@windrun-huaiin/backend-core 12.0.0 → 14.0.0

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/node_key.mjs

@@ -0,0 +1,111 @@
+import { KeyObject, constants } from 'node:crypto';
+import getNamedCurve from './get_named_curve.mjs';
+import { JOSENotSupported } from '../util/errors.mjs';
+import checkKeyLength from './check_key_length.mjs';
+
+const ecCurveAlgMap = new Map([
+    ['ES256', 'P-256'],
+    ['ES256K', 'secp256k1'],
+    ['ES384', 'P-384'],
+    ['ES512', 'P-521'],
+]);
+function keyForCrypto(alg, key) {
+    let asymmetricKeyType;
+    let asymmetricKeyDetails;
+    let isJWK;
+    if (key instanceof KeyObject) {
+        asymmetricKeyType = key.asymmetricKeyType;
+        asymmetricKeyDetails = key.asymmetricKeyDetails;
+    }
+    else {
+        isJWK = true;
+        switch (key.kty) {
+            case 'RSA':
+                asymmetricKeyType = 'rsa';
+                break;
+            case 'EC':
+                asymmetricKeyType = 'ec';
+                break;
+            case 'OKP': {
+                if (key.crv === 'Ed25519') {
+                    asymmetricKeyType = 'ed25519';
+                    break;
+                }
+                if (key.crv === 'Ed448') {
+                    asymmetricKeyType = 'ed448';
+                    break;
+                }
+                throw new TypeError('Invalid key for this operation, its crv must be Ed25519 or Ed448');
+            }
+            default:
+                throw new TypeError('Invalid key for this operation, its kty must be RSA, OKP, or EC');
+        }
+    }
+    let options;
+    switch (alg) {
+        case 'Ed25519':
+            if (asymmetricKeyType !== 'ed25519') {
+                throw new TypeError(`Invalid key for this operation, its asymmetricKeyType must be ed25519`);
+            }
+            break;
+        case 'EdDSA':
+            if (!['ed25519', 'ed448'].includes(asymmetricKeyType)) {
+                throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ed25519 or ed448');
+            }
+            break;
+        case 'RS256':
+        case 'RS384':
+        case 'RS512':
+            if (asymmetricKeyType !== 'rsa') {
+                throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa');
+            }
+            checkKeyLength(key, alg);
+            break;
+        case 'PS256':
+        case 'PS384':
+        case 'PS512':
+            if (asymmetricKeyType === 'rsa-pss') {
+                const { hashAlgorithm, mgf1HashAlgorithm, saltLength } = asymmetricKeyDetails;
+                const length = parseInt(alg.slice(-3), 10);
+                if (hashAlgorithm !== undefined &&
+                    (hashAlgorithm !== `sha${length}` || mgf1HashAlgorithm !== hashAlgorithm)) {
+                    throw new TypeError(`Invalid key for this operation, its RSA-PSS parameters do not meet the requirements of "alg" ${alg}`);
+                }
+                if (saltLength !== undefined && saltLength > length >> 3) {
+                    throw new TypeError(`Invalid key for this operation, its RSA-PSS parameter saltLength does not meet the requirements of "alg" ${alg}`);
+                }
+            }
+            else if (asymmetricKeyType !== 'rsa') {
+                throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be rsa or rsa-pss');
+            }
+            checkKeyLength(key, alg);
+            options = {
+                padding: constants.RSA_PKCS1_PSS_PADDING,
+                saltLength: constants.RSA_PSS_SALTLEN_DIGEST,
+            };
+            break;
+        case 'ES256':
+        case 'ES256K':
+        case 'ES384':
+        case 'ES512': {
+            if (asymmetricKeyType !== 'ec') {
+                throw new TypeError('Invalid key for this operation, its asymmetricKeyType must be ec');
+            }
+            const actual = getNamedCurve(key);
+            const expected = ecCurveAlgMap.get(alg);
+            if (actual !== expected) {
+                throw new TypeError(`Invalid key curve for the algorithm, its curve must be ${expected}, got ${actual}`);
+            }
+            options = { dsaEncoding: 'ieee-p1363' };
+            break;
+        }
+        default:
+            throw new JOSENotSupported(`alg ${alg} is not supported either by JOSE or your javascript runtime`);
+    }
+    if (isJWK) {
+        return { format: 'jwk', key, ...options };
+    }
+    return options ? { ...options, key } : key;
+}
+
+export { keyForCrypto as default };

