asherah 2.0.0 → 3.0.1

package/binding.gyp

@@ -2,9 +2,9 @@
   'targets': [
       {
       'target_name': 'asherah',
-      'include_dirs': ["<!(node -p \"require('node-addon-api').include_dir\")"],
-      "cflags": ["-fexceptions", "-g", "-O3", "-std=c++17", "-fPIC"],
-      "cflags_cc": ["-fexceptions", "-g", "-O3", "-std=c++17", "-fPIC"],
+      'include_dirs': ["<!(node -p \"require('node-addon-api').include_dir\")", "lib/", "src/"],
+      "cflags": ["-fexceptions", "-g", "-O3", "-std=c++17", "-fPIC", "-Wno-unknown-pragmas"],
+      "cflags_cc": ["-fexceptions", "-g", "-O3", "-std=c++17", "-fPIC", "-Wno-unknown-pragmas"],
       "cflags!": [ "-fno-exceptions"],
       "cflags_cc!": [ "-fno-exceptions" ],
       'xcode_settings': {
@@ -17,17 +17,16 @@
           '-fPIC'
         ],
       },
-      'defines': [ 'NAPI_CPP_EXCEPTIONS', 'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS', 'NODE_ADDON_API_DISABLE_DEPRECATED', 'NODE_API_NO_EXTERNAL_BUFFERS_ALLOWED' ],
+      'defines': [ 
+        'NAPI_CPP_EXCEPTIONS',
+        'NODE_API_SWALLOW_UNTHROWABLE_EXCEPTIONS',
+        'NODE_ADDON_API_DISABLE_DEPRECATED',
+        'NODE_API_NO_EXTERNAL_BUFFERS_ALLOWED'
+        ],
       'sources': [
-        'lib/libasherah.h',
-        'src/asherah.h',
         'src/asherah.cc',
         'src/logging.cc',
-        'src/logging.h',
-        'src/cobhan_napi_interop.h',
-        'src/cobhan.h',
-        'src/cobhan.cc',
-        'src/hints.h'
+        'src/logging_napi.cc'
       ],
       'libraries': [ '../lib/libasherah.a' ]
     }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "asherah",
-  "version": "2.0.0",
+  "version": "3.0.1",
   "description": "Asherah envelope encryption and key rotation library",
   "exports": {
     "node-addons": "./dist/asherah.node"
@@ -13,8 +13,10 @@
     "preinstall": "scripts/download-libraries.sh",
     "load": "node --max-old-space-size=500 scripts/dumpster-fire.js",
     "install": "scripts/build.sh",
+    "test:mocha-debug": "lldb -o run -- node node_modules/mocha/bin/mocha --inspect-brk",
     "test:mocha": "mocha",
     "test": "nyc npm run test:mocha",
+    "debug": "nyc npm run test:mocha-debug",
     "posttest": "npm run lint",
     "lint": "eslint src/ --ext .ts --fix"
   },
@@ -23,14 +25,17 @@
   "license": "MIT",
   "files": [
     "binding.gyp",
-    "src/asherah.h",
+    "src/asherah_async_worker.h",
     "src/asherah.cc",
+    "src/cobhan_buffer_napi.h",
+    "src/cobhan_buffer.h",
     "src/hints.h",
-    "src/logging.h",
     "src/logging.cc",
-    "src/cobhan_napi_interop.h",
-    "src/cobhan.h",
-    "src/cobhan.cc",
+    "src/logging.h",
+    "src/logging_napi.cc",
+    "src/logging_napi.h",
+    "src/napi_utils.h",
+    "src/scoped_allocate.h",
     "src/asherah.d.ts",
     "scripts/download-libraries.sh",
     "scripts/build.sh",
@@ -39,20 +44,21 @@
     ".asherah-version"
   ],
   "devDependencies": {
-    "@types/benchmark": "^2.1.1",
+    "@cucumber/cucumber": "^10.6.0",
     "@types/chai": "^4.3.0",
-    "@types/mocha": "^9.1.0",
+    "@types/mocha": "^9.1.1",
     "@types/node": "^17.0.22",
     "@typescript-eslint/eslint-plugin": "^5.16.0",
     "@typescript-eslint/parser": "^5.16.0",
-    "benchmark": "^2.1.4",
     "chai": "^4.3.6",
     "eslint": "^8.11.0",
     "microtime": "^3.0.0",
     "mocha": "^9.2.2",
+    "node-api-headers": "^1.1.0",
     "nyc": "^15.1.0",
     "ts-mocha": "^9.0.2",
-    "typescript": "^4.6.2"
+    "typescript": "^4.6.2",
+    "winston": "^3.11.0"
   },
   "mocha": {
     "extension": [
@@ -64,7 +70,6 @@
   },
   "types": "dist/asherah.d.ts",
   "dependencies": {
-    "cobhan": "^1.0.37",
     "node-addon-api": "7.0.0"
   }
 }

