@eggjs/cookies 4.0.0-beta.34 → 4.0.0-beta.36

package/dist/keygrip.js

@@ -1,113 +1,96 @@
-import { debuglog } from 'node:util';
-import crypto, {} from 'node:crypto';
-import assert from 'node:assert';
-const debug = debuglog('egg/cookies:keygrip');
+import assert from "node:assert";
+import crypto from "node:crypto";
+import { debuglog } from "node:util";
+
+//#region src/keygrip.ts
+const debug = debuglog("egg/cookies:keygrip");
 const KEY_LEN = 32;
 const IV_SIZE = 16;
-const passwordCache = new Map();
+const passwordCache = /* @__PURE__ */ new Map();
 const replacer = {
-    '/': '_',
-    '+': '-',
-    '=': '',
+	"/": "_",
+	"+": "-",
+	"=": ""
 };
 function constantTimeCompare(a, b) {
-    if (a.length !== b.length) {
-        return false;
-    }
-    return crypto.timingSafeEqual(a, b);
-}
-// patch from https://github.com/crypto-utils/keygrip
-export class Keygrip {
-    #keys;
-    #hash = 'sha256';
-    #cipher = 'aes-256-cbc';
-    constructor(keys) {
-        assert(Array.isArray(keys) && keys.length > 0, 'keys must be provided and should be an array');
-        this.#keys = keys;
-    }
-    // encrypt a message
-    encrypt(data, key) {
-        key = key || this.#keys[0];
-        const password = keyToPassword(key);
-        const cipher = crypto.createCipheriv(this.#cipher, password.key, password.iv);
-        return crypt(cipher, data);
-    }
-    // decrypt a single message
-    // returns false on bad decrypts
-    decrypt(data) {
-        // decrypt every key
-        const keys = this.#keys;
-        for (let i = 0; i < keys.length; i++) {
-            const value = this.#decryptByKey(data, keys[i]);
-            if (value !== false) {
-                return { value, index: i };
-            }
-        }
-        return false;
-    }
-    #decryptByKey(data, key) {
-        try {
-            const password = keyToPassword(key);
-            const cipher = crypto.createDecipheriv(this.#cipher, password.key, password.iv);
-            return crypt(cipher, data);
-        }
-        catch (err) {
-            debug('crypt error: %s', err);
-            return false;
-        }
-    }
-    sign(data, key) {
-        // default to the first key
-        key = key || this.#keys[0];
-        // url safe base64
-        return crypto
-            .createHmac(this.#hash, key)
-            .update(data)
-            .digest('base64')
-            .replace(/\/|\+|=/g, (x) => {
-            return replacer[x];
-        });
-    }
-    verify(data, digest) {
-        const keys = this.#keys;
-        for (let i = 0; i < keys.length; i++) {
-            const key = keys[i];
-            if (constantTimeCompare(Buffer.from(digest), Buffer.from(this.sign(data, key)))) {
-                debug('data %s match key %s, index: %d', data, key, i);
-                return i;
-            }
-        }
-        return -1;
-    }
+	if (a.length !== b.length) return false;
+	return crypto.timingSafeEqual(a, b);
 }
+var Keygrip = class {
+	#keys;
+	#hash = "sha256";
+	#cipher = "aes-256-cbc";
+	constructor(keys) {
+		assert(Array.isArray(keys) && keys.length > 0, "keys must be provided and should be an array");
+		this.#keys = keys;
+	}
+	encrypt(data, key) {
+		key = key || this.#keys[0];
+		const password = keyToPassword(key);
+		return crypt(crypto.createCipheriv(this.#cipher, password.key, password.iv), data);
+	}
+	decrypt(data) {
+		const keys = this.#keys;
+		for (let i = 0; i < keys.length; i++) {
+			const value = this.#decryptByKey(data, keys[i]);
+			if (value !== false) return {
+				value,
+				index: i
+			};
+		}
+		return false;
+	}
+	#decryptByKey(data, key) {
+		try {
+			const password = keyToPassword(key);
+			return crypt(crypto.createDecipheriv(this.#cipher, password.key, password.iv), data);
+		} catch (err) {
+			debug("crypt error: %s", err);
+			return false;
+		}
+	}
+	sign(data, key) {
+		key = key || this.#keys[0];
+		return crypto.createHmac(this.#hash, key).update(data).digest("base64").replace(/\/|\+|=/g, (x) => {
+			return replacer[x];
+		});
+	}
+	verify(data, digest) {
+		const keys = this.#keys;
+		for (let i = 0; i < keys.length; i++) {
+			const key = keys[i];
+			if (constantTimeCompare(Buffer.from(digest), Buffer.from(this.sign(data, key)))) {
+				debug("data %s match key %s, index: %d", data, key, i);
+				return i;
+			}
+		}
+		return -1;
+	}
+};
 function crypt(cipher, data) {
-    const text = Buffer.isBuffer(data) ? cipher.update(data) : cipher.update(data, 'utf-8');
-    const pad = cipher.final();
-    return Buffer.concat([text, pad]);
+	const text = Buffer.isBuffer(data) ? cipher.update(data) : cipher.update(data, "utf-8");
+	const pad = cipher.final();
+	return Buffer.concat([text, pad]);
 }
 function keyToPassword(key) {
-    if (passwordCache.has(key)) {
-        return passwordCache.get(key);
-    }
-    // Simulate EVP_BytesToKey.
