@vardario/cognito-client 0.1.9 → 0.2.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -0
- package/lib/cognito-client.d.ts +30 -45
- package/lib/cognito-client.js +106 -149
- package/lib/error.d.ts +93 -31
- package/lib/error.js +96 -46
- package/lib/index.d.ts +0 -1
- package/lib/index.js +0 -1
- package/lib/utils.d.ts +3 -2
- package/lib/utils.js +59 -45
- package/package.json +34 -18
- package/lib/cognito-client.test.d.ts +0 -1
- package/lib/cognito-client.test.js +0 -99
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.d.ts +0 -21
- package/lib/session-storage/cookie-session-storage/cookie-session-storage.js +0 -42
- package/lib/session-storage/cookie-session-storage/index.d.ts +0 -1
- package/lib/session-storage/cookie-session-storage/index.js +0 -1
- package/lib/session-storage/index.d.ts +0 -4
- package/lib/session-storage/index.js +0 -4
- package/lib/session-storage/local-storage-session-storage.d.ts +0 -20
- package/lib/session-storage/local-storage-session-storage.js +0 -38
- package/lib/session-storage/memory-session-storage.d.ts +0 -13
- package/lib/session-storage/memory-session-storage.js +0 -18
- package/lib/session-storage/session-storage.d.ts +0 -14
- package/lib/session-storage/session-storage.js +0 -5
- package/lib/session-storage/session-storage.test.d.ts +0 -1
- package/lib/session-storage/session-storage.test.js +0 -33
- package/lib/test-utils.d.ts +0 -17
- package/lib/test-utils.js +0 -81
package/lib/error.d.ts
CHANGED
|
@@ -1,55 +1,117 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Possible
|
|
2
|
+
* Possible Cognito exceptions
|
|
3
3
|
*/
|
|
4
|
-
export declare enum
|
|
4
|
+
export declare enum CognitoException {
|
|
5
5
|
/**
|
|
6
|
-
*
|
|
6
|
+
* You do not have sufficient access to perform this action.
|
|
7
7
|
*/
|
|
8
|
-
|
|
8
|
+
AccessDeniedException = "AccessDeniedException",
|
|
9
9
|
/**
|
|
10
|
-
*
|
|
10
|
+
* The request signature does not conform to AWS standards.
|
|
11
11
|
*/
|
|
12
|
-
|
|
12
|
+
IncompleteSignature = "IncompleteSignature",
|
|
13
13
|
/**
|
|
14
|
-
*
|
|
14
|
+
* The request processing has failed because of an unknown error, exception or failure.
|
|
15
15
|
*/
|
|
16
|
-
|
|
16
|
+
InternalFailure = "InternalFailure",
|
|
17
17
|
/**
|
|
18
|
-
*
|
|
18
|
+
* The action or operation requested is invalid. Verify that the action is typed correctly.
|
|
19
19
|
*/
|
|
20
|
-
|
|
20
|
+
InvalidAction = "InvalidAction",
|
|
21
21
|
/**
|
|
22
|
-
*
|
|
22
|
+
* The X.509 certificate or AWS access key ID provided does not exist in our records.
|
|
23
23
|
*/
|
|
24
|
-
|
|
24
|
+
InvalidClientTokenId = "InvalidClientTokenId",
|
|
25
25
|
/**
|
|
26
|
-
*
|
|
26
|
+
* You do not have permission to perform this action.
|
|
27
27
|
*/
|
|
28
|
-
|
|
28
|
+
NotAuthorized = "NotAuthorized",
|
|
29
29
|
/**
|
|
30
|
-
* The
|
|
30
|
+
* The AWS access key ID needs a subscription for the service.
|
|
31
31
|
*/
|
|
32
|
-
|
|
32
|
+
OptInRequired = "OptInRequired",
|
|
33
33
|
/**
|
|
34
|
-
*
|
|
34
|
+
* The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future.
|
|
35
35
|
*/
|
|
36
|
-
|
|
36
|
+
RequestExpired = "RequestExpired",
|
|
37
|
+
/**
|
|
38
|
+
* The request has failed due to a temporary failure of the server.
|
|
39
|
+
*/
|
|
40
|
+
ServiceUnavailable = "ServiceUnavailable",
|
|
41
|
+
/**
|
|
42
|
+
* The request was denied due to request throttling.
|
|
43
|
+
*/
|
|
44
|
+
ThrottlingException = "ThrottlingException",
|
|
45
|
+
/**
|
|
46
|
+
* The input fails to satisfy the constraints specified by an AWS service.
