npm - @openstax/ts-utils - Versions diffs - 1.45.1 → 1.46.0 - Mend

@openstax/ts-utils 1.45.1 → 1.46.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (23) hide show

package/dist/cjs/services/httpMessage/index.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export { createHttpMessageSigner } from './signer.js';
2	+ export { createHttpMessageVerifier } from './verifier.js';

package/dist/cjs/services/httpMessage/index.js ADDED Viewed

@@ -0,0 +1,7 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createHttpMessageVerifier = exports.createHttpMessageSigner = void 0;
+var signer_js_1 = require("./signer.js");
+Object.defineProperty(exports, "createHttpMessageSigner", { enumerable: true, get: function () { return signer_js_1.createHttpMessageSigner; } });
+var verifier_js_1 = require("./verifier.js");
+Object.defineProperty(exports, "createHttpMessageVerifier", { enumerable: true, get: function () { return verifier_js_1.createHttpMessageVerifier; } });

package/dist/cjs/services/httpMessage/signer.d.ts ADDED Viewed

@@ -0,0 +1,15 @@
+import { ConfigProviderForConfig } from '../../config/index.js';
+import { KeyStore } from '../keyStore/index.js';
+type Config = {
+    iss: string;
+};
+interface Initializer<C> {
+    configSpace?: C;
+}
+export declare const createHttpMessageSigner: <C extends string = "signer">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }, services: {
+    keyStore: KeyStore;
+}) => {
+    signRequest: (method: string, url: string, bodyString: string) => Promise<Record<string, string>>;
+};
+export type HttpMessageSigner = ReturnType<ReturnType<typeof createHttpMessageSigner>>;
+export {};

package/dist/cjs/services/httpMessage/signer.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createHttpMessageSigner = void 0;
+/* spell-checker: ignore httpbis meunier keyid */
+const crypto_1 = require("crypto");
+const http_message_signatures_1 = require("http-message-signatures");
+const index_js_1 = require("../../config/index.js");
+const helpers_js_1 = require("../../misc/helpers.js");
+const createHttpMessageSigner = ({ configSpace }) => (configProvider, services) => {
+    const config = configProvider[configSpace !== null && configSpace !== void 0 ? configSpace : 'signer'];
+    const getIss = (0, helpers_js_1.once)(async () => (await (0, index_js_1.resolveConfigValue)(config.iss)).replace(/\/+$/, ''));
+    const getKey = (0, helpers_js_1.once)(() => services.keyStore.getPrivateKey());
+    const getSigner = (0, helpers_js_1.once)(async () => {
+        const { pem } = await getKey();
+        return (0, http_message_signatures_1.createSigner)(pem, 'rsa-v1_5-sha256');
+    });
+    return {
+        signRequest: async (method, url, bodyString) => {
+            const { kid } = await getKey();
+            const digest = (0, crypto_1.createHash)('sha256').update(bodyString).digest('base64');
+            const key = await getSigner();
+            const signed = await http_message_signatures_1.httpbis.signMessage({
+                key,
+                // draft-meunier-http-message-signatures-directory requires signature-agent
+                // to be a covered component alongside the standard RFC 9421 derived components
+                fields: ['@method', '@target-uri', 'content-digest', 'signature-agent'],
+                params: ['keyid', 'alg'],
+                paramValues: { keyid: kid, alg: 'rsa-v1_5-sha256' },
+            }, {
+                method,
+                url,
+                headers: {
+                    // RFC 8941 byte sequence: sha-256=:base64value:
+                    'Content-Digest': `sha-256=:${digest}:`,
+                    'Signature-Agent': `${await getIss()}/.well-known/jwks.json`,
+                },
+            });
+            return signed.headers;
+        },
+    };
+};
+exports.createHttpMessageSigner = createHttpMessageSigner;

package/dist/cjs/services/keyStore/index.d.ts ADDED Viewed

@@ -0,0 +1,20 @@
+import { JWK } from 'node-jose';
+import { ConfigProviderForConfig } from '../../config/index.js';
+type Config = {
+    privateKey: string;
+};
+export type PrivateKey = {
+    kid: string;
+    pem: string;
+};
+export declare const createKeyStore: (config: ConfigProviderForConfig<Config>) => {
+    getPrivateKey: () => Promise<{
+        kid: string;
+        pem: string;
+    }>;
+    jwks: () => Promise<{
+        keys: JWK.RawKey[];
+    }>;
+};
+export type KeyStore = ReturnType<typeof createKeyStore>;
+export {};

