npm - decocms - Versions diffs - 2.178.0 → 2.178.2 - Mend

decocms 2.178.0 → 2.178.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (340) hide show

package/dist/server/node_modules/pg/lib/crypto/sasl.js DELETED Viewed

@@ -1,212 +0,0 @@
-'use strict'
-const crypto = require('./utils')
-const { signatureAlgorithmHashFromCertificate } = require('./cert-signatures')
-function startSession(mechanisms, stream) {
-  const candidates = ['SCRAM-SHA-256']
-  if (stream) candidates.unshift('SCRAM-SHA-256-PLUS') // higher-priority, so placed first
-  const mechanism = candidates.find((candidate) => mechanisms.includes(candidate))
-  if (!mechanism) {
-    throw new Error('SASL: Only mechanism(s) ' + candidates.join(' and ') + ' are supported')
-  }
-  if (mechanism === 'SCRAM-SHA-256-PLUS' && typeof stream.getPeerCertificate !== 'function') {
-    // this should never happen if we are really talking to a Postgres server
-    throw new Error('SASL: Mechanism SCRAM-SHA-256-PLUS requires a certificate')
-  }
-  const clientNonce = crypto.randomBytes(18).toString('base64')
-  const gs2Header = mechanism === 'SCRAM-SHA-256-PLUS' ? 'p=tls-server-end-point' : stream ? 'y' : 'n'
-  return {
-    mechanism,
-    clientNonce,
-    response: gs2Header + ',,n=*,r=' + clientNonce,
-    message: 'SASLInitialResponse',
-  }
-}
-async function continueSession(session, password, serverData, stream) {
-  if (session.message !== 'SASLInitialResponse') {
-    throw new Error('SASL: Last message was not SASLInitialResponse')
-  }
-  if (typeof password !== 'string') {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: client password must be a string')
-  }
-  if (password === '') {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: client password must be a non-empty string')
-  }
-  if (typeof serverData !== 'string') {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: serverData must be a string')
-  }
-  const sv = parseServerFirstMessage(serverData)
-  if (!sv.nonce.startsWith(session.clientNonce)) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: server nonce does not start with client nonce')
-  } else if (sv.nonce.length === session.clientNonce.length) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: server nonce is too short')
-  }
-  const clientFirstMessageBare = 'n=*,r=' + session.clientNonce
-  const serverFirstMessage = 'r=' + sv.nonce + ',s=' + sv.salt + ',i=' + sv.iteration
-  // without channel binding:
-  let channelBinding = stream ? 'eSws' : 'biws' // 'y,,' or 'n,,', base64-encoded
-  // override if channel binding is in use:
-  if (session.mechanism === 'SCRAM-SHA-256-PLUS') {
-    const peerCert = stream.getPeerCertificate().raw
-    let hashName = signatureAlgorithmHashFromCertificate(peerCert)
-    if (hashName === 'MD5' || hashName === 'SHA-1') hashName = 'SHA-256'
-    const certHash = await crypto.hashByName(hashName, peerCert)
-    const bindingData = Buffer.concat([Buffer.from('p=tls-server-end-point,,'), Buffer.from(certHash)])
-    channelBinding = bindingData.toString('base64')
-  }
-  const clientFinalMessageWithoutProof = 'c=' + channelBinding + ',r=' + sv.nonce
-  const authMessage = clientFirstMessageBare + ',' + serverFirstMessage + ',' + clientFinalMessageWithoutProof
-  const saltBytes = Buffer.from(sv.salt, 'base64')
-  const saltedPassword = await crypto.deriveKey(password, saltBytes, sv.iteration)
-  const clientKey = await crypto.hmacSha256(saltedPassword, 'Client Key')
-  const storedKey = await crypto.sha256(clientKey)
-  const clientSignature = await crypto.hmacSha256(storedKey, authMessage)
-  const clientProof = xorBuffers(Buffer.from(clientKey), Buffer.from(clientSignature)).toString('base64')
-  const serverKey = await crypto.hmacSha256(saltedPassword, 'Server Key')
-  const serverSignatureBytes = await crypto.hmacSha256(serverKey, authMessage)
-  session.message = 'SASLResponse'