|
|
47
|
+
*/
|
|
48
|
+
ValidationError = "ValidationError",
|
|
49
|
+
/**
|
|
50
|
+
* This exception is thrown when AWS WAF doesn't allow your request based on a web ACL that's associated with your user pool.
|
|
51
|
+
*/
|
|
52
|
+
ForbiddenException = "ForbiddenException",
|
|
53
|
+
/**
|
|
54
|
+
* This exception is thrown when Amazon Cognito encounters an internal error.
|
|
55
|
+
*/
|
|
56
|
+
InternalErrorException = "InternalErrorException",
|
|
57
|
+
/**
|
|
58
|
+
* This exception is thrown when Amazon Cognito encounters an invalid AWS Lambda response.
|
|
59
|
+
*/
|
|
60
|
+
InvalidLambdaResponseException = "InvalidLambdaResponseException",
|
|
61
|
+
/**
|
|
62
|
+
* This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
|
|
63
|
+
*/
|
|
64
|
+
InvalidParameterException = "InvalidParameterException",
|
|
65
|
+
/**
|
|
66
|
+
* This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS.
|
|
67
|
+
*/
|
|
68
|
+
InvalidSmsRoleAccessPolicyException = "InvalidSmsRoleAccessPolicyException",
|
|
69
|
+
/**
|
|
70
|
+
* This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool.
|
|
71
|
+
*/
|
|
72
|
+
InvalidSmsRoleTrustRelationshipException = "InvalidSmsRoleTrustRelationshipException",
|
|
73
|
+
/**
|
|
74
|
+
* This exception is thrown when the user pool configuration is not valid.
|
|
75
|
+
*/
|
|
76
|
+
InvalidUserPoolConfigurationException = "InvalidUserPoolConfigurationException",
|
|
77
|
+
/**
|
|
78
|
+
* This exception is thrown when a user isn't authorized.
|
|
79
|
+
*/
|
|
80
|
+
NotAuthorizedException = "NotAuthorizedException",
|
|
81
|
+
/**
|
|
82
|
+
* This exception is thrown when a password reset is required.
|
|
83
|
+
*/
|
|
84
|
+
PasswordResetRequiredException = "PasswordResetRequiredException",
|
|
85
|
+
/**
|
|
86
|
+
* This exception is thrown when the Amazon Cognito service can't find the requested resource.
|
|
87
|
+
*/
|
|
88
|
+
ResourceNotFoundException = "ResourceNotFoundException",
|
|
89
|
+
/**
|
|
90
|
+
* This exception is thrown when the user has made too many requests for a given operation.
|
|
91
|
+
*/
|
|
92
|
+
TooManyRequestsException = "TooManyRequestsException",
|
|
93
|
+
/**
|
|
94
|
+
* This exception is thrown when Amazon Cognito encounters an unexpected exception with AWS Lambda.
|
|
95
|
+
*/
|
|
96
|
+
UnexpectedLambdaException = "UnexpectedLambdaException",
|
|
97
|
+
/**
|
|
98
|
+
* This exception is thrown when the Amazon Cognito service encounters a user validation exception with the AWS Lambda service.
|
|
99
|
+
*/
|
|
100
|
+
UserLambdaValidationException = "UserLambdaValidationException",
|
|
101
|
+
/**
|
|
102
|
+
* This exception is thrown when a user isn't confirmed successfully.
|
|
103
|
+
*/
|
|
104
|
+
UserNotConfirmedException = "UserNotConfirmedException",
|
|
105
|
+
/**
|
|
106
|
+
* This exception is thrown when a user isn't found.
|
|
107
|
+
*/
|
|
108
|
+
UserNotFoundException = "UserNotFoundException",
|
|
37
109
|
/**
|
|
38
110
|
* Unknown auth error happened.
