+		};
+		const signed = computeSigned(opts);
+		const shouldIgnoreSecureError = opts && opts.ignoreSecureError;
+		value = value || "";
+		if (!shouldIgnoreSecureError) {
+			if (!this.secure && opts.secure) throw new CookieError("Cannot send secure cookie over unencrypted connection");
+		}
+		let headers = this.ctx.response.get("set-cookie") || [];
+		if (!Array.isArray(headers)) headers = [headers];
+		if (opts.encrypt) value = value && base64encode(this.keys.encrypt(value), true);
+		if (value.length > 4093) this.app.emit("cookieLimitExceed", {
+			name,
+			value,
+			ctx: this.ctx
+		});
+		const userAgent = this.ctx.get("user-agent");
+		let isSameSiteNone = false;
+		let autoChips = !opts.partitioned && this.#autoChips;
+		if (opts.sameSite && typeof opts.sameSite === "string" && opts.sameSite.toLowerCase() === "none") {
+			isSameSiteNone = true;
+			if (opts.secure === false || !this.secure || userAgent && !this.isSameSiteNoneCompatible(userAgent)) {
+				opts.sameSite = false;
+				isSameSiteNone = false;
+			}
+		}
+		if (autoChips || opts.partitioned) {
+			if (!isSameSiteNone || opts.secure === false || !this.secure || userAgent && !this.isPartitionedCompatible(userAgent)) {
+				autoChips = false;
+				opts.partitioned = false;
+			}
+		}
+		if (opts.partitioned && opts.removeUnpartitioned) {
+			if (opts.overwrite) {
+				opts.overwrite = false;
+				headers = ignoreCookiesByName(headers, name);
+			}
+			const removeCookieOpts = {
+				...opts,
+				partitioned: false
+			};
+			const removeUnpartitionedCookie = new Cookie(name, "", removeCookieOpts);
+			if (opts.secure === void 0) removeUnpartitionedCookie.attrs.secure = this.secure;
+			headers = pushCookie(headers, removeUnpartitionedCookie);
+			if (signed) {
+				removeUnpartitionedCookie.name += ".sig";
+				headers = ignoreCookiesByNameAndPath(headers, removeUnpartitionedCookie.name, removeUnpartitionedCookie.attrs.path);
+				headers = pushCookie(headers, removeUnpartitionedCookie);
+			}
+		} else if (autoChips) {
+			const newCookieName = this.#formatChipsCookieName(name);
+			const newCookieOpts = {
+				...opts,
+				partitioned: true
+			};
+			const newPartitionedCookie = new Cookie(newCookieName, value, newCookieOpts);
+			if (opts.secure === void 0) newPartitionedCookie.attrs.secure = this.secure;
+			headers = pushCookie(headers, newPartitionedCookie);
+			if (signed) {
+				newPartitionedCookie.value = value && this.keys.sign(newPartitionedCookie.toString());
+				newPartitionedCookie.name += ".sig";
+				headers = ignoreCookiesByNameAndPath(headers, newPartitionedCookie.name, newPartitionedCookie.attrs.path);
+				headers = pushCookie(headers, newPartitionedCookie);
+			}
+		}
+		const cookie = new Cookie(name, value, opts);
+		if (opts.secure === void 0) cookie.attrs.secure = this.secure;
+		headers = pushCookie(headers, cookie);
+		if (signed) {
+			cookie.value = value && this.keys.sign(cookie.toString());
+			cookie.name += ".sig";
+			headers = pushCookie(headers, cookie);
+		}
+		this.ctx.set("set-cookie", headers);
+		return this;
+	}
+	#formatChipsCookieName(name) {
+		return `_CHIPS-${name}`;
+	}
+	#parseChromiumAndMajorVersion(userAgent) {
+		if (!this.#parseChromiumResult) this.#parseChromiumResult = parseChromiumAndMajorVersion(userAgent);
+		return this.#parseChromiumResult;
+	}
+	isSameSiteNoneCompatible(userAgent) {
+		const result = this.#parseChromiumAndMajorVersion(userAgent);
+		if (result.chromium) return result.majorVersion >= 80;
+		return isSameSiteNoneCompatible(userAgent);
+	}
+	isPartitionedCompatible(userAgent) {
+		const result = this.#parseChromiumAndMajorVersion(userAgent);
+		if (result.chromium) return result.majorVersion >= 118;
+		return false;
+	}
+};
+function parseChromiumAndMajorVersion(userAgent) {
+	const m = /Chrom[^ /]{1,100}\/(\d{1,100}?)\./.exec(userAgent);
+	if (!m) return {
+		chromium: false,
+		majorVersion: 0
+	};
+	return {
+		chromium: true,
+		majorVersion: parseInt(m[1])
+	};
+}
+const _patternCache = /* @__PURE__ */ new Map();
+function getPattern(name) {
+	const cache = _patternCache.get(name);
+	if (cache) return cache;
+	const reg = /* @__PURE__ */ new RegExp("(?:^|;) *" + name.replace(/[-[\]{}()*+?.,\\^$|#\s]/g, "\\$&") + "=([^;]*)");
+	_patternCache.set(name, reg);
+	return reg;
+}
+function computeSigned(opts) {
+	if (opts.encrypt) return false;
+	return opts.signed !== false;
+}
+function pushCookie(cookies, cookie) {
+	if (cookie.attrs.overwrite) cookies = ignoreCookiesByName(cookies, cookie.name);
+	cookies.push(cookie.toHeader());
+	return cookies;
+}
+function ignoreCookiesByName(cookies, name) {
+	const prefix = `${name}=`;
+	return cookies.filter((c) => !c.startsWith(prefix));
+}
+function ignoreCookiesByNameAndPath(cookies, name, path) {
+	if (!path) return ignoreCookiesByName(cookies, name);
+	const prefix = `${name}=`;
+	const includedPath = `; path=${path};`;
+	const endsWithPath = `; path=${path}`;
+	return cookies.filter((c) => {
+		if (c.startsWith(prefix)) {
+			if (c.includes(includedPath) || c.endsWith(endsWithPath)) return false;
+		}
+		return true;
+	});
+}
+
+//#endregion
+export { Cookies };

