@zintrust/cloudflare-d1-proxy 0.9.2 → 1.5.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/build-manifest.json +8 -8
- package/dist/index.d.ts +2 -2
- package/dist/index.js +6 -34
- package/package.json +2 -2
package/dist/build-manifest.json
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zintrust/cloudflare-d1-proxy",
|
|
3
|
-
"version": "
|
|
4
|
-
"buildDate": "2026-04-
|
|
3
|
+
"version": "1.1.0",
|
|
4
|
+
"buildDate": "2026-04-23T23:14:53.602Z",
|
|
5
5
|
"buildEnvironment": {
|
|
6
6
|
"node": "v22.22.1",
|
|
7
7
|
"platform": "darwin",
|
|
8
8
|
"arch": "arm64"
|
|
9
9
|
},
|
|
10
10
|
"git": {
|
|
11
|
-
"commit": "
|
|
11
|
+
"commit": "ade51fe7",
|
|
12
12
|
"branch": "release"
|
|
13
13
|
},
|
|
14
14
|
"package": {
|
|
@@ -31,15 +31,15 @@
|
|
|
31
31
|
},
|
|
32
32
|
"build-manifest.json": {
|
|
33
33
|
"size": 1112,
|
|
34
|
-
"sha256": "
|
|
34
|
+
"sha256": "8d7edc1792fc26443fcdd3cb508e89bde8434a2552d352daa7d629f415851ed2"
|
|
35
35
|
},
|
|
36
36
|
"index.d.ts": {
|
|
37
|
-
"size":
|
|
38
|
-
"sha256": "
|
|
37
|
+
"size": 1493,
|
|
38
|
+
"sha256": "e6e9d8e5454450d7e1afd76783ea034920fecafc4f454f7f2d8c0dd4345668dc"
|
|
39
39
|
},
|
|
40
40
|
"index.js": {
|
|
41
|
-
"size":
|
|
42
|
-
"sha256": "
|
|
41
|
+
"size": 13008,
|
|
42
|
+
"sha256": "1b7dfc79575b4d8e43a80448cd70cbbb7a3cc036a5749e3f57171ee81de200a2"
|
|
43
43
|
}
|
|
44
44
|
}
|
|
45
45
|
}
|
package/dist/index.d.ts
CHANGED
|
@@ -5,9 +5,9 @@ type KVNamespacePutOptions = {
|
|
|
5
5
|
type KVNamespace = {
|
|
6
6
|
get: {
|
|
7
7
|
(key: string): Promise<string | null>;
|
|
8
|
-
(key: string, type: 'json'): Promise<unknown
|
|
8
|
+
(key: string, type: 'json'): Promise<unknown>;
|
|
9
9
|
(key: string, type: 'arrayBuffer'): Promise<ArrayBuffer | null>;
|
|
10
|
-
(key: string, type: KvGetType): Promise<
|
|
10
|
+
(key: string, type: KvGetType): Promise<ArrayBuffer | string | null>;
|
|
11
11
|
};
|
|
12
12
|
put: (key: string, value: string, options?: KVNamespacePutOptions) => Promise<void>;
|
|
13
13
|
};
|
package/dist/index.js
CHANGED
|
@@ -1,4 +1,4 @@
|
|
|
1
|
-
import { ErrorHandler, RequestValidator,
|
|
1
|
+
import { ErrorHandler, RequestValidator, WorkerSigning } from '@zintrust/core/proxy';
|
|
2
2
|
const DEFAULT_SIGNING_WINDOW_MS = 60_000;
|
|
3
3
|
const DEFAULT_MAX_BODY_BYTES = 128 * 1024;
|
|
4
4
|
const DEFAULT_MAX_SQL_BYTES = 32 * 1024;
|
|
@@ -105,15 +105,6 @@ const parseOptionalJson = (text) => {
|
|
|
105
105
|
const successResult = parsed;
|
|
106
106
|
return { ok: true, payload: successResult.value };
|
|
107
107
|
};
|
|
108
|
-
const loadSigningSecret = (env) => {
|
|
109
|
-