|
|
39
111
|
*/
|
|
40
112
|
Unknown = "unknown"
|
|
41
113
|
}
|
|
42
|
-
export declare class
|
|
43
|
-
readonly
|
|
44
|
-
constructor(message: string,
|
|
45
|
-
}
|
|
46
|
-
export declare enum ErrorCode {
|
|
47
|
-
UserNotFoundException = "UserNotFoundException",
|
|
48
|
-
NotAuthorizedException = "NotAuthorizedException",
|
|
49
|
-
LimitExceededException = "LimitExceededException"
|
|
50
|
-
}
|
|
51
|
-
export interface CognitoAuthErrorResponse {
|
|
52
|
-
__type: ErrorCode;
|
|
53
|
-
message: string;
|
|
114
|
+
export declare class CognitoError extends Error {
|
|
115
|
+
readonly cognitoException: CognitoException;
|
|
116
|
+
constructor(message: string, cognitoException: CognitoException);
|
|
54
117
|
}
|
|
55
|
-
export declare function getAuthError(errorResponse: CognitoAuthErrorResponse): AuthException;
|
package/lib/error.js
CHANGED
|
@@ -1,70 +1,120 @@
|
|
|
1
1
|
/**
|
|
2
|
-
* Possible
|
|
2
|
+
* Possible Cognito exceptions
|
|
3
3
|
*/
|
|
4
|
-
export var
|
|
5
|
-
(function (
|
|
4
|
+
export var CognitoException;
|
|
5
|
+
(function (CognitoException) {
|
|
6
6
|
/**
|
|
7
|
-
*
|
|
7
|
+
* You do not have sufficient access to perform this action.
|
|
8
8
|
*/
|
|
9
|
-
|
|
9
|
+
CognitoException["AccessDeniedException"] = "AccessDeniedException";
|
|
10
10
|
/**
|
|
11
|
-
*
|
|
11
|
+
* The request signature does not conform to AWS standards.
|
|
12
12
|
*/
|
|
13
|
-
|
|
13
|
+
CognitoException["IncompleteSignature"] = "IncompleteSignature";
|
|
14
14
|
/**
|
|
15
|
-
*
|
|
15
|
+
* The request processing has failed because of an unknown error, exception or failure.
|
|
16
16
|
*/
|
|
17
|
-
|
|
17
|
+
CognitoException["InternalFailure"] = "InternalFailure";
|
|
18
18
|
/**
|
|
19
|
-
*
|
|
19
|
+
* The action or operation requested is invalid. Verify that the action is typed correctly.
|
|
20
20
|
*/
|
|
21
|
-
|
|
21
|
+
CognitoException["InvalidAction"] = "InvalidAction";
|
|
22
22
|
/**
|
|
23
|
-
*
|
|
23
|
+
* The X.509 certificate or AWS access key ID provided does not exist in our records.
|
|
24
24
|
*/
|
|
25
|
-
|
|
25
|
+
CognitoException["InvalidClientTokenId"] = "InvalidClientTokenId";
|
|
26
26
|
/**
|
|
27
|
-
*
|
|
27
|
+
* You do not have permission to perform this action.
|
|
28
28
|
*/
|
|
29
|
-
|
|
29
|
+
CognitoException["NotAuthorized"] = "NotAuthorized";
|
|
30
30
|
/**
|
|
31
|
-
* The
|
|
31
|
+
* The AWS access key ID needs a subscription for the service.
|
|
32
32
|
*/
|
|
33
|
-
|
|
33
|
+
CognitoException["OptInRequired"] = "OptInRequired";
|
|
34
34
|
/**
|
|
35
|
-
*
|
|
35
|
+
* The request reached the service more than 15 minutes after the date stamp on the request or more than 15 minutes after the request expiration date (such as for pre-signed URLs), or the date stamp on the request is more than 15 minutes in the future.
|
|
36
36
|
*/
|
|
37
|
-
|
|
37
|
+
CognitoException["RequestExpired"] = "RequestExpired";
|
|
38
|
+
/**
|
|
39
|
+
* The request has failed due to a temporary failure of the server.
|
|
40
|
+
*/
|
|
41
|
+
CognitoException["ServiceUnavailable"] = "ServiceUnavailable";
|
|
42
|
+
/**
|
|
43
|
+
* The request was denied due to request throttling.
|
|
44
|
+
*/
|
|
45
|
+
CognitoException["ThrottlingException"] = "ThrottlingException";
|
|
46
|
+
/**
|
|
47
|
+
* The input fails to satisfy the constraints specified by an AWS service.
|
|
48
|
+
*/
|
|
49
|
+
CognitoException["ValidationError"] = "ValidationError";
|
|
50
|
+
/**
|
|
51
|
+
* This exception is thrown when AWS WAF doesn't allow your request based on a web ACL that's associated with your user pool.
|
|
52
|
+
*/
|
|
53
|
+
CognitoException["ForbiddenException"] = "ForbiddenException";
|
|
54
|
+
/**
|
|
55
|
+
* This exception is thrown when Amazon Cognito encounters an internal error.
