@reclaimprotocol/attestor-core 5.0.4 → 5.0.5

package/lib/server/utils/gcp-attestation.js

@@ -1,289 +0,0 @@
-/**
- * GCP attestation validation utilities
- * Validates JWT tokens from Google Confidential Computing
- */
-import crypto, { X509Certificate } from 'crypto';
-// Cache for Google's public keys
-let gcpKeysCache = null;
-let gcpKeysCacheTime = 0;
-const GCP_KEYS_CACHE_TTL = 3600000; // 1 hour in milliseconds
-// GCP Confidential Space Root CA
-const GCP_CONFIDENTIAL_SPACE_ROOT_CA = `-----BEGIN CERTIFICATE-----
-MIIGCDCCA/CgAwIBAgITYBvRy5g9aYYMh7tJS7pFwafL6jANBgkqhkiG9w0BAQsF
-ADCBizELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcT
-DU1vdW50YWluIFZpZXcxEzARBgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdv
-b2dsZSBDbG91ZDEjMCEGA1UEAxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0Ew
-HhcNMjQwMTE5MjIxMDUwWhcNMzQwMTE2MjIxMDQ5WjCBizELMAkGA1UEBhMCVVMx
-EzARBgNVBAgTCkNhbGlmb3JuaWExFjAUBgNVBAcTDU1vdW50YWluIFZpZXcxEzAR
-BgNVBAoTCkdvb2dsZSBMTEMxFTATBgNVBAsTDEdvb2dsZSBDbG91ZDEjMCEGA1UE
-AxMaQ29uZmlkZW50aWFsIFNwYWNlIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUA
-A4ICDwAwggIKAoICAQCvRuZasczAqhMZe1ODHJ6MFLX8EYVV+RN7xiO9GpuA53iz
-l9Oxgp3NXik3FbYn+7bcIkMMSQpCr6K0jbSQCZT6d5P5PJT5DpNGYjLHkW67/fl+
-Bu7eSMb0qRCa1jS+3OhNK7t7SIaHm1XdmSRghjwoglKRuk3CGrF4Zia9RcE/p2MU
-69GyJZpqHYwTplNr3x4zF+2nJk86GywDP+sGwSPWfcmqY04VQD7ZPDEZZ/qgzdoL
-5ilE92eQnAsy+6m6LxBEHHVcFpfDtNVUIt2VMCWLBeOKUQcn5js756xblInqw/Qt
-QRR0An0yfRjBuGvmMjAwETDo5ETY/fc+nbQVYJzNQTc9EOpFFWPpw/ZjFcN9Amnd
-dxYUETFXPmBYerMez0LKNtGpfKYHHhMMTI3mj0m/V9fCbfh2YbBUnMS2Swd20YSI
-Mi/HiGaqOpGUqXMeQVw7phGTS3QYK8ZM65sC/QhIQzXdsiLDgFBitVnlIu3lIv6C
-uiHvXeSJBRlRxQ8Vu+t6J7hBdl0etWBKAu9Vti46af5cjC03dspkHR3MAUGcrLWE
-TkQ0msQAKvIAlwyQRLuQOI5D6pF+6af1Nbl+vR7sLCbDWdMqm1E9X6KyFKd6e3rn
-E9O4dkFJp35WvR2gqIAkUoa+Vq1MXLFYG4imanZKH0igrIblbawRCr3Gr24FXQID
-AQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4E
-FgQUF+fBOE6Th1snpKuvIb6S8/mtPL4wHwYDVR0jBBgwFoAUF+fBOE6Th1snpKuv
-Ib6S8/mtPL4wDQYJKoZIhvcNAQELBQADggIBAGtCuV5eHxWcffylK9GPumaD6Yjd
-cs76KDBe3mky5ItBIrEOeZq3z47zM4dbKZHhFuoq4yAaO1MyApnG0w9wIQLBDndI
-ovtkw6j9/64aqPWpNaoB5MB0SahCUCgI83Dx9SRqGmjPI/MTMfwDLdE5EF9gFmVI
-oH62YnG2aa/sc6m/8wIK8WtTJazEI16/8GPG4ZUhwT6aR3IGGnEBPMbMd5VZQ0Hw
-VbHBKWK3UykaSCxnEg8uaNx/rhNaOWuWtos4qL00dYyGV7ZXg4fpAq7244QUgkWV
-AtVcU2SPBjDd30OFHASnenDHRzQdOtHaxLp4a4WaY3jb2V6Sn3LfE8zSy6GevxmN
-COIWW3xnPF8rwKz4ABEPqECe37zzu3W1nzZAFtdkhPBNnlWYkIusTMtU+8v6EPKp
-GIIRphpaDhtGPJQukpENOfk2728lenPycRfjxwA96UKWq0dKZC45MwBEK9Jngn8Q
-cPmpPmx7pSMkSxEX2Vos2JNaNmCKJd2VaXz8M6F2cxscRdh9TbAYAjGEEjE1nLUH
-2YHDS8Y7xYNFIDSFaJAlqGcCUbzjGhrwHGj4voTe9ZvlmngrcA/ptSuBidvsnRDw
-kNPLowCd0NqxYYSLNL7GroYCFPxoBpr+++4vsCaXalbs8iJxdU2EPqG4MB4xWKYg
-uyT5CnJulxSC5CT1
------END CERTIFICATE-----`;
-/**
- * Base64url decode (RFC 4648, no padding)
