npm - decocms - Versions diffs - 2.175.9 → 2.175.10 - Mend

decocms 2.175.9 → 2.175.10

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (271) hide show

package/dist/server/node_modules/pg/lib/connection-parameters.js ADDED Viewed

@@ -0,0 +1,171 @@
+'use strict'
+const dns = require('dns')
+const defaults = require('./defaults')
+const parse = require('pg-connection-string').parse // parses a connection string
+const val = function (key, config, envVar) {
+  if (config[key]) {
+    return config[key]
+  }
+  if (envVar === undefined) {
+    envVar = process.env['PG' + key.toUpperCase()]
+  } else if (envVar === false) {
+    // do nothing ... use false
+  } else {
+    envVar = process.env[envVar]
+  }
+  return envVar || defaults[key]
+}
+const readSSLConfigFromEnvironment = function () {
+  switch (process.env.PGSSLMODE) {
+    case 'disable':
+      return false
+    case 'prefer':
+    case 'require':
+    case 'verify-ca':
+    case 'verify-full':
+      return true
+    case 'no-verify':
+      return { rejectUnauthorized: false }
+  }
+  return defaults.ssl
+}
+// Convert arg to a string, surround in single quotes, and escape single quotes and backslashes
+const quoteParamValue = function (value) {
+  return "'" + ('' + value).replace(/\\/g, '\\\\').replace(/'/g, "\\'") + "'"
+}
+const add = function (params, config, paramName) {
+  const value = config[paramName]
+  if (value !== undefined && value !== null) {
+    params.push(paramName + '=' + quoteParamValue(value))
+  }
+}
+class ConnectionParameters {
+  constructor(config) {
+    // if a string is passed, it is a raw connection string so we parse it into a config
+    config = typeof config === 'string' ? parse(config) : config || {}
+    // if the config has a connectionString defined, parse IT into the config we use
+    // this will override other default values with what is stored in connectionString
+    if (config.connectionString) {
+      config = Object.assign({}, config, parse(config.connectionString))
+    }
+    this.user = val('user', config)
+    this.database = val('database', config)
+    if (this.database === undefined) {
+      this.database = this.user
+    }
+    this.port = parseInt(val('port', config), 10)
+    this.host = val('host', config)
+    // "hiding" the password so it doesn't show up in stack traces
+    // or if the client is console.logged
+    Object.defineProperty(this, 'password', {
+      configurable: true,
+      enumerable: false,
+      writable: true,
+      value: val('password', config),
+    })
+    this.binary = val('binary', config)
+    this.options = val('options', config)
+    this.ssl = typeof config.ssl === 'undefined' ? readSSLConfigFromEnvironment() : config.ssl
+    if (typeof this.ssl === 'string') {
+      if (this.ssl === 'true') {
+        this.ssl = true