|
|
56
|
+
*/
|
|
57
|
+
CognitoException["InternalErrorException"] = "InternalErrorException";
|
|
58
|
+
/**
|
|
59
|
+
* This exception is thrown when Amazon Cognito encounters an invalid AWS Lambda response.
|
|
60
|
+
*/
|
|
61
|
+
CognitoException["InvalidLambdaResponseException"] = "InvalidLambdaResponseException";
|
|
62
|
+
/**
|
|
63
|
+
* This exception is thrown when the Amazon Cognito service encounters an invalid parameter.
|
|
64
|
+
*/
|
|
65
|
+
CognitoException["InvalidParameterException"] = "InvalidParameterException";
|
|
66
|
+
/**
|
|
67
|
+
* This exception is returned when the role provided for SMS configuration doesn't have permission to publish using Amazon SNS.
|
|
68
|
+
*/
|
|
69
|
+
CognitoException["InvalidSmsRoleAccessPolicyException"] = "InvalidSmsRoleAccessPolicyException";
|
|
70
|
+
/**
|
|
71
|
+
* This exception is thrown when the trust relationship is not valid for the role provided for SMS configuration. This can happen if you don't trust cognito-idp.amazonaws.com or the external ID provided in the role does not match what is provided in the SMS configuration for the user pool.
|
|
72
|
+
*/
|
|
73
|
+
CognitoException["InvalidSmsRoleTrustRelationshipException"] = "InvalidSmsRoleTrustRelationshipException";
|
|
74
|
+
/**
|
|
75
|
+
* This exception is thrown when the user pool configuration is not valid.
|
|
76
|
+
*/
|
|
77
|
+
CognitoException["InvalidUserPoolConfigurationException"] = "InvalidUserPoolConfigurationException";
|
|
78
|
+
/**
|
|
79
|
+
* This exception is thrown when a user isn't authorized.
|
|
80
|
+
*/
|
|
81
|
+
CognitoException["NotAuthorizedException"] = "NotAuthorizedException";
|
|
82
|
+
/**
|
|
83
|
+
* This exception is thrown when a password reset is required.
|
|
84
|
+
*/
|
|
85
|
+
CognitoException["PasswordResetRequiredException"] = "PasswordResetRequiredException";
|
|
86
|
+
/**
|
|
87
|
+
* This exception is thrown when the Amazon Cognito service can't find the requested resource.
|
|
88
|
+
*/
|
|
89
|
+
CognitoException["ResourceNotFoundException"] = "ResourceNotFoundException";
|
|
90
|
+
/**
|
|
91
|
+
* This exception is thrown when the user has made too many requests for a given operation.
|
|
92
|
+
*/
|
|
93
|
+
CognitoException["TooManyRequestsException"] = "TooManyRequestsException";
|
|
94
|
+
/**
|
|
95
|
+
* This exception is thrown when Amazon Cognito encounters an unexpected exception with AWS Lambda.
|
|
96
|
+
*/
|
|
97
|
+
CognitoException["UnexpectedLambdaException"] = "UnexpectedLambdaException";
|
|
98
|
+
/**
|
|
99
|
+
* This exception is thrown when the Amazon Cognito service encounters a user validation exception with the AWS Lambda service.
|
|
100
|
+
*/
|
|
101
|
+
CognitoException["UserLambdaValidationException"] = "UserLambdaValidationException";
|
|
102
|
+
/**
|
|
103
|
+
* This exception is thrown when a user isn't confirmed successfully.
|
|
104
|
+
*/
|
|
105
|
+
CognitoException["UserNotConfirmedException"] = "UserNotConfirmedException";
|
|
106
|
+
/**
|
|
107
|
+
* This exception is thrown when a user isn't found.
|
|
108
|
+
*/
|
|
109
|
+
CognitoException["UserNotFoundException"] = "UserNotFoundException";
|
|
38
110
|
/**
|
|
39
111
|
* Unknown auth error happened.
|
|
40
112
|
*/
|
|
41
|
-
|
|
42
|
-
})(
|
|
43
|
-
export class
|
|
44
|
-
constructor(message,
|
|
113
|
+
CognitoException["Unknown"] = "unknown";
|
|
114
|
+
})(CognitoException || (CognitoException = {}));
|
|
115
|
+
export class CognitoError extends Error {
|
|
116
|
+
constructor(message, cognitoException) {
|
|
45
117
|
super(message);
|
|
46
|
-
this.