- */
-function base64urlDecode(input) {
-    // Add padding if needed
-    let base64 = input.replace(/-/g, '+').replace(/_/g, '/');
-    while (base64.length % 4) {
-        base64 += '=';
-    }
-    return Buffer.from(base64, 'base64');
-}
-/**
- * Fetch Google's public keys (with caching)
- */
-async function fetchGooglePublicKeys(logger) {
-    const now = Date.now();
-    // Return cached keys if still valid
-    if (gcpKeysCache && (now - gcpKeysCacheTime) < GCP_KEYS_CACHE_TTL) {
-        if (logger) {
-            logger.debug('Using cached Google public keys');
-        }
-        return gcpKeysCache;
-    }
-    // Fetch fresh keys
-    if (logger) {
-        logger.info('Fetching Google public keys from https://www.googleapis.com/oauth2/v3/certs');
-    }
-    const response = await fetch('https://www.googleapis.com/oauth2/v3/certs');
-    if (!response.ok) {
-        throw new Error(`Failed to fetch Google keys: ${response.status} ${response.statusText}`);
-    }
-    const keys = await response.json();
-    // Update cache
-    gcpKeysCache = keys;
-    gcpKeysCacheTime = now;
-    if (logger) {
-        logger.info(`Fetched ${keys.keys.length} Google public keys`);
-    }
-    return keys;
-}
-/**
- * Convert JWK to RSA public key
- */
-function jwkToPublicKey(jwk) {
-    // Create RSA public key from modulus and exponent
-    return crypto.createPublicKey({
-        key: {
-            kty: 'RSA',
-            n: jwk.n,
-            e: jwk.e,
-        },
-        format: 'jwk'
-    });
-}
-/**
- * Verify x5c certificate chain and return leaf certificate's public key
- */
-function verifyX5cChain(x5cChain, logger) {
-    if (!x5cChain || x5cChain.length === 0) {
-        throw new Error('Empty x5c certificate chain');
-    }
-    // Parse leaf certificate (first in chain)
-    const leafCertPem = `-----BEGIN CERTIFICATE-----\n${x5cChain[0]}\n-----END CERTIFICATE-----`;
-    const leafCert = new X509Certificate(leafCertPem);
-    if (logger) {
-        logger.info(`x5c leaf certificate: subject=${leafCert.subject}, issuer=${leafCert.issuer}`);
-    }
-    // Parse root CA
-    const rootCert = new X509Certificate(GCP_CONFIDENTIAL_SPACE_ROOT_CA);
-    // For chain verification with Node.js X509Certificate, we need to verify each cert in sequence
-    // Start with leaf and work up to root
-    let currentCert = leafCert;
-    // Verify intermediate certificates if present
-    for (let i = 1; i < x5cChain.length; i++) {
-        const intermediatePem = `-----BEGIN CERTIFICATE-----\n${x5cChain[i]}\n-----END CERTIFICATE-----`;
-        const intermediateCert = new X509Certificate(intermediatePem);
-        // Verify current cert was signed by intermediate
-        const isValid = currentCert.verify(intermediateCert.publicKey);
