@objectstack/service-settings 6.2.0 → 6.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +67 -6
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +57 -6
- package/dist/index.js.map +1 -1
- package/package.json +5 -4
package/dist/index.cjs
CHANGED
|
@@ -1,7 +1,9 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var __create = Object.create;
|
|
2
3
|
var __defProp = Object.defineProperty;
|
|
3
4
|
var __getOwnPropDesc = Object.getOwnPropertyDescriptor;
|
|
4
5
|
var __getOwnPropNames = Object.getOwnPropertyNames;
|
|
6
|
+
var __getProtoOf = Object.getPrototypeOf;
|
|
5
7
|
var __hasOwnProp = Object.prototype.hasOwnProperty;
|
|
6
8
|
var __export = (target, all) => {
|
|
7
9
|
for (var name in all)
|
|
@@ -15,6 +17,14 @@ var __copyProps = (to, from, except, desc) => {
|
|
|
15
17
|
}
|
|
16
18
|
return to;
|
|
17
19
|
};
|
|
20
|
+
var __toESM = (mod, isNodeMode, target) => (target = mod != null ? __create(__getProtoOf(mod)) : {}, __copyProps(
|
|
21
|
+
// If the importer is in node compatibility mode or this is not an ESM
|
|
22
|
+
// file that has been converted to a CommonJS file using a Babel-
|
|
23
|
+
// compatible transform (i.e. "__esModule" has not been set), then set
|
|
24
|
+
// "default" to the CommonJS "module.exports" for node compatibility.
|
|
25
|
+
isNodeMode || !mod || !mod.__esModule ? __defProp(target, "default", { value: mod, enumerable: true }) : target,
|
|
26
|
+
mod
|
|
27
|
+
));
|
|
18
28
|
var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: true }), mod);
|
|
19
29
|
|
|
20
30
|
// src/index.ts
|
|
@@ -606,17 +616,51 @@ function coerceEnvValue(raw, hint) {
|
|
|
606
616
|
|
|
607
617
|
// src/in-memory-crypto-provider.ts
|
|
608
618
|
var import_node_crypto = require("crypto");
|
|
619
|
+
var isWebContainerRuntime = () => {
|
|
620
|
+
const g = globalThis;
|
|
621
|
+
return typeof g !== "undefined" && (Boolean(g.process?.versions?.webcontainer) || Boolean(g.process?.env?.SHELL?.includes?.("jsh")) || Boolean(g.process?.env?.STACKBLITZ));
|
|
622
|
+
};
|
|
623
|
+
var nobleGcmPromise;
|
|
624
|
+
var loadNobleGcm = () => {
|
|
625
|
+
if (!nobleGcmPromise) {
|
|
626
|
+
nobleGcmPromise = (async () => {
|
|
627
|
+
try {
|
|
628
|
+
const mod = await import("@noble/ciphers/aes.js");
|
|
629
|
+
return mod.gcm;
|
|
630
|
+
} catch (err) {
|
|
631
|
+
console.warn(
|
|
632
|
+
`[InMemoryCryptoProvider] WebContainer detected but @noble/ciphers not installed: ${err?.message ?? err}. Falling back to node:crypto (will throw).`
|
|
633
|
+
);
|
|
634
|
+
return void 0;
|
|
635
|
+
}
|
|
636
|
+
})();
|
|
637
|
+
}
|
|
638
|
+
return nobleGcmPromise;
|
|
639
|
+
};
|
|
609
640
|
var InMemoryCryptoProvider = class {
|
|
610
641
|
constructor(opts = {}) {
|
|
611
642
|
this.key = opts.key ?? (0, import_node_crypto.randomBytes)(32);
