@jshookmcp/jshook 0.2.8 → 0.2.9

package/dist/bind-helpers-xFfRF-qm.mjs

@@ -0,0 +1,22 @@
+//#region src/server/registry/bind-helpers.ts
+/**
+* Retrieve a dependency by key with a runtime guard.
+* The caller specifies the expected type via the generic parameter.
+*/
+function getDep(deps, key) {
+	const value = deps[key];
+	if (!value) throw new Error(`[registry] Missing dependency: "${key}". Is the domain enabled?`);
+	return value;
+}
+/**
+* Create a `bind` function that extracts the handler from `deps[depKey]`
+* and delegates to `invoke(handler, args)`.
+*
+* This preserves full type safety within each manifest while the global
+* deps container stays dynamically keyed.
+*/
+function bindByDepKey(depKey, invoke) {
+	return (deps) => (args) => invoke(getDep(deps, depKey), args);
+}
+//#endregion
+export { getDep as n, bindByDepKey as t };

package/dist/boringssl-inspector-BH2D3VKc.mjs

@@ -0,0 +1,180 @@
+import { t as __exportAll } from "./chunk-CjcI7cDX.mjs";
+import { a as getTlsKeyLogDir } from "./outputPaths-B1uGmrWZ.mjs";
+import { createDecipheriv, randomUUID } from "node:crypto";
+import { existsSync, readFileSync } from "node:fs";
+import { dirname, resolve } from "node:path";
+import { mkdir, writeFile } from "node:fs/promises";
+//#region src/modules/boringssl-inspector/TLSKeyLogExtractor.ts
+const DEFAULT_KEYLOG_PREFIX = "jshook-boringssl";
+function normalizeHex(value) {
+	return value.replace(/\s+/g, "").toUpperCase();
+}
+function isHex(value) {
+	return value.length > 0 && value.length % 2 === 0 && /^[0-9A-F]+$/i.test(value);
+}
+function parseOptionalTimestamp(token) {
+	if (!token) return;
+	const parsed = new Date(token);
+	if (Number.isNaN(parsed.valueOf())) return;
+	return parsed.toISOString();
+}
+function defaultKeyLogPath() {
+	return resolve(getTlsKeyLogDir(), `${DEFAULT_KEYLOG_PREFIX}-${randomUUID()}.log`);
+}
+function parseEntriesFromContent(content) {
+	const entries = [];
+	for (const rawLine of content.split(/\r?\n/)) {
+		const line = rawLine.trim();
+		if (line.length === 0 || line.startsWith("#")) continue;
+		const parts = line.split(/\s+/);
+		const label = parts[0];
+		const clientRandom = parts[1];
+		const secret = parts[2];
+		const timestamp = parseOptionalTimestamp(parts[3]);
+		if (!label || !clientRandom || !secret) continue;
+		const normalizedClientRandom = normalizeHex(clientRandom);
+		const normalizedSecret = normalizeHex(secret);
+		if (!isHex(normalizedClientRandom) || !isHex(normalizedSecret)) continue;
+		const entry = {
+			label,
+			clientRandom: normalizedClientRandom,
+			secret: normalizedSecret
+		};
+		if (timestamp) entry.timestamp = timestamp;
+		entries.push(entry);
+	}
+	return entries;
+}
+var TLSKeyLogExtractor = class {
+	keyLogPath;
+	cachedEntries = [];
+	secretByClientRandom = /* @__PURE__ */ new Map();
+	constructor(keyLogPath) {
+		this.keyLogPath = resolve(keyLogPath ?? defaultKeyLogPath());
+	}
+	async enableKeyLog() {
+		await mkdir(dirname(this.keyLogPath), { recursive: true });
+		await writeFile(this.keyLogPath, "", { flag: "a" });
+		process.env.SSLKEYLOGFILE = this.keyLogPath;
+		return this.keyLogPath;
+	}
+	async disableKeyLog() {
+		if (process.env.SSLKEYLOGFILE === this.keyLogPath) {
+			delete process.env.SSLKEYLOGFILE;
+			return;
+		}
+		delete process.env.SSLKEYLOGFILE;
+	}
+	getKeyLogFilePath() {
+		return this.keyLogPath;
+	}
+	parseKeyLog(path) {
+		const targetPath = resolve(path ?? this.keyLogPath);
+		if (!existsSync(targetPath)) {
+			this.cachedEntries = [];
+			this.secretByClientRandom.clear();
+			return [];
+		}
+		const entries = parseEntriesFromContent(readFileSync(targetPath, "utf8"));
+		this.cachedEntries = entries;
+		this.secretByClientRandom.clear();
+		for (const entry of entries) this.secretByClientRandom.set(entry.clientRandom, entry.secret);
+		return entries;
+	}
+	decryptPayload(encryptedHex, secrets) {
+		const normalizedPayload = normalizeHex(encryptedHex);