-        if (!isValid) {
-            throw new Error(`Certificate chain verification failed at level ${i}`);
-        }
-        if (logger) {
-            logger.debug(`Verified cert level ${i}: ${intermediateCert.subject}`);
-        }
-        currentCert = intermediateCert;
-    }
-    // Verify the top cert was signed by root CA
-    const isRootValid = currentCert.verify(rootCert.publicKey);
-    if (!isRootValid) {
-        throw new Error('Certificate chain does not root to GCP Confidential Space Root CA');
-    }
-    if (logger) {
-        logger.info('x5c certificate chain verified successfully');
-    }
-    // Return leaf certificate's public key for signature verification
-    return leafCert.publicKey;
-}
-/**
- * Validates GCP JWT attestation and extracts ETH address
- */
-export async function validateGcpAttestationAndExtractKey(attestationBytes, logger) {
-    const errors = [];
-    try {
-        // 1. Parse JWT structure
-        const jwtString = Buffer.from(attestationBytes).toString('utf8');
-        const parts = jwtString.split('.');
-        if (parts.length !== 3) {
-            errors.push('Invalid JWT format: expected 3 parts');
-            return { isValid: false, errors };
-        }
-        const [headerB64, payloadB64, signatureB64] = parts;
-        // Decode header and payload
-        const headerJson = base64urlDecode(headerB64).toString('utf8');
-        const payloadJson = base64urlDecode(payloadB64).toString('utf8');
-        const header = JSON.parse(headerJson);
-        const payload = JSON.parse(payloadJson);
-        if (logger) {
-            logger.info(`GCP JWT header: kid=${header.kid}, alg=${header.alg}`);
-            logger.info(`GCP JWT payload: iss=${payload.iss}, aud=${payload.aud}`);
-        }
-        // 2. Verify claims
-        const now = Math.floor(Date.now() / 1000);
-        // Check issuer - accept both Google accounts and Confidential Computing
-        const validIssuers = [
-            'https://accounts.google.com',
-            'https://confidentialcomputing.googleapis.com'
-        ];
-        if (!validIssuers.includes(payload.iss)) {
-            errors.push(`Invalid issuer: expected one of ${validIssuers.join(', ')}, got "${payload.iss}"`);
-        }
-        // Check expiration
-        if (payload.exp <= now) {
-            errors.push(`Token expired: exp=${payload.exp}, now=${now}`);
-        }
-        // Check issued at (allow 60 second clock skew)
-        if (payload.iat > now + 60) {
-            errors.push(`Token issued in future: iat=${payload.iat}, now=${now}`);
-        }
-        // Audience can be:
-        // 1. Custom Reclaim audience with data param: https://reclaimprotocol.org/attestation?data=tee_k_public_key:0x...