|
|
118
|
+
this.cognitoException = cognitoException;
|
|
47
119
|
}
|
|
48
120
|
}
|
|
49
|
-
export var ErrorCode;
|
|
50
|
-
(function (ErrorCode) {
|
|
51
|
-
ErrorCode["UserNotFoundException"] = "UserNotFoundException";
|
|
52
|
-
ErrorCode["NotAuthorizedException"] = "NotAuthorizedException";
|
|
53
|
-
ErrorCode["LimitExceededException"] = "LimitExceededException";
|
|
54
|
-
})(ErrorCode || (ErrorCode = {}));
|
|
55
|
-
export function getAuthError(errorResponse) {
|
|
56
|
-
const mapping = {
|
|
57
|
-
'UserNotFoundException:User cannot be confirmed. Current status is CONFIRMED': AuthError.UserConfirmedAlready,
|
|
58
|
-
'NotAuthorizedException:Incorrect username or password.': AuthError.EmailOrPasswordWrong,
|
|
59
|
-
'LimitExceededException:Attempt limit exceeded, please try after some time.': AuthError.LimitExceededException,
|
|
60
|
-
'UserNotFoundException:Username/client id combination not found.': AuthError.UserDoesNotExist,
|
|
61
|
-
'UserNotFoundException:User does not exist.': AuthError.UserDoesNotExist,
|
|
62
|
-
'NotAuthorizedException:Password attempts exceeded': AuthError.PasswordAttempsExceeded,
|
|
63
|
-
'UsernameExistsException:An account with the given email already exists.': AuthError.UserAlreadyExists,
|
|
64
|
-
'InvalidParameterException:Cannot reset password for the user as there is no registered/verified email or phone_number': AuthError.UserEmailNotVerified,
|
|
65
|
-
'UserNotConfirmedException:User is not confirmed.': AuthError.UserEmailNotVerified,
|
|
66
|
-
};
|
|
67
|
-
const message = `${errorResponse.__type}:${errorResponse.message}`;
|
|
68
|
-
const authError = mapping[message] || AuthError.Unknown;
|
|
69
|
-
return new AuthException(message, authError);
|
|
70
|
-
}
|
package/lib/index.d.ts
CHANGED
package/lib/index.js
CHANGED
package/lib/utils.d.ts
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
/// <reference types="node" resolution-mode="require"/>
|
|
2
|
-
import { BigInteger } from
|
|
2
|
+
import { BigInteger } from 'jsbn';
|
|
3
3
|
export declare function padHex(bigInt: BigInteger): string;
|
|
4
4
|
export declare function hashHexString(str: string): string;
|
|
5
5
|
export declare function hashBuffer(buffer: Buffer): string;
|
|
@@ -11,7 +11,7 @@ export declare function calculateHKDF(ikm: Buffer, salt: Buffer): number[];
|
|
|
11
11
|
export declare function getPasswordAuthenticationKey(poolName: string, username: string, password: string, B: BigInteger, U: BigInteger, smallA: BigInteger, salt: BigInteger): number[];
|
|
12
12
|
export declare function calculateSignature(poolName: string, userId: string, secretBlock: string, hkdf: number[]): {
|
|
13
13
|
signature: string;
|
|
14
|
-
timeStamp:
|
|
14
|
+
timeStamp: string;
|
|
15
15
|
};
|
|
16
16
|
export declare function decodeJwt<T = unknown>(jwt: string): {
|
|
17
17
|
header: any;
|
|
@@ -19,3 +19,4 @@ export declare function decodeJwt<T = unknown>(jwt: string): {
|
|
|
19
19
|
signature: string;
|
|
20
20
|
};
|
|
21
21
|
export declare function randomBytes(num: number): Promise<Buffer>;
|
|
22
|