-  session.serverSignature = Buffer.from(serverSignatureBytes).toString('base64')
-  session.response = clientFinalMessageWithoutProof + ',p=' + clientProof
-}
-function finalizeSession(session, serverData) {
-  if (session.message !== 'SASLResponse') {
-    throw new Error('SASL: Last message was not SASLResponse')
-  }
-  if (typeof serverData !== 'string') {
-    throw new Error('SASL: SCRAM-SERVER-FINAL-MESSAGE: serverData must be a string')
-  }
-  const { serverSignature } = parseServerFinalMessage(serverData)
-  if (serverSignature !== session.serverSignature) {
-    throw new Error('SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature does not match')
-  }
-}
-/**
- * printable       = %x21-2B / %x2D-7E
- *                   ;; Printable ASCII except ",".
- *                   ;; Note that any "printable" is also
- *                   ;; a valid "value".
- */
-function isPrintableChars(text) {
-  if (typeof text !== 'string') {
-    throw new TypeError('SASL: text must be a string')
-  }
-  return text
-    .split('')
-    .map((_, i) => text.charCodeAt(i))
-    .every((c) => (c >= 0x21 && c <= 0x2b) || (c >= 0x2d && c <= 0x7e))
-}
-/**
- * base64-char     = ALPHA / DIGIT / "/" / "+"
- *
- * base64-4        = 4base64-char
- *
- * base64-3        = 3base64-char "="
- *
- * base64-2        = 2base64-char "=="
- *
- * base64          = *base64-4 [base64-3 / base64-2]
- */
-function isBase64(text) {
-  return /^(?:[a-zA-Z0-9+/]{4})*(?:[a-zA-Z0-9+/]{2}==|[a-zA-Z0-9+/]{3}=)?$/.test(text)
-}
-function parseAttributePairs(text) {
-  if (typeof text !== 'string') {
-    throw new TypeError('SASL: attribute pairs text must be a string')
-  }
-  return new Map(
-    text.split(',').map((attrValue) => {
-      if (!/^.=/.test(attrValue)) {
-        throw new Error('SASL: Invalid attribute pair entry')
-      }
-      const name = attrValue[0]
-      const value = attrValue.substring(2)
-      return [name, value]
-    })
-  )
-}
-function parseServerFirstMessage(data) {
-  const attrPairs = parseAttributePairs(data)
-  const nonce = attrPairs.get('r')
-  if (!nonce) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: nonce missing')
-  } else if (!isPrintableChars(nonce)) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: nonce must only contain printable characters')
-  }
-  const salt = attrPairs.get('s')
-  if (!salt) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: salt missing')
-  } else if (!isBase64(salt)) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: salt must be base64')
-  }
-  const iterationText = attrPairs.get('i')
-  if (!iterationText) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: iteration missing')
-  } else if (!/^[1-9][0-9]*$/.test(iterationText)) {
-    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: invalid iteration count')
-  }
-  const iteration = parseInt(iterationText, 10)
-  return {
-    nonce,
-    salt,
-    iteration,
-  }
-}
-function parseServerFinalMessage(serverData) {
-  const attrPairs = parseAttributePairs(serverData)
-  const serverSignature = attrPairs.get('v')
-  if (!serverSignature) {
-    throw new Error('SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature is missing')
-  } else if (!isBase64(serverSignature)) {
-    throw new Error('SASL: SCRAM-SERVER-FINAL-MESSAGE: server signature must be base64')
-  }
-  return {
-    serverSignature,
-  }
-}
-function xorBuffers(a, b) {
-  if (!Buffer.isBuffer(a)) {
-    throw new TypeError('first argument must be a Buffer')
-  }
-  if (!Buffer.isBuffer(b)) {
-    throw new TypeError('second argument must be a Buffer')
-  }
-  if (a.length !== b.length) {
-    throw new Error('Buffer lengths must match')
-  }
-  if (a.length === 0) {
-    throw new Error('Buffers cannot be empty')
-  }
-  return Buffer.from(a.map((_, i) => a[i] ^ b[i]))
-}
-module.exports = {
-  startSession,
-  continueSession,
-  finalizeSession,
-}