-    // see https://github.com/nodejs/help/issues/1673#issuecomment-503222925
-    const bytes = Buffer.alloc(KEY_LEN + IV_SIZE);
-    let lastHash = null, nBytes = 0;
-    while (nBytes < bytes.length) {
-        const hash = crypto.createHash('md5');
-        if (lastHash)
-            hash.update(lastHash);
-        hash.update(key);
-        lastHash = hash.digest();
-        lastHash.copy(bytes, nBytes);
-        nBytes += lastHash.length;
-    }
-    // Use these for decryption.
-    const password = {
-        key: bytes.subarray(0, KEY_LEN),
-        iv: bytes.subarray(KEY_LEN, bytes.length),
-    };
-    passwordCache.set(key, password);
-    return password;
+	if (passwordCache.has(key)) return passwordCache.get(key);
+	const bytes = Buffer.alloc(KEY_LEN + IV_SIZE);
+	let lastHash = null, nBytes = 0;
+	while (nBytes < bytes.length) {
+		const hash = crypto.createHash("md5");
+		if (lastHash) hash.update(lastHash);
+		hash.update(key);
+		lastHash = hash.digest();
+		lastHash.copy(bytes, nBytes);
+		nBytes += lastHash.length;
+	}
+	const password = {
+		key: bytes.subarray(0, KEY_LEN),
+		iv: bytes.subarray(KEY_LEN, bytes.length)
+	};
+	passwordCache.set(key, password);
+	return password;
 }
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoia2V5Z3JpcC5qcyIsInNvdXJjZVJvb3QiOiIiLCJzb3VyY2VzIjpbIi4uL3NyYy9rZXlncmlwLnRzIl0sIm5hbWVzIjpbXSwibWFwcGluZ3MiOiJBQUFBLE9BQU8sRUFBRSxRQUFRLEVBQUUsTUFBTSxXQUFXLENBQUM7QUFDckMsT0FBTyxNQUFNLEVBQUUsRUFBaUIsTUFBTSxhQUFhLENBQUM7QUFDcEQsT0FBTyxNQUFNLE1BQU0sYUFBYSxDQUFDO0FBRWpDLE1BQU0sS0FBSyxHQUFHLFFBQVEsQ0FBQyxxQkFBcUIsQ0FBQyxDQUFDO0FBRTlDLE1BQU0sT0FBTyxHQUFHLEVBQUUsQ0FBQztBQUNuQixNQUFNLE9BQU8sR0FBRyxFQUFFLENBQUM7QUFDbkIsTUFBTSxhQUFhLEdBQUcsSUFBSSxHQUFHLEVBQUUsQ0FBQztBQUVoQyxNQUFNLFFBQVEsR0FBMkI7SUFDdkMsR0FBRyxFQUFFLEdBQUc7SUFDUixHQUFHLEVBQUUsR0FBRztJQUNSLEdBQUcsRUFBRSxFQUFFO0NBQ1IsQ0FBQztBQUVGLFNBQVMsbUJBQW1CLENBQUMsQ0FBUyxFQUFFLENBQVM7SUFDL0MsSUFBSSxDQUFDLENBQUMsTUFBTSxLQUFLLENBQUMsQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUMxQixPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFDRCxPQUFPLE1BQU0sQ0FBQyxlQUFlLENBQUMsQ0FBQyxFQUFFLENBQUMsQ0FBQyxDQUFDO0FBQ3RDLENBQUM7QUFFRCxxREFBcUQ7QUFFckQsTUFBTSxPQUFPLE9BQU87SUFDVCxLQUFLLENBQVc7SUFDaEIsS0FBSyxHQUFHLFFBQVEsQ0FBQztJQUNqQixPQUFPLEdBQUcsYUFBYSxDQUFDO0lBRWpDLFlBQVksSUFBYztRQUN4QixNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sQ0FBQyxJQUFJLENBQUMsSUFBSSxJQUFJLENBQUMsTUFBTSxHQUFHLENBQUMsRUFBRSw4Q0FBOEMsQ0FBQyxDQUFDO1FBQy9GLElBQUksQ0FBQyxLQUFLLEdBQUcsSUFBSSxDQUFDO0lBQ3BCLENBQUM7SUFFRCxvQkFBb0I7SUFDcEIsT0FBTyxDQUFDLElBQVksRUFBRSxHQUFZO1FBQ2hDLEdBQUcsR0FBRyxHQUFHLElBQUksSUFBSSxDQUFDLEtBQUssQ0FBQyxDQUFDLENBQUMsQ0FBQztRQUMzQixNQUFNLFFBQVEsR0FBRyxhQUFhLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDcEMsTUFBTSxNQUFNLEdBQUcsTUFBTSxDQUFDLGNBQWMsQ0FBQyxJQUFJLENBQUMsT0FBTyxFQUFFLFFBQVEsQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDLEVBQUUsQ0FBQyxDQUFDO1FBQzlFLE9BQU8sS0FBSyxDQUFDLE1BQU0sRUFBRSxJQUFJLENBQUMsQ0FBQztJQUM3QixDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLGdDQUFnQztJQUNoQyxPQUFPLENBQUMsSUFBcUI7UUFDM0Isb0JBQW9CO1FBQ3BCLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUM7UUFDeEIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNyQyxNQUFNLEtBQUssR0FBRyxJQUFJLENBQUMsYUFBYSxDQUFDLElBQUksRUFBRSxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsQ0FBQztZQUNoRCxJQUFJLEtBQUssS0FBSyxLQUFLLEVBQUUsQ0FBQztnQkFDcEIsT0FBTyxFQUFFLEtBQUssRUFBRSxLQUFLLEVBQUUsQ0FBQyxFQUFFLENBQUM7WUFDN0IsQ0FBQztRQUNILENBQUM7UUFDRCxPQUFPLEtBQUssQ0FBQztJQUNmLENBQUM7SUFFRCxhQUFhLENBQUMsSUFBcUIsRUFBRSxHQUFXO1FBQzlDLElBQUksQ0FBQztZQUNILE1BQU0sUUFBUSxHQUFHLGFBQWEsQ0FBQyxHQUFHLENBQUMsQ0FBQztZQUNwQyxNQUFNLE1BQU0sR0FBRyxNQUFNLENBQUMsZ0JBQWdCLENBQUMsSUFBSSxDQUFDLE9BQU8sRUFBRSxRQUFRLENBQUMsR0FBRyxFQUFFLFFBQVEsQ0FBQyxFQUFFLENBQUMsQ0FBQztZQUNoRixPQUFPLEtBQUssQ0FBQyxNQUFNLEVBQUUsSUFBSSxDQUFDLENBQUM7UUFDN0IsQ0FBQztRQUFDLE9BQU8sR0FBUSxFQUFFLENBQUM7WUFDbEIsS0FBSyxDQUFDLGlCQUFpQixFQUFFLEdBQUcsQ0FBQyxDQUFDO1lBQzlCLE9BQU8sS0FBSyxDQUFDO1FBQ2YsQ0FBQztJQUNILENBQUM7SUFFRCxJQUFJLENBQUMsSUFBcUIsRUFBRSxHQUFZO1FBQ3RDLDJCQUEyQjtRQUMzQixHQUFHLEdBQUcsR0FBRyxJQUFJLElBQUksQ0FBQyxLQUFLLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFFM0Isa0JBQWtCO1FBQ2xCLE9BQU8sTUFBTTthQUNWLFVBQVUsQ0FBQyxJQUFJLENBQUMsS0FBSyxFQUFFLEdBQUcsQ0FBQzthQUMzQixNQUFNLENBQUMsSUFBSSxDQUFDO2FBQ1osTUFBTSxDQUFDLFFBQVEsQ0FBQzthQUNoQixPQUFPLENBQUMsVUFBVSxFQUFFLENBQUMsQ0FBQyxFQUFFLEVBQUU7WUFDekIsT0FBTyxRQUFRLENBQUMsQ0FBQyxDQUFDLENBQUM7UUFDckIsQ0FBQyxDQUFDLENBQUM7SUFDUCxDQUFDO0lBRUQsTUFBTSxDQUFDLElBQVksRUFBRSxNQUFjO1FBQ2pDLE1BQU0sSUFBSSxHQUFHLElBQUksQ0FBQyxLQUFLLENBQUM7UUFDeEIsS0FBSyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FBQyxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQyxFQUFFLEVBQUUsQ0FBQztZQUNyQyxNQUFNLEdBQUcsR0FBRyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUM7WUFDcEIsSUFBSSxtQkFBbUIsQ0FBQyxNQUFNLENBQUMsSUFBSSxDQUFDLE1BQU0sQ0FBQyxFQUFFLE1BQU0sQ0FBQyxJQUFJLENBQUMsSUFBSSxDQUFDLElBQUksQ0FBQyxJQUFJLEVBQUUsR0FBRyxDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7Z0JBQ2hGLEtBQUssQ0FBQyxpQ0FBaUMsRUFBRSxJQUFJLEVBQUUsR0FBRyxFQUFFLENBQUMsQ0FBQyxDQUFDO2dCQUN2RCxPQUFPLENBQUMsQ0FBQztZQUNYLENBQUM7UUFDSCxDQUFDO1FBQ0QsT0FBTyxDQUFDLENBQUMsQ0FBQztJQUNaLENBQUM7Q0FDRjtBQUVELFNBQVMsS0FBSyxDQUFDLE1BQWdCLEVBQUUsSUFBcUI7SUFDcEQsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLFFBQVEsQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLENBQUMsQ0FBQyxDQUFDLENBQUMsTUFBTSxDQUFDLE1BQU0sQ0FBQyxJQUFJLEVBQUUsT0FBTyxDQUFDLENBQUM7SUFDeEYsTUFBTSxHQUFHLEdBQUcsTUFBTSxDQUFDLEtBQUssRUFBRSxDQUFDO0lBQzNCLE9BQU8sTUFBTSxDQUFDLE1BQU0sQ0FBQyxDQUFDLElBQUksRUFBRSxHQUFHLENBQUMsQ0FBQyxDQUFDO0FBQ3BDLENBQUM7QUFFRCxTQUFTLGFBQWEsQ0FBQyxHQUFXO0lBQ2hDLElBQUksYUFBYSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUFDO1FBQzNCLE9BQU8sYUFBYSxDQUFDLEdBQUcsQ0FBQyxHQUFHLENBQUMsQ0FBQztJQUNoQyxDQUFDO0lBRUQsMkJBQTJCO0lBQzNCLHdFQUF3RTtJQUN4RSxNQUFNLEtBQUssR0FBRyxNQUFNLENBQUMsS0FBSyxDQUFDLE9BQU8sR0FBRyxPQUFPLENBQUMsQ0FBQztJQUM5QyxJQUFJLFFBQVEsR0FBRyxJQUFJLEVBQ2pCLE1BQU0sR0FBRyxDQUFDLENBQUM7SUFDYixPQUFPLE1BQU0sR0FBRyxLQUFLLENBQUMsTUFBTSxFQUFFLENBQUM7UUFDN0IsTUFBTSxJQUFJLEdBQUcsTUFBTSxDQUFDLFVBQVUsQ0FBQyxLQUFLLENBQUMsQ0FBQztRQUN0QyxJQUFJLFFBQVE7WUFBRSxJQUFJLENBQUMsTUFBTSxDQUFDLFFBQVEsQ0FBQyxDQUFDO1FBQ3BDLElBQUksQ0FBQyxNQUFNLENBQUMsR0FBRyxDQUFDLENBQUM7UUFDakIsUUFBUSxHQUFHLElBQUksQ0FBQyxNQUFNLEVBQUUsQ0FBQztRQUN6QixRQUFRLENBQUMsSUFBSSxDQUFDLEtBQUssRUFBRSxNQUFNLENBQUMsQ0FBQztRQUM3QixNQUFNLElBQUksUUFBUSxDQUFDLE1BQU0sQ0FBQztJQUM1QixDQUFDO0lBRUQsNEJBQTRCO0lBQzVCLE1BQU0sUUFBUSxHQUFHO1FBQ2YsR0FBRyxFQUFFLEtBQUssQ0FBQyxRQUFRLENBQUMsQ0FBQyxFQUFFLE9BQU8sQ0FBQztRQUMvQixFQUFFLEVBQUUsS0FBSyxDQUFDLFFBQVEsQ0FBQyxPQUFPLEVBQUUsS0FBSyxDQUFDLE1BQU0sQ0FBQztLQUMxQyxDQUFDO0lBRUYsYUFBYSxDQUFDLEdBQUcsQ0FBQyxHQUFHLEVBQUUsUUFBUSxDQUFDLENBQUM7SUFDakMsT0FBTyxRQUFRLENBQUM7QUFDbEIsQ0FBQyJ9