package/scripts/download-libraries.sh

@@ -1,58 +1,273 @@
 #!/bin/bash
 
-echo "Downloading Asherah libraries"
-
-# shellcheck source=/dev/null
-source .asherah-version
-
-mkdir -p lib
-cd lib || exit 1
-
-OS=$(uname)
-MACHINE=$(uname -m)
-
-if [[ "${OS}" == 'Linux' ]]; then
-  if [[ ${MACHINE} == 'x86_64' ]]; then
-    echo "Linux x64"
-    ARCHIVE=libasherah-x64.a
-    HEADER=libasherah-x64-archive.h
-    SUMS=SHA256SUMS
-  elif [[ ${MACHINE} == 'aarch64' ]]; then
-    echo "Linux arm64"
-    ARCHIVE=libasherah-arm64.a
-    HEADER=libasherah-arm64-archive.h
-    SUMS=SHA256SUMS
+set -e  # Exit on any command failure
+
+# Global Constants
+CHECK_INTERVAL_SECONDS=$((5 * 60)) # 5 minutes
+MAX_DOWNLOAD_RETRIES=3
+
+# Function to check if a specific file download is necessary
+function check_download_required {
+  local file=$1
+  local no_cache=$2
+  local check_interval_seconds=$3
+  local etag_file="${file}.etag"
+
+  # If the file does not exist or the .etag file is missing, download is required
+  if [[ ! -f "$file" ]]; then
+    echo "${file} does not exist"
+    return 0  # (download required)
   else
-    echo "Unsupported CPU architecture"
+    echo "${file} exists"
+  fi
+
+  # If the file does not exist or the .etag file is missing, download is required
+  if [[ ! -f "$etag_file" ]]; then
+    echo "${etag_file} does not exist"
+    return 0  # (download required)
+  fi
+
+
+  # If no-cache is passed, we ignore the modified date of the .etag files
+  if [[ "$no_cache" == true ]]; then
+    return 0  # (download required)
+  fi
+
+  # Check if the .etag file is older than the interval
+  if [[ "$OSTYPE" == "darwin"* ]]; then
+    # macOS uses 'stat -f'
+    last_check=$(stat -f %m "$etag_file")
+  else
+    # Linux uses 'stat -c'
+    last_check=$(stat -c %Y "$etag_file")
+  fi
+
+  current_time=$(date +%s)
+  elapsed_time=$((current_time - last_check))
+
+  if (( elapsed_time > check_interval_seconds )); then
+    return 0  # (download required)
+  fi
+
+  return 1  # (download not required)
+}
+
+# Function to download a file
+function download_file {
+  local url=$1
+  local file=$2
+  local etag_file="${file}.etag"
+
+  if ! curl -s -L --fail --etag-save "$etag_file" --etag-compare "$etag_file" -O "$url"; then
+    echo "Failed to download $url" >&2
     exit 1
   fi
-elif [[ ${OS} == 'Darwin' ]]; then
-  if [[ ${MACHINE} == 'x86_64' ]]; then
-    echo "MacOS x64"
-    ARCHIVE=libasherah-darwin-x64.a
-    HEADER=libasherah-darwin-x64-archive.h
-    SUMS=SHA256SUMS-darwin
-  elif [[ ${MACHINE} == 'arm64' ]]; then
-    echo "MacOS arm64"
-    ARCHIVE=libasherah-darwin-arm64.a
-    HEADER=libasherah-darwin-arm64-archive.h
-    SUMS=SHA256SUMS-darwin
+
+  # Explicitly touch the etag file to update its modification time only if successful
+  touch "$etag_file"
+}
+
+# Function to verify checksums
+function verify_checksums {
+  local archive=$1
+  local header=$2
+  local sums=$3
+
+  # Determine the available SHA hashing utility
+  if command -v sha256sum &> /dev/null; then
+    sha_cmd="sha256sum"
+  elif command -v shasum &> /dev/null; then
+    sha_cmd="shasum -a 256"
   else
-    echo "Unsupported CPU architecture"
+    echo "Error: Neither sha256sum nor shasum is available on this system." >&2
+    exit 1 # Exit since this is fatal
+  fi
+
+  if [[ ! -f "${sums}" ]]; then
+    echo "Error: Checksum file '${sums}' does not exist." >&2
+    rm -f ./*.a ./*.h ./*.etag
+    return 1
+  fi
+
+  # Filter the relevant checksums and verify they are not empty
+  checksums=$(grep -e "${archive}" -e "${header}" "${sums}")
+  if [[ -z "$checksums" ]]; then
+    echo "Error: No matching checksums found for ${archive} or ${header} in ${sums}." >&2
+    return 1
+  fi
+
+  echo "$checksums" > ./SHA256SUM  # Return value
+
+  if ! $sha_cmd -c ./SHA256SUM; then
+    echo 'SHA256 mismatch!' >&2
+    rm -f ./*.a ./*.h
+    return 1
+  fi
+}
+
+# Function to copy library and header files
+function copy_files {
+  local archive=$1
+  local header=$2
+
+  if [[ ! -f "${archive}" ]]; then
+    echo "Error: Source archive file '${archive}' does not exist." >&2
+    exit 1
+  fi
+
+  if [[ ! -f "${header}" ]]; then
+    echo "Error: Source header file '${header}' does not exist." >&2
     exit 1
   fi
-else
-  echo "Unsupported operating system"
-  exit 1
-fi
 
