npm - @nocobase/plugin-idp-oauth - Versions diffs - 2.1.0-alpha.17 → 2.1.0-alpha.18 - Mend

@nocobase/plugin-idp-oauth 2.1.0-alpha.17 → 2.1.0-alpha.18

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (214) hide show

package/dist/node_modules/undici/lib/web/infra/index.js ADDED Viewed

@@ -0,0 +1,229 @@
+'use strict'
+const assert = require('node:assert')
+const { utf8DecodeBytes } = require('../../encoding')
+/**
+ * @param {(char: string) => boolean} condition
+ * @param {string} input
+ * @param {{ position: number }} position
+ * @returns {string}
+ *
+ * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
+ */
+function collectASequenceOfCodePoints (condition, input, position) {
+  // 1. Let result be the empty string.
+  let result = ''
+  // 2. While position doesn’t point past the end of input and the
+  // code point at position within input meets the condition condition:
+  while (position.position < input.length && condition(input[position.position])) {
+    // 1. Append that code point to the end of result.
+    result += input[position.position]
+    // 2. Advance position by 1.
+    position.position++
+  }
+  // 3. Return result.
+  return result
+}
+/**
+ * A faster collectASequenceOfCodePoints that only works when comparing a single character.
+ * @param {string} char
+ * @param {string} input
+ * @param {{ position: number }} position
+ * @returns {string}
+ *
+ * @see https://infra.spec.whatwg.org/#collect-a-sequence-of-code-points
+ */
+function collectASequenceOfCodePointsFast (char, input, position) {
+  const idx = input.indexOf(char, position.position)
+  const start = position.position
+  if (idx === -1) {
+    position.position = input.length
+    return input.slice(start)
+  }
+  position.position = idx
+  return input.slice(start, position.position)
+}
+const ASCII_WHITESPACE_REPLACE_REGEX = /[\u0009\u000A\u000C\u000D\u0020]/g // eslint-disable-line no-control-regex
+/**
+ * @param {string} data
+ * @returns {Uint8Array | 'failure'}
+ *
+ * @see https://infra.spec.whatwg.org/#forgiving-base64-decode
+ */
+function forgivingBase64 (data) {
+  // 1. Remove all ASCII whitespace from data.
+  data = data.replace(ASCII_WHITESPACE_REPLACE_REGEX, '')
+  let dataLength = data.length
+  // 2. If data’s code point length divides by 4 leaving
+  // no remainder, then:
+  if (dataLength % 4 === 0) {
+    // 1. If data ends with one or two U+003D (=) code points,
+    // then remove them from data.
+    if (data.charCodeAt(dataLength - 1) === 0x003D) {
+      --dataLength
+      if (data.charCodeAt(dataLength - 1) === 0x003D) {
+        --dataLength
+      }
+    }
+  }
+  // 3. If data’s code point length divides by 4 leaving
+  // a remainder of 1, then return failure.
+  if (dataLength % 4 === 1) {
+    return 'failure'
+  }
+  // 4. If data contains a code point that is not one of
+  //  U+002B (+)
+  //  U+002F (/)
+  //  ASCII alphanumeric
+  // then return failure.
+  if (/[^+/0-9A-Za-z]/.test(data.length === dataLength ? data : data.substring(0, dataLength))) {
+    return 'failure'
+  }
+  const buffer = Buffer.from(data, 'base64')
+  return new Uint8Array(buffer.buffer, buffer.byteOffset, buffer.byteLength)
+}
+/**
+ * @param {number} char
+ * @returns {boolean}
+ *
+ * @see https://infra.spec.whatwg.org/#ascii-whitespace
+ */
+function isASCIIWhitespace (char) {
+  return (
+    char === 0x09 || // \t
