@napp/dti-server 4.4.5 → 4.5.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (15) hide show
  1. package/action.d.ts +5 -3
  2. package/action.js +38 -1
  3. package/bundler.js +22 -33
  4. package/common.d.ts +3 -0
  5. package/esm/action.d.ts +5 -3
  6. package/esm/action.js +38 -1
  7. package/esm/bundler.js +3 -2
  8. package/esm/common.d.ts +3 -0
  9. package/esm/route.js +7 -5
  10. package/esm/server.d.ts +5 -0
  11. package/esm/server.js +8 -2
  12. package/package.json +2 -2
  13. package/route.js +8 -7
  14. package/server.d.ts +5 -0
  15. package/server.js +8 -2
package/action.d.ts CHANGED
@@ -1,5 +1,7 @@
1
- import { DtiAction } from "@napp/dti-core";
2
- import { IContext } from "./common";
1
+ import type { DtiAction } from "@napp/dti-core";
2
+ import type { IContext } from "./common";
3
+ import type { DtiServer } from "./server";
4
+ import type { Request } from "express";
3
5
  export interface ODtiServerAction<RESULT, PARAM> {
4
6
  action: (param: PARAM, ctx: IContext) => Promise<RESULT>;
5
7
  }
@@ -8,6 +10,6 @@ export declare class DtiServerAction<RESULT, PARAM> {
8
10
  private opt;
9
11
  private constructor();
10
12
  action(param: PARAM, ctx: IContext): Promise<RESULT>;
11
- validation(param: PARAM): void;
13
+ validation(server: DtiServer, param: PARAM, req: Request, isBundler?: boolean): Promise<void>;
12
14
  static factory<RESULT, PARAM>(meta: DtiAction<RESULT, PARAM>, opt: ODtiServerAction<RESULT, PARAM>): DtiServerAction<RESULT, PARAM>;
13
15
  }
package/action.js CHANGED
@@ -1,7 +1,16 @@
1
1
  "use strict";
2
2
  Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.DtiServerAction = void 0;
4
+ const node_crypto_1 = require("node:crypto");
5
+ function createHmacString(secret, data) {
6
+ const expected = (0, node_crypto_1.createHmac)("sha256", secret)
7
+ .update(data, "utf8")
8
+ .digest("base64");
9
+ return expected;
10
+ }
4
11
  class DtiServerAction {
12
+ meta;
13
+ opt;
5
14
  constructor(meta, opt) {
6
15
  this.meta = meta;
7
16
  this.opt = opt;
@@ -9,8 +18,36 @@ class DtiServerAction {
9
18
  action(param, ctx) {
10
19
  return this.opt.action(param, ctx);
11
20
  }
12
- validation(param) {
21
+ async validation(server, param, req, isBundler = false) {
13
22
  this.meta.validate(param);
23
+ if (server.signatureSecret && isBundler === false) {
24
+ const data = this.meta.sign(param);
25
+ if (data) {
26
+ const timestamp = req.get('X-DTI-Timestamp') ?? '';
27
+ const nonce = req.get('X-DTI-Nonce') ?? '';
28
+ const signature = req.get('X-DTI-Signature') ?? '';
29
+ if (!(timestamp && nonce && signature)) {
30
+ throw new Error('requared signature');
31
+ }
32
+ const secret = await server.signatureSecret();
33
+ const expected = createHmacString(secret, `${timestamp}.${nonce}.${data}`);
34
+ // console.log('--------method', req.method, this.meta.getFullname() )
35
+ // console.log('secret', secret)
36
+ // console.log('timestamp', timestamp)
37
+ // console.log('nonce', nonce)
38
+ // console.log('signature', signature)
39
+ // console.log('expected', expected)
40
+ const a = Buffer.from(expected, "base64");
41
+ const b = Buffer.from(signature, 'base64');
42
+ if (a.length !== b.length) {
43
+ throw new Error("invalid signature");
44
+ }
45
+ const valid = (0, node_crypto_1.timingSafeEqual)(new Uint8Array(a), new Uint8Array(b));
46
+ if (valid === false) {
47
+ throw new Error("invalid signature");
48
+ }
49
+ }
50
+ }
14
51
  }
15
52
  static factory(meta, opt) {
16
53
  return new DtiServerAction(meta, opt);
package/bundler.js CHANGED
@@ -1,58 +1,47 @@
1
1
  "use strict";
2
- var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
3
- function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