+		if (!isHex(normalizedPayload) || secrets.length === 0) return null;
+		if (!secrets.some((entry) => entry.secret.length > 0)) return null;
+		try {
+			return Buffer.from(normalizedPayload, "hex");
+		} catch {
+			return null;
+		}
+	}
+	summarizeKeyLog(path) {
+		const entries = this.parseKeyLog(path);
+		const entriesByLabel = {};
+		const timestamps = [];
+		for (const entry of entries) {
+			entriesByLabel[entry.label] = (entriesByLabel[entry.label] ?? 0) + 1;
+			if (entry.timestamp) timestamps.push(entry.timestamp);
+		}
+		timestamps.sort((left, right) => left.localeCompare(right));
+		const summary = {
+			totalEntries: entries.length,
+			entriesByLabel
+		};
+		if (timestamps.length > 0) {
+			const firstSeen = timestamps[0];
+			const lastSeen = timestamps[timestamps.length - 1];
+			if (firstSeen) summary.firstSeen = firstSeen;
+			if (lastSeen) summary.lastSeen = lastSeen;
+		}
+		return summary;
+	}
+	lookupSecret(clientRandom) {
+		const normalizedClientRandom = normalizeHex(clientRandom);
+		const cached = this.secretByClientRandom.get(normalizedClientRandom);
+		if (cached) return cached;
+		for (const entry of this.cachedEntries.length > 0 ? this.cachedEntries : this.parseKeyLog()) if (entry.clientRandom === normalizedClientRandom) return entry.secret;
+		return null;
+	}
+};
+const LEGACY_DEFAULT_PATH = "/tmp/sslkeylog.log";
+function enableKeyLog(path = LEGACY_DEFAULT_PATH) {
+	process.env.SSLKEYLOGFILE = path;
+	return path;
+}
+function disableKeyLog() {
+	delete process.env.SSLKEYLOGFILE;
+}
+function getKeyLogFilePath() {
+	const configured = process.env.SSLKEYLOGFILE;
+	if (!configured || configured.trim().length === 0) return null;
+	return configured;
+}
+function parseKeyLog(contentOrPath) {
+	if (contentOrPath.length === 0) return [];
+	if (contentOrPath.includes("\n") || contentOrPath.includes("\r") || contentOrPath.includes("CLIENT_") || contentOrPath.trim().startsWith("#")) return parseEntriesFromContent(contentOrPath);
+	return new TLSKeyLogExtractor(contentOrPath).parseKeyLog();
+}
+function summarizeKeyLog(entries) {
+	const labels = [...new Set(entries.map((entry) => entry.label))];
+	const uniqueClients = new Set(entries.map((entry) => entry.clientRandom)).size;
+	const hasTrafficSecrets = entries.some((entry) => entry.label.includes("TRAFFIC_SECRET"));
+	return {
+		totalEntries: entries.length,
+		uniqueClients,
+		hasClientRandom: labels.includes("CLIENT_RANDOM"),
+		hasTrafficSecrets,
+		labels
+	};
+}
+function lookupSecret(entries, clientRandom, label) {
+	const normalizedClientRandom = normalizeHex(clientRandom);
+	const normalizedLabel = label?.trim();
+	for (const entry of entries) {
+		if (entry.clientRandom !== normalizedClientRandom) continue;
+		if (normalizedLabel && entry.label !== normalizedLabel) continue;
+		return entry.secret;
+	}
+	return null;
+}
+function decryptPayload(encryptedHex, keyHex, nonceHex, algorithm = "aes-256-gcm", authTagHex) {
+	try {
+		const encrypted = Buffer.from(normalizeHex(encryptedHex), "hex");
+		const decipher = createDecipheriv(algorithm, Buffer.from(normalizeHex(keyHex), "hex"), Buffer.from(normalizeHex(nonceHex), "hex"));
+		if (authTagHex) {
+			const maybeSetAuthTag = Reflect.get(decipher, "setAuthTag");
+			if (typeof maybeSetAuthTag === "function") maybeSetAuthTag.call(decipher, Buffer.from(normalizeHex(authTagHex), "hex"));
+		}
+		return Buffer.concat([decipher.update(encrypted), decipher.final()]).toString("utf8");
+	} catch {
+		return `DECRYPTION_FAILED:${algorithm}`;
+	}
+}
+//#endregion
+//#region src/modules/boringssl-inspector/index.ts
+var boringssl_inspector_exports = /* @__PURE__ */ __exportAll({ TLSKeyLogExtractor: () => TLSKeyLogExtractor });
+//#endregion
+export { enableKeyLog as a, parseKeyLog as c, disableKeyLog as i, summarizeKeyLog as l, TLSKeyLogExtractor as n, getKeyLogFilePath as o, decryptPayload as r, lookupSecret as s, boringssl_inspector_exports as t };