+    char === 0x0a || // \n
+    char === 0x0c || // \f
+    char === 0x0d || // \r
+    char === 0x20    // space
+  )
+}
+/**
+ * @param {Uint8Array} input
+ * @returns {string}
+ *
+ * @see https://infra.spec.whatwg.org/#isomorphic-decode
+ */
+function isomorphicDecode (input) {
+  // 1. To isomorphic decode a byte sequence input, return a string whose code point
+  //    length is equal to input’s length and whose code points have the same values
+  //    as the values of input’s bytes, in the same order.
+  const length = input.length
+  if ((2 << 15) - 1 > length) {
+    return String.fromCharCode.apply(null, input)
+  }
+  let result = ''
+  let i = 0
+  let addition = (2 << 15) - 1
+  while (i < length) {
+    if (i + addition > length) {
+      addition = length - i
+    }
+    result += String.fromCharCode.apply(null, input.subarray(i, i += addition))
+  }
+  return result
+}
+const invalidIsomorphicEncodeValueRegex = /[^\x00-\xFF]/ // eslint-disable-line no-control-regex
+/**
+ * @param {string} input
+ * @returns {string}
+ *
+ * @see https://infra.spec.whatwg.org/#isomorphic-encode
+ */
+function isomorphicEncode (input) {
+  // 1. Assert: input contains no code points greater than U+00FF.
+  assert(!invalidIsomorphicEncodeValueRegex.test(input))
+  // 2. Return a byte sequence whose length is equal to input’s code
+  //    point length and whose bytes have the same values as the
+  //    values of input’s code points, in the same order
+  return input
+}
+/**
+ * @see https://infra.spec.whatwg.org/#parse-json-bytes-to-a-javascript-value
+ * @param {Uint8Array} bytes
+ */
+function parseJSONFromBytes (bytes) {
+  return JSON.parse(utf8DecodeBytes(bytes))
+}
+/**
+ * @param {string} str
+ * @param {boolean} [leading=true]
+ * @param {boolean} [trailing=true]
+ * @returns {string}
+ *
+ * @see https://infra.spec.whatwg.org/#strip-leading-and-trailing-ascii-whitespace
+ */
+function removeASCIIWhitespace (str, leading = true, trailing = true) {
+  return removeChars(str, leading, trailing, isASCIIWhitespace)
+}
+/**
+ * @param {string} str
+ * @param {boolean} leading
+ * @param {boolean} trailing
+ * @param {(charCode: number) => boolean} predicate
+ * @returns {string}
+ */
+function removeChars (str, leading, trailing, predicate) {
+  let lead = 0
+  let trail = str.length - 1
+  if (leading) {
+    while (lead < str.length && predicate(str.charCodeAt(lead))) lead++
+  }
+  if (trailing) {
+    while (trail > 0 && predicate(str.charCodeAt(trail))) trail--
+  }
+  return lead === 0 && trail === str.length - 1 ? str : str.slice(lead, trail + 1)
+}
+// https://infra.spec.whatwg.org/#serialize-a-javascript-value-to-a-json-string
+function serializeJavascriptValueToJSONString (value) {
+  // 1. Let result be ? Call(%JSON.stringify%, undefined, « value »).
+  const result = JSON.stringify(value)
+  // 2. If result is undefined, then throw a TypeError.
+  if (result === undefined) {
+    throw new TypeError('Value is not JSON serializable')
+  }
+  // 3. Assert: result is a string.
+  assert(typeof result === 'string')
+  // 4. Return result.
+  return result
+}
+module.exports = {
+  collectASequenceOfCodePoints,
+  collectASequenceOfCodePointsFast,
+  forgivingBase64,
+  isASCIIWhitespace,
+  isomorphicDecode,
+  isomorphicEncode,
+  parseJSONFromBytes,
+  removeASCIIWhitespace,
+  removeChars,
+  serializeJavascriptValueToJSONString
+}