+      }
+    }
+    // support passing in ssl=no-verify via connection string
+    if (this.ssl === 'no-verify') {
+      this.ssl = { rejectUnauthorized: false }
+    }
+    if (this.ssl && this.ssl.key) {
+      Object.defineProperty(this.ssl, 'key', {
+        enumerable: false,
+      })
+    }
+    this.client_encoding = val('client_encoding', config)
+    this.replication = val('replication', config)
+    // a domain socket begins with '/'
+    this.isDomainSocket = !(this.host || '').indexOf('/')
+    this.application_name = val('application_name', config, 'PGAPPNAME')
+    this.fallback_application_name = val('fallback_application_name', config, false)
+    this.statement_timeout = val('statement_timeout', config, false)
+    this.lock_timeout = val('lock_timeout', config, false)
+    this.idle_in_transaction_session_timeout = val('idle_in_transaction_session_timeout', config, false)
+    this.query_timeout = val('query_timeout', config, false)
+    if (config.connectionTimeoutMillis === undefined) {
+      this.connect_timeout = process.env.PGCONNECT_TIMEOUT || 0
+    } else {
+      this.connect_timeout = Math.floor(config.connectionTimeoutMillis / 1000)
+    }
+    if (config.keepAlive === false) {
+      this.keepalives = 0
+    } else if (config.keepAlive === true) {
+      this.keepalives = 1
+    }
+    if (typeof config.keepAliveInitialDelayMillis === 'number') {
+      this.keepalives_idle = Math.floor(config.keepAliveInitialDelayMillis / 1000)
+    }
+  }
+  getLibpqConnectionString(cb) {
+    const params = []
+    add(params, this, 'user')
+    add(params, this, 'password')
+    add(params, this, 'port')
+    add(params, this, 'application_name')
+    add(params, this, 'fallback_application_name')
+    add(params, this, 'connect_timeout')
+    add(params, this, 'options')
+    const ssl = typeof this.ssl === 'object' ? this.ssl : this.ssl ? { sslmode: this.ssl } : {}
+    add(params, ssl, 'sslmode')
+    add(params, ssl, 'sslca')
+    add(params, ssl, 'sslkey')
+    add(params, ssl, 'sslcert')
+    add(params, ssl, 'sslrootcert')
+    if (this.database) {
+      params.push('dbname=' + quoteParamValue(this.database))
+    }
+    if (this.replication) {
+      params.push('replication=' + quoteParamValue(this.replication))
+    }
+    if (this.host) {
+      params.push('host=' + quoteParamValue(this.host))
+    }
+    if (this.isDomainSocket) {
+      return cb(null, params.join(' '))
+    }
+    if (this.client_encoding) {
+      params.push('client_encoding=' + quoteParamValue(this.client_encoding))
+    }
+    dns.lookup(this.host, function (err, address) {
+      if (err) return cb(err, null)
+      params.push('hostaddr=' + quoteParamValue(address))
+      return cb(null, params.join(' '))
+    })
+  }
+}
+module.exports = ConnectionParameters