|
|
643
|
+
this.useNoble = isWebContainerRuntime();
|
|
612
644
|
}
|
|
613
645
|
async encrypt(plain, ctx) {
|
|
614
646
|
const iv = (0, import_node_crypto.randomBytes)(12);
|
|
615
|
-
const
|
|
616
|
-
|
|
617
|
-
|
|
618
|
-
|
|
619
|
-
|
|
647
|
+
const aad = Buffer.from(this.aadOf(ctx), "utf8");
|
|
648
|
+
const plainBytes = Buffer.from(plain, "utf8");
|
|
649
|
+
let blob;
|
|
650
|
+
if (this.useNoble) {
|
|
651
|
+
const gcm = await loadNobleGcm();
|
|
652
|
+
if (gcm) {
|
|
653
|
+
const cipher = gcm(this.key, iv, aad);
|
|
654
|
+
const ctWithTag = cipher.encrypt(plainBytes);
|
|
655
|
+
const ct = ctWithTag.subarray(0, ctWithTag.length - 16);
|
|
656
|
+
const tag = ctWithTag.subarray(ctWithTag.length - 16);
|
|
657
|
+
blob = Buffer.concat([iv, Buffer.from(tag), Buffer.from(ct)]).toString("base64");
|
|
658
|
+
} else {
|
|
659
|
+
blob = this.encryptNode(plainBytes, iv, aad);
|
|
660
|
+
}
|
|
661
|
+
} else {
|
|
662
|
+
blob = this.encryptNode(plainBytes, iv, aad);
|
|
663
|
+
}
|
|
620
664
|
return {
|
|
621
665
|
id: "sec_" + (0, import_node_crypto.randomBytes)(16).toString("hex"),
|
|
622
666
|
kmsKeyId: "local:in-memory:v1",
|
|
@@ -630,8 +674,18 @@ var InMemoryCryptoProvider = class {
|
|
|
630
674
|
const iv = buf.subarray(0, 12);
|
|
631
675
|
const tag = buf.subarray(12, 28);
|
|
632
676
|
const data = buf.subarray(28);
|
|
677
|
+
const aad = Buffer.from(this.aadOf(ctx), "utf8");
|
|
678
|
+
if (this.useNoble) {
|
|
679
|
+
const gcm = await loadNobleGcm();
|
|
680
|
+
if (gcm) {
|
|
681
|
+
const cipher = gcm(this.key, iv, aad);
|
|
682
|
+
const ctWithTag = Buffer.concat([data, tag]);
|
|
683
|
+
const out = cipher.decrypt(ctWithTag);
|
|
684
|
+
return Buffer.from(out).toString("utf8");
|
|
685
|
+
}
|
|
686
|
+
}
|
|
633
687
|
const decipher = (0, import_node_crypto.createDecipheriv)("aes-256-gcm", this.key, iv);
|
|
634
|
-
decipher.setAAD(
|
|
688
|
+
decipher.setAAD(aad);
|
|
635
689
|
decipher.setAuthTag(tag);
|
|
636
690
|
return Buffer.concat([decipher.update(data), decipher.final()]).toString("utf8");
|
|
637
691
|
}
|
|
@@ -648,6 +702,13 @@ var InMemoryCryptoProvider = class {
|
|
|
648
702
|
digest(plain) {
|
|
649
703
|
return "sha256:" + (0, import_node_crypto.createHash)("sha256").update(plain, "utf8").digest("hex");
|
|
650
704
|
}
|
|
705
|
+
encryptNode(plainBytes, iv, aad) {
|
|
706
|
+
const cipher = (0, import_node_crypto.createCipheriv)("aes-256-gcm", this.key, iv);
|
|
707
|
+
cipher.setAAD(aad);
|
|
708
|
+
const enc = Buffer.concat([cipher.update(plainBytes), cipher.final()]);
|
|
709
|
+
const tag = cipher.getAuthTag();
|
|
710
|
+
return Buffer.concat([iv, tag, enc]).toString("base64");
|
|
711
|
+
}
|
|
651
712
|
aadOf(ctx) {
|
|
652
713
|
return [ctx.namespace, ctx.key].join("|");
|
|
653
714
|
}
|