decocms 2.172.0 → 2.172.1

package/dist/server/node_modules/pg-connection-string/README.md

@@ -0,0 +1,105 @@
+pg-connection-string
+====================
+
+[![NPM](https://nodei.co/npm/pg-connection-string.png?compact=true)](https://nodei.co/npm/pg-connection-string/)
+
+Functions for dealing with a PostgresSQL connection string
+
+`parse` method taken from [node-postgres](https://github.com/brianc/node-postgres.git)
+Copyright (c) 2010-2014 Brian Carlson (brian.m.carlson@gmail.com)
+MIT License
+
+## Usage
+
+```js
+const parse = require('pg-connection-string').parse;
+
+const config = parse('postgres://someuser:somepassword@somehost:381/somedatabase')
+```
+
+The resulting config contains a subset of the following properties:
+
+* `user` - User with which to authenticate to the server
+* `password` - Corresponding password
+* `host` - Postgres server hostname or, for UNIX domain sockets, the socket filename
+* `port` - port on which to connect
+* `database` - Database name within the server
+* `client_encoding` - string encoding the client will use
+* `ssl`, either a boolean or an object with properties
+  * `rejectUnauthorized`
+  * `cert`
+  * `key`
+  * `ca`
+* any other query parameters (for example, `application_name`) are preserved intact.
+
+### ClientConfig Compatibility for TypeScript
+
+The pg-connection-string `ConnectionOptions` interface is not compatible with the `ClientConfig` interface that [pg.Client](https://node-postgres.com/apis/client) expects. To remedy this, use the `parseIntoClientConfig` function instead of `parse`:
+
+```ts
+import { ClientConfig } from 'pg';
+import { parseIntoClientConfig } from 'pg-connection-string';
+
+const config: ClientConfig = parseIntoClientConfig('postgres://someuser:somepassword@somehost:381/somedatabase')
+```
+
+You can also use `toClientConfig` to convert an existing `ConnectionOptions` interface into a `ClientConfig` interface:
+
+```ts
+import { ClientConfig } from 'pg';
+import { parse, toClientConfig } from 'pg-connection-string';
+
+const config = parse('postgres://someuser:somepassword@somehost:381/somedatabase')
+const clientConfig: ClientConfig = toClientConfig(config)
+```
+
+## Connection Strings
+
+The short summary of acceptable URLs is:
+
+ * `socket:<path>?<query>` - UNIX domain socket
+ * `postgres://<user>:<password>@<host>:<port>/<database>?<query>` - TCP connection
+
+But see below for more details.
+
+### UNIX Domain Sockets
+
+When user and password are not given, the socket path follows `socket:`, as in `socket:/var/run/pgsql`.
+This form can be shortened to just a path: `/var/run/pgsql`.
+
+When user and password are given, they are included in the typical URL positions, with an empty `host`, as in `socket://user:pass@/var/run/pgsql`.
+
+Query parameters follow a `?` character, including the following special query parameters:
+
+ * `db=<database>` - sets the database name (urlencoded)
+ * `encoding=<encoding>` - sets the `client_encoding` property
+
+### TCP Connections
+
+TCP connections to the Postgres server are indicated with `pg:` or `postgres:` schemes (in fact, any scheme but `socket:` is accepted).
+If username and password are included, they should be urlencoded.
+The database name, however, should *not* be urlencoded.
+
+Query parameters follow a `?` character, including the following special query parameters:
+ * `host=<host>` - sets `host` property, overriding the URL's host
+ * `encoding=<encoding>` - sets the `client_encoding` property
+ * `ssl=1`, `ssl=true`, `ssl=0`, `ssl=false` - sets `ssl` to true or false, accordingly
+ * `uselibpqcompat=true` - use libpq semantics
+ * `sslmode=<sslmode>` when `uselibpqcompat=true` is not set
+   * `sslmode=disable` - sets `ssl` to false
+   * `sslmode=no-verify` - sets `ssl` to `{ rejectUnauthorized: false }`
+   * `sslmode=prefer`, `sslmode=require`, `sslmode=verify-ca`, `sslmode=verify-full` - sets `ssl` to true
+ * `sslmode=<sslmode>` when `uselibpqcompat=true`
+   * `sslmode=disable` - sets `ssl` to false
+   * `sslmode=prefer` - sets `ssl` to `{ rejectUnauthorized: false }`
+   * `sslmode=require` - sets `ssl` to `{ rejectUnauthorized: false }` unless `sslrootcert` is specified, in which case it behaves like `verify-ca`
+   * `sslmode=verify-ca` - sets `ssl` to `{ checkServerIdentity: no-op }` (verify CA, but not server identity). This verifies the presented certificate against the effective CA specified in sslrootcert.
+   * `sslmode=verify-full` - sets `ssl` to `{}` (verify CA and server identity)
+ * `sslcert=<filename>` - reads data from the given file and includes the result as `ssl.cert`
+ * `sslkey=<filename>` - reads data from the given file and includes the result as `ssl.key`
+ * `sslrootcert=<filename>` - reads data from the given file and includes the result as `ssl.ca`
+
+A bare relative URL, such as `salesdata`, will indicate a database name while leaving other properties empty.
+
+> [!CAUTION]
+> Choosing an sslmode other than verify-full has serious security implications. Please read https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS to understand the trade-offs.