-curl -s -L --fail --etag-save "${ARCHIVE}.etag" --etag-compare "${ARCHIVE}.etag" -O --retry 999 --retry-max-time 0 "https://github.com/godaddy/asherah-cobhan/releases/download/${ASHERAH_VERSION}/${ARCHIVE}" || echo "Failed to download ${ASHERAH_VERSION}/${ARCHIVE}"
+  if ! cp -f "${archive}" libasherah.a; then
+    echo "Error: Failed to copy archive file '${archive}' to 'libasherah.a'." >&2
+    exit 1
+  fi
+
+  if ! cp -f "${header}" libasherah.h; then
+    echo "Error: Failed to copy header file '${header}' to 'libasherah.h'." >&2
+    exit 1
+  fi
+}
+
+# Function to detect OS and CPU architecture
+function detect_os_and_cpu {
+  OS=$(uname)
+  MACHINE=$(uname -m)
+
+  #echo "Detected OS: ${OS}"
+  #echo "Detected CPU architecture: ${MACHINE}"
+
+  if [[ "${OS}" == 'Linux' ]]; then
+    if [[ ${MACHINE} == 'x86_64' ]]; then
+      #echo "Using Asherah libraries for Linux x86_64"
+      ARCHIVE="libasherah-x64.a"
+      HEADER="libasherah-x64-archive.h"
+      SUMS="SHA256SUMS"
+    elif [[ ${MACHINE} == 'aarch64' ]]; then
+      #echo "Using Asherah libraries for Linux aarch64"
+      ARCHIVE="libasherah-arm64.a"
+      HEADER="libasherah-arm64-archive.h"
+      SUMS="SHA256SUMS"
+    else
+      #echo "Unsupported CPU architecture: ${MACHINE}" >&2
+      exit 1
+    fi
+  elif [[ "${OS}" == 'Darwin' ]]; then
+    if [[ ${MACHINE} == 'x86_64' ]]; then
+      #echo "Using Asherah libraries for MacOS x86_64"
+      ARCHIVE="libasherah-darwin-x64.a"
+      HEADER="libasherah-darwin-x64-archive.h"
+      SUMS="SHA256SUMS-darwin"
+    elif [[ ${MACHINE} == 'arm64' ]]; then
+      #echo "Using Asherah libraries for MacOS arm64"
+      ARCHIVE="libasherah-darwin-arm64.a"
+      HEADER="libasherah-darwin-arm64-archive.h"
+      SUMS="SHA256SUMS-darwin"
+    else
+      echo "Unsupported CPU architecture: ${MACHINE}" >&2
+      exit 1
+    fi
+  else
+    echo "Unsupported operating system: ${OS}" >&2
+    exit 1
+  fi
 