const direct = typeof env.D1_REMOTE_SECRET === 'string' ? env.D1_REMOTE_SECRET.trim() : '';
|
|
110
|
-
if (direct !== '')
|
|
111
|
-
return direct;
|
|
112
|
-
const fallback = typeof env.APP_KEY === 'string' ? env.APP_KEY.trim() : '';
|
|
113
|
-
if (fallback !== '')
|
|
114
|
-
return fallback;
|
|
115
|
-
return null;
|
|
116
|
-
};
|
|
117
108
|
const loadStatements = (env) => {
|
|
118
109
|
const raw = env.ZT_D1_STATEMENTS_JSON;
|
|
119
110
|
if (typeof raw !== 'string' || raw.trim() === '')
|
|
@@ -138,31 +129,12 @@ const isMutatingSql = (sql) => {
|
|
|
138
129
|
s.startsWith('alter') ||
|
|
139
130
|
s.startsWith('replace'));
|
|
140
131
|
};
|
|
141
|
-
const verifyNonceKv = async (kv, keyId, nonce, ttlMs) => {
|
|
142
|
-
const ttlSeconds = Math.max(1, Math.ceil(ttlMs / 1000));
|
|
143
|
-
const storageKey = `nonce:${keyId}:${nonce}`;
|
|
144
|
-
const existing = await kv.get(storageKey);
|
|
145
|
-
if (existing !== null)
|
|
146
|
-
return false;
|
|
147
|
-
await kv.put(storageKey, '1', { expirationTtl: ttlSeconds });
|
|
148
|
-
return true;
|
|
149
|
-
};
|
|
150
132
|
const verifySignedRequest = async (request, env, bodyBytes) => {
|
|
151
|
-
const
|
|
152
|
-
|
|
153
|
-
|
|
154
|
-
|
|
155
|
-
|
|
156
|
-
const verifyResult = await SigningService.verifyWithKeyProvider({
|
|
157
|
-
method: request.method,
|
|
158
|
-
url: request.url,
|
|
159
|
-
body: bodyBytes,
|
|
160
|
-
headers: request.headers,
|
|
161
|
-
windowMs,
|
|
162
|
-
getSecretForKeyId: async (_keyId) => secret,
|
|
163
|
-
verifyNonce: env.ZT_NONCES === undefined
|
|
164
|
-
? undefined
|
|
165
|
-
: async (keyId, nonce, ttlMs) => verifyNonceKv(env.ZT_NONCES, keyId, nonce, ttlMs),
|
|
133
|
+
const verifyResult = await WorkerSigning.verifySignedRequest(request, env, bodyBytes, {
|
|
134
|
+
secretEnvVar: 'D1_REMOTE_SECRET',
|
|
135
|
+
missingSecretStatus: 401,
|
|
136
|
+
missingSecretMessage: 'Missing signing secret (D1_REMOTE_SECRET or APP_KEY)',
|
|
137
|
+
defaultSigningWindowMs: DEFAULT_SIGNING_WINDOW_MS,
|
|
166
138
|
});
|
|
167
139
|
if (verifyResult.ok === false) {
|
|
168
140
|
return toErrorResponse(verifyResult.status, verifyResult.code, verifyResult.message);
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@zintrust/cloudflare-d1-proxy",
|
|
3
|
-
"version": "
|
|
3
|
+
"version": "1.5.0",
|
|
4
4
|
"description": "Cloudflare D1 proxy package for ZinTrust.",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"private": false,
|
|
@@ -20,7 +20,7 @@
|
|
|
20
20
|
"access": "public"
|
|
21
21
|
},
|
|
22
22
|
"peerDependencies": {
|
|
23
|
-
"@zintrust/core": "
|
|
23
|
+
"@zintrust/core": "*"
|
|
24
24
|
},
|
|
25
25
|
"keywords": [
|
|
26
26
|
"zintrust",
|