+
export declare function formatTimestamp(date: Date): string;
|
package/lib/utils.js
CHANGED
|
@@ -1,25 +1,24 @@
|
|
|
1
|
-
import
|
|
2
|
-
import
|
|
3
|
-
import
|
|
4
|
-
|
|
5
|
-
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
"43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF";
|
|
1
|
+
import hashJs from 'hash.js';
|
|
2
|
+
import { BigInteger } from 'jsbn';
|
|
3
|
+
import rb from 'randombytes';
|
|
4
|
+
const initN = 'FFFFFFFFFFFFFFFFC90FDAA22168C234C4C6628B80DC1CD1' +
|
|
5
|
+
'29024E088A67CC74020BBEA63B139B22514A08798E3404DD' +
|
|
6
|
+
'EF9519B3CD3A431B302B0A6DF25F14374FE1356D6D51C245' +
|
|
7
|
+
'E485B576625E7EC6F44C42E9A637ED6B0BFF5CB6F406B7ED' +
|
|
8
|
+
'EE386BFB5A899FA5AE9F24117C4B1FE649286651ECE45B3D' +
|
|
9
|
+
'C2007CB8A163BF0598DA48361C55D39A69163FA8FD24CF5F' +
|
|
10
|
+
'83655D23DCA3AD961C62F356208552BB9ED529077096966D' +
|
|
11
|
+
'670C354E4ABC9804F1746C08CA18217C32905E462E36CE3B' +
|
|
12
|
+
'E39E772C180E86039B2783A2EC07A28FB5C55DF06F4C52C9' +
|
|
13
|
+
'DE2BCBF6955817183995497CEA956AE515D2261898FA0510' +
|
|
14
|
+
'15728E5A8AAAC42DAD33170D04507A33A85521ABDF1CBA64' +
|
|
15
|
+
'ECFB850458DBEF0A8AEA71575D060C7DB3970F85A6E1E4C7' +
|
|
16
|
+
'ABF5AE8CDB0933D71E8C94E04A25619DCEE3D2261AD2EE6B' +
|
|
17
|
+
'F12FFA06D98A0864D87602733EC86A64521F2B18177B200C' +
|
|
18
|
+
'BBE117577A615D6C770988C0BAD946E208E24FA074E5AB31' +
|
|
19
|
+
'43DB5BFCE0FD108E4B82D120A93AD2CAFFFFFFFFFFFFFFFF';
|
|
21
20
|
const N = new BigInteger(initN, 16);
|
|
22
|
-
const g = new BigInteger(
|
|
21
|
+
const g = new BigInteger('2', 16);
|
|
23
22
|
const k = new BigInteger(hashHexString(`${padHex(N)}${padHex(g)}`), 16);
|
|
24
23
|
export function padHex(bigInt) {
|
|
25
24
|
const HEX_MSB_REGEX = /^[89a-f]/i;
|
|
@@ -29,29 +28,29 @@ export function padHex(bigInt) {
|
|
|
29
28
|
hexStr = HEX_MSB_REGEX.test(hexStr) ? `00${hexStr}` : hexStr;
|
|
30
29
|
if (isNegative) {
|
|
31
30
|
const invertedNibbles = hexStr
|
|
32
|
-
.split(
|
|
33
|
-
.map(
|
|
31
|
+
.split('')
|
|
32
|
+
.map(x => {
|
|
34
33
|
const invertedNibble = ~parseInt(x, 16) & 0xf;
|
|
35
|
-
return
|
|
34
|
+
return '0123456789ABCDEF'.charAt(invertedNibble);
|
|
36
35
|
})
|
|
37
|
-
.join(
|
|
36
|
+
.join('');
|
|
38
37
|
const flippedBitsBI = new BigInteger(invertedNibbles, 16).add(BigInteger.ONE);
|
|
39
38
|
hexStr = flippedBitsBI.toString(16);
|
|
40
|
-
if (hexStr.toUpperCase().startsWith(
|
|
39
|
+
if (hexStr.toUpperCase().startsWith('FF8')) {
|
|
41
40
|
hexStr = hexStr.substring(2);
|
|
42
41
|
}
|
|
43
42
|
}
|
|
44
43
|
return hexStr;
|
|
45
44
|
}
|
|
46
45
|
export function hashHexString(str) {
|
|
47
|
-
return hashBuffer(Buffer.from(str,
|
|
46
|
+
return hashBuffer(Buffer.from(str, 'hex'));
|
|
48
47
|
}
|
|
49
48
|
export function hashBuffer(buffer) {
|
|
50
|
-
const hash = hashJs.sha256().update(buffer).digest(
|
|
51
|
-
return new Array(64 - hash.length).join(
|
|
49
|
+
const hash = hashJs.sha256().update(buffer).digest('hex');
|
|
50
|
+
return new Array(64 - hash.length).join('0') + hash;
|
|
52
51
|
}
|
|