-        // 2. Reclaim domain only: https://reclaim-protocol.com (address in eat_nonce)
-        // 3. GCP STS audience: https://sts.googleapis.com (for Confidential Space)
-        const hasReclaimAudience = payload.aud?.includes('reclaimprotocol.org');
-        const hasGcpStsAudience = payload.aud?.includes('sts.googleapis.com');
-        if (!hasReclaimAudience && !hasGcpStsAudience) {
-            errors.push(`Invalid audience: expected "reclaimprotocol.org" or "sts.googleapis.com", got "${payload.aud}"`);
-        }
-        if (errors.length > 0) {
-            return { isValid: false, errors };
-        }
-        // 3. Get public key - either from x5c chain or JWKS
-        let publicKey;
-        if (header.x5c && header.x5c.length > 0) {
-            // PKI token with certificate chain
-            if (logger) {
-                logger.info(`Using x5c certificate chain (${header.x5c.length} certificates)`);
-            }
-            publicKey = verifyX5cChain(header.x5c, logger);
-        }
-        else if (header.kid) {
-            // OIDC token with kid
-            if (logger) {
-                logger.info(`Using OIDC token with kid: ${header.kid}`);
-            }
-            // Fetch Google's public keys
-            const jwks = await fetchGooglePublicKeys(logger);
-            // Find matching key
-            const jwk = jwks.keys.find(k => k.kid === header.kid);
-            if (!jwk) {
-                errors.push(`No public key found for kid: ${header.kid}`);
-                return { isValid: false, errors };
-            }
-            publicKey = jwkToPublicKey(jwk);
-        }
-        else {
-            errors.push('JWT header must contain either x5c or kid field');
-            return { isValid: false, errors };
-        }
-        // 4. Verify signature
-        const signedData = `${headerB64}.${payloadB64}`;
-        const signature = base64urlDecode(signatureB64);
-        const verify = crypto.createVerify('RSA-SHA256');
-        verify.update(signedData);
-        const isSignatureValid = verify.verify(publicKey, signature);
-        if (!isSignatureValid) {
-            errors.push('Signature verification failed');
-            return { isValid: false, errors };
-        }
-        if (logger) {
-            logger.info('GCP JWT signature verified successfully');
-        }
-        // 5. Extract ETH address from eat_nonce
-        if (!payload.eat_nonce) {
-            errors.push('No eat_nonce field found in JWT payload');
-            return { isValid: false, errors };
-        }
-        // Format: "tee_k_public_key:0x..." or "tee_t_public_key:0x..."
-        const match = payload.eat_nonce.match(/^(tee_[kt])_public_key:0x([0-9a-fA-F]{40})$/);
-        if (!match) {
-            errors.push(`Invalid eat_nonce format: ${payload.eat_nonce}`);
-            return { isValid: false, errors };
-        }
-        const userDataType = match[1]; // "tee_k" or "tee_t"
-        const hexAddress = match[2];
-        const ethAddress = new Uint8Array(Buffer.from(hexAddress, 'hex'));
-        if (logger) {
-            logger.info(`Extracted address from eat_nonce: ${payload.eat_nonce}`);
-        }
-        // Extract image digest from JWT payload (GCP's equivalent to PCR0)
-        let pcr0 = 'gcp-no-digest';
-        if (payload.google?.compute_engine?.image_digest) {
-            pcr0 = payload.google.compute_engine.image_digest;
-        }
-        else if (payload.submods?.container?.image_digest) {
-            pcr0 = payload.submods.container.image_digest;
-        }
-        // Add debug prefix if debug mode is enabled
-        if (payload.dbgstat === 'enabled' && pcr0.startsWith('sha256:')) {
-            pcr0 = 'debug_' + pcr0;
-        }
-        // Extract environment variables if present
-        const envVars = payload.submods?.container?.env || {};
-        if (logger) {
-            const hexAddr = Buffer.from(ethAddress).toString('hex');
-            logger.info(`Extracted ETH address from GCP attestation: 0x${hexAddr}, type: ${userDataType}, pcr0: ${pcr0}`);
-            if (Object.keys(envVars).length > 0) {
-                logger.debug(`Environment variables: ${Object.keys(envVars).join(', ')}`);
-            }
-        }
-        return {
-            isValid: true,
-            errors: [],
-            ethAddress,
-            userDataType,
-            pcr0,
-            envVars
-        };
-    }
-    catch (error) {
-        const errorMsg = error instanceof Error ? error.message : String(error);
-        errors.push(`GCP attestation validation error: ${errorMsg}`);
-        return { isValid: false, errors };
-    }
-}

package/lib/server/utils/generics.js

@@ -1,51 +0,0 @@
-import { RPCMessages } from "../../proto/api.js";
-import { getEnvVariable } from "../../utils/env.js";
-import { AttestorError, strToUint8Array } from "../../utils/index.js";
-import { SIGNATURES } from "../../utils/signatures/index.js";
-const PRIVATE_KEY = getEnvVariable('PRIVATE_KEY');
-/**
- * Sign message using the PRIVATE_KEY env var.
