npm - @ik-firewall/core - Versions diffs - 2.4.1 → 2.4.3 - Mend

@ik-firewall/core 2.4.1 → 2.4.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (3) hide show

package/dist/index.cjs CHANGED Viewed

@@ -185,13 +185,22 @@ var IKHmac = class {
   constructor(secret) {
     this.secret = secret;
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   /**
    * Verifies that a response from the IK-Firewall server is authentic.
    */
   async verify(data) {
     if (!data || !data.signature) return false;
     const { signature, ...rest } = data;
-    const payload = JSON.stringify(rest);
+    const payload = JSON.stringify(this.sortObject(rest));
     try {
       const crypto = typeof window === "undefined" ? (await import(
         /* webpackIgnore: true */
@@ -281,12 +290,13 @@ var ConfigManager = class {
       const response = await fetch(`${endpoint}?licenseKey=${instanceConfig?.licenseKey || ""}&instanceId=${instanceId}&version=2.3.0`);
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
-            return;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+          return;
         }
         await this.setInstanceConfig(instanceId, {
           billingStatus: data.billingStatus,
@@ -372,12 +382,13 @@ var ConfigManager = class {
       });
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
-            return false;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+          return false;
         }
         await this.setInstanceConfig(instanceId, {
           licenseKey: data.licenseKey,
@@ -1561,12 +1572,13 @@ var UsageTracker = class {
       await this.sendBatch(payload);
     } catch (error) {
       console.error("[IK_TRACKER] Batch send failed:", error.message);
-      const isAuthError = error.message?.includes("401");
-      if (!isAuthError) {
+      const isAuthError = error.message?.includes("401") || error.message?.includes("403");
+      if (isAuthError) {
+        console.warn("[IK_TRACKER] \u{1F512} Unauthorized/Forbidden: Subscription invalid or blocked. Discarding batch.");
+        this.config.setBlockedStatus(instanceId, true);
+      } else {
         console.log("[IK_TRACKER] Queuing for retry...");
         this.handleFailure(payload);
-      } else {
-        console.warn("[IK_TRACKER] Unauthorized: Please check your IK_FIREWALL_SECRET and License Key. Discarding batch.");
       }
     } finally {
       this.flushInProgress = false;
@@ -1579,15 +1591,16 @@ var UsageTracker = class {
     if (process.env.IK_FIREWALL_DISABLED === "true" || process.env.NEXT_PUBLIC_IK_FIREWALL_DISABLED === "true") {
       return;
     }
-    if (hmacSecret) {
-      try {
-        const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
-        if (crypto && crypto.createHmac) {
-          const { signature: _sig, ...signablePayload } = payload;
-          payload.signature = crypto.createHmac("sha256", hmacSecret).update(JSON.stringify(signablePayload)).digest("hex");
-        }
-      } catch (e) {
+    const defaultSecret = "default-secret-change-in-production";
+    const signingKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : payload.licenseKey || defaultSecret;
+    try {
+      const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
+      if (crypto && crypto.createHmac) {
+        const { signature: _sig, ...signablePayload } = payload;
+        const sortedPayload = this.sortObject(signablePayload);
+        payload.signature = crypto.createHmac("sha256", signingKey).update(JSON.stringify(sortedPayload)).digest("hex");
       }
+    } catch (e) {
     }
     const response = await fetch(endpoint, {
       method: "POST",
@@ -1626,6 +1639,15 @@ var UsageTracker = class {
       await this.hooks.persistState(`ik_retry_${payload.timestamp}`, JSON.stringify(payload));
     }
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   getBuffer() {
     return Array.from(this.aggregationMap.values());
   }
@@ -1882,6 +1904,7 @@ var IKFirewallCore = class _IKFirewallCore {
     if (mode === "anthropic") return "claude-3-5-sonnet-20241022";
     if (mode === "deepseek") return "deepseek-reasoner";
     if (mode === "gemini") return "gemini-1.5-pro";
+    if (mode === "perplexity") return role === "high_performance" ? "sonar-pro" : "sonar";
     return role === "high_performance" ? "gpt-4o" : "gpt-4o-mini";
   }
   /**

