@tachybase/module-multi-app 0.23.8

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/native-password-auth.js

@@ -0,0 +1,55 @@
+'use strict';
+
+const PluginAuth = require('./plugin-auth');
+const Crypto = require('crypto');
+
+/**
+ * Standard authentication plugin
+ */
+class NativePasswordAuth extends PluginAuth {
+  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
+    super(resolve, reject, multiAuthResolver);
+    this.pluginData = pluginData;
+    this.sequenceNo = packSeq;
+    this.compressSequenceNo = compressPackSeq;
+  }
+
+  start(out, opts, info) {
+    //seed is ended with a null byte value.
+    const data = this.pluginData.slice(0, 20);
+    let authToken = NativePasswordAuth.encryptPassword(opts.password, data, 'sha1');
+
+    out.startPacket(this);
+    if (authToken.length > 0) {
+      out.writeBuffer(authToken, 0, authToken.length);
+      out.flushBuffer(true);
+    } else {
+      out.writeEmptyPacket(true);
+    }
+    this.emit('send_end');
+    this.onPacketReceive = this.successSend;
+  }
+
+  static encryptPassword(password, seed, algorithm) {
+    if (!password) return Buffer.alloc(0);
+
+    let hash = Crypto.createHash(algorithm);
+    let stage1 = hash.update(password, 'utf8').digest();
+    hash = Crypto.createHash(algorithm);
+
+    let stage2 = hash.update(stage1).digest();
+    hash = Crypto.createHash(algorithm);
+
+    hash.update(seed);
+    hash.update(stage2);
+
+    let digest = hash.digest();
+    let returnBytes = Buffer.allocUnsafe(digest.length);
+    for (let i = 0; i < digest.length; i++) {
+      returnBytes[i] = stage1[i] ^ digest[i];
+    }
+    return returnBytes;
+  }
+}
+
+module.exports = NativePasswordAuth;

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/pam-password-auth.js

@@ -0,0 +1,58 @@
+const PluginAuth = require('./plugin-auth');
+
+/**
+ * Use PAM authentication
+ */
+class PamPasswordAuth extends PluginAuth {
+  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
+    super(resolve, reject, multiAuthResolver);
+    this.pluginData = pluginData;
+    this.sequenceNo = packSeq;
+    this.counter = 0;
+  }
+
+  start(out, opts, info) {
+    this.exchange(this.pluginData, out, opts, info);
+    this.onPacketReceive = this.response;
+  }
+
+  exchange(buffer, out, opts, info) {
+    //conversation is :
+    // - first byte is information tell if question is a password (4) or clear text (2).
+    // - other bytes are the question to user
+
+    out.startPacket(this);
+
+    let pwd;
+    if (Array.isArray(opts.password)) {
+      pwd = opts.password[this.counter];
+      this.counter++;
+    } else {
+      pwd = opts.password;
+    }
+
+    if (pwd) out.writeString(pwd);
+    out.writeInt8(0);
+    out.flushBuffer(true);
+  }
+
+  response(packet, out, opts, info) {
+    const marker = packet.peek();
+    switch (marker) {
+      //*********************************************************************************************************
+      //* OK_Packet and Err_Packet ending packet
+      //*********************************************************************************************************
+      case 0x00:
+      case 0xff:
+        this.emit('send_end');
+        return this.successSend(packet, out, opts, info);
+
+      default:
+        let promptData = packet.readBuffer();
+        this.exchange(promptData, out, opts, info);
+        this.onPacketReceive = this.response;
+    }
+  }
+}
+
+module.exports = PamPasswordAuth;

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/plugin-auth.js

@@ -0,0 +1,19 @@
+'use strict';
+
+const Command = require('../../command');
+
+/**
+ * Base authentication plugin
+ */
+class PluginAuth extends Command {
+  constructor(resolve, reject, multiAuthResolver) {
+    super(resolve, reject);
+    this.multiAuthResolver = multiAuthResolver;
+  }
+
+  successSend(packet, out, opts, info) {
+    this.multiAuthResolver(packet, out, opts, info);
+  }
+}
+
+module.exports = PluginAuth;

