firebase-tools 14.5.1 → 14.7.0

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "firebase-tools",
-  "version": "14.5.1",
+  "version": "14.7.0",
   "description": "Command-Line Interface for Firebase",
   "main": "./lib/index.js",
   "bin": {
@@ -60,7 +60,7 @@
     ]
   },
   "dependencies": {
-    "@electric-sql/pglite": "^0.2.16",
+    "@electric-sql/pglite": "^0.2.17",
     "@google-cloud/cloud-sql-connector": "^1.3.3",
     "@google-cloud/pubsub": "^4.5.0",
     "@inquirer/prompts": "^7.4.0",
@@ -109,6 +109,7 @@
     "ora": "^5.4.1",
     "p-limit": "^3.0.1",
     "pg": "^8.11.3",
+    "pg-gateway": "^0.3.0-beta.4",
     "portfinder": "^1.0.32",
     "progress": "^2.0.3",
     "proxy-agent": "^6.3.0",

package/lib/emulator/dataconnect/pg-gateway/auth/base-auth-flow.js

@@ -1,11 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.BaseAuthFlow = void 0;
-class BaseAuthFlow {
-    constructor(params) {
-        this.reader = params.reader;
-        this.writer = params.writer;
-        this.connectionState = params.connectionState;
-    }
-}
-exports.BaseAuthFlow = BaseAuthFlow;

package/lib/emulator/dataconnect/pg-gateway/auth/cert.js

@@ -1,69 +0,0 @@
-"use strict";
-var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
-var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
-    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
-    var g = generator.apply(thisArg, _arguments || []), i, q = [];
-    return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
-    function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
-    function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
-    function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
-    function fulfill(value) { resume("next", value); }
-    function reject(value) { resume("throw", value); }
-    function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.CertAuthFlow = void 0;
-const backend_error_1 = require("../backend-error");
-const base_auth_flow_1 = require("./base-auth-flow");
-const connection_1 = require("../connection");
-class CertAuthFlow extends base_auth_flow_1.BaseAuthFlow {
-    constructor(params) {
-        var _a;
-        super(params);
-        this.completed = false;
-        this.auth = Object.assign(Object.assign({}, params.auth), { validateCredentials: (_a = params.auth.validateCredentials) !== null && _a !== void 0 ? _a : (async ({ username, certificate }) => {
-                return certificate.subject.CN === username;
-            }) });
-        this.username = params.username;
-    }
-    handleClientMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientMessage_1() {
-            if (false) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '08000',
-                    message: `ssl connection required when auth mode is 'certificate'`,
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            if (false) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '08000',
-                    message: 'client certificate is invalid',
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            const isValid = false;
-            if (!isValid) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '08000',
-                    message: 'client certificate is invalid',
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            this.completed = true;
-        });
-    }
-    createInitialAuthMessage() {
-        return undefined;
-    }
-    get isCompleted() {
-        return this.completed;
-    }
-}
-exports.CertAuthFlow = CertAuthFlow;

package/lib/emulator/dataconnect/pg-gateway/auth/index.js

@@ -1,22 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.createAuthFlow = void 0;
-const cert_1 = require("./cert");
-const md5_1 = require("./md5");
-const password_1 = require("./password");
-const scram_sha_256_1 = require("./sasl/scram-sha-256");
-function createAuthFlow(options) {
-    switch (options.auth.method) {
-        case 'password':
-            return new password_1.PasswordAuthFlow(Object.assign(Object.assign({}, options), { auth: options.auth }));
-        case 'md5':
-            return new md5_1.Md5AuthFlow(Object.assign(Object.assign({}, options), { auth: options.auth }));
-        case 'scram-sha-256':
-            return new scram_sha_256_1.ScramSha256AuthFlow(Object.assign(Object.assign({}, options), { auth: options.auth }));
-        case 'cert':
-            return new cert_1.CertAuthFlow(Object.assign(Object.assign({}, options), { auth: options.auth }));
-        default:
-            throw new Error(`Unsupported auth method: ${options.auth.method}`);
-    }
-}
-exports.createAuthFlow = createAuthFlow;