package/dist/server/node_modules/pg/lib/crypto/utils-legacy.js DELETED Viewed

@@ -1,43 +0,0 @@
-'use strict'
-// This file contains crypto utility functions for versions of Node.js < 15.0.0,
-// which does not support the WebCrypto.subtle API.
-const nodeCrypto = require('crypto')
-function md5(string) {
-  return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
-}
-// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
-function postgresMd5PasswordHash(user, password, salt) {
-  const inner = md5(password + user)
-  const outer = md5(Buffer.concat([Buffer.from(inner), salt]))
-  return 'md5' + outer
-}
-function sha256(text) {
-  return nodeCrypto.createHash('sha256').update(text).digest()
-}
-function hashByName(hashName, text) {
-  hashName = hashName.replace(/(\D)-/, '$1') // e.g. SHA-256 -> SHA256
-  return nodeCrypto.createHash(hashName).update(text).digest()
-}
-function hmacSha256(key, msg) {
-  return nodeCrypto.createHmac('sha256', key).update(msg).digest()
-}
-async function deriveKey(password, salt, iterations) {
-  return nodeCrypto.pbkdf2Sync(password, salt, iterations, 32, 'sha256')
-}
-module.exports = {
-  postgresMd5PasswordHash,
-  randomBytes: nodeCrypto.randomBytes,
-  deriveKey,
-  sha256,
-  hashByName,
-  hmacSha256,
-  md5,
-}

package/dist/server/node_modules/pg/lib/crypto/utils-webcrypto.js DELETED Viewed

@@ -1,89 +0,0 @@
-const nodeCrypto = require('crypto')
-module.exports = {
-  postgresMd5PasswordHash,
-  randomBytes,
-  deriveKey,
-  sha256,
-  hashByName,
-  hmacSha256,
-  md5,
-}
-/**
- * The Web Crypto API - grabbed from the Node.js library or the global
- * @type Crypto
- */
-// eslint-disable-next-line no-undef
-const webCrypto = nodeCrypto.webcrypto || globalThis.crypto
-/**
- * The SubtleCrypto API for low level crypto operations.
- * @type SubtleCrypto
- */
-const subtleCrypto = webCrypto.subtle
-const textEncoder = new TextEncoder()
-/**
- *
- * @param {*} length
- * @returns
- */
-function randomBytes(length) {
-  return webCrypto.getRandomValues(Buffer.alloc(length))
-}
-async function md5(string) {
-  try {
-    return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
-  } catch (e) {
-    // `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead.
-    // Note that the MD5 algorithm on WebCrypto is not available in Node.js.
-    // This is why we cannot just use WebCrypto in all environments.
-    const data = typeof string === 'string' ? textEncoder.encode(string) : string
-    const hash = await subtleCrypto.digest('MD5', data)
-    return Array.from(new Uint8Array(hash))
-      .map((b) => b.toString(16).padStart(2, '0'))
-      .join('')
-  }
-}
-// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
-async function postgresMd5PasswordHash(user, password, salt) {
-  const inner = await md5(password + user)
-  const outer = await md5(Buffer.concat([Buffer.from(inner), salt]))
-  return 'md5' + outer
-}
-/**
- * Create a SHA-256 digest of the given data
- * @param {Buffer} data
- */
-async function sha256(text) {
-  return await subtleCrypto.digest('SHA-256', text)
-}
-async function hashByName(hashName, text) {
-  return await subtleCrypto.digest(hashName, text)
-}
-/**
- * Sign the message with the given key
- * @param {ArrayBuffer} keyBuffer
- * @param {string} msg
- */
-async function hmacSha256(keyBuffer, msg) {
-  const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])
-  return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg))
-}
-/**
- * Derive a key from the password and salt
- * @param {string} password
- * @param {Uint8Array} salt
- * @param {number} iterations
- */
-async function deriveKey(password, salt, iterations) {
-  const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits'])
-  const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations }
-  return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits'])
-}

package/dist/server/node_modules/pg/lib/crypto/utils.js DELETED Viewed

@@ -1,9 +0,0 @@
-'use strict'
-const useLegacyCrypto = parseInt(process.versions && process.versions.node && process.versions.node.split('.')[0]) < 15
-if (useLegacyCrypto) {
-  // We are on an old version of Node.js that requires legacy crypto utilities.
-  module.exports = require('./utils-legacy')
-} else {
-  module.exports = require('./utils-webcrypto')
-}