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/sign.js

@@ -0,0 +1,42 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var crypto = require('node:crypto');
+var util = require('node:util');
+var dsa_digest = require('./dsa_digest.js');
+var hmac_digest = require('./hmac_digest.js');
+var node_key = require('./node_key.js');
+var get_sign_verify_key = require('./get_sign_verify_key.js');
+
+function _interopNamespaceDefault(e) {
+    var n = Object.create(null);
+    if (e) {
+        Object.keys(e).forEach(function (k) {
+            if (k !== 'default') {
+                var d = Object.getOwnPropertyDescriptor(e, k);
+                Object.defineProperty(n, k, d.get ? d : {
+                    enumerable: true,
+                    get: function () { return e[k]; }
+                });
+            }
+        });
+    }
+    n.default = e;
+    return Object.freeze(n);
+}
+
+var crypto__namespace = /*#__PURE__*/_interopNamespaceDefault(crypto);
+
+const oneShotSign = util.promisify(crypto__namespace.sign);
+const sign = async (alg, key, data) => {
+    const k = get_sign_verify_key.default(alg, key, 'sign');
+    if (alg.startsWith('HS')) {
+        const hmac = crypto__namespace.createHmac(hmac_digest.default(alg), k);
+        hmac.update(data);
+        return hmac.digest();
+    }
+    return oneShotSign(dsa_digest.default(alg), data, node_key.default(alg, k));
+};
+
+exports.default = sign;

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/sign.mjs

@@ -0,0 +1,19 @@
+import * as crypto from 'node:crypto';
+import { promisify } from 'node:util';
+import dsaDigest from './dsa_digest.mjs';
+import hmacDigest from './hmac_digest.mjs';
+import keyForCrypto from './node_key.mjs';
+import getSignVerifyKey from './get_sign_verify_key.mjs';
+
+const oneShotSign = promisify(crypto.sign);
+const sign = async (alg, key, data) => {
+    const k = getSignVerifyKey(alg, key, 'sign');
+    if (alg.startsWith('HS')) {
+        const hmac = crypto.createHmac(hmacDigest(alg), k);
+        hmac.update(data);
+        return hmac.digest();
+    }
+    return oneShotSign(dsaDigest(alg), data, keyForCrypto(alg, k));
+};
+
+export { sign as default };

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/verify.js

@@ -0,0 +1,54 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var crypto = require('node:crypto');
+var util = require('node:util');
+var dsa_digest = require('./dsa_digest.js');
+var node_key = require('./node_key.js');
+var sign = require('./sign.js');
+var get_sign_verify_key = require('./get_sign_verify_key.js');
+
+function _interopNamespaceDefault(e) {
+    var n = Object.create(null);
+    if (e) {
+        Object.keys(e).forEach(function (k) {
+            if (k !== 'default') {
+                var d = Object.getOwnPropertyDescriptor(e, k);
+                Object.defineProperty(n, k, d.get ? d : {
+                    enumerable: true,
+                    get: function () { return e[k]; }
+                });
+            }
+        });
+    }
+    n.default = e;
+    return Object.freeze(n);
+}
+
+var crypto__namespace = /*#__PURE__*/_interopNamespaceDefault(crypto);
+
+const oneShotVerify = util.promisify(crypto__namespace.verify);
+const verify = async (alg, key, signature, data) => {
+    const k = get_sign_verify_key.default(alg, key, 'verify');
+    if (alg.startsWith('HS')) {
+        const expected = await sign.default(alg, k, data);
+        const actual = signature;
+        try {
+            return crypto__namespace.timingSafeEqual(actual, expected);
+        }
+        catch {
+            return false;
+        }
+    }
+    const algorithm = dsa_digest.default(alg);
+    const keyInput = node_key.default(alg, k);
+    try {
+        return await oneShotVerify(algorithm, data, keyInput, signature);
+    }
+    catch {
+        return false;
+    }
+};
+
+exports.default = verify;