53
52
|
export async function generateSmallA() {
|
|
54
|
-
return new BigInteger((await randomBytes(128)).toString(
|
|
53
|
+
return new BigInteger((await randomBytes(128)).toString('hex'), 16);
|
|
55
54
|
}
|
|
56
55
|
export function generateA(smallA) {
|
|
57
56
|
const A = g.modPow(smallA, N);
|
|
@@ -67,8 +66,8 @@ export function calculateS(X, B, U, smallA) {
|
|
|
67
66
|
}
|
|
68
67
|
export function calculateHKDF(ikm, salt) {
|
|
69
68
|
const infoBitsBuffer = Buffer.concat([
|
|
70
|
-
Buffer.from(
|
|
71
|
-
Buffer.from(String.fromCharCode(1),
|
|
69
|
+
Buffer.from('Caldera Derived Key', 'utf8'),
|
|
70
|
+
Buffer.from(String.fromCharCode(1), 'utf8')
|
|
72
71
|
]);
|
|
73
72
|
const prk = hashJs
|
|
74
73
|
.hmac(hashJs.sha256, salt)
|
|
@@ -82,36 +81,51 @@ export function calculateHKDF(ikm, salt) {
|
|
|
82
81
|
}
|
|
83
82
|
export function getPasswordAuthenticationKey(poolName, username, password, B, U, smallA, salt) {
|
|
84
83
|
const usernamePassword = `${poolName}${username}:${password}`;
|
|
85
|
-
const usernamePasswordHash = hashBuffer(Buffer.from(usernamePassword,
|
|
84
|
+
const usernamePasswordHash = hashBuffer(Buffer.from(usernamePassword, 'utf-8'));
|
|
86
85
|
const X = new BigInteger(hashHexString(padHex(salt) + usernamePasswordHash), 16);
|
|
87
86
|
const S = calculateS(X, B, U, smallA);
|
|
88
|
-
return calculateHKDF(Buffer.from(padHex(S),
|
|
87
|
+
return calculateHKDF(Buffer.from(padHex(S), 'hex'), Buffer.from(padHex(U), 'hex'));
|
|
89
88
|
}
|
|
90
89
|
export function calculateSignature(poolName, userId, secretBlock, hkdf) {
|
|
91
|
-
const timeStamp =
|
|
90
|
+
const timeStamp = formatTimestamp(new Date());
|
|
92
91
|
const concatBuffer = Buffer.concat([
|
|
93
|
-
Buffer.from(poolName,
|
|
94
|
-
Buffer.from(userId,
|
|
95
|
-
Buffer.from(secretBlock,
|
|
96
|
-
Buffer.from(timeStamp,
|
|
92
|
+
Buffer.from(poolName, 'utf8'),
|
|
93
|
+
Buffer.from(userId, 'utf8'),
|
|
94
|
+
Buffer.from(secretBlock, 'base64'),
|
|
95
|
+
Buffer.from(timeStamp, 'utf8')
|
|
97
96
|
]);
|
|
98
97
|
const signature = Buffer.from(hashJs
|
|
99
98
|
.hmac(hashJs.sha256, hkdf)
|
|
100
99
|
.update(concatBuffer)
|
|
101
|
-
.digest()).toString(
|
|
100
|
+
.digest()).toString('base64');
|
|
102
101
|
return {
|
|
103
102
|
signature,
|
|
104
|
-
timeStamp
|
|
103
|
+
timeStamp
|
|
105
104
|
};
|
|
106
105
|
}
|
|
107
106
|
export function decodeJwt(jwt) {
|
|
108
|
-
const [header, payload, signature] = jwt.split(
|
|
107
|
+
const [header, payload, signature] = jwt.split('.');
|
|
109
108
|
return {
|
|
110
|
-
header: JSON.parse(Buffer.from(header,
|
|
111
|
-
payload: JSON.parse(Buffer.from(payload,
|
|
112
|
-
signature: signature
|
|
109
|
+
header: JSON.parse(Buffer.from(header, 'base64').toString('utf-8')),
|
|
110
|
+
payload: JSON.parse(Buffer.from(payload, 'base64').toString('utf-8')),
|
|
111
|
+
signature: signature
|
|
113
112
|
};
|
|
114
113
|
}
|
|
115
114
|
export async function randomBytes(num) {
|
|
116
115
|
return rb(num);
|
|
117
116
|
}
|
|
117
|
+
export function formatTimestamp(date) {
