@openstax/ts-utils 1.38.3 → 1.39.1

package/dist/esm/services/httpMessageVerifier/index.d.ts

@@ -3,6 +3,7 @@ import { VerifyConfig } from 'http-message-signatures';
 import { JWK } from 'node-jose';
 import { ConfigProviderForConfig } from '../../config';
 type Config = {
+    apiHost: string;
     bypassSignatureVerification: string;
 };
 interface Initializer<C> {

package/dist/esm/services/httpMessageVerifier/index.js

@@ -2,6 +2,7 @@
 import { createHash } from 'crypto';
 import { createVerifier, httpbis } from 'http-message-signatures';
 import { SigningKeyNotFoundError } from 'jwks-rsa';
+import { ByteSequence, parseDictionary, parseItem, Token } from 'structured-headers';
 import { assertString } from '../../assertions';
 import { resolveConfigValue } from '../../config';
 import { InvalidRequestError } from '../../errors';
@@ -9,6 +10,7 @@ import { once } from '../../misc/helpers';
 import { getJwksClient } from '../../misc/jwks';
 export const createHttpMessageVerifier = ({ configSpace, fetcher }) => (configProvider) => {
     const config = configProvider[configSpace !== null && configSpace !== void 0 ? configSpace : 'verifier'];
+    const getApiHost = once(async () => await resolveConfigValue(config.apiHost));
     const getBypassSignatureVerification = once(async () => (await resolveConfigValue(config.bypassSignatureVerification)) === 'true');
     return ({ request }) => ({
         verify: async ({ configOverride, signatureAgentVerifier }) => {
@@ -27,9 +29,25 @@ export const createHttpMessageVerifier = ({ configSpace, fetcher }) => (configPr
             // but we do not bother matching the Signature-Agent names with the Signature names
             // as that would be awkward with the packages we use
             const signatureAgentString = (_a = headers['signature-agent']) !== null && _a !== void 0 ? _a : '';
-            const signatureAgentMatches = [...signatureAgentString.matchAll(/([^=]+)="([^"]+)"/g)];
-            const signatureAgents = signatureAgentMatches.length == 0 ?
-                [signatureAgentString] : [...new Set(signatureAgentMatches.map((match) => match[2]))];
+            let rawValues;
+            // Try parsing as RFC 8941 Item first (e.g., "https://url" or bare token)
+            try {
+                rawValues = [parseItem(signatureAgentString)];
+            }
+            catch {
+                // If item parsing fails, try parsing as a Dictionary (e.g., sig="https://url")
+                rawValues = Array.from(parseDictionary(signatureAgentString).values());
+            }
+            // Convert values to strings (handle Token, string, and reject others) and deduplicate
+            const signatureAgents = [...new Set(rawValues.map(([bareItem]) => {
+                    if (bareItem instanceof Token) {
+                        return bareItem.toString();
+                    }
+                    return assertString(bareItem, new InvalidRequestError('Signature-Agent values must be strings or tokens'));
+                }))];
+            if (signatureAgents.length === 0) {
+                throw new InvalidRequestError('Signature-Agent header is required');
+            }
             const keys = (await Promise.all(signatureAgents.map(async (signatureAgent) => {
                 if (!await signatureAgentVerifier(signatureAgent)) {
                     throw new InvalidRequestError('Signature-Agent verification failed');
@@ -41,8 +59,7 @@ export const createHttpMessageVerifier = ({ configSpace, fetcher }) => (configPr
                 body,
                 headers,
                 method: requestContext.http.method,
-                // Node's request.url is really just the path and querystring
-                url: requestContext.http.path,
+                url: `${await getApiHost()}${requestContext.http.path}${request.rawQueryString ? `?${request.rawQueryString}` : ''}`,
             };
             if (!await httpbis.verifyMessage({
                 all: true,
@@ -75,14 +92,37 @@ export const createHttpMessageVerifier = ({ configSpace, fetcher }) => (configPr
             // For example, if a GET request uses configOverride to make content-digest not required
             if (!headers['content-digest'])
                 return true;
-            const match = headers['content-digest'].match(/^(sha-256|sha-512)=:([^:]+):/);
-            if (!match)
+            let contentDigest;
+            try {
+                contentDigest = parseDictionary(headers['content-digest']);
+            }
+            catch {
                 throw new InvalidRequestError('Unsupported Content-Digest header format');
-            const contentDigestAlg = match[1];
-            const contentDigestHash = match[2];
-            const calculatedContentDigestHash = createHash(contentDigestAlg).update(assertString(body)).digest('base64');
-            if (calculatedContentDigestHash !== contentDigestHash.replace(/:/g, '')) {
-                throw new InvalidRequestError('Calculated Content-Digest value did not match header');
+            }
+            if (contentDigest.size === 0) {
+                throw new InvalidRequestError('Content-Digest header is required');
+            }
+            // Map Content-Digest algorithm names to Node's crypto algorithm names
+            const algorithmMap = {
+                'sha-256': 'sha256',
+                'sha-512': 'sha512',
+            };
+            for (const [algorithm, value] of contentDigest.entries()) {
+                const [bareItem] = value;
+                // Convert ByteSequence to string, or assert it's already a string
+                const hashValue = bareItem instanceof ByteSequence
+                    ? bareItem.toBase64()
+                    : assertString(bareItem, new InvalidRequestError('Content-Digest values must be strings'));
+                const cryptoAlgorithm = algorithmMap[algorithm];
+                if (!cryptoAlgorithm) {
+                    throw new InvalidRequestError(`Unsupported Content-Digest algorithm: ${algorithm}`);
+                }
+                // Calculate the hash
+                const calculatedHash = createHash(cryptoAlgorithm).update(assertString(body, new InvalidRequestError('Request body is required when Content-Digest is present'))).digest('base64');
+                // Compare with the provided hash
+                if (calculatedHash !== hashValue) {
+                    throw new InvalidRequestError(`Calculated Content-Digest value did not match header for algorithm ${algorithm}`);
+                }
             }
             return true;
         },