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/verify.mjs

@@ -0,0 +1,31 @@
+import * as crypto from 'node:crypto';
+import { promisify } from 'node:util';
+import dsaDigest from './dsa_digest.mjs';
+import keyForCrypto from './node_key.mjs';
+import sign from './sign.mjs';
+import getSignVerifyKey from './get_sign_verify_key.mjs';
+
+const oneShotVerify = promisify(crypto.verify);
+const verify = async (alg, key, signature, data) => {
+    const k = getSignVerifyKey(alg, key, 'verify');
+    if (alg.startsWith('HS')) {
+        const expected = await sign(alg, k, data);
+        const actual = signature;
+        try {
+            return crypto.timingSafeEqual(actual, expected);
+        }
+        catch {
+            return false;
+        }
+    }
+    const algorithm = dsaDigest(alg);
+    const keyInput = keyForCrypto(alg, k);
+    try {
+        return await oneShotVerify(algorithm, data, keyInput, signature);
+    }
+    catch {
+        return false;
+    }
+};
+
+export { verify as default };

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/webcrypto.js

@@ -0,0 +1,32 @@
+'use strict';
+
+Object.defineProperty(exports, '__esModule', { value: true });
+
+var crypto = require('node:crypto');
+var util = require('node:util');
+
+function _interopNamespaceDefault(e) {
+	var n = Object.create(null);
+	if (e) {
+		Object.keys(e).forEach(function (k) {
+			if (k !== 'default') {
+				var d = Object.getOwnPropertyDescriptor(e, k);
+				Object.defineProperty(n, k, d.get ? d : {
+					enumerable: true,
+					get: function () { return e[k]; }
+				});
+			}
+		});
+	}
+	n.default = e;
+	return Object.freeze(n);
+}
+
+var crypto__namespace = /*#__PURE__*/_interopNamespaceDefault(crypto);
+var util__namespace = /*#__PURE__*/_interopNamespaceDefault(util);
+
+const webcrypto = crypto__namespace.webcrypto;
+const isCryptoKey = (key) => util__namespace.types.isCryptoKey(key);
+
+exports.default = webcrypto;
+exports.isCryptoKey = isCryptoKey;

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/runtime/webcrypto.mjs

@@ -0,0 +1,7 @@
+import * as crypto from 'node:crypto';
+import * as util from 'node:util';
+
+const webcrypto = crypto.webcrypto;
+const isCryptoKey = (key) => util.types.isCryptoKey(key);
+
+export { webcrypto as default, isCryptoKey };