package/dist/node_modules/mariadb/lib/cmd/handshake/auth/sha256-password-auth.js

@@ -0,0 +1,142 @@
+const PluginAuth = require('./plugin-auth');
+const fs = require('fs');
+const crypto = require('crypto');
+const Errors = require('../../../misc/errors');
+
+/**
+ * Use Sha256 authentication
+ */
+class Sha256PasswordAuth extends PluginAuth {
+  constructor(packSeq, compressPackSeq, pluginData, resolve, reject, multiAuthResolver) {
+    super(resolve, reject, multiAuthResolver);
+    this.pluginData = pluginData;
+    this.sequenceNo = packSeq;
+    this.counter = 0;
+    this.initialState = true;
+  }
+
+  start(out, opts, info) {
+    this.exchange(this.pluginData, out, opts, info);
+    this.onPacketReceive = this.response;
+  }
+
+  exchange(buffer, out, opts, info) {
+    if (this.initialState) {
+      if (!opts.password) {
+        out.startPacket(this);
+        out.writeEmptyPacket(true);
+        return;
+      } else if (opts.ssl) {
+        // using SSL, so sending password in clear
+        out.startPacket(this);
+        if (opts.password) {
+          out.writeString(opts.password);
+        }
+        out.writeInt8(0);
+        out.flushBuffer(true);
+        return;
+      } else {
+        // retrieve public key from configuration or from server
+        if (opts.rsaPublicKey) {
+          try {
+            let key = opts.rsaPublicKey;
+            if (!key.includes('-----BEGIN')) {
+              // rsaPublicKey contain path
+              key = fs.readFileSync(key, 'utf8');
+            }
+            this.publicKey = Sha256PasswordAuth.retreivePublicKey(key);
+          } catch (err) {
+            return this.throwError(err, info);
+          }
+        } else {
+          if (!opts.allowPublicKeyRetrieval) {
+            return this.throwError(
+              Errors.createError(
+                'RSA public key is not available client side. Either set option `rsaPublicKey` to indicate' +
+                  ' public key path, or allow public key retrieval with option `allowPublicKeyRetrieval`',
+                null,
+                true,
+                info,
+                '08S01',
+                Errors.ER_CANNOT_RETRIEVE_RSA_KEY
+              ),
+              info
+            );
+          }
+          this.initialState = false;
+
+          // ask public Key Retrieval
+          out.startPacket(this);
+          out.writeInt8(0x01);
+          out.flushBuffer(true);
+          return;
+        }
+      }
+
+      // send Sha256Password Packet
+      Sha256PasswordAuth.sendSha256PwdPacket(
+        this,
+        this.pluginData,
+        this.publicKey,
+        opts.password,
+        out
+      );
+    } else {
+      // has request public key
+      this.publicKey = Sha256PasswordAuth.retreivePublicKey(buffer.toString('utf8', 1));
+      Sha256PasswordAuth.sendSha256PwdPacket(
+        this,
+        this.pluginData,
+        this.publicKey,
+        opts.password,
+        out
+      );
+    }
+  }
+
+  static retreivePublicKey(key) {
+    return key.replace('(-+BEGIN PUBLIC KEY-+\\r?\\n|\\n?-+END PUBLIC KEY-+\\r?\\n?)', '');
+  }
+
+  static sendSha256PwdPacket(cmd, pluginData, publicKey, password, out) {
+    const truncatedSeed = pluginData.slice(0, pluginData.length - 1);
+    out.startPacket(cmd);
+    const enc = Sha256PasswordAuth.encrypt(truncatedSeed, password, publicKey);
+    out.writeBuffer(enc, 0, enc.length);
+    out.flushBuffer(cmd);
+  }
+
+  // encrypt password with public key
+  static encrypt(seed, password, publicKey) {
+    const nullFinishedPwd = Buffer.from(password + '\0');
+    const xorBytes = Buffer.allocUnsafe(nullFinishedPwd.length);
+    const seedLength = seed.length;
+    for (let i = 0; i < xorBytes.length; i++) {
+      xorBytes[i] = nullFinishedPwd[i] ^ seed[i % seedLength];
+    }
+    return crypto.publicEncrypt(
+      { key: publicKey, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING },
+      xorBytes
+    );
+  }
+
+  response(packet, out, opts, info) {
+    const marker = packet.peek();
+    switch (marker) {
+      //*********************************************************************************************************
+      //* OK_Packet and Err_Packet ending packet
+      //*********************************************************************************************************
+      case 0x00:
+      case 0xff:
+        this.emit('send_end');
+        return this.successSend(packet, out, opts, info);
+
+      default:
+        let promptData = packet.readBufferRemaining();
+        this.exchange(promptData, out, opts, info);
+        this.onPacketReceive = this.response;
+    }
+  }
+}
+
+module.exports = Sha256PasswordAuth;