package/dist/server/node_modules/pg-connection-string/esm/index.mjs

@@ -0,0 +1,8 @@
+// ESM wrapper for pg-connection-string
+import connectionString from '../index.js'
+
+// Re-export the parse function
+export default connectionString.parse
+export const parse = connectionString.parse
+export const toClientConfig = connectionString.toClientConfig
+export const parseIntoClientConfig = connectionString.parseIntoClientConfig

package/dist/server/node_modules/pg-connection-string/index.d.ts

@@ -0,0 +1,36 @@
+import { ClientConfig } from 'pg'
+
+export function parse(connectionString: string, options?: Options): ConnectionOptions
+
+export interface Options {
+  // Use libpq semantics when interpreting the connection string
+  useLibpqCompat?: boolean
+}
+
+interface SSLConfig {
+  ca?: string
+  cert?: string | null
+  key?: string
+  rejectUnauthorized?: boolean
+}
+
+export interface ConnectionOptions {
+  host: string | null
+  password?: string
+  user?: string
+  port?: string | null
+  database: string | null | undefined
+  client_encoding?: string
+  ssl?: boolean | string | SSLConfig
+
+  application_name?: string
+  fallback_application_name?: string
+  options?: string
+  keepalives?: number
+
+  // We allow any other options to be passed through
+  [key: string]: unknown
+}
+
+export function toClientConfig(config: ConnectionOptions): ClientConfig
+export function parseIntoClientConfig(connectionString: string): ClientConfig

