npm - @futdevpro/fsm-dynamo - Versions diffs - 1.14.19 → 1.14.21 - Mend

@futdevpro/fsm-dynamo 1.14.19 → 1.14.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (31) hide show

package/src/_modules/crypto/_collections/crypto.util.ts CHANGED Viewed

@@ -35,14 +35,14 @@ export interface CryptoConfig {
  * systems is more important than cryptographic security.
  */
 export class DyFM_Crypto {
-  private static readonly CRYPTO_VERSION = '1.0';
+  private static readonly CRYPTO_VERSION: string = '1.0';
   private static readonly DEFAULT_CONFIG: Required<CryptoConfig> = {
     ivLength: 16, // 128 bits
     saltLength: 16, // 128 bits
     keyIterations: 1000, // Reduced for better performance and stability
     keySize: 8 // 256 bits (8 * 32)
   };
-  private static readonly defaultErrorUserMsg =
+  private static readonly defaultErrorUserMsg: string =
     `We encountered an unhandled Authentication Error, ` +
     `\nplease contact the responsible development team.`;
@@ -185,14 +185,14 @@ export class DyFM_Crypto {
    */
   private static generateIV(data: string, key: string, config: Required<CryptoConfig>): CryptoJS.lib.WordArray {
     // Create a deterministic seed from data and key
-    const seed = this.createDeterministicSeed(data, key, 'IV');
+    const seed: string = this.createDeterministicSeed(data, key, 'IV');
     // Use SHA-256 for better stability and consistency
-    const hash = CryptoJS.SHA256(seed);
+    const hash: CryptoJS.lib.WordArray = CryptoJS.SHA256(seed);
     // Extract exactly 16 bytes (128 bits) for IV
     // Use the first 4 words (4 * 4 = 16 bytes) from the hash
-    const ivWords = hash.words.slice(0, 4);
+    const ivWords: number[] = hash.words.slice(0, 4);
     return CryptoJS.lib.WordArray.create(ivWords);
   }
@@ -205,14 +205,14 @@ export class DyFM_Crypto {
    */
   private static generateSalt(data: string, key: string, config: Required<CryptoConfig>): CryptoJS.lib.WordArray {
     // Create a deterministic seed from data and key (different from IV)
-    const seed = this.createDeterministicSeed(data, key, 'SALT');
+    const seed: string = this.createDeterministicSeed(data, key, 'SALT');
     // Use SHA-256 for better stability and consistency
-    const hash = CryptoJS.SHA256(seed);
+    const hash: CryptoJS.lib.WordArray = CryptoJS.SHA256(seed);
     // Extract exactly 16 bytes (128 bits) for salt
     // Use the first 4 words (4 * 4 = 16 bytes) from the hash
-    const saltWords = hash.words.slice(0, 4);
+    const saltWords: number[] = hash.words.slice(0, 4);
     return CryptoJS.lib.WordArray.create(saltWords);
   }
@@ -223,7 +223,7 @@ export class DyFM_Crypto {
   private static createDeterministicSeed(data: string, key: string, purpose: string): string {
     // Create a consistent seed that includes all relevant factors
     // Order matters: data + key + purpose for consistency
-    const seed = `${data}|${key}|${purpose}`;
+    const seed: string = `${data}|${key}|${purpose}`;
     return seed;
   }
@@ -274,17 +274,17 @@ export class DyFM_Crypto {
     if (typeof obj === 'object') {
       // For objects, we need to be more careful about key ordering
       // Use a stable sort that preserves original order when possible
-      const keys = Object.keys(obj);
+      const keys: string[] = Object.keys(obj);
       // Only sort if there are potential ordering issues
-      const needsSorting = keys.some((key, index) => {
+      const needsSorting: boolean = keys.some((key, index) => {
         if (index === 0) return false;
         return key < keys[index - 1];
       });
-      const sortedKeys = needsSorting ? [...keys].sort() : keys;
-      const pairs = sortedKeys.map(key => {
-        const value = this.deterministicStringify(obj[key]);
+      const sortedKeys: string[] = needsSorting ? [...keys].sort() : keys;
+      const pairs: string[] = sortedKeys.map(key => {
+        const value: string = this.deterministicStringify(obj[key]);