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/util/errors.js

@@ -0,0 +1,69 @@
+'use strict';
+
+class JOSEError extends Error {
+    static code = 'ERR_JOSE_GENERIC';
+    code = 'ERR_JOSE_GENERIC';
+    constructor(message, options) {
+        super(message, options);
+        this.name = this.constructor.name;
+        Error.captureStackTrace?.(this, this.constructor);
+    }
+}
+class JWTClaimValidationFailed extends JOSEError {
+    static code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';
+    code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';
+    claim;
+    reason;
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
+        super(message, { cause: { claim, reason, payload } });
+        this.claim = claim;
+        this.reason = reason;
+        this.payload = payload;
+    }
+}
+class JWTExpired extends JOSEError {
+    static code = 'ERR_JWT_EXPIRED';
+    code = 'ERR_JWT_EXPIRED';
+    claim;
+    reason;
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
+        super(message, { cause: { claim, reason, payload } });
+        this.claim = claim;
+        this.reason = reason;
+        this.payload = payload;
+    }
+}
+class JOSEAlgNotAllowed extends JOSEError {
+    static code = 'ERR_JOSE_ALG_NOT_ALLOWED';
+    code = 'ERR_JOSE_ALG_NOT_ALLOWED';
+}
+class JOSENotSupported extends JOSEError {
+    static code = 'ERR_JOSE_NOT_SUPPORTED';
+    code = 'ERR_JOSE_NOT_SUPPORTED';
+}
+class JWSInvalid extends JOSEError {
+    static code = 'ERR_JWS_INVALID';
+    code = 'ERR_JWS_INVALID';
+}
+class JWTInvalid extends JOSEError {
+    static code = 'ERR_JWT_INVALID';
+    code = 'ERR_JWT_INVALID';
+}
+class JWSSignatureVerificationFailed extends JOSEError {
+    static code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';
+    code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';
+    constructor(message = 'signature verification failed', options) {
+        super(message, options);
+    }
+}
+
+exports.JOSEAlgNotAllowed = JOSEAlgNotAllowed;
+exports.JOSEError = JOSEError;
+exports.JOSENotSupported = JOSENotSupported;
+exports.JWSInvalid = JWSInvalid;
+exports.JWSSignatureVerificationFailed = JWSSignatureVerificationFailed;
+exports.JWTClaimValidationFailed = JWTClaimValidationFailed;
+exports.JWTExpired = JWTExpired;
+exports.JWTInvalid = JWTInvalid;

package/dist/node_modules/.pnpm/jose@5.10.0/node_modules/jose/dist/node/esm/util/errors.mjs

@@ -0,0 +1,60 @@
+class JOSEError extends Error {
+    static code = 'ERR_JOSE_GENERIC';
+    code = 'ERR_JOSE_GENERIC';
+    constructor(message, options) {
+        super(message, options);
+        this.name = this.constructor.name;
+        Error.captureStackTrace?.(this, this.constructor);
+    }
+}
+class JWTClaimValidationFailed extends JOSEError {
+    static code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';
+    code = 'ERR_JWT_CLAIM_VALIDATION_FAILED';
+    claim;
+    reason;
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
+        super(message, { cause: { claim, reason, payload } });
+        this.claim = claim;
+        this.reason = reason;
+        this.payload = payload;
+    }
+}
+class JWTExpired extends JOSEError {
+    static code = 'ERR_JWT_EXPIRED';
+    code = 'ERR_JWT_EXPIRED';
+    claim;
+    reason;
+    payload;
+    constructor(message, payload, claim = 'unspecified', reason = 'unspecified') {
+        super(message, { cause: { claim, reason, payload } });
+        this.claim = claim;
+        this.reason = reason;
+        this.payload = payload;
+    }
+}
+class JOSEAlgNotAllowed extends JOSEError {
+    static code = 'ERR_JOSE_ALG_NOT_ALLOWED';
+    code = 'ERR_JOSE_ALG_NOT_ALLOWED';
+}
+class JOSENotSupported extends JOSEError {
+    static code = 'ERR_JOSE_NOT_SUPPORTED';
+    code = 'ERR_JOSE_NOT_SUPPORTED';
+}
+class JWSInvalid extends JOSEError {
+    static code = 'ERR_JWS_INVALID';
+    code = 'ERR_JWS_INVALID';
+}
+class JWTInvalid extends JOSEError {
+    static code = 'ERR_JWT_INVALID';
+    code = 'ERR_JWT_INVALID';
+}
+class JWSSignatureVerificationFailed extends JOSEError {
+    static code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';
+    code = 'ERR_JWS_SIGNATURE_VERIFICATION_FAILED';
+    constructor(message = 'signature verification failed', options) {
+        super(message, options);
+    }
+}
+
+export { JOSEAlgNotAllowed, JOSEError, JOSENotSupported, JWSInvalid, JWSSignatureVerificationFailed, JWTClaimValidationFailed, JWTExpired, JWTInvalid };