package/lib/emulator/dataconnect/pg-gateway/auth/md5.js

@@ -1,135 +0,0 @@
-"use strict";
-var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
-var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
-    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
-    var g = generator.apply(thisArg, _arguments || []), i, q = [];
-    return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
-    function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
-    function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
-    function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
-    function fulfill(value) { resume("next", value); }
-    function reject(value) { resume("throw", value); }
-    function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.validateBinaryLike = exports.encodeHex = exports.concat = exports.createPreHashedPassword = exports.generateMd5Salt = exports.md5 = exports.hashPreHashedPassword = exports.Md5AuthFlow = void 0;
-const backend_error_1 = require("../backend-error");
-const connection_1 = require("../connection");
-const message_codes_1 = require("../message-codes");
-const base_auth_flow_1 = require("./base-auth-flow");
-class Md5AuthFlow extends base_auth_flow_1.BaseAuthFlow {
-    constructor(params) {
-        var _a;
-        super(params);
-        this.completed = false;
-        this.auth = Object.assign(Object.assign({}, params.auth), { validateCredentials: (_a = params.auth.validateCredentials) !== null && _a !== void 0 ? _a : (async ({ preHashedPassword, hashedPassword, salt }) => {
-                const expectedHashedPassword = await hashPreHashedPassword(preHashedPassword, salt);
-                return hashedPassword === expectedHashedPassword;
-            }) });
-        this.username = params.username;
-        this.salt = generateMd5Salt();
-    }
-    handleClientMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientMessage_1() {
-            const length = this.reader.int32();
-            const hashedPassword = this.reader.cstring();
-            const preHashedPassword = yield __await(this.auth.getPreHashedPassword({
-                username: this.username,
-            }, this.connectionState));
-            const isValid = yield __await(this.auth.validateCredentials({
-                username: this.username,
-                hashedPassword,
-                preHashedPassword,
-                salt: this.salt,
-            }, this.connectionState));
-            if (!isValid) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '28P01',
-                    message: `password authentication failed for user "${this.username}"`,
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            this.completed = true;
-        });
-    }
-    createInitialAuthMessage() {
-        return this.createAuthenticationMD5Password();
-    }
-    get isCompleted() {
-        return this.completed;
-    }
-    createAuthenticationMD5Password() {
-        this.writer.addInt32(5);
-        this.writer.add(Buffer.from(this.salt));
-        return this.writer.flush(message_codes_1.BackendMessageCode.AuthenticationResponse);
-    }
-}
-exports.Md5AuthFlow = Md5AuthFlow;
-async function hashPreHashedPassword(preHashedPassword, salt) {
-    const hash = await md5(concat([
-        new TextEncoder().encode(preHashedPassword),
-        salt instanceof ArrayBuffer
-            ? new Uint8Array(salt)
-            : new Uint8Array(salt.buffer, salt.byteOffset, salt.byteLength),
-    ]));
-    return `md5${hash}`;
-}
-exports.hashPreHashedPassword = hashPreHashedPassword;
-async function md5(value) {
-    const hash = await crypto.subtle.digest('MD5', typeof value === 'string' ? new TextEncoder().encode(value) : value);
-    return encodeHex(hash);
-}
-exports.md5 = md5;
-function generateMd5Salt() {
-    const salt = new Uint8Array(4);
-    crypto.getRandomValues(salt);
-    return salt;
-}
-exports.generateMd5Salt = generateMd5Salt;
-async function createPreHashedPassword(username, password) {
-    return await md5(`${password}${username}`);
-}
-exports.createPreHashedPassword = createPreHashedPassword;
-function concat(buffers) {
-    let length = 0;
-    for (const buffer of buffers) {
-        length += buffer.length;
-    }
-    const output = new Uint8Array(length);
-    let index = 0;
-    for (const buffer of buffers) {
-        output.set(buffer, index);
-        index += buffer.length;
-    }
-    return output;
-}
-exports.concat = concat;
-const hexTable = new TextEncoder().encode("0123456789abcdef");
-const textEncoder = new TextEncoder();
-const textDecoder = new TextDecoder();
-function encodeHex(src) {
-    const u8 = validateBinaryLike(src);
-    const dst = new Uint8Array(u8.length * 2);
-    for (let i = 0; i < u8.length; i++) {
-        const v = u8[i];
-        dst[i * 2] = hexTable[v >> 4];
-        dst[i * 2 + 1] = hexTable[v & 0x0f];
-    }
-    return textDecoder.decode(dst);
-}
-exports.encodeHex = encodeHex;
-function validateBinaryLike(source) {
-    if (typeof source === "string") {
-        return textEncoder.encode(source);
-    }
-    else if (source instanceof Uint8Array) {
-        return source;
-    }
-    else if (source instanceof ArrayBuffer) {
-        return new Uint8Array(source);
-    }
-    throw new TypeError(`Cannot validate the input as it must be a Uint8Array, a string, or an ArrayBuffer`);
-}
-exports.validateBinaryLike = validateBinaryLike;