4
- return new (P || (P = Promise))(function (resolve, reject) {
5
- function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
6
- function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
7
- function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
8
- step((generator = generator.apply(thisArg, _arguments || [])).next());
9
- });
10
- };
11
2
  Object.defineProperty(exports, "__esModule", { value: true });
12
3
  exports.BundlerServer = void 0;
13
4
  const dti_core_1 = require("@napp/dti-core");
14
5
  class BundlerServer {
6
+ server;
7
+ base62 = new dti_core_1.Base62();
15
8
  constructor(server) {
16
9
  this.server = server;
17
- this.base62 = new dti_core_1.Base62();
18
10
  }
19
- action(meta, ctx) {
20
- return __awaiter(this, void 0, void 0, function* () {
21
- let actions = [];
22
- for (let it of meta) {
23
- let action = this.server.getActionByName(it.name);
24
- if (action) {
25
- action.validation(it.param);
26
- // console.log('call', it.name, it.param, await action?.action(it.param, ctx))
27
- actions.push(() => __awaiter(this, void 0, void 0, function* () { return yield (action === null || action === void 0 ? void 0 : action.action(it.param, ctx)); }));
28
- }
29
- else {
30
- throw new Error('not defined action. name=' + it.name);
31
- }
11
+ async action(meta, ctx) {
12
+ let actions = [];
13
+ for (let it of meta) {
14
+ let action = this.server.getActionByName(it.name);
15
+ if (action) {
16
+ await action.validation(this.server, it.param, ctx.req, true);
17
+ // console.log('call', it.name, it.param, await action?.action(it.param, ctx))
18
+ actions.push(async () => await action?.action(it.param, ctx));
32
19
  }
33
- return yield Promise.all(actions.map(it => it()));
34
- });
20
+ else {
21
+ throw new Error('not defined action. name=' + it.name);
22
+ }
23
+ }
24
+ return await Promise.all(actions.map(it => it()));
35
25
  }
36
26
  setup(expressRoute, setuper) {
37
27
  if (setuper.factoryBodyparseJson) {
38
- expressRoute.post('/__bundler_post__', setuper.factoryBodyparseJson(), (req, res, next) => __awaiter(this, void 0, void 0, function* () {
28
+ expressRoute.post('/__bundler_post__', setuper.factoryBodyparseJson(), async (req, res, next) => {
39
29
  try {
40
30
  let meta = req.body || [];
41
- let result = yield this.action(meta, { req, res });
31
+ let result = await this.action(meta, { req, res });
42
32
  res.json(result);
43
33
  }
44
34
  catch (error) {
45
35
  next(error);
46
36
  }
47
- }));
48
- expressRoute.get('/__bundler_get__', (req, res, next) => __awaiter(this, void 0, void 0, function* () {
49
- var _a;
37
+ });
38
+ expressRoute.get('/__bundler_get__', async (req, res, next) => {
50
39
  try {
51
- let p = (_a = req.query) === null || _a === void 0 ? void 0 : _a.p;
40
+ let p = req.query?.p;
52
41
  if (p) {
53
42
  let json = this.base62.decode(p);
54
43
  let meta = JSON.parse(json);
55
- let result = yield this.action(meta, { req, res });
44
+ let result = await this.action(meta, { req, res });
56
45
  res.json(result);
57
46
  }
58
47
  else {
@@ -62,7 +51,7 @@ class BundlerServer {
62
51
  catch (error) {
63
52
  next(error);
64
53
  }
65
- }));
54
+ });
66
55
  }
67
56
  else {
68
57
  throw new Error('not defined server.factoryBodyparseJson');
package/common.d.ts CHANGED
@@ -19,4 +19,7 @@ export interface OSetupParam {
19
19
  factoryBodyparseJson?: () => IMiddleware;
20
20
  factoryBodyparseUrlencode?: () => IMiddleware;
21
21
  errorHandle?: IErrorHandle;
22
+ signatureSecret?: {
23
+ (): Promise<string>;
24
+ };
22
25
  }
package/esm/action.d.ts CHANGED
@@ -1,5 +1,7 @@
1
- import { DtiAction } from "@napp/dti-core";
2
- import { IContext } from "./common";