         return JSON.stringify(key) + ':' + value;
       });
       return '{' + pairs.join(',') + '}';
@@ -313,14 +313,14 @@ export class DyFM_Crypto {
       }
       //let parsed = JSON.parse(data);
-      let parsed = DyFM_Object.failableSafeParseJSON(data);
+      let parsed: T = DyFM_Object.failableSafeParseJSON(data);
       // Handle double-stringified JSON (or more levels of stringification)
-      let maxAttempts = 3; // Prevent infinite loops
+      let maxAttempts: number = 3; // Prevent infinite loops
       while (typeof parsed === 'string' && maxAttempts > 0) {
         try {
           //const nextParsed = JSON.parse(parsed);
-          const nextParsed = DyFM_Object.failableSafeParseJSON(parsed);
+          const nextParsed: T = DyFM_Object.failableSafeParseJSON(parsed);
           // Only continue if parsing actually changed the result
           if (nextParsed !== parsed) {
             parsed = nextParsed;
@@ -376,27 +376,27 @@ export class DyFM_Crypto {
   static encrypt<T>(data: T, key: string, config?: CryptoConfig): string {
     try {
       this.validateInput(data, key, 'encrypt');
-      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+      const finalConfig: Required<CryptoConfig> = { ...this.DEFAULT_CONFIG, ...config };
       // Convert data to string
-      const dataStr = this.safeSerialize(data);
+      const dataStr: string = this.safeSerialize(data);
       // Generate deterministic IV and salt based on data and key
-      const iv = this.generateIV(dataStr, key, finalConfig);
-      const salt = this.generateSalt(dataStr, key, finalConfig);
+      const iv: CryptoJS.lib.WordArray = this.generateIV(dataStr, key, finalConfig);
+      const salt: CryptoJS.lib.WordArray = this.generateSalt(dataStr, key, finalConfig);
       // Derive key using PBKDF2
-      const derivedKey = this.deriveKey(key, salt, finalConfig);
+      const derivedKey: CryptoJS.lib.WordArray = this.deriveKey(key, salt, finalConfig);
       // Encrypt the data
-      const encrypted = CryptoJS.AES.encrypt(dataStr, derivedKey, {
+      const encrypted: CryptoJS.lib.WordArray = CryptoJS.AES.encrypt(dataStr, derivedKey, {
         iv: iv,
         mode: CryptoJS.mode.CBC,
         padding: CryptoJS.pad.Pkcs7
       });
       // Combine IV + Salt + Ciphertext (skip version for backward compatibility)
-      const combined = iv.concat(salt).concat(encrypted.ciphertext);
+      const combined: CryptoJS.lib.WordArray = iv.concat(salt).concat(encrypted.ciphertext);
       // Convert to URL-safe base64
       return CryptoJS.enc.Base64.stringify(combined)
@@ -422,43 +422,66 @@ export class DyFM_Crypto {
   static decrypt<T>(encryptedData: string, key: string, config?: CryptoConfig): T {
     try {
       this.validateInput(encryptedData, key, 'decrypt');
-      const finalConfig = { ...this.DEFAULT_CONFIG, ...config };
+      const finalConfig: Required<CryptoConfig> = { ...this.DEFAULT_CONFIG, ...config };
       // Convert from URL-safe base64
-      const base64 = encryptedData
+      const base64: string = encryptedData
         .replace(/-/g, '+')
         .replace(/_/g, '/');
+      // Add padding if needed (base64 must be multiple of 4 characters)
+      // This ensures CryptoJS.parse works correctly even when padding was stripped during URL transmission
+      const paddingNeeded: number = (4 - (base64.length % 4)) % 4;
+      const paddedBase64: string = base64 + '='.repeat(paddingNeeded);
+      // Validate base64 format before parsing
+      // Check if the string length makes sense for expected minimum byte count
+      // Minimum expected: 48 bytes = ~64 base64 characters (48 * 4/3 = 64)
+      const minExpectedBase64Length: number = Math.ceil((finalConfig.ivLength + finalConfig.saltLength + 16) * 4 / 3);
+      if (paddedBase64.length < minExpectedBase64Length) {
+        throw new DyFM_Error({
+          ...this.getDefaultErrorSettings('decrypt'),