package/dist/server/node_modules/pg/lib/connection.js ADDED Viewed

@@ -0,0 +1,221 @@
+'use strict'
+const EventEmitter = require('events').EventEmitter
+const { parse, serialize } = require('pg-protocol')
+const { getStream, getSecureStream } = require('./stream')
+const flushBuffer = serialize.flush()
+const syncBuffer = serialize.sync()
+const endBuffer = serialize.end()
+// TODO(bmc) support binary mode at some point
+class Connection extends EventEmitter {
+  constructor(config) {
+    super()
+    config = config || {}
+    this.stream = config.stream || getStream(config.ssl)
+    if (typeof this.stream === 'function') {
+      this.stream = this.stream(config)
+    }
+    this._keepAlive = config.keepAlive
+    this._keepAliveInitialDelayMillis = config.keepAliveInitialDelayMillis
+    this.parsedStatements = {}
+    this.ssl = config.ssl || false
+    this._ending = false
+    this._emitMessage = false
+    const self = this
+    this.on('newListener', function (eventName) {
+      if (eventName === 'message') {
+        self._emitMessage = true
+      }
+    })
+  }
+  connect(port, host) {
+    const self = this
+    this._connecting = true
+    this.stream.setNoDelay(true)
+    this.stream.connect(port, host)
+    this.stream.once('connect', function () {
+      if (self._keepAlive) {
+        self.stream.setKeepAlive(true, self._keepAliveInitialDelayMillis)
+      }
+      self.emit('connect')
+    })
+    const reportStreamError = function (error) {
+      // errors about disconnections should be ignored during disconnect
+      if (self._ending && (error.code === 'ECONNRESET' || error.code === 'EPIPE')) {
+        return
+      }
+      self.emit('error', error)
+    }
+    this.stream.on('error', reportStreamError)
+    this.stream.on('close', function () {
+      self.emit('end')
+    })
+    if (!this.ssl) {
+      return this.attachListeners(this.stream)
+    }
+    this.stream.once('data', function (buffer) {
+      const responseCode = buffer.toString('utf8')
+      switch (responseCode) {
+        case 'S': // Server supports SSL connections, continue with a secure connection
+          break
+        case 'N': // Server does not support SSL connections
+          self.stream.end()
+          return self.emit('error', new Error('The server does not support SSL connections'))
+        default:
+          // Any other response byte, including 'E' (ErrorResponse) indicating a server error
+          self.stream.end()
+          return self.emit('error', new Error('There was an error establishing an SSL connection'))
+      }
+      const options = {
+        socket: self.stream,
+      }
+      if (self.ssl !== true) {
+        Object.assign(options, self.ssl)
+        if ('key' in self.ssl) {
+          options.key = self.ssl.key
+        }
+      }
+      const net = require('net')
+      if (net.isIP && net.isIP(host) === 0) {
+        options.servername = host
+      }
+      try {
+        self.stream = getSecureStream(options)
+      } catch (err) {
+        return self.emit('error', err)
+      }
+      self.attachListeners(self.stream)
+      self.stream.on('error', reportStreamError)
+      self.emit('sslconnect')
+    })
+  }
+  attachListeners(stream) {
+    parse(stream, (msg) => {
+      const eventName = msg.name === 'error' ? 'errorMessage' : msg.name
+      if (this._emitMessage) {
+        this.emit('message', msg)
+      }
+      this.emit(eventName, msg)
+    })
+  }
+  requestSsl() {
+    this.stream.write(serialize.requestSsl())
+  }
+  startup(config) {
+    this.stream.write(serialize.startup(config))
+  }
+  cancel(processID, secretKey) {
+    this._send(serialize.cancel(processID, secretKey))
+  }
+  password(password) {
+    this._send(serialize.password(password))
+  }
+  sendSASLInitialResponseMessage(mechanism, initialResponse) {
+    this._send(serialize.sendSASLInitialResponseMessage(mechanism, initialResponse))
+  }
+  sendSCRAMClientFinalMessage(additionalData) {
+    this._send(serialize.sendSCRAMClientFinalMessage(additionalData))
+  }
+  _send(buffer) {
+    if (!this.stream.writable) {
+      return false
+    }
+    return this.stream.write(buffer)
+  }
+  query(text) {
+    this._send(serialize.query(text))
+  }
+  // send parse message
+  parse(query) {
+    this._send(serialize.parse(query))
+  }
+  // send bind message
+  bind(config) {
+    this._send(serialize.bind(config))
+  }
+  // send execute message
+  execute(config) {
+    this._send(serialize.execute(config))
+  }
+  flush() {
+    if (this.stream.writable) {
+      this.stream.write(flushBuffer)
+    }
+  }
+  sync() {
+    this._ending = true
+    this._send(syncBuffer)
+  }
+  ref() {
+    this.stream.ref()
+  }
+  unref() {
+    this.stream.unref()
+  }
+  end() {
+    // 0x58 = 'X'
+    this._ending = true
+    if (!this._connecting || !this.stream.writable) {
+      this.stream.end()
+      return
+    }
+    return this.stream.write(endBuffer, () => {
+      this.stream.end()
+    })
+  }
+  close(msg) {
+    this._send(serialize.close(msg))
+  }
+  describe(msg) {
+    this._send(serialize.describe(msg))
+  }
+  sendCopyFromChunk(chunk) {
+    this._send(serialize.copyData(chunk))
+  }
+  endCopyFrom() {
+    this._send(serialize.copyDone())
+  }
+  sendCopyFail(msg) {
+    this._send(serialize.copyFail(msg))
+  }
+}
+module.exports = Connection