1
+ import type { DtiAction } from "@napp/dti-core";
2
+ import type { IContext } from "./common";
3
+ import type { DtiServer } from "./server";
4
+ import type { Request } from "express";
3
5
  export interface ODtiServerAction<RESULT, PARAM> {
4
6
  action: (param: PARAM, ctx: IContext) => Promise<RESULT>;
5
7
  }
@@ -8,6 +10,6 @@ export declare class DtiServerAction<RESULT, PARAM> {
8
10
  private opt;
9
11
  private constructor();
10
12
  action(param: PARAM, ctx: IContext): Promise<RESULT>;
11
- validation(param: PARAM): void;
13
+ validation(server: DtiServer, param: PARAM, req: Request, isBundler?: boolean): Promise<void>;
12
14
  static factory<RESULT, PARAM>(meta: DtiAction<RESULT, PARAM>, opt: ODtiServerAction<RESULT, PARAM>): DtiServerAction<RESULT, PARAM>;
13
15
  }
package/esm/action.js CHANGED
@@ -1,4 +1,13 @@
1
+ import { createHmac, timingSafeEqual } from "node:crypto";
2
+ function createHmacString(secret, data) {
3
+ const expected = createHmac("sha256", secret)
4
+ .update(data, "utf8")
5
+ .digest("base64");
6
+ return expected;
7
+ }
1
8
  export class DtiServerAction {
9
+ meta;
10
+ opt;
2
11
  constructor(meta, opt) {
3
12
  this.meta = meta;
4
13
  this.opt = opt;
@@ -6,8 +15,36 @@ export class DtiServerAction {
6
15
  action(param, ctx) {
7
16
  return this.opt.action(param, ctx);
8
17
  }
9
- validation(param) {
18
+ async validation(server, param, req, isBundler = false) {
10
19
  this.meta.validate(param);
20
+ if (server.signatureSecret && isBundler === false) {
21
+ const data = this.meta.sign(param);
22
+ if (data) {
23
+ const timestamp = req.get('X-DTI-Timestamp') ?? '';
24
+ const nonce = req.get('X-DTI-Nonce') ?? '';
25
+ const signature = req.get('X-DTI-Signature') ?? '';
26
+ if (!(timestamp && nonce && signature)) {
27
+ throw new Error('requared signature');
28
+ }
29
+ const secret = await server.signatureSecret();
30
+ const expected = createHmacString(secret, `${timestamp}.${nonce}.${data}`);
31
+ // console.log('--------method', req.method, this.meta.getFullname() )
32
+ // console.log('secret', secret)
33
+ // console.log('timestamp', timestamp)
34
+ // console.log('nonce', nonce)
35
+ // console.log('signature', signature)
36
+ // console.log('expected', expected)
37
+ const a = Buffer.from(expected, "base64");
38
+ const b = Buffer.from(signature, 'base64');
39
+ if (a.length !== b.length) {
40
+ throw new Error("invalid signature");
41
+ }
42
+ const valid = timingSafeEqual(new Uint8Array(a), new Uint8Array(b));
43
+ if (valid === false) {
44
+ throw new Error("invalid signature");
45
+ }
46
+ }
47
+ }
11
48
  }
12
49
  static factory(meta, opt) {
13
50
  return new DtiServerAction(meta, opt);
package/esm/bundler.js CHANGED
@@ -1,15 +1,16 @@
1
1
  import { Base62 } from "@napp/dti-core";
2
2
  export class BundlerServer {
3
+ server;
4
+ base62 = new Base62();
3
5
  constructor(server) {
4
6
  this.server = server;
5
- this.base62 = new Base62();
6
7
  }
7
8
  async action(meta, ctx) {
8
9
  let actions = [];
9
10
  for (let it of meta) {
10
11
  let action = this.server.getActionByName(it.name);
11
12
  if (action) {
12
- action.validation(it.param);
13
+ await action.validation(this.server, it.param, ctx.req, true);
13
14
  // console.log('call', it.name, it.param, await action?.action(it.param, ctx))
14
15
  actions.push(async () => await action?.action(it.param, ctx));
15
16
  }
package/esm/common.d.ts CHANGED
@@ -19,4 +19,7 @@ export interface OSetupParam {
19
19
  factoryBodyparseJson?: () => IMiddleware;
20
20
  factoryBodyparseUrlencode?: () => IMiddleware;
21
21
  errorHandle?: IErrorHandle;
22
+ signatureSecret?: {
23
+ (): Promise<string>;
24
+ };
22
25
  }