package/dist/cjs/services/keyStore/index.js ADDED Viewed

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.createKeyStore = void 0;
+const node_jose_1 = require("node-jose");
+const index_js_1 = require("../../config/index.js");
+const helpers_js_1 = require("../../misc/helpers.js");
+const createKeyStore = (config) => {
+    const store = (0, helpers_js_1.once)(async () => {
+        const pem = await (0, index_js_1.resolveConfigValue)(config.privateKey);
+        const keyStore = node_jose_1.JWK.createKeyStore();
+        const { kid } = await keyStore.add(pem, 'pem');
+        const keys = [{ kid, pem }];
+        return { keyStore, keys };
+    });
+    return {
+        // this method only supports one key for now (always returns the first key)
+        getPrivateKey: async () => {
+            const { keys } = await store();
+            return keys[0];
+        },
+        jwks: async () => {
+            const { keyStore } = await store();
+            return keyStore.toJSON(false);
+        },
+    };
+};
+exports.createKeyStore = createKeyStore;

package/dist/cjs/services/launchParams/signer.d.ts CHANGED Viewed

@@ -1,11 +1,10 @@
-import { JWK } from 'node-jose';
 import { ConfigProviderForConfig } from '../../config/index.js';
 import type { JsonCompatibleStruct } from '../../routing/index.js';
+import { KeyStore } from '../keyStore/index.js';
 type Config = {
     alg: string;
     expiresIn: string;
     iss: string;
-    privateKey: string;
 };
 interface Initializer<C> {
     configSpace?: C;
@@ -13,10 +12,9 @@ interface Initializer<C> {
 /**
  * Creates a class that can sign launch params
  */
-export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }) => {
-    jwks: () => Promise<{
-        keys: JWK.RawKey[];
-    }>;
+export declare const createLaunchSigner: <C extends string = "launch">({ configSpace }: Initializer<C>) => (configProvider: { [_key in C]: ConfigProviderForConfig<Config>; }, services: {
+    keyStore: KeyStore;
+}) => {
     sign: (data: JsonCompatibleStruct, subject: string, maxExp?: number | null) => Promise<string>;
 };
 export type LaunchSigner = ReturnType<ReturnType<typeof createLaunchSigner>>;

package/dist/cjs/services/launchParams/signer.js CHANGED Viewed

@@ -6,7 +6,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
 exports.createLaunchSigner = void 0;
 const jsonwebtoken_1 = __importDefault(require("jsonwebtoken"));
 const ms_1 = __importDefault(require("ms"));
-const node_jose_1 = require("node-jose");
 const index_js_1 = require("../../config/index.js");
 const index_js_2 = require("../../guards/index.js");
 const index_js_3 = require("../../index.js");
@@ -22,18 +21,12 @@ const assertAlg = (alg) => {
 /**
  * Creates a class that can sign launch params
  */
-const createLaunchSigner = ({ configSpace }) => (configProvider) => {
+const createLaunchSigner = ({ configSpace }) => (configProvider, services) => {
     const config = configProvider[(0, index_js_2.ifDefined)(configSpace, 'launch')];
     const getAlg = (0, index_js_3.once)(async () => assertAlg(await (0, index_js_1.resolveConfigValue)(config.alg)));
     const getExpiresIn = (0, index_js_3.once)(() => (0, index_js_1.resolveConfigValue)(config.expiresIn));
     const getIss = (0, index_js_3.once)(() => (0, index_js_1.resolveConfigValue)(config.iss));
-    const getPrivateKey = (0, index_js_3.once)(() => (0, index_js_1.resolveConfigValue)(config.privateKey));
-    const getKeyStore = (0, index_js_3.once)(async () => {
-        const keystore = node_jose_1.JWK.createKeyStore();
-        await keystore.add(await getPrivateKey(), 'pem');
-        return keystore;
-    });
-    const jwks = async () => (await getKeyStore()).toJSON(false);
+    const getKey = (0, index_js_3.once)(() => services.keyStore.getPrivateKey());
     const getExpiresInWithMax = async (maxExp) => {
         const expiresIn = await getExpiresIn();
         // The ms library used by jsonwebtoken can handle a value in seconds as well as a string like '1d'
@@ -46,13 +39,14 @@ const createLaunchSigner = ({ configSpace }) => (configProvider) => {
         return Math.min(expiresInSeconds, maxExpSeconds);
     };
     const sign = async (data, subject, maxExp) => {
+        const { kid, pem } = await getKey();
         const alg = await getAlg();
         // expiresIn can be a number of seconds or a string like '1h' or '1d'
         const expiresIn = await getExpiresInWithMax(maxExp);
         const iss = await getIss();
-        const header = { alg, iss };
-        return jsonwebtoken_1.default.sign(data, await getPrivateKey(), { algorithm: alg, expiresIn, header, issuer: iss, subject });
+        const header = { alg, iss, kid };
+        return jsonwebtoken_1.default.sign(data, pem, { algorithm: alg, expiresIn, header, issuer: iss, subject });
     };
-    return { jwks, sign };
+    return { sign };
 };
 exports.createLaunchSigner = createLaunchSigner;