package/dist/esm/services/lrsGateway/addStatementDefaultFields.d.ts

@@ -1,5 +1,6 @@
-import { User } from '../authProvider';
 import { EagerXapiStatement, UXapiStatement, XapiStatement } from '.';
 export declare const addStatementDefaultFields: (statement: (Pick<XapiStatement, "object" | "verb" | "context" | "result"> & {
     id?: string;
-}) | UXapiStatement, user: User) => EagerXapiStatement;
+}) | UXapiStatement, user: {
+    uuid: string;
+}) => EagerXapiStatement;

package/dist/esm/services/lrsGateway/attempt-utils.d.ts

@@ -79,7 +79,7 @@ export declare const putAttemptStatement: (gateway: LrsGateway, activity: {
 export declare const createAttemptActivityStatement: (attemptStatement: UXapiStatement, verb: UXapiStatement["verb"], result?: UXapiStatement["result"]) => Pick<UXapiStatement, "object" | "verb" | "context" | "result">;
 export declare const putAttemptActivityStatement: (gateway: LrsGateway, attemptStatement: UXapiStatement, verb: UXapiStatement["verb"], result?: UXapiStatement["result"]) => Promise<import(".").EagerXapiStatement>;
 export declare const createCompletedStatement: (attemptStatement: UXapiStatement, result?: UXapiStatement["result"]) => Pick<UXapiStatement, "object" | "verb" | "context" | "result">;
-export declare const putCompletedStatement: (gateway: LrsGateway, attemptStatement: UXapiStatement, result: UXapiStatement["result"]) => Promise<import(".").EagerXapiStatement>;
+export declare const putCompletedStatement: (gateway: LrsGateway, attemptStatement: UXapiStatement, result: UXapiStatement["result"], user?: string) => Promise<import(".").EagerXapiStatement>;
 export declare const createCompletedPendingScoringStatement: (attemptStatement: UXapiStatement) => Pick<UXapiStatement, "object" | "verb" | "context" | "result">;
 export declare const putCompletedPendingScoringStatement: (gateway: LrsGateway, attemptStatement: UXapiStatement) => Promise<import(".").EagerXapiStatement>;
 export declare const createScoredStatement: (attemptStatement: UXapiStatement, result: UXapiStatement["result"]) => Pick<UXapiStatement, "object" | "verb" | "context" | "result">;

package/dist/esm/services/lrsGateway/attempt-utils.js

@@ -288,8 +288,8 @@ export const createCompletedStatement = (attemptStatement, result) => {
         }
     };
 };
-export const putCompletedStatement = async (gateway, attemptStatement, result) => {
-    return (await gateway.putXapiStatements([createCompletedStatement(attemptStatement, result)]))[0];
+export const putCompletedStatement = async (gateway, attemptStatement, result, user) => {
+    return (await gateway.putXapiStatements([createCompletedStatement(attemptStatement, result)], user))[0];
 };
 // pending score statement for when the open written response has been graded.
 export const createCompletedPendingScoringStatement = (attemptStatement) => createCompletedStatement(attemptStatement, {

package/dist/esm/services/lrsGateway/index.d.ts

@@ -84,7 +84,7 @@ export declare const lrsGateway: <C extends string = "lrs">(initializer: Initial
 }) => {
     putXapiStatements: (statements: Array<(Pick<XapiStatement, "object" | "verb" | "context" | "result"> & {
         id?: string;
-    }) | UXapiStatement>) => Promise<EagerXapiStatement[]>;
+    }) | UXapiStatement>, user?: string) => Promise<EagerXapiStatement[]>;
     getXapiStatements: (params: {
         verb?: string;
         activity?: string;

package/dist/esm/services/lrsGateway/index.js

@@ -20,9 +20,11 @@ export const lrsGateway = (initializer) => (configProvider) => {
             status: [502]
         });
         // Note: This method actually uses POST
-        const putXapiStatements = async (statements) => {
-            const user = assertDefined(await authProvider.getUser(), new UnauthorizedError);
-            const statementsWithDefaults = statements.map(statement => addStatementDefaultFields(statement, user));
+        const putXapiStatements = async (statements, user) => {
+            const userObj = user
+                ? { uuid: user }
+                : assertDefined(await authProvider.getUser(), new UnauthorizedError);
+            const statementsWithDefaults = statements.map(statement => addStatementDefaultFields(statement, userObj));
             const response = await fetcher((await lrsHost()).replace(/\/+$/, '') + '/data/xAPI/statements', {
                 body: JSON.stringify(statementsWithDefaults),
                 headers: {