package/lib/emulator/dataconnect/pg-gateway/auth/password.js

@@ -1,65 +0,0 @@
-"use strict";
-var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
-var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
-    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
-    var g = generator.apply(thisArg, _arguments || []), i, q = [];
-    return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
-    function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
-    function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
-    function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
-    function fulfill(value) { resume("next", value); }
-    function reject(value) { resume("throw", value); }
-    function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.PasswordAuthFlow = void 0;
-const backend_error_1 = require("../backend-error");
-const connection_1 = require("../connection");
-const message_codes_1 = require("../message-codes");
-const base_auth_flow_1 = require("./base-auth-flow");
-class PasswordAuthFlow extends base_auth_flow_1.BaseAuthFlow {
-    constructor(params) {
-        var _a;
-        super(params);
-        this.completed = false;
-        this.auth = Object.assign(Object.assign({}, params.auth), { validateCredentials: (_a = params.auth.validateCredentials) !== null && _a !== void 0 ? _a : (async ({ password, clearTextPassword }) => {
-                return password === clearTextPassword;
-            }) });
-        this.username = params.username;
-    }
-    handleClientMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientMessage_1() {
-            const length = this.reader.int32();
-            const password = this.reader.cstring();
-            const clearTextPassword = yield __await(this.auth.getClearTextPassword({
-                username: this.username,
-            }, this.connectionState));
-            const isValid = yield __await(this.auth.validateCredentials({
-                username: this.username,
-                password,
-                clearTextPassword,
-            }, this.connectionState));
-            if (!isValid) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '28P01',
-                    message: `password authentication failed for user "${this.username}"`,
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            this.completed = true;
-        });
-    }
-    createInitialAuthMessage() {
-        return this.createAuthenticationCleartextPassword();
-    }
-    get isCompleted() {
-        return this.completed;
-    }
-    createAuthenticationCleartextPassword() {
-        this.writer.addInt32(3);
-        return this.writer.flush(message_codes_1.BackendMessageCode.AuthenticationResponse);
-    }
-}
-exports.PasswordAuthFlow = PasswordAuthFlow;

