closeclaw 3.0.4 → 3.0.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cli.cjs +23 -20
- package/dist/cli.jsc +0 -0
- package/dist/index.jsc +0 -0
- package/package.json +1 -1
package/dist/cli.cjs
CHANGED
|
@@ -417,10 +417,20 @@ function verifyLicense(key) {
|
|
|
417
417
|
throw new Error("License key is required (set NODE_ENV=development to bypass)");
|
|
418
418
|
}
|
|
419
419
|
try {
|
|
420
|
+
const parts = key.split(".");
|
|
421
|
+
if (parts.length !== 3) throw new Error("Invalid JWT format");
|
|
422
|
+
const [headerB64, payloadB64, signatureB64] = parts;
|
|
423
|
+
const header = JSON.parse(Buffer.from(headerB64, "base64url").toString());
|
|
424
|
+
if (header.alg !== "EdDSA") throw new Error(`Unsupported algorithm: ${header.alg}`);
|
|
420
425
|
const publicKey = (0, import_node_crypto2.createPublicKey)(ED25519_PUBLIC_KEY_PEM);
|
|
421
|
-
const
|
|
422
|
-
|
|
423
|
-
|
|
426
|
+
const signingInput = `${headerB64}.${payloadB64}`;
|
|
427
|
+
const signature = Buffer.from(signatureB64, "base64url");
|
|
428
|
+
const valid = (0, import_node_crypto2.verify)(null, Buffer.from(signingInput), publicKey, signature);
|
|
429
|
+
if (!valid) throw new Error("Invalid signature");
|
|
430
|
+
const decoded = JSON.parse(Buffer.from(payloadB64, "base64url").toString());
|
|
431
|
+
if (typeof decoded.exp === "number" && decoded.exp < Math.floor(Date.now() / 1e3)) {
|
|
432
|
+
throw new Error("License expired");
|
|
433
|
+
}
|
|
424
434
|
if (!decoded.sub || typeof decoded.sub !== "string") {
|
|
425
435
|
throw new Error("License missing 'sub' claim");
|
|
426
436
|
}
|
|
@@ -448,13 +458,7 @@ function verifyLicense(key) {
|
|
|
448
458
|
_devMode = false;
|
|
449
459
|
return _license;
|
|
450
460
|
} catch (err) {
|
|
451
|
-
|
|
452
|
-
throw new Error("License key has expired");
|
|
453
|
-
}
|
|
454
|
-
if (err instanceof import_jsonwebtoken.default.JsonWebTokenError) {
|
|
455
|
-
throw new Error(`Invalid license key: ${err.message}`);
|
|
456
|
-
}
|
|
457
|
-
throw err;
|
|
461
|
+
throw new Error(`Invalid license key: ${err.message || err}`);
|
|
458
462
|
}
|
|
459
463
|
}
|
|
460
464
|
function checkFeature(feature) {
|
|
@@ -480,11 +484,10 @@ function _resetLicense() {
|
|
|
480
484
|
_license = null;
|
|
481
485
|
_devMode = false;
|
|
482
486
|
}
|
|
483
|
-
var
|
|
487
|
+
var import_node_crypto2, ED25519_PUBLIC_KEY_PEM, _license, _devMode, DEV_LICENSE;
|
|
484
488
|
var init_license = __esm({
|
|
485
489
|
"src/license.ts"() {
|
|
486
490
|
"use strict";
|
|
487
|
-
import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
|
|
488
491
|
import_node_crypto2 = require("crypto");
|
|
489
492
|
init_connection();
|
|
490
493
|
ED25519_PUBLIC_KEY_PEM = `-----BEGIN PUBLIC KEY-----
|
|
@@ -960,13 +963,13 @@ function getSecret() {
|
|
|
960
963
|
return _secret;
|
|
961
964
|
}
|
|
962
965
|
function signAccessToken(payload) {
|
|
963
|
-
return
|
|
966
|
+
return import_jsonwebtoken.default.sign(payload, getSecret(), {
|
|
964
967
|
algorithm: "HS256",
|
|
965
968
|
expiresIn: "15m"
|
|
966
969
|
});
|
|
967
970
|
}
|
|
968
971
|
function verifyAccessToken(token) {
|
|
969
|
-
return
|
|
972
|
+
return import_jsonwebtoken.default.verify(token, getSecret(), {
|
|
970
973
|
algorithms: ["HS256"]
|
|
971
974
|
});
|
|
972
975
|
}
|
|
@@ -976,11 +979,11 @@ function generateRefreshToken() {
|
|
|
976
979
|
function _resetSecret() {
|
|
977
980
|
_secret = null;
|
|
978
981
|
}
|
|
979
|
-
var
|
|
982
|
+
var import_jsonwebtoken, import_node_crypto4, import_node_fs2, import_node_path2, _secret;
|
|
980
983
|
var init_jwt = __esm({
|
|
981
984
|
"src/auth/jwt.ts"() {
|
|
982
985
|
"use strict";
|
|
983
|
-
|
|
986
|
+
import_jsonwebtoken = __toESM(require("jsonwebtoken"), 1);
|
|
984
987
|
import_node_crypto4 = require("crypto");
|
|
985
988
|
import_node_fs2 = require("fs");
|
|
986
989
|
import_node_path2 = require("path");
|
|
@@ -2265,13 +2268,13 @@ async function getInstallationToken(installationId) {
|
|
|
2265
2268
|
if (cached && cached.expiresAt - Date.now() > TOKEN_REFRESH_BUFFER_MS) {
|
|
2266
2269
|
return cached.token;
|
|
2267
2270
|
}
|
|
2268
|
-
const
|
|
2271
|
+
const jwt2 = generateAppJWT();
|
|
2269
2272
|
const res = await fetch(
|
|
2270
2273
|
`${GITHUB_API_BASE}/app/installations/${installationId}/access_tokens`,
|
|
2271
2274
|
{
|
|
2272
2275
|
method: "POST",
|
|
2273
2276
|
headers: {
|
|
2274
|
-
Authorization: `Bearer ${
|
|
2277
|
+
Authorization: `Bearer ${jwt2}`,
|
|
2275
2278
|
Accept: "application/vnd.github+json",
|
|
2276
2279
|
"X-GitHub-Api-Version": "2022-11-28"
|
|
2277
2280
|
}
|
|
@@ -2395,10 +2398,10 @@ async function getRepoInfo(installationId, owner, repo) {
|
|
|
2395
2398
|
}
|
|
2396
2399
|
async function findInstallationForRepo(owner, repo) {
|
|
2397
2400
|
if (!GITHUB_APP_ID || !GITHUB_PRIVATE_KEY) return null;
|
|
2398
|
-
const
|
|
2401
|
+
const jwt2 = generateAppJWT();
|
|
2399
2402
|
const res = await fetch(`${GITHUB_API_BASE}/repos/${owner}/${repo}/installation`, {
|
|
2400
2403
|
headers: {
|
|
2401
|
-
Authorization: `Bearer ${
|
|
2404
|
+
Authorization: `Bearer ${jwt2}`,
|
|
2402
2405
|
Accept: "application/vnd.github+json",
|
|
2403
2406
|
"X-GitHub-Api-Version": "2022-11-28"
|
|
2404
2407
|
}
|
package/dist/cli.jsc
CHANGED
|
Binary file
|
package/dist/index.jsc
CHANGED
|
Binary file
|