package/esm/route.js CHANGED
@@ -1,9 +1,11 @@
1
1
  import { DtiMode, Base62, DtiRawResponse } from "@napp/dti-core";
2
2
  export class DtiServerRoute {
3
+ meta;
4
+ server;
5
+ base62 = new Base62();
3
6
  constructor(meta, server) {
4
7
  this.meta = meta;
5
8
  this.server = server;
6
- this.base62 = new Base62();
7
9
  }
8
10
  param(action, req) {
9
11
  let mode = action.meta.getMode();
@@ -27,10 +29,10 @@ export class DtiServerRoute {
27
29
  }
28
30
  throw new Error('not supported mode');
29
31
  }
30
- callAction(sa, req, res, next) {
32
+ async callAction(sa, req, res, next) {
31
33
  try {
32
34
  let param = this.param(sa, req);
33
- sa.validation(param);
35
+ await sa.validation(this.server, param, req);
34
36
  return sa.action(param, { req, res })
35
37
  .then(rsu => {
36
38
  if (DtiRawResponse.is(rsu) === false) {
@@ -46,8 +48,8 @@ export class DtiServerRoute {
46
48
  setupAction(expressRoute, action, setuper) {
47
49
  let mode = action.meta.getMode();
48
50
  let path = action.meta.getPath();
49
- let endpoint = (req, res, next) => {
50
- this.callAction(action, req, res, next);
51
+ let endpoint = async (req, res, next) => {
52
+ await this.callAction(action, req, res, next);
51
53
  };
52
54
  if (mode === DtiMode.QString || mode === DtiMode.QJson) {
53
55
  expressRoute.get(path, endpoint);
package/esm/server.d.ts CHANGED
@@ -4,14 +4,19 @@ import { OSetupParam } from "./common";
4
4
  export interface IRawActionBuilder {
5
5
  (expressRoute: any): void;
6
6
  }
7
+ export interface ISignatureVerify {
8
+ (data: string): Promise<string>;
9
+ }
7
10
  export declare class DtiServer {
8
11
  private root;
9
12
  constructor(root: DtiRoute);
10
13
  private _actions;
11
14
  private _raws;
15
+ private _signatureSecret;
12
16
  register(...actions: DtiServerAction<any, any>[]): this;
13
17
  rawRegister(route: DtiRoute, ...handlers: IRawActionBuilder[]): this;
14
18
  getActionByName(name: string): DtiServerAction<any, any> | undefined;
15
19
  getRawByName(name: string): IRawActionBuilder[] | undefined;
20
+ get signatureSecret(): (() => Promise<string>) | undefined;
16
21
  static setup(server: DtiServer, setuper: OSetupParam): any;
17
22
  }
package/esm/server.js CHANGED
@@ -1,11 +1,13 @@
1
1
  import { DtiServerRoute } from "./route";
2
2
  import { BundlerServer } from "./bundler";
3
3
  export class DtiServer {
4
+ root;
4
5
  constructor(root) {
5
6
  this.root = root;
6
- this._actions = new Map();
7
- this._raws = new Map();
8
7
  }
8
+ _actions = new Map();
9
+ _raws = new Map();
10
+ _signatureSecret = undefined;
9
11
  register(...actions) {
10
12
  for (let action of actions) {
11
13
  let name = action.meta.getFullname();
@@ -33,6 +35,9 @@ export class DtiServer {
33
35
  getRawByName(name) {
34
36
  return this._raws.get(name);
35
37
  }
38
+ get signatureSecret() {
39
+ return this._signatureSecret;
40
+ }
36
41
  static setup(server, setuper) {
37
42
  let route = setuper.factoryExpressRouter(server.root);
38
43
  new BundlerServer(server).setup(route, setuper);
@@ -40,6 +45,7 @@ export class DtiServer {
40
45
  if (setuper.errorHandle) {
41
46
  route.use(setuper.errorHandle);
42
47
  }
48
+ server._signatureSecret = setuper.signatureSecret;
43
49
  return route;
44
50
  }
45
51
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@napp/dti-server",
3
- "version": "4.4.5",
3
+ "version": "4.5.2",
4
4
  "description": "data transaction interface server library",
5
5
  "repository": {
6
6
  "type": "git",
@@ -27,6 +27,6 @@
27
27
  "@napp/exception": "^9.1.4"
28
28
  },
29
29
  "dependencies": {
30
- "@napp/dti-core": "4.4.5"
30
+ "@napp/dti-core": "4.5.2"
31
31
  }
32
32
  }
package/route.js CHANGED