package/lib/emulator/dataconnect/pg-gateway/auth/sasl/sasl-mechanism.js

@@ -1,34 +0,0 @@
-"use strict";
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.SaslMechanism = void 0;
-const message_codes_1 = require("../../message-codes");
-const SaslMessageCode = {
-    AuthenticationSASL: 10,
-    AuthenticationSASLContinue: 11,
-    AuthenticationSASLFinal: 12,
-};
-class SaslMechanism {
-    constructor(params) {
-        this.writer = params.writer;
-    }
-    createAuthenticationSASL() {
-        const mechanisms = ['SCRAM-SHA-256'];
-        this.writer.addInt32(SaslMessageCode.AuthenticationSASL);
-        for (const mechanism of mechanisms) {
-            this.writer.addCString(mechanism);
-        }
-        this.writer.addCString('');
-        return this.writer.flush(message_codes_1.BackendMessageCode.AuthenticationResponse);
-    }
-    createAuthenticationSASLContinue(message) {
-        this.writer.addInt32(SaslMessageCode.AuthenticationSASLContinue);
-        this.writer.addString(message);
-        return this.writer.flush(message_codes_1.BackendMessageCode.AuthenticationResponse);
-    }
-    createAuthenticationSASLFinal(message) {
-        this.writer.addInt32(SaslMessageCode.AuthenticationSASLFinal);
-        this.writer.addString(message);
-        return this.writer.flush(message_codes_1.BackendMessageCode.AuthenticationResponse);
-    }
-}
-exports.SaslMechanism = SaslMechanism;