- */
-export function signAsAttestor(data, scheme) {
-    const { sign } = SIGNATURES[scheme];
-    return sign(typeof data === 'string' ? strToUint8Array(data) : data, PRIVATE_KEY);
-}
-/**
- * Obtain the address on chain, from the PRIVATE_KEY env var.
- */
-export function getAttestorAddress(scheme) {
-    const { getAddress, getPublicKey } = SIGNATURES[scheme];
-    const publicKey = getPublicKey(PRIVATE_KEY);
-    return getAddress(publicKey);
-}
-/**
- * Nice parse JSON with a key.
- * If the data is empty, returns an empty object.
- * And if the JSON is invalid, throws a bad request error,
- * with the key in the error message.
- */
-export function niceParseJsonObject(data, key) {
-    if (!data) {
-        return {};
-    }
-    try {
-        return JSON.parse(data);
-    }
-    catch (e) {
-        throw AttestorError.badRequest(`Invalid JSON in ${key}: ${e.message}`);
-    }
-}
-/**
- * Extract any initial messages sent via the query string,
- * in the `messages` parameter.
- */
-export function getInitialMessagesFromQuery(req) {
-    const url = new URL(req.url, 'http://localhost');
-    const messagesB64 = url.searchParams.get('messages');
-    if (!messagesB64?.length) {
-        return [];
-    }
-    const msgsBytes = Buffer.from(messagesB64, 'base64');
-    const msgs = RPCMessages.decode(msgsBytes);
-    return msgs.messages;
-}

package/lib/server/utils/iso.js

@@ -1,256 +0,0 @@
-const countries = {
-    AF: 'Afghanistan',
-    AX: 'Åland Islands',
-    AL: 'Albania',
-    DZ: 'Algeria',
-    AS: 'American Samoa',
-    AD: 'Andorra',
-    AO: 'Angola',
-    AI: 'Anguilla',
-    AQ: 'Antarctica',
-    AG: 'Antigua and Barbuda',
-    AR: 'Argentina',
-    AM: 'Armenia',
-    AW: 'Aruba',
-    AU: 'Australia',
-    AT: 'Austria',
-    AZ: 'Azerbaijan',
-    BS: 'Bahamas',
-    BH: 'Bahrain',
-    BD: 'Bangladesh',
-    BB: 'Barbados',
-    BY: 'Belarus',
-    BE: 'Belgium',
-    BZ: 'Belize',
-    BJ: 'Benin',
-    BM: 'Bermuda',
-    BT: 'Bhutan',
-    BO: 'Bolivia, Plurinational State of',
-    BQ: 'Bonaire, Sint Eustatius and Saba',
-    BA: 'Bosnia and Herzegovina',
-    BW: 'Botswana',
-    BV: 'Bouvet Island',
-    BR: 'Brazil',
-    IO: 'British Indian Ocean Territory',
-    BN: 'Brunei Darussalam',
-    BG: 'Bulgaria',
-    BF: 'Burkina Faso',
-    BI: 'Burundi',
-    KH: 'Cambodia',
-    CM: 'Cameroon',
-    CA: 'Canada',
-    CV: 'Cape Verde',
-    KY: 'Cayman Islands',
-    CF: 'Central African Republic',
-    TD: 'Chad',
-    CL: 'Chile',
-    CN: 'China',
-    CX: 'Christmas Island',
-    CC: 'Cocos (Keeling) Islands',
-    CO: 'Colombia',
-    KM: 'Comoros',
-    CG: 'Congo',
-    CD: 'Congo, the Democratic Republic of the',
-    CK: 'Cook Islands',
-    CR: 'Costa Rica',
-    CI: "Côte d'Ivoire",
-    HR: 'Croatia',
-    CU: 'Cuba',
-    CW: 'Curaçao',
-    CY: 'Cyprus',
-    CZ: 'Czech Republic',
-    DK: 'Denmark',
-    DJ: 'Djibouti',
-    DM: 'Dominica',