package/dist/error.d.ts

@@ -0,0 +1,6 @@
+//#region src/error.d.ts
+declare class CookieError extends Error {
+  constructor(message: string, options?: ErrorOptions);
+}
+//#endregion
+export { CookieError };

package/dist/error.js

@@ -0,0 +1,11 @@
+//#region src/error.ts
+var CookieError = class extends Error {
+	constructor(message, options) {
+		super(message, options);
+		this.name = this.constructor.name;
+		if ("captureStackTrace" in Error) Error.captureStackTrace(this, this.constructor);
+	}
+};
+
+//#endregion
+export { CookieError };

package/dist/index.d.ts

@@ -0,0 +1,5 @@
+import { Keygrip } from "./keygrip.js";
+import { Cookie, CookieSetOptions } from "./cookie.js";
+import { CookieGetOptions, Cookies, DefaultCookieOptions } from "./cookies.js";
+import { CookieError } from "./error.js";
+export { Cookie, CookieError, CookieGetOptions, CookieSetOptions, Cookies, DefaultCookieOptions, Keygrip };

package/dist/index.js

@@ -0,0 +1,6 @@
+import { Keygrip } from "./keygrip.js";
+import { Cookie } from "./cookie.js";
+import { CookieError } from "./error.js";
+import { Cookies } from "./cookies.js";
+
+export { Cookie, CookieError, Cookies, Keygrip };

package/dist/keygrip.d.ts

@@ -0,0 +1,14 @@
+//#region src/keygrip.d.ts
+declare class Keygrip {
+  #private;
+  constructor(keys: string[]);
+  encrypt(data: string, key?: string): Buffer<ArrayBuffer>;
+  decrypt(data: string | Buffer): {
+    value: Buffer;
+    index: number;
+  } | false;
+  sign(data: string | Buffer, key?: string): string;
+  verify(data: string, digest: string): number;
+}
+//#endregion
+export { Keygrip };

package/dist/keygrip.js

@@ -0,0 +1,98 @@
+import assert from "node:assert";
+import { debuglog } from "node:util";
+import crypto from "node:crypto";
+
+//#region src/keygrip.ts
+const debug = debuglog("egg/cookies:keygrip");
+const KEY_LEN = 32;
+const IV_SIZE = 16;
+const passwordCache = /* @__PURE__ */ new Map();
+const replacer = {
+	"/": "_",
+	"+": "-",
+	"=": ""
+};
+function constantTimeCompare(a, b) {
+	if (a.length !== b.length) return false;
+	return crypto.timingSafeEqual(a, b);
+}
+var Keygrip = class {
+	#keys;
+	#hash = "sha256";
+	#cipher = "aes-256-cbc";
+	constructor(keys) {
+		assert(Array.isArray(keys) && keys.length > 0, "keys must be provided and should be an array");
+		this.#keys = keys;
+	}
+	encrypt(data, key) {
+		key = key || this.#keys[0];
+		const password = keyToPassword(key);
+		const cipher = crypto.createCipheriv(this.#cipher, password.key, password.iv);
+		return crypt(cipher, data);
+	}
+	decrypt(data) {
+		const keys = this.#keys;
+		for (let i = 0; i < keys.length; i++) {
+			const value = this.#decryptByKey(data, keys[i]);
+			if (value !== false) return {
+				value,
+				index: i
+			};
+		}
+		return false;
+	}
+	#decryptByKey(data, key) {
+		try {
+			const password = keyToPassword(key);
+			const cipher = crypto.createDecipheriv(this.#cipher, password.key, password.iv);
+			return crypt(cipher, data);
+		} catch (err) {
+			debug("crypt error: %s", err);
+			return false;
+		}
+	}
+	sign(data, key) {
+		key = key || this.#keys[0];
+		return crypto.createHmac(this.#hash, key).update(data).digest("base64").replace(/\/|\+|=/g, (x) => {
+			return replacer[x];
+		});
+	}
+	verify(data, digest) {
+		const keys = this.#keys;
+		for (let i = 0; i < keys.length; i++) {
+			const key = keys[i];
+			if (constantTimeCompare(Buffer.from(digest), Buffer.from(this.sign(data, key)))) {
+				debug("data %s match key %s, index: %d", data, key, i);
+				return i;
+			}
+		}
+		return -1;
+	}
+};
+function crypt(cipher, data) {
+	const text = Buffer.isBuffer(data) ? cipher.update(data) : cipher.update(data, "utf-8");
+	const pad = cipher.final();
+	return Buffer.concat([text, pad]);
+}
+function keyToPassword(key) {
+	if (passwordCache.has(key)) return passwordCache.get(key);
+	const bytes = Buffer.alloc(KEY_LEN + IV_SIZE);
+	let lastHash = null, nBytes = 0;
+	while (nBytes < bytes.length) {
+		const hash = crypto.createHash("md5");
+		if (lastHash) hash.update(lastHash);
+		hash.update(key);
+		lastHash = hash.digest();
+		lastHash.copy(bytes, nBytes);
+		nBytes += lastHash.length;
+	}
+	const password = {
+		key: bytes.subarray(0, KEY_LEN),
+		iv: bytes.subarray(KEY_LEN, bytes.length)
+	};
+	passwordCache.set(key, password);
+	return password;
+}
+
+//#endregion
+export { Keygrip };