package/lib/emulator/dataconnect/pg-gateway/auth/sasl/scram-sha-256.js

@@ -1,298 +0,0 @@
-"use strict";
-var __asyncValues = (this && this.__asyncValues) || function (o) {
-    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
-    var m = o[Symbol.asyncIterator], i;
-    return m ? m.call(o) : (o = typeof __values === "function" ? __values(o) : o[Symbol.iterator](), i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i);
-    function verb(n) { i[n] = o[n] && function (v) { return new Promise(function (resolve, reject) { v = o[n](v), settle(resolve, reject, v.done, v.value); }); }; }
-    function settle(resolve, reject, d, v) { Promise.resolve(v).then(function(v) { resolve({ value: v, done: d }); }, reject); }
-};
-var __await = (this && this.__await) || function (v) { return this instanceof __await ? (this.v = v, this) : new __await(v); }
-var __asyncDelegator = (this && this.__asyncDelegator) || function (o) {
-    var i, p;
-    return i = {}, verb("next"), verb("throw", function (e) { throw e; }), verb("return"), i[Symbol.iterator] = function () { return this; }, i;
-    function verb(n, f) { i[n] = o[n] ? function (v) { return (p = !p) ? { value: __await(o[n](v)), done: n === "return" } : f ? f(v) : v; } : f; }
-};
-var __asyncGenerator = (this && this.__asyncGenerator) || function (thisArg, _arguments, generator) {
-    if (!Symbol.asyncIterator) throw new TypeError("Symbol.asyncIterator is not defined.");
-    var g = generator.apply(thisArg, _arguments || []), i, q = [];
-    return i = {}, verb("next"), verb("throw"), verb("return"), i[Symbol.asyncIterator] = function () { return this; }, i;
-    function verb(n) { if (g[n]) i[n] = function (v) { return new Promise(function (a, b) { q.push([n, v, a, b]) > 1 || resume(n, v); }); }; }
-    function resume(n, v) { try { step(g[n](v)); } catch (e) { settle(q[0][3], e); } }
-    function step(r) { r.value instanceof __await ? Promise.resolve(r.value.v).then(fulfill, reject) : settle(q[0][2], r); }
-    function fulfill(value) { resume("next", value); }
-    function reject(value) { resume("throw", value); }
-    function settle(f, v) { if (f(v), q.shift(), q.length) resume(q[0][0], q[0][1]); }
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-exports.decodeBase64 = exports.encodeBase64 = exports.ScramSha256AuthFlow = exports.verifyScramSha256Password = exports.createScramSha256Data = void 0;
-const backend_error_1 = require("../../backend-error");
-const connection_1 = require("../../connection");
-const crypto_1 = require("../../crypto");
-const sasl_mechanism_1 = require("./sasl-mechanism");
-async function createScramSha256Data(password, iterations = 4096) {
-    const salt = new Uint8Array(16);
-    crypto.getRandomValues(salt);
-    const saltedPassword = await (0, crypto_1.pbkdf2)(password, salt, iterations, 32, 'SHA-256');
-    const clientKey = await (0, crypto_1.createHmacKey)(saltedPassword, 'Client Key', 'SHA-256');
-    const storedKey = await (0, crypto_1.createHashKey)(clientKey, 'SHA-256');
-    const serverKey = await (0, crypto_1.createHmacKey)(saltedPassword, 'Server Key', 'SHA-256');
-    return {
-        salt: encodeBase64(salt),
-        iterations,
-        storedKey: encodeBase64(storedKey),
-        serverKey: encodeBase64(serverKey),
-    };
-}
-exports.createScramSha256Data = createScramSha256Data;
-async function verifyScramSha256Password(params) {
-    const { authMessage, clientProof, storedKey } = params;
-    const clientProofBuffer = decodeBase64(clientProof);
-    const storedKeyBuffer = decodeBase64(storedKey);
-    const clientSignature = await (0, crypto_1.createHmacKey)(storedKeyBuffer, authMessage, 'SHA-256');
-    const clientSignatureView = new Uint8Array(clientSignature);
-    const clientKey = new Uint8Array(clientProofBuffer.length);
-    for (let i = 0; i < clientProofBuffer.length; i++) {
-        clientKey[i] = clientProofBuffer[i] ^ clientSignatureView[i];
-    }
-    const computedStoredKey = await (0, crypto_1.createHashKey)(clientKey, 'SHA-256');
-    return await (0, crypto_1.timingSafeEqual)(storedKeyBuffer, computedStoredKey);
-}
-exports.verifyScramSha256Password = verifyScramSha256Password;
-const ScramSha256Step = {
-    Initial: 'Initial',
-    ServerFirstMessage: 'ServerFirstMessage',
-    ServerFinalMessage: 'ServerFinalMessage',
-    Completed: 'Completed',
-};
-class ScramSha256AuthFlow extends sasl_mechanism_1.SaslMechanism {
-    constructor(params) {
-        var _a;
-        super({ writer: params.writer });
-        this.step = ScramSha256Step.Initial;
-        this.username = params.username;
-        this.auth = Object.assign(Object.assign({}, params.auth), { validateCredentials: (_a = params.auth.validateCredentials) !== null && _a !== void 0 ? _a : (async ({ authMessage, clientProof, scramSha256Data }) => {
-                return verifyScramSha256Password({
-                    authMessage,
-                    clientProof,
-                    storedKey: scramSha256Data.storedKey,
-                });
-            }) });
-        this.reader = params.reader;
-        this.connectionState = params.connectionState;
-    }
-    async getScramSha256Data(params) {
-        if (!this.scramSha256Data) {
-            this.scramSha256Data = await this.auth.getScramSha256Data(params, this.connectionState);
-        }
-        return this.scramSha256Data;
-    }
-    createInitialAuthMessage() {
-        return this.createAuthenticationSASL();
-    }
-    handleClientMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientMessage_1() {