-    DO: 'Dominican Republic',
-    EC: 'Ecuador',
-    EG: 'Egypt',
-    SV: 'El Salvador',
-    GQ: 'Equatorial Guinea',
-    ER: 'Eritrea',
-    EE: 'Estonia',
-    ET: 'Ethiopia',
-    FK: 'Falkland Islands (Malvinas)',
-    FO: 'Faroe Islands',
-    FJ: 'Fiji',
-    FI: 'Finland',
-    FR: 'France',
-    GF: 'French Guiana',
-    PF: 'French Polynesia',
-    TF: 'French Southern Territories',
-    GA: 'Gabon',
-    GM: 'Gambia',
-    GE: 'Georgia',
-    DE: 'Germany',
-    GH: 'Ghana',
-    GI: 'Gibraltar',
-    GR: 'Greece',
-    GL: 'Greenland',
-    GD: 'Grenada',
-    GP: 'Guadeloupe',
-    GU: 'Guam',
-    GT: 'Guatemala',
-    GG: 'Guernsey',
-    GN: 'Guinea',
-    GW: 'Guinea-Bissau',
-    GY: 'Guyana',
-    HT: 'Haiti',
-    HM: 'Heard Island and McDonald Mcdonald Islands',
-    VA: 'Holy See (Vatican City State)',
-    HN: 'Honduras',
-    HK: 'Hong Kong',
-    HU: 'Hungary',
-    IS: 'Iceland',
-    IN: 'India',
-    ID: 'Indonesia',
-    IR: 'Iran, Islamic Republic of',
-    IQ: 'Iraq',
-    IE: 'Ireland',
-    IM: 'Isle of Man',
-    IL: 'Israel',
-    IT: 'Italy',
-    JM: 'Jamaica',
-    JP: 'Japan',
-    JE: 'Jersey',
-    JO: 'Jordan',
-    KZ: 'Kazakhstan',
-    KE: 'Kenya',
-    KI: 'Kiribati',
-    XK: 'Kosovo',
-    KP: "Korea, Democratic People's Republic of",
-    KR: 'Korea, Republic of',
-    KW: 'Kuwait',
-    KG: 'Kyrgyzstan',
-    LA: "Lao People's Democratic Republic",
-    LV: 'Latvia',
-    LB: 'Lebanon',
-    LS: 'Lesotho',
-    LR: 'Liberia',
-    LY: 'Libya',
-    LI: 'Liechtenstein',
-    LT: 'Lithuania',
-    LU: 'Luxembourg',
-    MO: 'Macao',
-    MK: 'North Macedonia',
-    MG: 'Madagascar',
-    MW: 'Malawi',
-    MY: 'Malaysia',
-    MV: 'Maldives',
-    ML: 'Mali',
-    MT: 'Malta',
-    MH: 'Marshall Islands',
-    MQ: 'Martinique',
-    MR: 'Mauritania',
-    MU: 'Mauritius',
-    YT: 'Mayotte',
-    MX: 'Mexico',
-    FM: 'Micronesia, Federated States of',
-    MD: 'Moldova, Republic of',
-    MC: 'Monaco',
-    MN: 'Mongolia',
-    ME: 'Montenegro',
-    MS: 'Montserrat',
-    MA: 'Morocco',
-    MZ: 'Mozambique',
-    MM: 'Myanmar',
-    NA: 'Namibia',
-    NR: 'Nauru',
-    NP: 'Nepal',
-    NL: 'Netherlands',
-    AN: 'Netherlands Antilles',
-    NC: 'New Caledonia',
-    NZ: 'New Zealand',
-    NI: 'Nicaragua',
-    NE: 'Niger',
-    NG: 'Nigeria',
-    NU: 'Niue',
-    NF: 'Norfolk Island',
-    MP: 'Northern Mariana Islands',
-    NO: 'Norway',
-    OM: 'Oman',
-    PK: 'Pakistan',
-    PW: 'Palau',
-    PS: 'Palestine, State of',
-    PA: 'Panama',
-    PG: 'Papua New Guinea',
-    PY: 'Paraguay',
-    PE: 'Peru',
-    PH: 'Philippines',
-    PN: 'Pitcairn',
-    PL: 'Poland',
-    PT: 'Portugal',
-    PR: 'Puerto Rico',
-    QA: 'Qatar',
-    RE: 'Réunion',
-    RO: 'Romania',
-    RU: 'Russian Federation',
-    RW: 'Rwanda',
-    BL: 'Saint Barthélemy',
-    SH: 'Saint Helena, Ascension and Tristan da Cunha',
