@forklaunch/core 0.14.7 → 0.14.9

package/lib/http/index.mjs

@@ -83,9 +83,29 @@ function isTypedHandler(maybeTypedHandler) {
 import { isNever } from "@forklaunch/common";
 
 // src/http/discriminateAuthMethod.ts
-import { createHmac } from "crypto";
 import { jwtVerify } from "jose";
 
+// src/http/createHmacToken.ts
+import { safeStringify } from "@forklaunch/common";
+import { createHmac } from "crypto";
+function createHmacToken({
+  method,
+  path,
+  body,
+  timestamp,
+  nonce,
+  secretKey
+}) {
+  const hmac = createHmac("sha256", secretKey);
+  const bodyString = body ? `${safeStringify(body)}
+` : void 0;
+  hmac.update(`${method}
+${path}
+${bodyString}${timestamp}
+${nonce}`);
+  return hmac.digest("base64");
+}
+
 // src/http/guards/isBasicAuthMethod.ts
 function isBasicAuthMethod(maybeBasicAuthMethod) {
   return typeof maybeBasicAuthMethod === "object" && maybeBasicAuthMethod !== null && "basic" in maybeBasicAuthMethod && maybeBasicAuthMethod.basic != null;
@@ -154,15 +174,23 @@ async function discriminateAuthMethod(auth) {
       type: "hmac",
       auth: {
         secretKeys: auth.hmac.secretKeys,
-        verificationFunction: async (method, path, body, timestamp, nonce, signature, secretKey) => {
-          const hmac = createHmac("sha256", secretKey);
-          hmac.update(`${method}
-${path}
-${body}
-${timestamp}
-${nonce}`);
-          const digest = hmac.digest("base64");
-          return digest === signature;
+        verificationFunction: async ({
+          method,
+          path,
+          body,
+          timestamp,
+          nonce,
+          signature,
+          secretKey
+        }) => {
+          return createHmacToken({
+            method,
+            path,
+            body,
+            timestamp,
+            nonce,
+            secretKey
+          }) === signature;
         }
       }
     };
@@ -267,15 +295,15 @@ async function checkAuthorizationToken(authorizationMethod, globalOptions, autho
       if (!parsedKeyId || !parsedTimestamp || !parsedNonce || !parsedSignature) {
         return invalidAuthorizationTokenFormat;
       }
-      const verificationResult = await auth.verificationFunction(
-        req?.method ?? "",
-        req?.path ?? "",
-        JSON.stringify(req?.body ?? ""),
-        parsedTimestamp,
-        parsedNonce,
-        parsedSignature,
-        collapsedAuthorizationMethod.hmac.secretKeys[parsedKeyId]
-      );
+      const verificationResult = await auth.verificationFunction({
+        method: req?.method ?? "",
+        path: req?.path ?? "",
+        body: req?.body,
+        timestamp: parsedTimestamp,
+        nonce: parsedNonce,
+        signature: parsedSignature,
+        secretKey: collapsedAuthorizationMethod.hmac.secretKeys[parsedKeyId]
+      });
       if (!verificationResult) {
         return invalidAuthorizationSignature;
       }
@@ -2901,7 +2929,7 @@ var getCodeForStatus = (status) => {
 var httpStatusCodes_default = HTTPStatuses;
 
 // src/http/mcpGenerator/mcpGenerator.ts
-import { isNever as isNever3, isRecord as isRecord3, safeStringify } from "@forklaunch/common";
+import { isNever as isNever3, isRecord as isRecord3, safeStringify as safeStringify2 } from "@forklaunch/common";
 import { FastMCP } from "@forklaunch/fastmcp-fork";
 import { string, ZodSchemaValidator } from "@forklaunch/validator/zod";
 
@@ -3038,7 +3066,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
           if (discriminatedBody) {
             switch (discriminatedBody.parserType) {
               case "json": {
-                parsedBody = safeStringify(body);
+                parsedBody = safeStringify2(body);
                 break;
               }
               case "text": {
@@ -3070,7 +3098,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
                   parsedBody = new URLSearchParams(
                     Object.entries(body).map(([key, value]) => [
                       key,
-                      safeStringify(value)
+                      safeStringify2(value)
                     ])
                   );
                 } else {
@@ -3080,7 +3108,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
               }
               default: {
                 isNever3(discriminatedBody.parserType);
-                parsedBody = safeStringify(body);
+                parsedBody = safeStringify2(body);
                 break;
               }
             }
@@ -3089,7 +3117,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
             const queryString = new URLSearchParams(
               Object.entries(query).map(([key, value]) => [
                 key,
-                safeStringify(value)
+                safeStringify2(value)
               ])
             ).toString();
             url += queryString ? `?${queryString}` : "";
@@ -3122,7 +3150,7 @@ function generateMcpServer(schemaValidator, protocol, host, port, version, appli
                 content: [
                   {
                     type: "text",
-                    text: safeStringify(await response.json())
+                    text: safeStringify2(await response.json())
                   }
                 ]
               };
@@ -3284,7 +3312,7 @@ import {
   isNodeJsWriteableStream,
   isRecord as isRecord4,
   readableStreamToAsyncIterable,
-  safeStringify as safeStringify2
+  safeStringify as safeStringify3
 } from "@forklaunch/common";
 import { Readable, Transform } from "stream";
 
@@ -3388,7 +3416,7 @@ ${res.locals.errorMessage}`;
         if (!errorSent) {
           let data2 = "";
           for (const [key, value] of Object.entries(chunk)) {
-            data2 += `${key}: ${typeof value === "string" ? value : safeStringify2(value)}
+            data2 += `${key}: ${typeof value === "string" ? value : safeStringify3(value)}
 `;
           }
           data2 += "\n";
@@ -3792,7 +3820,7 @@ function generateOpenApiSpecs(schemaValidator, serverUrls, serverDescriptions, a
 }
 
 // src/http/sdk/sdkClient.ts
-import { hashString, safeStringify as safeStringify3, toRecord as toRecord2 } from "@forklaunch/common";
+import { hashString, safeStringify as safeStringify4, toRecord as toRecord2 } from "@forklaunch/common";
 
 // src/http/guards/isSdkRouter.ts
 function isSdkRouter(value) {
@@ -3804,12 +3832,12 @@ function mapToSdk(schemaValidator, routerMap, runningPath = void 0) {
   const routerUniquenessCache = /* @__PURE__ */ new Set();
   return Object.fromEntries(
     Object.entries(routerMap).map(([key, value]) => {
-      if (routerUniquenessCache.has(hashString(safeStringify3(value)))) {
+      if (routerUniquenessCache.has(hashString(safeStringify4(value)))) {
         throw new Error(
           `SdkClient: Cannot use the same router pointer twice. Please clone the duplicate router with .clone() or only use the router once.`
         );
       }
-      routerUniquenessCache.add(hashString(safeStringify3(value)));
+      routerUniquenessCache.add(hashString(safeStringify4(value)));
       const currentPath = runningPath ? [runningPath, key].join(".") : key;
       if (isSdkRouter(value)) {
         Object.entries(value.sdkPaths).forEach(([routePath, sdkKey]) => {
@@ -3926,6 +3954,7 @@ export {
   HTTPStatuses,
   OPENAPI_DEFAULT_VERSION,
   OpenTelemetryCollector,
+  createHmacToken,
   delete_,
   discriminateBody,
   discriminateResponseBodies,