-curl -s -L --fail --etag-save "${HEADER}.etag" --etag-compare "${HEADER}.etag" -O --retry 999 --retry-max-time 0 "https://github.com/godaddy/asherah-cobhan/releases/download/${ASHERAH_VERSION}/${HEADER}" || echo "Failed to download ${ASHERAH_VERSION}/${HEADER}"
+  echo "${ARCHIVE}" "${HEADER}" "${SUMS}"  # Return value
+}
 
-curl -s -L --fail --etag-save "${SUMS}.etag" --etag-compare "${SUMS}.etag" -O --retry 999 --retry-max-time 0 "https://github.com/godaddy/asherah-cobhan/releases/download/${ASHERAH_VERSION}/${SUMS}" || echo "Failed to download ${ASHERAH_VERSION}/${SUMS}"
-grep -e "${ARCHIVE}" -e "${HEADER}" "${SUMS}" > ./SHA256SUM
-shasum -a 256 -c ./SHA256SUM || (echo 'SHA256 mismatch!' ; rm -f ./*.a ./*.h ; exit 1)
+# Parse script arguments
+function parse_args {
+  local no_cache=false
+  while [[ $# -gt 0 ]]; do
+    case "$1" in
+      --no-cache)
+        no_cache=true
+        shift
+        ;;
+      *)
+        echo "Unknown parameter: $1" >&2
+        exit 1
+        ;;
+    esac
+  done
+  echo "${no_cache}"  # Return value
+}
+
+# Function to determine the interval message
+function interval_message {
+  local interval=$1
+  if (( interval % 60 == 0 )); then
+    echo "$((interval / 60)) minutes"  # Return value
+  else
+    echo "$interval seconds"  # Return value
+  fi
+}
+
+# Main function
+function main {
+  echo "Downloading Asherah libraries"
+  # shellcheck disable=SC1091
+  source .asherah-version
+
+  # Parse arguments
+  local no_cache
+  no_cache=$(parse_args "$@")
+
+  # Detect OS and CPU architecture
+  read -r archive header sums < <(detect_os_and_cpu)
+  echo "Archive: $archive"
+  echo "Header: $header"
+  echo "Sums: $sums"
+  echo "Version: $ASHERAH_VERSION"
+
+  # Interpolate the URLs
+  url_prefix="https://github.com/godaddy/asherah-cobhan/releases/download/${ASHERAH_VERSION}"
+  file_names=("${archive}" "${header}" "${sums}")
+  file_urls=(
+    "${url_prefix}/${archive}"
+    "${url_prefix}/${header}"
+    "${url_prefix}/${sums}"
+  )
+
+  # Create the `lib` directory if it doesn't exist
+  mkdir -p lib
+  cd lib || exit 1
+
+  local retries=0
+  local checksums_verified=false
+  while [[ $checksums_verified == false && $retries -lt $MAX_DOWNLOAD_RETRIES ]]; do
+    # Per-file touch and download logic
+    for i in "${!file_names[@]}"; do
+      if check_download_required "${file_names[$i]}" "$no_cache" "$CHECK_INTERVAL_SECONDS"; then
+        download_file "${file_urls[$i]}" "${file_names[$i]}"
+      else
+        interval_str=$(interval_message "$CHECK_INTERVAL_SECONDS")
+        echo "${file_names[$i]} is up to date (checked within the last ${interval_str})"
+      fi
+    done
+
+    # Verify checksums and copy files
+    if verify_checksums "${archive}" "${header}" "${sums}"; then
+      copy_files "${archive}" "${header}"
+      checksums_verified=true
+    else
+      echo "Verification failed, re-downloading files..."
+      ((retries++))
+      # Sleep for a bit before retrying to avoid hammering the server
+      sleep 1
+    fi
+  done
+
+  if [[ $checksums_verified == true ]]; then
+    copy_files "${archive}" "${header}"
+    echo "Asherah libraries downloaded successfully"
+  else
+    echo "Failed to download Asherah libraries after $retries retries."
+    exit 1
+  fi
+}
 
-cp -f "${ARCHIVE}" libasherah.a
-cp -f "${HEADER}" libasherah.h
+# Execute the main function
+main "$@"