+
+//#endregion
+export { Keygrip };

package/package.json

@@ -1,13 +1,29 @@
 {
   "name": "@eggjs/cookies",
-  "version": "4.0.0-beta.34",
-  "engines": {
-    "node": ">=22.18.0"
+  "version": "4.0.0-beta.36",
+  "description": "cookies module for egg",
+  "homepage": "https://github.com/eggjs/egg/tree/next/packages/cookies",
+  "license": "MIT",
+  "author": "fengmk2 <fengmk2@gmail.com> (https://github.com/fengmk2)",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/eggjs/egg.git",
+    "directory": "packages/cookies"
+  },
+  "files": [
+    "dist"
+  ],
+  "type": "module",
+  "main": "./dist/index.js",
+  "module": "./dist/index.js",
+  "types": "./dist/index.d.ts",
+  "exports": {
+    ".": "./dist/index.js",
+    "./package.json": "./package.json"
   },
   "publishConfig": {
     "access": "public"
   },
-  "description": "cookies module for egg",
   "dependencies": {
     "should-send-same-site-none": "^2.0.5",
     "utility": "^2.5.0"
@@ -17,36 +33,13 @@
     "benchmark": "^2.1.4",
     "cookies": "^0.9.1",
     "keygrip": "^1.0.2",
-    "oxlint": "^1.24.0",
     "typescript": "^5.9.3",
-    "tsdown": "0.15.11",
-    "@eggjs/tsconfig": "3.1.0-beta.34"
-  },
-  "repository": {
-    "type": "git",
-    "url": "git://github.com/eggjs/egg.git",
-    "directory": "packages/cookies"
+    "@eggjs/tsconfig": "3.1.0-beta.36"
   },
-  "homepage": "https://github.com/eggjs/egg/tree/next/packages/cookies",
-  "author": "fengmk2 <fengmk2@gmail.com> (https://github.com/fengmk2)",
-  "license": "MIT",
-  "type": "module",
-  "files": [
-    "dist"
-  ],
-  "main": "./dist/index.js",
-  "module": "./dist/index.js",
-  "types": "./dist/index.d.ts",
-  "exports": {
-    ".": "./dist/index.js",
-    "./package.json": "./package.json"
+  "engines": {
+    "node": ">=22.18.0"
   },
   "scripts": {
-    "build": "tsdown && rimraf dist *.tsbuildinfo && tsc -p tsconfig.build.json",
-    "typecheck": "tsc --noEmit",
-    "lint": "oxlint --type-aware",
-    "lint:fix": "npm run lint -- --fix",
-    "test": "npm run lint:fix && vitest run",
-    "ci": "vitest run --coverage"
+    "typecheck": "tsgo --noEmit"
   }
 }