package/dist/index.js CHANGED Viewed

@@ -143,13 +143,22 @@ var IKHmac = class {
   constructor(secret) {
     this.secret = secret;
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   /**
    * Verifies that a response from the IK-Firewall server is authentic.
    */
   async verify(data) {
     if (!data || !data.signature) return false;
     const { signature, ...rest } = data;
-    const payload = JSON.stringify(rest);
+    const payload = JSON.stringify(this.sortObject(rest));
     try {
       const crypto = typeof window === "undefined" ? (await import(
         /* webpackIgnore: true */
@@ -239,12 +248,13 @@ var ConfigManager = class {
       const response = await fetch(`${endpoint}?licenseKey=${instanceConfig?.licenseKey || ""}&instanceId=${instanceId}&version=2.3.0`);
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
-            return;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_SYNC] \u{1F6A8} Signature verification failed! Remote config rejected.");
+          return;
         }
         await this.setInstanceConfig(instanceId, {
           billingStatus: data.billingStatus,
@@ -330,12 +340,13 @@ var ConfigManager = class {
       });
       if (response.ok) {
         const data = await response.json();
-        if (this.config.hmacSecret) {
-          const verifier = new IKHmac(this.config.hmacSecret);
-          if (!verifier.verify(data)) {
-            console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
-            return false;
-          }
+        const defaultSecret = "default-secret-change-in-production";
+        const hmacSecret = this.config.hmacSecret;
+        const verificationKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : defaultSecret;
+        const verifier = new IKHmac(verificationKey);
+        if (!await verifier.verify(data)) {
+          console.error("[IK_REGISTRY] \u{1F6A8} Registration signature mismatch. Data rejected!");
+          return false;
         }
         await this.setInstanceConfig(instanceId, {
           licenseKey: data.licenseKey,
@@ -1519,12 +1530,13 @@ var UsageTracker = class {
       await this.sendBatch(payload);
     } catch (error) {
       console.error("[IK_TRACKER] Batch send failed:", error.message);
-      const isAuthError = error.message?.includes("401");
-      if (!isAuthError) {
+      const isAuthError = error.message?.includes("401") || error.message?.includes("403");
+      if (isAuthError) {
+        console.warn("[IK_TRACKER] \u{1F512} Unauthorized/Forbidden: Subscription invalid or blocked. Discarding batch.");
+        this.config.setBlockedStatus(instanceId, true);
+      } else {
         console.log("[IK_TRACKER] Queuing for retry...");
         this.handleFailure(payload);
-      } else {
-        console.warn("[IK_TRACKER] Unauthorized: Please check your IK_FIREWALL_SECRET and License Key. Discarding batch.");
       }
     } finally {
       this.flushInProgress = false;
@@ -1537,15 +1549,16 @@ var UsageTracker = class {
     if (process.env.IK_FIREWALL_DISABLED === "true" || process.env.NEXT_PUBLIC_IK_FIREWALL_DISABLED === "true") {
       return;
     }
-    if (hmacSecret) {
-      try {
-        const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
-        if (crypto && crypto.createHmac) {
-          const { signature: _sig, ...signablePayload } = payload;
-          payload.signature = crypto.createHmac("sha256", hmacSecret).update(JSON.stringify(signablePayload)).digest("hex");
-        }
-      } catch (e) {
+    const defaultSecret = "default-secret-change-in-production";
+    const signingKey = hmacSecret && hmacSecret !== defaultSecret ? hmacSecret : payload.licenseKey || defaultSecret;
+    try {
+      const crypto = typeof window === "undefined" ? (await import("crypto")).default : null;
+      if (crypto && crypto.createHmac) {
+        const { signature: _sig, ...signablePayload } = payload;
+        const sortedPayload = this.sortObject(signablePayload);
+        payload.signature = crypto.createHmac("sha256", signingKey).update(JSON.stringify(sortedPayload)).digest("hex");
       }
+    } catch (e) {
     }
     const response = await fetch(endpoint, {
       method: "POST",
@@ -1584,6 +1597,15 @@ var UsageTracker = class {
       await this.hooks.persistState(`ik_retry_${payload.timestamp}`, JSON.stringify(payload));
     }
   }
+  sortObject(obj) {
+    if (obj === null || typeof obj !== "object") return obj;
+    if (Array.isArray(obj)) return obj.map((i) => this.sortObject(i));
+    const sorted = {};
+    Object.keys(obj).sort().forEach((key) => {
+      sorted[key] = this.sortObject(obj[key]);
+    });
+    return sorted;
+  }
   getBuffer() {
     return Array.from(this.aggregationMap.values());
   }
@@ -1840,6 +1862,7 @@ var IKFirewallCore = class _IKFirewallCore {
     if (mode === "anthropic") return "claude-3-5-sonnet-20241022";
     if (mode === "deepseek") return "deepseek-reasoner";
     if (mode === "gemini") return "gemini-1.5-pro";
+    if (mode === "perplexity") return role === "high_performance" ? "sonar-pro" : "sonar";
     return role === "high_performance" ? "gpt-4o" : "gpt-4o-mini";
   }
   /**

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@ik-firewall/core",
-  "version": "2.4.1",
+  "version": "2.4.3",
   "type": "module",
   "description": "The core IK Firewall engine for semantic-driven AI optimization.",
   "main": "./dist/index.js",