+          errorCode: 'DyFM-CRY-DATA-CORRUPTED',
+          message: `Encrypted data is too short. Expected at least ${minExpectedBase64Length} base64 characters ` +
+                   `(for ${(finalConfig.ivLength + finalConfig.saltLength + 16)} bytes), ` +
+                   `but received ${paddedBase64.length} characters (${encryptedData.length} original). ` +
+                   `This may indicate the data was truncated during transmission or storage.`
+        });
+      }
       // Parse the combined data
-      const combined = CryptoJS.enc.Base64.parse(base64);
+      const combined: CryptoJS.lib.WordArray = CryptoJS.enc.Base64.parse(paddedBase64);
       // For now, skip version checking to maintain backward compatibility
       // TODO: Implement proper version checking in future versions
       // Validate minimum length (IV + Salt + minimum ciphertext)
-      const minLength = (finalConfig.ivLength + finalConfig.saltLength + 16) / 4; // 16 bytes minimum for ciphertext
+      const minLength: number = (finalConfig.ivLength + finalConfig.saltLength + 16) / 4; // 16 bytes minimum for ciphertext
       if (combined.words.length < minLength) {
         throw new DyFM_Error({
           ...this.getDefaultErrorSettings('decrypt'),
           errorCode: 'DyFM-CRY-DATA-CORRUPTED',
-          message: `Encrypted data is corrupted or incomplete. Expected at least ${minLength * 4} bytes, but received ${combined.sigBytes} bytes.`
+          message: `Encrypted data is corrupted or incomplete. Expected at least ${minLength * 4} bytes, but received ${combined.sigBytes} bytes. ` +
+                   `Original string length: ${encryptedData.length} characters. ` +
+                   `Base64 length: ${base64.length} characters (${paddedBase64.length} with padding). ` +
+                   `This may indicate the data was truncated during transmission or storage.`
         });
       }
       // Extract IV, salt, and ciphertext (skip version for now)
-      const ivStart = 0;
-      const saltStart = ivStart + finalConfig.ivLength / 4;
-      const cipherStart = saltStart + finalConfig.saltLength / 4;
+      const ivStart: number = 0;
+      const saltStart: number = ivStart + finalConfig.ivLength / 4;
+      const cipherStart: number = saltStart + finalConfig.saltLength / 4;
-      const iv = CryptoJS.lib.WordArray.create(combined.words.slice(ivStart, saltStart));
-      const salt = CryptoJS.lib.WordArray.create(combined.words.slice(saltStart, cipherStart));
-      const ciphertext = CryptoJS.lib.WordArray.create(combined.words.slice(cipherStart));
+      const iv: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(ivStart, saltStart));
+      const salt: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(saltStart, cipherStart));
+      const ciphertext: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.create(combined.words.slice(cipherStart));
       // Derive key using PBKDF2
-      const derivedKey = this.deriveKey(key, salt, finalConfig);
+      const derivedKey: CryptoJS.lib.WordArray = this.deriveKey(key, salt, finalConfig);
       // Decrypt the data
-      const decrypted = CryptoJS.AES.decrypt(
+      const decrypted: CryptoJS.lib.WordArray = CryptoJS.AES.decrypt(
         { ciphertext: ciphertext },
         derivedKey,
         {
@@ -469,7 +492,7 @@ export class DyFM_Crypto {
       );
       // Parse JSON
-      const decryptedStr = decrypted.toString(CryptoJS.enc.Utf8);
+      const decryptedStr: string = decrypted.toString(CryptoJS.enc.Utf8);
       // Check if decryption produced empty result
       if (!decryptedStr || decryptedStr.trim().length === 0) {
@@ -522,15 +545,15 @@ export class DyFM_Crypto {
    */
   static generateKey(length: number = 32, customChars?: string): string {
     // Use custom character set if provided, otherwise use simple safe characters
-    const chars = customChars || 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