|
|
118
|
+
return `${new Intl.DateTimeFormat('default', {
|
|
119
|
+
weekday: 'short'
|
|
120
|
+
}).format(date)} ${new Intl.DateTimeFormat('default', {
|
|
121
|
+
month: 'short'
|
|
122
|
+
}).format(date)} ${new Intl.DateTimeFormat('default', {
|
|
123
|
+
day: '2-digit'
|
|
124
|
+
}).format(date)} ${new Intl.DateTimeFormat('default', {
|
|
125
|
+
hour: '2-digit',
|
|
126
|
+
minute: '2-digit',
|
|
127
|
+
second: '2-digit'
|
|
128
|
+
}).format(date)} UTC ${new Intl.DateTimeFormat('default', {
|
|
129
|
+
year: 'numeric'
|
|
130
|
+
}).format(date)}`;
|
|
131
|
+
}
|
package/package.json
CHANGED
|
@@ -1,19 +1,27 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@vardario/cognito-client",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.2.0",
|
|
4
4
|
"description": "",
|
|
5
|
-
"
|
|
5
|
+
"license": "MIT",
|
|
6
|
+
"author": "Sahin Vardar",
|
|
7
|
+
"repository": {
|
|
8
|
+
"type": "git",
|
|
9
|
+
"url": "git@github.com:vardario/cognito-client.git"
|
|
10
|
+
},
|
|
6
11
|
"type": "module",
|
|
12
|
+
"main": "lib/index.js",
|
|
7
13
|
"files": [
|
|
8
|
-
"
|
|
14
|
+
"lib"
|
|
9
15
|
],
|
|
10
|
-
"
|
|
11
|
-
|
|
16
|
+
"scripts": {
|
|
17
|
+
"build": "tsc --build",
|
|
18
|
+
"format": "prettier --plugin-search-dir . --write . && prettier-package-json --write && eslint --fix .",
|
|
19
|
+
"prepare": "husky install",
|
|
20
|
+
"test": "vitest run",
|
|
21
|
+
"watch": "tsc --build --watch"
|
|
22
|
+
},
|
|
12
23
|
"dependencies": {
|
|
13
|
-
"@vardario/cookies": "^0.1.4",
|
|
14
24
|
"buffer": "^6.0.3",
|
|
15
|
-
"date-fns": "^2.29.3",
|
|
16
|
-
"date-fns-tz": "^1.3.7",
|
|
17
25
|
"hash.js": "^1.1.7",
|
|
18
26
|
"jsbn": "^1.1.0",
|
|
19
27
|
"randombytes": "^2.1.0"
|
|
@@ -23,20 +31,28 @@
|
|
|
23
31
|
"@types/jsbn": "^1.2.30",
|
|
24
32
|
"@types/jsdom": "^20.0.1",
|
|
25
33
|
"@types/randombytes": "^2.0.0",
|
|
34
|
+
"@typescript-eslint/eslint-plugin": "^5.59.5",
|
|
35
|
+
"@typescript-eslint/parser": "^5.59.5",
|
|
36
|
+
"eslint": "^8.40.0",
|
|
37
|
+
"eslint-config-prettier": "^8.8.0",
|
|
38
|
+
"eslint-plugin-unused-imports": "^2.0.0",
|
|
39
|
+
"husky": "^8.0.0",
|
|
26
40
|
"isomorphic-fetch": "^3.0.0",
|
|
27
41
|
"jsdom": "^20.0.2",
|
|
42
|
+
"lint-staged": "^13.2.2",
|
|
43
|
+
"prettier": "^2.8.8",
|
|
44
|
+
"prettier-package-json": "^2.8.0",
|
|
45
|
+
"semantic-release": "^22.0.7",
|
|
28
46
|
"testcontainers": "^9.0.0",
|
|
29
47
|
"typescript": "^5.1.3",
|
|
30
48
|
"vitest": "^0.31.0"
|
|
31
49
|
},
|
|
32
|
-
"
|
|
33
|
-
"
|
|
34
|
-
|
|
50
|
+
"lint-staged": {
|
|
51
|
+
"*": [
|
|
52
|
+
"prettier --write --ignore-unknown",
|
|
53
|
+
"eslint --fix"
|
|
54
|
+
],
|
|
55
|
+
"package.json": "prettier-package-json --write"
|
|
35
56
|
},
|
|
36
|
-
"packageManager": "pnpm@8.6.0"
|
|
37
|
-
|
|
38
|
-
"test": "vitest run",
|
|
39
|
-
"build": "tsc --build",
|
|
40
|
-
"watch": "tsc --build --watch"
|
|
41
|
-
}
|
|
42
|
-
}
|
|
57
|
+
"packageManager": "pnpm@8.6.0"
|
|
58
|
+
}
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
import "isomorphic-fetch";
|