package/dist/server/node_modules/pg-connection-string/index.js

@@ -0,0 +1,231 @@
+'use strict'
+
+//Parse method copied from https://github.com/brianc/node-postgres
+//Copyright (c) 2010-2014 Brian Carlson (brian.m.carlson@gmail.com)
+//MIT License
+
+//parses a connection string
+function parse(str, options = {}) {
+  //unix socket
+  if (str.charAt(0) === '/') {
+    const config = str.split(' ')
+    return { host: config[0], database: config[1] }
+  }
+
+  // Check for empty host in URL
+
+  const config = {}
+  let result
+  let dummyHost = false
+  if (/ |%[^a-f0-9]|%[a-f0-9][^a-f0-9]/i.test(str)) {
+    // Ensure spaces are encoded as %20
+    str = encodeURI(str).replace(/%25(\d\d)/g, '%$1')
+  }
+
+  try {
+    try {
+      result = new URL(str, 'postgres://base')
+    } catch (e) {
+      // The URL is invalid so try again with a dummy host
+      result = new URL(str.replace('@/', '@___DUMMY___/'), 'postgres://base')
+      dummyHost = true
+    }
+  } catch (err) {
+    // Remove the input from the error message to avoid leaking sensitive information
+    err.input && (err.input = '*****REDACTED*****')
+    throw err
+  }
+
+  // We'd like to use Object.fromEntries() here but Node.js 10 does not support it
+  for (const entry of result.searchParams.entries()) {
+    config[entry[0]] = entry[1]
+  }
+
+  config.user = config.user || decodeURIComponent(result.username)
+  config.password = config.password || decodeURIComponent(result.password)
+
+  if (result.protocol == 'socket:') {
+    config.host = decodeURI(result.pathname)
+    config.database = result.searchParams.get('db')
+    config.client_encoding = result.searchParams.get('encoding')
+    return config
+  }
+  const hostname = dummyHost ? '' : result.hostname
+  if (!config.host) {
+    // Only set the host if there is no equivalent query param.
+    config.host = decodeURIComponent(hostname)
+  } else if (hostname && /^%2f/i.test(hostname)) {
+    // Only prepend the hostname to the pathname if it is not a URL encoded Unix socket host.
+    result.pathname = hostname + result.pathname
+  }
+  if (!config.port) {
+    // Only set the port if there is no equivalent query param.
+    config.port = result.port
+  }
+
+  const pathname = result.pathname.slice(1) || null
+  config.database = pathname ? decodeURI(pathname) : null
+
+  if (config.ssl === 'true' || config.ssl === '1') {
+    config.ssl = true
+  }
+
+  if (config.ssl === '0') {
+    config.ssl = false
+  }
+
+  if (config.sslcert || config.sslkey || config.sslrootcert || config.sslmode) {
+    config.ssl = {}
+  }
+
+  // Only try to load fs if we expect to read from the disk
+  const fs = config.sslcert || config.sslkey || config.sslrootcert ? require('fs') : null
+
+  if (config.sslcert) {
+    config.ssl.cert = fs.readFileSync(config.sslcert).toString()
+  }
+
+  if (config.sslkey) {
+    config.ssl.key = fs.readFileSync(config.sslkey).toString()
+  }
+
+  if (config.sslrootcert) {
+    config.ssl.ca = fs.readFileSync(config.sslrootcert).toString()
+  }
+
+  if (options.useLibpqCompat && config.uselibpqcompat) {
+    throw new Error('Both useLibpqCompat and uselibpqcompat are set. Please use only one of them.')
+  }
+
+  if (config.uselibpqcompat === 'true' || options.useLibpqCompat) {
+    switch (config.sslmode) {
+      case 'disable': {
+        config.ssl = false
+        break
+      }
+      case 'prefer': {
+        config.ssl.rejectUnauthorized = false
+        break
+      }
+      case 'require': {
+        if (config.sslrootcert) {
+          // If a root CA is specified, behavior of `sslmode=require` will be the same as that of `verify-ca`
+          config.ssl.checkServerIdentity = function () {}
+        } else {
+          config.ssl.rejectUnauthorized = false
+        }
+        break
+      }
+      case 'verify-ca': {
+        if (!config.ssl.ca) {
+          throw new Error(
+            'SECURITY WARNING: Using sslmode=verify-ca requires specifying a CA with sslrootcert. If a public CA is used, verify-ca allows connections to a server that somebody else may have registered with the CA, making you vulnerable to Man-in-the-Middle attacks. Either specify a custom CA certificate with sslrootcert parameter or use sslmode=verify-full for proper security.'
+          )
+        }
+        config.ssl.checkServerIdentity = function () {}
+        break
+      }
+      case 'verify-full': {
+        break
+      }
+    }
+  } else {
+    switch (config.sslmode) {
+      case 'disable': {
+        config.ssl = false
+        break
+      }
+      case 'prefer':
+      case 'require':
+      case 'verify-ca':
+      case 'verify-full': {
+        if (config.sslmode !== 'verify-full') {
+          deprecatedSslModeWarning(config.sslmode)
+        }
+        break
+      }
+      case 'no-verify': {
+        config.ssl.rejectUnauthorized = false
+        break
+      }
+    }
+  }
+
+  return config
+}
+
+// convert pg-connection-string ssl config to a ClientConfig.ConnectionOptions
+function toConnectionOptions(sslConfig) {
+  const connectionOptions = Object.entries(sslConfig).reduce((c, [key, value]) => {
+    // we explicitly check for undefined and null instead of `if (value)` because some
+    // options accept falsy values. Example: `ssl.rejectUnauthorized = false`
+    if (value !== undefined && value !== null) {
+      c[key] = value
+    }
+
+    return c
+  }, {})
+
+  return connectionOptions
+}
+
+// convert pg-connection-string config to a ClientConfig
+function toClientConfig(config) {
+  const poolConfig = Object.entries(config).reduce((c, [key, value]) => {
+    if (key === 'ssl') {
+      const sslConfig = value
+
+      if (typeof sslConfig === 'boolean') {
+        c[key] = sslConfig
+      }
+
+      if (typeof sslConfig === 'object') {
+        c[key] = toConnectionOptions(sslConfig)
+      }
+    } else if (value !== undefined && value !== null) {
+      if (key === 'port') {
+        // when port is not specified, it is converted into an empty string
+        // we want to avoid NaN or empty string as a values in ClientConfig
+        if (value !== '') {
+          const v = parseInt(value, 10)
+          if (isNaN(v)) {
+            throw new Error(`Invalid ${key}: ${value}`)
+          }
+
+          c[key] = v
+        }
+      } else {
+        c[key] = value
+      }
+    }
+
+    return c
+  }, {})
+
+  return poolConfig
+}
+
+// parses a connection string into ClientConfig
+function parseIntoClientConfig(str) {
+  return toClientConfig(parse(str))
+}
+
+function deprecatedSslModeWarning(sslmode) {
+  if (!deprecatedSslModeWarning.warned && typeof process !== 'undefined' && process.emitWarning) {
+    deprecatedSslModeWarning.warned = true
+    process.emitWarning(`SECURITY WARNING: The SSL modes 'prefer', 'require', and 'verify-ca' are treated as aliases for 'verify-full'.
+In the next major version (pg-connection-string v3.0.0 and pg v9.0.0), these modes will adopt standard libpq semantics, which have weaker security guarantees.
+
+To prepare for this change:
+- If you want the current behavior, explicitly use 'sslmode=verify-full'
+- If you want libpq compatibility now, use 'uselibpqcompat=true&sslmode=${sslmode}'
+
+See https://www.postgresql.org/docs/current/libpq-ssl.html for libpq SSL mode definitions.`)
+  }
+}
+
+module.exports = parse
+
+parse.parse = parse
+parse.toClientConfig = toClientConfig
+parse.parseIntoClientConfig = parseIntoClientConfig