package/dist/node_modules/undici/lib/web/subresource-integrity/Readme.md ADDED Viewed

@@ -0,0 +1,9 @@
+# Subresource Integrity
+based on Editor’s Draft, 12 June 2025
+This module provides support for Subresource Integrity (SRI) in the context of web fetch operations. SRI is a security feature that allows clients to verify that fetched resources are delivered without unexpected manipulation.
+## Links
+- [Subresource Integrity](https://w3c.github.io/webappsec-subresource-integrity/)

package/dist/node_modules/undici/lib/web/subresource-integrity/subresource-integrity.js ADDED Viewed

@@ -0,0 +1,307 @@
+'use strict'
+const assert = require('node:assert')
+const { runtimeFeatures } = require('../../util/runtime-features.js')
+/**
+ * @typedef {object} Metadata
+ * @property {SRIHashAlgorithm} alg - The algorithm used for the hash.
+ * @property {string} val - The base64-encoded hash value.
+ */
+/**
+ * @typedef {Metadata[]} MetadataList
+ */
+/**
+ * @typedef {('sha256' | 'sha384' | 'sha512')} SRIHashAlgorithm
+ */
+/**
+ * @type {Map<SRIHashAlgorithm, number>}
+ *
+ * The valid SRI hash algorithm token set is the ordered set « "sha256",
+ * "sha384", "sha512" » (corresponding to SHA-256, SHA-384, and SHA-512
+ * respectively). The ordering of this set is meaningful, with stronger
+ * algorithms appearing later in the set.
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#valid-sri-hash-algorithm-token-set
+ */
+const validSRIHashAlgorithmTokenSet = new Map([['sha256', 0], ['sha384', 1], ['sha512', 2]])
+// https://nodejs.org/api/crypto.html#determining-if-crypto-support-is-unavailable
+/** @type {import('node:crypto')} */
+let crypto
+if (runtimeFeatures.has('crypto')) {
+  crypto = require('node:crypto')
+  const cryptoHashes = crypto.getHashes()
+  // If no hashes are available, we cannot support SRI.
+  if (cryptoHashes.length === 0) {
+    validSRIHashAlgorithmTokenSet.clear()
+  }
+  for (const algorithm of validSRIHashAlgorithmTokenSet.keys()) {
+    // If the algorithm is not supported, remove it from the list.
+    if (cryptoHashes.includes(algorithm) === false) {
+      validSRIHashAlgorithmTokenSet.delete(algorithm)
+    }
+  }
+} else {
+  // If crypto is not available, we cannot support SRI.
+  validSRIHashAlgorithmTokenSet.clear()
+}
+/**
+ * @typedef GetSRIHashAlgorithmIndex
+ * @type {(algorithm: SRIHashAlgorithm) => number}
+ * @param {SRIHashAlgorithm} algorithm
+ * @returns {number} The index of the algorithm in the valid SRI hash algorithm
+ * token set.
+ */
+const getSRIHashAlgorithmIndex = /** @type {GetSRIHashAlgorithmIndex} */ (Map.prototype.get.bind(
+  validSRIHashAlgorithmTokenSet))
+/**
+ * @typedef IsValidSRIHashAlgorithm
+ * @type {(algorithm: string) => algorithm is SRIHashAlgorithm}
+ * @param {*} algorithm
+ * @returns {algorithm is SRIHashAlgorithm}
+ */
+const isValidSRIHashAlgorithm = /** @type {IsValidSRIHashAlgorithm} */ (
+  Map.prototype.has.bind(validSRIHashAlgorithmTokenSet)
+)
+/**
+ * @param {Uint8Array} bytes
+ * @param {string} metadataList
+ * @returns {boolean}
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#does-response-match-metadatalist
+ */
+const bytesMatch = runtimeFeatures.has('crypto') === false || validSRIHashAlgorithmTokenSet.size === 0
+  // If node is not built with OpenSSL support, we cannot check
+  // a request's integrity, so allow it by default (the spec will
+  // allow requests if an invalid hash is given, as precedence).
+  ? () => true
+  : (bytes, metadataList) => {
+    // 1. Let parsedMetadata be the result of parsing metadataList.
+      const parsedMetadata = parseMetadata(metadataList)
+      // 2. If parsedMetadata is empty set, return true.
+      if (parsedMetadata.length === 0) {
+        return true
+      }
+      // 3. Let metadata be the result of getting the strongest
+      //    metadata from parsedMetadata.
+      const metadata = getStrongestMetadata(parsedMetadata)
+      // 4. For each item in metadata:
+      for (const item of metadata) {
+      // 1. Let algorithm be the item["alg"].
+        const algorithm = item.alg
+        // 2. Let expectedValue be the item["val"].
+        const expectedValue = item.val
+        // See https://github.com/web-platform-tests/wpt/commit/e4c5cc7a5e48093220528dfdd1c4012dc3837a0e
+        // "be liberal with padding". This is annoying, and it's not even in the spec.
+        // 3. Let actualValue be the result of applying algorithm to bytes .
+        const actualValue = applyAlgorithmToBytes(algorithm, bytes)
+        // 4. If actualValue is a case-sensitive match for expectedValue,
+        //    return true.
+        if (caseSensitiveMatch(actualValue, expectedValue)) {
+          return true
+        }
+      }
+      // 5. Return false.
+      return false
+    }
+/**
+ * @param {MetadataList} metadataList
+ * @returns {MetadataList} The strongest hash algorithm from the metadata list.
+ */
+function getStrongestMetadata (metadataList) {
+  // 1. Let result be the empty set and strongest be the empty string.
+  const result = []
+  /** @type {Metadata|null} */
+  let strongest = null
+  // 2. For each item in set:
+  for (const item of metadataList) {
+    // 1. Assert: item["alg"] is a valid SRI hash algorithm token.
+    assert(isValidSRIHashAlgorithm(item.alg), 'Invalid SRI hash algorithm token')
+    // 2. If result is the empty set, then:
+    if (result.length === 0) {
+      // 1. Append item to result.
+      result.push(item)
+      // 2. Set strongest to item.
+      strongest = item
+      // 3. Continue.
+      continue
+    }
+    // 3. Let currentAlgorithm be strongest["alg"], and currentAlgorithmIndex be
+    // the index of currentAlgorithm in the valid SRI hash algorithm token set.
+    const currentAlgorithm = /** @type {Metadata} */ (strongest).alg
+    const currentAlgorithmIndex = getSRIHashAlgorithmIndex(currentAlgorithm)
+    // 4. Let newAlgorithm be the item["alg"], and newAlgorithmIndex be the
+    // index of newAlgorithm in the valid SRI hash algorithm token set.
+    const newAlgorithm = item.alg
+    const newAlgorithmIndex = getSRIHashAlgorithmIndex(newAlgorithm)
+    // 5. If newAlgorithmIndex is less than currentAlgorithmIndex, then continue.
+    if (newAlgorithmIndex < currentAlgorithmIndex) {
+      continue
+    // 6. Otherwise, if newAlgorithmIndex is greater than
+    // currentAlgorithmIndex:
+    } else if (newAlgorithmIndex > currentAlgorithmIndex) {
+      // 1. Set strongest to item.
+      strongest = item
+      // 2. Set result to « item ».
+      result[0] = item
+      result.length = 1
+    // 7. Otherwise, newAlgorithmIndex and currentAlgorithmIndex are the same
+    // value. Append item to result.
+    } else {
+      result.push(item)
+    }
+  }
+  // 3. Return result.
+  return result
+}
+/**
+ * @param {string} metadata
+ * @returns {MetadataList}
+ *
+ * @see https://w3c.github.io/webappsec-subresource-integrity/#parse-metadata
+ */
+function parseMetadata (metadata) {
+  // 1. Let result be the empty set.
+  /** @type {MetadataList} */
+  const result = []
+  // 2. For each item returned by splitting metadata on spaces:
+  for (const item of metadata.split(' ')) {
+    // 1. Let expression-and-options be the result of splitting item on U+003F (?).
+    const expressionAndOptions = item.split('?', 1)
+    // 2. Let algorithm-expression be expression-and-options[0].
+    const algorithmExpression = expressionAndOptions[0]
+    // 3. Let base64-value be the empty string.
+    let base64Value = ''
+    // 4. Let algorithm-and-value be the result of splitting algorithm-expression on U+002D (-).
+    const algorithmAndValue = [algorithmExpression.slice(0, 6), algorithmExpression.slice(7)]
+    // 5. Let algorithm be algorithm-and-value[0].
+    const algorithm = algorithmAndValue[0]
+    // 6. If algorithm is not a valid SRI hash algorithm token, then continue.
+    if (!isValidSRIHashAlgorithm(algorithm)) {
+      continue
+    }
+    // 7. If algorithm-and-value[1] exists, set base64-value to
+    // algorithm-and-value[1].
+    if (algorithmAndValue[1]) {
+      base64Value = algorithmAndValue[1]
+    }
+    // 8. Let metadata be the ordered map
+    // «["alg" → algorithm, "val" → base64-value]».
+    const metadata = {
+      alg: algorithm,
+      val: base64Value
+    }
+    // 9. Append metadata to result.
+    result.push(metadata)
+  }
+  // 3. Return result.
+  return result
+}
+/**
+ * Applies the specified hash algorithm to the given bytes
+ *
+ * @typedef {(algorithm: SRIHashAlgorithm, bytes: Uint8Array) => string} ApplyAlgorithmToBytes
+ * @param {SRIHashAlgorithm} algorithm
+ * @param {Uint8Array} bytes
+ * @returns {string}
+ */
+const applyAlgorithmToBytes = (algorithm, bytes) => {
+  return crypto.hash(algorithm, bytes, 'base64')
+}
+/**
+ * Compares two base64 strings, allowing for base64url
+ * in the second string.
+ *
+ * @param {string} actualValue base64 encoded string
+ * @param {string} expectedValue base64 or base64url encoded string
+ * @returns {boolean}
+ */
+function caseSensitiveMatch (actualValue, expectedValue) {
+  // Ignore padding characters from the end of the strings by
+  // decreasing the length by 1 or 2 if the last characters are `=`.
+  let actualValueLength = actualValue.length
+  if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
+    actualValueLength -= 1
+  }
+  if (actualValueLength !== 0 && actualValue[actualValueLength - 1] === '=') {
+    actualValueLength -= 1
+  }
+  let expectedValueLength = expectedValue.length
+  if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
+    expectedValueLength -= 1
+  }
+  if (expectedValueLength !== 0 && expectedValue[expectedValueLength - 1] === '=') {
+    expectedValueLength -= 1
+  }
+  if (actualValueLength !== expectedValueLength) {
+    return false
+  }
+  for (let i = 0; i < actualValueLength; ++i) {
+    if (
+      actualValue[i] === expectedValue[i] ||
+      (actualValue[i] === '+' && expectedValue[i] === '-') ||
+      (actualValue[i] === '/' && expectedValue[i] === '_')
+    ) {
+      continue
+    }
+    return false
+  }
+  return true
+}
+module.exports = {
+  applyAlgorithmToBytes,
+  bytesMatch,
+  caseSensitiveMatch,
+  isValidSRIHashAlgorithm,
+  getStrongestMetadata,
+  parseMetadata
+}