package/dist/node_modules/mariadb/lib/cmd/handshake/client-capabilities.js

@@ -0,0 +1,74 @@
+'use strict';
+
+const Capabilities = require('../../const/capabilities');
+
+/**
+ * Initialize client capabilities according to options and server capabilities
+ *
+ * @param opts                options
+ * @param info                information
+ */
+module.exports.init = function (opts, info) {
+  let capabilities =
+    Capabilities.IGNORE_SPACE |
+    Capabilities.PROTOCOL_41 |
+    Capabilities.TRANSACTIONS |
+    Capabilities.SECURE_CONNECTION |
+    Capabilities.MULTI_RESULTS |
+    Capabilities.PS_MULTI_RESULTS |
+    Capabilities.SESSION_TRACK |
+    Capabilities.PLUGIN_AUTH_LENENC_CLIENT_DATA;
+
+  if ((info.serverCapabilities & Capabilities.MYSQL) === BigInt(0)) {
+    capabilities |= Capabilities.MARIADB_CLIENT_EXTENDED_TYPE_INFO;
+  }
+
+  if (info.serverCapabilities & Capabilities.PLUGIN_AUTH) {
+    capabilities |= Capabilities.PLUGIN_AUTH;
+  }
+
+  if (opts.connectAttributes && info.serverCapabilities & Capabilities.CONNECT_ATTRS) {
+    capabilities |= Capabilities.CONNECT_ATTRS;
+  }
+
+  if (opts.foundRows) {
+    capabilities |= Capabilities.FOUND_ROWS;
+  }
+
+  if (opts.permitLocalInfile) {
+    capabilities |= Capabilities.LOCAL_FILES;
+  }
+
+  if (opts.multipleStatements) {
+    capabilities |= Capabilities.MULTI_STATEMENTS;
+  }
+
+  info.eofDeprecated = (info.serverCapabilities & Capabilities.DEPRECATE_EOF) > 0;
+  if (info.eofDeprecated) {
+    capabilities |= Capabilities.DEPRECATE_EOF;
+  }
+
+  if (opts.database && info.serverCapabilities & Capabilities.CONNECT_WITH_DB) {
+    capabilities |= Capabilities.CONNECT_WITH_DB;
+  }
+
+  // use compression only if requested by client and supported by server
+  if (opts.compress) {
+    if (info.serverCapabilities & Capabilities.COMPRESS) {
+      capabilities |= Capabilities.COMPRESS;
+    } else {
+      opts.compress = false;
+    }
+  }
+
+  if (opts.bulk) {
+    if (info.serverCapabilities & Capabilities.MARIADB_CLIENT_STMT_BULK_OPERATIONS) {
+      capabilities |= Capabilities.MARIADB_CLIENT_STMT_BULK_OPERATIONS;
+    }
+  }
+
+  if (opts.permitConnectionWhenExpired) {
+    capabilities |= Capabilities.CAN_HANDLE_EXPIRED_PASSWORDS;
+  }
+  info.clientCapabilities = capabilities;
+};