package/dist/server/node_modules/pg-connection-string/package.json

@@ -0,0 +1,52 @@
+{
+  "name": "pg-connection-string",
+  "version": "2.12.0",
+  "description": "Functions for dealing with a PostgresSQL connection string",
+  "main": "./index.js",
+  "types": "./index.d.ts",
+  "exports": {
+    ".": {
+      "types": "./index.d.ts",
+      "import": "./esm/index.mjs",
+      "require": "./index.js",
+      "default": "./index.js"
+    }
+  },
+  "scripts": {
+    "test": "nyc --reporter=lcov mocha && npm run check-coverage",
+    "check-coverage": "nyc check-coverage --statements 100 --branches 100 --lines 100 --functions 100"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git://github.com/brianc/node-postgres.git",
+    "directory": "packages/pg-connection-string"
+  },
+  "keywords": [
+    "pg",
+    "connection",
+    "string",
+    "parse"
+  ],
+  "author": "Blaine Bublitz <blaine@iceddev.com> (http://iceddev.com/)",
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/brianc/node-postgres/issues"
+  },
+  "homepage": "https://github.com/brianc/node-postgres/tree/master/packages/pg-connection-string",
+  "devDependencies": {
+    "@types/pg": "^8.12.0",
+    "chai": "^4.1.1",
+    "coveralls": "^3.0.4",
+    "istanbul": "^0.4.5",
+    "mocha": "^11.7.5",
+    "nyc": "^15",
+    "tsx": "^4.19.4",
+    "typescript": "^4.0.3"
+  },
+  "files": [
+    "index.js",
+    "index.d.ts",
+    "esm"
+  ],
+  "gitHead": "c9070cc8d526fca65780cedc25c1966b57cf7532"
+}

package/dist/server/node_modules/pg-pool/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Brian M. Carlson
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.