-    KN: 'Saint Kitts and Nevis',
-    LC: 'Saint Lucia',
-    MF: 'Saint Martin (French part)',
-    PM: 'Saint Pierre and Miquelon',
-    VC: 'Saint Vincent and the Grenadines',
-    WS: 'Samoa',
-    SM: 'San Marino',
-    ST: 'Sao Tome and Principe',
-    SA: 'Saudi Arabia',
-    SN: 'Senegal',
-    RS: 'Serbia',
-    SC: 'Seychelles',
-    SL: 'Sierra Leone',
-    SG: 'Singapore',
-    SX: 'Sint Maarten (Dutch part)',
-    SK: 'Slovakia',
-    SI: 'Slovenia',
-    SB: 'Solomon Islands',
-    SO: 'Somalia',
-    ZA: 'South Africa',
-    GS: 'South Georgia and the South Sandwich Islands',
-    SS: 'South Sudan',
-    ES: 'Spain',
-    LK: 'Sri Lanka',
-    SD: 'Sudan',
-    SR: 'Suriname',
-    SJ: 'Svalbard and Jan Mayen',
-    SZ: 'Swaziland',
-    SE: 'Sweden',
-    CH: 'Switzerland',
-    SY: 'Syrian Arab Republic',
-    TW: 'Taiwan, Province of China',
-    TJ: 'Tajikistan',
-    TZ: 'Tanzania, United Republic of',
-    TH: 'Thailand',
-    TL: 'Timor-Leste',
-    TG: 'Togo',
-    TK: 'Tokelau',
-    TO: 'Tonga',
-    TT: 'Trinidad and Tobago',
-    TN: 'Tunisia',
-    TR: 'Turkey',
-    TM: 'Turkmenistan',
-    TC: 'Turks and Caicos Islands',
-    TV: 'Tuvalu',
-    UG: 'Uganda',
-    UA: 'Ukraine',
-    AE: 'United Arab Emirates',
-    GB: 'United Kingdom',
-    US: 'United States',
-    UM: 'United States Minor Outlying Islands',
-    UY: 'Uruguay',
-    UZ: 'Uzbekistan',
-    VU: 'Vanuatu',
-    VE: 'Venezuela, Bolivarian Republic of',
-    VN: 'Viet Nam',
-    VG: 'Virgin Islands, British',
-    VI: 'Virgin Islands, U.S.',
-    WF: 'Wallis and Futuna',
-    EH: 'Western Sahara',
-    YE: 'Yemen',
-    ZM: 'Zambia',
-    ZW: 'Zimbabwe'
-};
-export function isValidCountryCode(countryCode) {
-    return (countryCode.toUpperCase() in countries);
-}

package/lib/server/utils/keep-alive.js

@@ -1,38 +0,0 @@
-import { MAX_NO_DATA_INTERVAL_MS, PING_INTERVAL_MS } from "../../config/index.js";
-/**
- * Adds a keep-alive mechanism to the WebSocket
- * client
- */
-export function addKeepAlive(ws, logger) {
-    let sendTimeout;
-    let killTimeout;
-    ws.on('message', () => {
-        logger.trace('data recv, resetting timer');
-        resetTimer();
-    });
-    ws.on('pong', () => {
-        logger.trace('pong received, resetting timer');
-        resetTimer();
-    });
-    ws.on('error', cleanup);
-    ws.on('close', cleanup);
-    function resetTimer() {
-        cleanup();
-        resetSendTimeout();
-        killTimeout = setTimeout(() => {
-            logger.warn('no data received in a while, closing connection');
-            ws.close();
-        }, MAX_NO_DATA_INTERVAL_MS);
-    }
-    function resetSendTimeout() {
-        // reset ping
-        sendTimeout = setTimeout(() => {
-            ws.ping();
-            resetSendTimeout();
-        }, PING_INTERVAL_MS);
-    }
-    function cleanup() {
-        clearTimeout(killTimeout);
-        clearTimeout(sendTimeout);
-    }
-}