-    let complexKey = '';
+    const chars: string = customChars || 'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+    let complexKey: string = '';
     // Generate random characters directly for the desired length
     for (let i = 0; i < length; i++) {
       // Generate random bytes for each character
-      const randomBytes = CryptoJS.lib.WordArray.random(1);
-      const randomValue = randomBytes.words[0];
-      const charIndex = Math.abs(randomValue) % chars.length;
+      const randomBytes: CryptoJS.lib.WordArray = CryptoJS.lib.WordArray.random(1);
+      const randomValue: number = randomBytes.words[0];
+      const charIndex: number = Math.abs(randomValue) % chars.length;
       complexKey += chars[charIndex];
     }
@@ -572,15 +595,15 @@ export class DyFM_Crypto {
       }
       // Convert from URL-safe base64
-      const base64 = encryptedData
+      const base64: string = encryptedData
         .replace(/-/g, '+')
         .replace(/_/g, '/');
       // Parse the combined data
-      const combined = CryptoJS.enc.Base64.parse(base64);
+      const combined: CryptoJS.lib.WordArray = CryptoJS.enc.Base64.parse(base64);
       // For now, just check if the data has minimum required length
-      const minLength = (16 + 16 + 16) / 4; // IV + Salt + minimum ciphertext
+      const minLength: number = (16 + 16 + 16) / 4; // IV + Salt + minimum ciphertext
       if (combined.words.length < minLength) {
         return {
@@ -612,7 +635,7 @@ export class DyFM_Crypto {
    * Gets default error settings with enhanced debugging information
    */
   private static getDefaultErrorSettings(operation: string, error?: any): DyFM_Error_Settings {
-    const baseSettings = {
+    const baseSettings: DyFM_Error_Settings = {
       status: (error as DyFM_Error)?.___status ?? (error as any)?.status ?? 401,
       message: `Crypto operation "${operation}" failed.`,
       error: error,
@@ -625,7 +648,17 @@ export class DyFM_Crypto {
                               '\n  1) Wrong encryption key, ' +
                               '\n  2) Corrupted encrypted data, ' +
                               '\n  3) Version incompatibility, ' +
-                              '\n  4) Data was encrypted with different parameters.';
+                              '\n  4) Data was encrypted with different parameters, ' +
+                              '\n  5) Data truncation during transmission (check HTTP header size limits, URL length limits), ' +
+                              '\n  6) Missing base64 padding (should be automatically handled, but may indicate transmission issues).';
+      // Add specific guidance for truncation issues (like the "18 bytes" error)
+      baseSettings.message += '\n\nFor truncation issues (e.g., "received 18 bytes"): ' +
+                              '\n  - Check if data is being truncated in HTTP headers (Nginx default: 4-8KB, configurable), ' +
+                              '\n  - Verify URL parameter length limits if passed via query string, ' +
+                              '\n  - Check database field size limits if stored, ' +
+                              '\n  - Ensure proxy/load balancer header size limits are sufficient, ' +
+                              '\n  - Verify the encrypted data string length matches expected size before decryption.';
     } else if (operation === 'encrypt') {
       baseSettings.message += '\nThis usually indicates: ' +
                               '\n  1) Invalid input data, ' +

package/build/_modules/crypto/_collections/crypto.util.spec.d.ts DELETED Viewed

	@@ -1,2 +0,0 @@
1	- export {};
2	- //# sourceMappingURL=crypto.util.spec.d.ts.map

package/build/_modules/crypto/_collections/crypto.util.spec.d.ts.map DELETED Viewed

	@@ -1 +0,0 @@
1	- {"version":3,"file":"crypto.util.spec.d.ts","sourceRoot":"","sources":["../../../../src/_modules/crypto/_collections/crypto.util.spec.ts"],"names":[],"mappings":""}