package/dist/server/node_modules/pg/lib/defaults.js DELETED Viewed

@@ -1,91 +0,0 @@
-'use strict'
-let user
-try {
-  user = process.platform === 'win32' ? process.env.USERNAME : process.env.USER
-} catch {
-  // ignore, e.g., Deno without --allow-env
-}
-module.exports = {
-  // database host. defaults to localhost
-  host: 'localhost',
-  // database user's name
-  user,
-  // name of database to connect
-  database: undefined,
-  // database user's password
-  password: null,
-  // a Postgres connection string to be used instead of setting individual connection items
-  // NOTE:  Setting this value will cause it to override any other value (such as database or user) defined
-  // in the defaults object.
-  connectionString: undefined,
-  // database port
-  port: 5432,
-  // number of rows to return at a time from a prepared statement's
-  // portal. 0 will return all rows at once
-  rows: 0,
-  // binary result mode
-  binary: false,
-  // Connection pool options - see https://github.com/brianc/node-pg-pool
-  // number of connections to use in connection pool
-  // 0 will disable connection pooling
-  max: 10,
-  // max milliseconds a client can go unused before it is removed
-  // from the pool and destroyed
-  idleTimeoutMillis: 30000,
-  client_encoding: '',
-  ssl: false,
-  application_name: undefined,
-  fallback_application_name: undefined,
-  options: undefined,
-  parseInputDatesAsUTC: false,
-  // max milliseconds any query using this connection will execute for before timing out in error.
-  // false=unlimited
-  statement_timeout: false,
-  // Abort any statement that waits longer than the specified duration in milliseconds while attempting to acquire a lock.
-  // false=unlimited
-  lock_timeout: false,
-  // Terminate any session with an open transaction that has been idle for longer than the specified duration in milliseconds
-  // false=unlimited
-  idle_in_transaction_session_timeout: false,
-  // max milliseconds to wait for query to complete (client side)
-  query_timeout: false,
-  connect_timeout: 0,
-  keepalives: 1,
-  keepalives_idle: 0,
-}
-const pgTypes = require('pg-types')
-// save default parsers
-const parseBigInteger = pgTypes.getTypeParser(20, 'text')
-const parseBigIntegerArray = pgTypes.getTypeParser(1016, 'text')
-// parse int8 so you can get your count values as actual numbers
-module.exports.__defineSetter__('parseInt8', function (val) {
-  pgTypes.setTypeParser(20, 'text', val ? pgTypes.getTypeParser(23, 'text') : parseBigInteger)
-  pgTypes.setTypeParser(1016, 'text', val ? pgTypes.getTypeParser(1007, 'text') : parseBigIntegerArray)
-})

package/dist/server/node_modules/pg/lib/index.js DELETED Viewed

@@ -1,73 +0,0 @@
-'use strict'
-const Client = require('./client')
-const defaults = require('./defaults')
-const Connection = require('./connection')
-const Result = require('./result')
-const utils = require('./utils')
-const Pool = require('pg-pool')
-const TypeOverrides = require('./type-overrides')
-const { DatabaseError } = require('pg-protocol')
-const { escapeIdentifier, escapeLiteral } = require('./utils')
-const poolFactory = (Client) => {
-  return class BoundPool extends Pool {
-    constructor(options) {
-      super(options, Client)
-    }
-  }
-}
-const PG = function (clientConstructor) {
-  this.defaults = defaults
-  this.Client = clientConstructor
-  this.Query = this.Client.Query
-  this.Pool = poolFactory(this.Client)
-  this._pools = []
-  this.Connection = Connection
-  this.types = require('pg-types')
-  this.DatabaseError = DatabaseError
-  this.TypeOverrides = TypeOverrides
-  this.escapeIdentifier = escapeIdentifier
-  this.escapeLiteral = escapeLiteral
-  this.Result = Result
-  this.utils = utils
-}
-let clientConstructor = Client
-let forceNative = false
-try {
-  forceNative = !!process.env.NODE_PG_FORCE_NATIVE
-} catch {
-  // ignore, e.g., Deno without --allow-env
-}
-if (forceNative) {
-  clientConstructor = require('./native')
-}
-module.exports = new PG(clientConstructor)
-// lazy require native module...the native module may not have installed
-Object.defineProperty(module.exports, 'native', {
-  configurable: true,
-  enumerable: false,
-  get() {
-    let native = null
-    try {
-      native = new PG(require('./native'))
-    } catch (err) {
-      if (err.code !== 'MODULE_NOT_FOUND') {
-        throw err
-      }
-    }
-    // overwrite module.exports.native so that getter is never called again
-    Object.defineProperty(module.exports, 'native', {
-      value: native,
-    })
-    return native
-  },
-})