@@ -3,20 +3,21 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.DtiServerRoute = void 0;
4
4
  const dti_core_1 = require("@napp/dti-core");
5
5
  class DtiServerRoute {
6
+ meta;
7
+ server;
8
+ base62 = new dti_core_1.Base62();
6
9
  constructor(meta, server) {
7
10
  this.meta = meta;
8
11
  this.server = server;
9
- this.base62 = new dti_core_1.Base62();
10
12
  }
11
13
  param(action, req) {
12
- var _a;
13
14
  let mode = action.meta.getMode();
14
15
  if (mode === dti_core_1.DtiMode.QString) {
15
16
  return req.query;
16
17
  }
17
18
  else if (mode === dti_core_1.DtiMode.QJson) {
18
19
  try {
19
- let p = (_a = req.query) === null || _a === void 0 ? void 0 : _a.p;
20
+ let p = req.query?.p;
20
21
  if (p) {
21
22
  let json = this.base62.decode(p);
22
23
  return JSON.parse(json);
@@ -31,10 +32,10 @@ class DtiServerRoute {
31
32
  }
32
33
  throw new Error('not supported mode');
33
34
  }
34
- callAction(sa, req, res, next) {
35
+ async callAction(sa, req, res, next) {
35
36
  try {
36
37
  let param = this.param(sa, req);
37
- sa.validation(param);
38
+ await sa.validation(this.server, param, req);
38
39
  return sa.action(param, { req, res })
39
40
  .then(rsu => {
40
41
  if (dti_core_1.DtiRawResponse.is(rsu) === false) {
@@ -50,8 +51,8 @@ class DtiServerRoute {
50
51
  setupAction(expressRoute, action, setuper) {
51
52
  let mode = action.meta.getMode();
52
53
  let path = action.meta.getPath();
53
- let endpoint = (req, res, next) => {
54
- this.callAction(action, req, res, next);
54
+ let endpoint = async (req, res, next) => {
55
+ await this.callAction(action, req, res, next);
55
56
  };
56
57
  if (mode === dti_core_1.DtiMode.QString || mode === dti_core_1.DtiMode.QJson) {
57
58
  expressRoute.get(path, endpoint);
package/server.d.ts CHANGED
@@ -4,14 +4,19 @@ import { OSetupParam } from "./common";
4
4
  export interface IRawActionBuilder {
5
5
  (expressRoute: any): void;
6
6
  }
7
+ export interface ISignatureVerify {
8
+ (data: string): Promise<string>;
9
+ }
7
10
  export declare class DtiServer {
8
11
  private root;
9
12
  constructor(root: DtiRoute);
10
13
  private _actions;
11
14
  private _raws;
15
+ private _signatureSecret;
12
16
  register(...actions: DtiServerAction<any, any>[]): this;
13
17
  rawRegister(route: DtiRoute, ...handlers: IRawActionBuilder[]): this;
14
18
  getActionByName(name: string): DtiServerAction<any, any> | undefined;
15
19
  getRawByName(name: string): IRawActionBuilder[] | undefined;
20
+ get signatureSecret(): (() => Promise<string>) | undefined;
16
21
  static setup(server: DtiServer, setuper: OSetupParam): any;
17
22
  }
package/server.js CHANGED
@@ -4,11 +4,13 @@ exports.DtiServer = void 0;
4
4
  const route_1 = require("./route");
5
5
  const bundler_1 = require("./bundler");
6
6
  class DtiServer {
7
+ root;
7
8
  constructor(root) {
8
9
  this.root = root;
9
- this._actions = new Map();
10
- this._raws = new Map();
11
10
  }
11
+ _actions = new Map();
12
+ _raws = new Map();
13
+ _signatureSecret = undefined;
12
14
  register(...actions) {
13
15
  for (let action of actions) {
14
16
  let name = action.meta.getFullname();
@@ -36,6 +38,9 @@ class DtiServer {
36
38
  getRawByName(name) {
37
39
  return this._raws.get(name);
38
40
  }
41
+ get signatureSecret() {
42
+ return this._signatureSecret;
43
+ }
39
44
  static setup(server, setuper) {
40
45
  let route = setuper.factoryExpressRouter(server.root);
41
46
  new bundler_1.BundlerServer(server).setup(route, setuper);
@@ -43,6 +48,7 @@ class DtiServer {
43
48
  if (setuper.errorHandle) {
44
49
  route.use(setuper.errorHandle);
45
50
  }
51
+ server._signatureSecret = setuper.signatureSecret;
46
52
  return route;
47
53
  }
48
54
  }