package/dist/node_modules/mariadb/lib/cmd/handshake/client-handshake-response.js

@@ -0,0 +1,126 @@
+'use strict';
+
+const Capabilities = require('../../const/capabilities');
+const Iconv = require('iconv-lite');
+const NativePasswordAuth = require('./auth/native-password-auth');
+const Ed25519PasswordAuth = require('./auth/ed25519-password-auth');
+const driverVersion = require('../../../package.json').version;
+const os = require('os');
+
+/**
+ * Send Handshake response packet
+ * see https://mariadb.com/kb/en/library/1-connecting-connecting/#handshake-response-packet
+ *
+ * @param cmd         current handshake command
+ * @param out         output writer
+ * @param opts        connection options
+ * @param pluginName  plugin name
+ * @param info        connection information
+ */
+module.exports.send = function send(cmd, out, opts, pluginName, info) {
+  out.startPacket(cmd);
+  info.defaultPluginName = pluginName;
+  const pwd = Array.isArray(opts.password) ? opts.password[0] : opts.password;
+  let authToken;
+  let authPlugin;
+  switch (pluginName) {
+    case 'client_ed25519':
+      authToken = Ed25519PasswordAuth.encryptPassword(pwd, info.seed);
+      authPlugin = 'client_ed25519';
+      break;
+
+    case 'mysql_clear_password':
+      authToken = Buffer.from(pwd);
+      authPlugin = 'mysql_clear_password';
+      break;
+
+    default:
+      authToken = NativePasswordAuth.encryptPassword(pwd, info.seed, 'sha1');
+      authPlugin = 'mysql_native_password';
+      break;
+  }
+  out.writeInt32(Number(info.clientCapabilities & BigInt(0xffffffff)));
+  out.writeInt32(1024 * 1024 * 1024); // max packet size
+  out.writeInt8(opts.collation.index);
+  for (let i = 0; i < 19; i++) {
+    out.writeInt8(0);
+  }
+
+  out.writeInt32(Number(info.clientCapabilities >> BigInt(32)));
+
+  //null encoded user
+  out.writeString(opts.user || '');
+  out.writeInt8(0);
+
+  if (info.serverCapabilities & Capabilities.PLUGIN_AUTH_LENENC_CLIENT_DATA) {
+    out.writeLengthCoded(authToken.length);
+    out.writeBuffer(authToken, 0, authToken.length);
+  } else if (info.serverCapabilities & Capabilities.SECURE_CONNECTION) {
+    out.writeInt8(authToken.length);
+    out.writeBuffer(authToken, 0, authToken.length);
+  } else {
+    out.writeBuffer(authToken, 0, authToken.length);
+    out.writeInt8(0);
+  }
+
+  if (info.clientCapabilities & Capabilities.CONNECT_WITH_DB) {
+    out.writeString(opts.database);
+    out.writeInt8(0);
+    info.database = opts.database;
+  }
+
+  if (info.clientCapabilities & Capabilities.PLUGIN_AUTH) {
+    out.writeString(authPlugin);
+    out.writeInt8(0);
+  }
+
+  if (info.clientCapabilities & Capabilities.CONNECT_ATTRS) {
+    out.writeInt8(0xfc);
+    let initPos = out.pos; //save position, assuming connection attributes length will be less than 2 bytes length
+    out.writeInt16(0);
+
+    const encoding = opts.collation.charset;
+
+    writeParam(out, '_client_name', encoding);
+    writeParam(out, 'MariaDB connector/Node', encoding);
+
+    writeParam(out, '_client_version', encoding);
+    writeParam(out, driverVersion, encoding);
+
+    const address = cmd.getSocket().address().address;
+    if (address) {
+      writeParam(out, '_server_host', encoding);
+      writeParam(out, address, encoding);
+    }
+
+    writeParam(out, '_os', encoding);
+    writeParam(out, process.platform, encoding);
+
+    writeParam(out, '_client_host', encoding);
+    writeParam(out, os.hostname(), encoding);
+
+    writeParam(out, '_node_version', encoding);
+    writeParam(out, process.versions.node, encoding);
+
+    if (opts.connectAttributes !== true) {
+      let attrNames = Object.keys(opts.connectAttributes);
+      for (let k = 0; k < attrNames.length; ++k) {
+        writeParam(out, attrNames[k], encoding);
+        writeParam(out, opts.connectAttributes[attrNames[k]], encoding);
+      }
+    }
+
+    //write end size
+    out.writeInt16AtPos(initPos);
+  }
+
+  out.flushBuffer(true);
+};
+
+function writeParam(out, val, encoding) {
+  let param = Buffer.isEncoding(encoding)
+    ? Buffer.from(val, encoding)
+    : Iconv.encode(val, encoding);
+  out.writeLengthCoded(param.length);
+  out.writeBuffer(param, 0, param.length);
+}