package/dist/server/node_modules/pg/lib/crypto/cert-signatures.js ADDED Viewed

@@ -0,0 +1,122 @@
+function x509Error(msg, cert) {
+  return new Error('SASL channel binding: ' + msg + ' when parsing public certificate ' + cert.toString('base64'))
+}
+function readASN1Length(data, index) {
+  let length = data[index++]
+  if (length < 0x80) return { length, index }
+  const lengthBytes = length & 0x7f
+  if (lengthBytes > 4) throw x509Error('bad length', data)
+  length = 0
+  for (let i = 0; i < lengthBytes; i++) {
+    length = (length << 8) | data[index++]
+  }
+  return { length, index }
+}
+function readASN1OID(data, index) {
+  if (data[index++] !== 0x6) throw x509Error('non-OID data', data) // 6 = OID
+  const { length: OIDLength, index: indexAfterOIDLength } = readASN1Length(data, index)
+  index = indexAfterOIDLength
+  const lastIndex = index + OIDLength
+  const byte1 = data[index++]
+  let oid = ((byte1 / 40) >> 0) + '.' + (byte1 % 40)
+  while (index < lastIndex) {
+    // loop over numbers in OID
+    let value = 0
+    while (index < lastIndex) {
+      // loop over bytes in number
+      const nextByte = data[index++]
+      value = (value << 7) | (nextByte & 0x7f)
+      if (nextByte < 0x80) break
+    }
+    oid += '.' + value
+  }
+  return { oid, index }
+}
+function expectASN1Seq(data, index) {
+  if (data[index++] !== 0x30) throw x509Error('non-sequence data', data) // 30 = Sequence
+  return readASN1Length(data, index)
+}
+function signatureAlgorithmHashFromCertificate(data, index) {
+  // read this thread: https://www.postgresql.org/message-id/17760-b6c61e752ec07060%40postgresql.org
+  if (index === undefined) index = 0
+  index = expectASN1Seq(data, index).index
+  const { length: certInfoLength, index: indexAfterCertInfoLength } = expectASN1Seq(data, index)
+  index = indexAfterCertInfoLength + certInfoLength // skip over certificate info
+  index = expectASN1Seq(data, index).index // skip over signature length field
+  const { oid, index: indexAfterOID } = readASN1OID(data, index)
+  switch (oid) {
+    // RSA
+    case '1.2.840.113549.1.1.4':
+      return 'MD5'
+    case '1.2.840.113549.1.1.5':
+      return 'SHA-1'
+    case '1.2.840.113549.1.1.11':
+      return 'SHA-256'
+    case '1.2.840.113549.1.1.12':
+      return 'SHA-384'
+    case '1.2.840.113549.1.1.13':
+      return 'SHA-512'
+    case '1.2.840.113549.1.1.14':
+      return 'SHA-224'
+    case '1.2.840.113549.1.1.15':
+      return 'SHA512-224'
+    case '1.2.840.113549.1.1.16':
+      return 'SHA512-256'
+    // ECDSA
+    case '1.2.840.10045.4.1':
+      return 'SHA-1'
+    case '1.2.840.10045.4.3.1':
+      return 'SHA-224'
+    case '1.2.840.10045.4.3.2':
+      return 'SHA-256'
+    case '1.2.840.10045.4.3.3':
+      return 'SHA-384'
+    case '1.2.840.10045.4.3.4':
+      return 'SHA-512'
+    // RSASSA-PSS: hash is indicated separately
+    case '1.2.840.113549.1.1.10': {
+      index = indexAfterOID
+      index = expectASN1Seq(data, index).index
+      if (data[index++] !== 0xa0) throw x509Error('non-tag data', data) // a0 = constructed tag 0
+      index = readASN1Length(data, index).index // skip over tag length field
+      index = expectASN1Seq(data, index).index // skip over sequence length field
+      const { oid: hashOID } = readASN1OID(data, index)
+      switch (hashOID) {
+        // standalone hash OIDs
+        case '1.2.840.113549.2.5':
+          return 'MD5'
+        case '1.3.14.3.2.26':
+          return 'SHA-1'
+        case '2.16.840.1.101.3.4.2.1':
+          return 'SHA-256'
+        case '2.16.840.1.101.3.4.2.2':
+          return 'SHA-384'
+        case '2.16.840.1.101.3.4.2.3':
+          return 'SHA-512'
+      }
+      throw x509Error('unknown hash OID ' + hashOID, data)
+    }
+    // Ed25519 -- see https: return//github.com/openssl/openssl/issues/15477
+    case '1.3.101.110':
+    case '1.3.101.112': // ph
+      return 'SHA-512'
+    // Ed448 -- still not in pg 17.2 (if supported, digest would be SHAKE256 x 64 bytes)
+    case '1.3.101.111':
+    case '1.3.101.113': // ph
+      throw x509Error('Ed448 certificate channel binding is not currently supported by Postgres')
+  }
+  throw x509Error('unknown OID ' + oid, data)
+}
+module.exports = { signatureAlgorithmHashFromCertificate }