-            switch (this.step) {
-                case ScramSha256Step.Initial:
-                    return yield __await(yield __await(yield* __asyncDelegator(__asyncValues(this.handleClientFirstMessage(message)))));
-                case ScramSha256Step.ServerFirstMessage:
-                    return yield __await(yield __await(yield* __asyncDelegator(__asyncValues(this.handleClientFinalMessage(message)))));
-                default:
-                    throw new Error('Unexpected SCRAM-SHA-256 authentication step');
-            }
-        });
-    }
-    handleClientFirstMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientFirstMessage_1() {
-            const length = this.reader.int32();
-            const saslMechanism = this.reader.cstring();
-            if (saslMechanism !== 'SCRAM-SHA-256') {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '28000',
-                    message: 'Unsupported SASL authentication mechanism',
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-            const responseLength = this.reader.int32();
-            const clientFirstMessage = this.reader.string(responseLength);
-            const serverFirstMessage = yield __await(this.createServerFirstMessage(clientFirstMessage));
-            this.step = ScramSha256Step.ServerFirstMessage;
-            yield yield __await(this.createAuthenticationSASLContinue(serverFirstMessage));
-        });
-    }
-    async createServerFirstMessage(clientFirstMessage) {
-        var _a;
-        const clientFirstMessageParts = clientFirstMessage.split(',');
-        this.clientFirstMessageBare = clientFirstMessageParts.slice(2).join(',');
-        const clientNonce = ((_a = clientFirstMessageParts.find((part) => part.startsWith('r='))) === null || _a === void 0 ? void 0 : _a.substring(2)) || '';
-        const serverNoncePart = new Uint8Array(18);
-        crypto.getRandomValues(serverNoncePart);
-        this.serverNonce = clientNonce + encodeBase64(serverNoncePart);
-        const { salt, iterations } = await this.getScramSha256Data({
-            username: this.username,
-        });
-        this.serverFirstMessage = `r=${this.serverNonce},s=${salt},i=${iterations}`;
-        return this.serverFirstMessage;
-    }
-    handleClientFinalMessage(message) {
-        return __asyncGenerator(this, arguments, function* handleClientFinalMessage_1() {
-            try {
-                const serverFinalMessage = yield __await(this.createServerFinalMessage(message));
-                this.step = ScramSha256Step.Completed;
-                yield yield __await(this.createAuthenticationSASLFinal(serverFinalMessage));
-            }
-            catch (error) {
-                yield yield __await((0, backend_error_1.createBackendErrorMessage)({
-                    severity: 'FATAL',
-                    code: '28000',
-                    message: error.message,
-                }));
-                yield yield __await(connection_1.closeSignal);
-                return yield __await(void 0);
-            }
-        });
-    }
-    get isCompleted() {
-        return this.step === ScramSha256Step.Completed;
-    }
-    async createServerFinalMessage(message) {
-        var _a, _b, _c;
-        const length = this.reader.int32();
-        const stringLength = length - 4;
-        const clientFinalMessage = this.reader.string(stringLength);
-        const clientFinalMessageParts = clientFinalMessage.split(',');
-        const channelBinding = (_a = clientFinalMessageParts
-            .find((part) => part.startsWith('c='))) === null || _a === void 0 ? void 0 : _a.substring(2);
-        const fullNonce = (_b = clientFinalMessageParts.find((part) => part.startsWith('r='))) === null || _b === void 0 ? void 0 : _b.substring(2);
-        const clientProof = (_c = clientFinalMessageParts.find((part) => part.startsWith('p='))) === null || _c === void 0 ? void 0 : _c.substring(2);
-        if (!channelBinding || !fullNonce || !clientProof) {
-            throw new Error('Invalid client final message');
-        }
-        if (fullNonce !== this.serverNonce) {
-            throw new Error('Nonce mismatch');
-        }
-        const clientFinalMessageWithoutProof = `c=${channelBinding},r=${fullNonce}`;
-        const authMessage = `${this.clientFirstMessageBare},${this.serverFirstMessage},${clientFinalMessageWithoutProof}`;
-        const data = await this.getScramSha256Data({
-            username: this.username,
-        });
-        const isValid = await this.auth.validateCredentials({
-            authMessage,
-            clientProof,
-            username: this.username,
-            scramSha256Data: data,
-        }, this.connectionState);
-        if (!isValid) {
-            throw new Error(`password authentication failed for user "${this.username}"`);
-        }
-        const serverKeyBuffer = decodeBase64(data.serverKey);
-        const serverSignature = await (0, crypto_1.createHmacKey)(serverKeyBuffer, authMessage, 'SHA-256');
-        return `v=${encodeBase64(serverSignature)}`;
-    }
-}
-exports.ScramSha256AuthFlow = ScramSha256AuthFlow;
-function encodeBase64(data) {
-    const uint8 = data;
-    let result = "";
-    let i;
-    const l = uint8.length;
-    for (i = 2; i < l; i += 3) {
-        result += base64abc[(uint8[i - 2]) >> 2];
-        result += base64abc[(((uint8[i - 2]) & 0x03) << 4) |
-            ((uint8[i - 1]) >> 4)];
-        result += base64abc[(((uint8[i - 1]) & 0x0f) << 2) |
-            ((uint8[i]) >> 6)];
-        result += base64abc[(uint8[i]) & 0x3f];
-    }
-    if (i === l + 1) {
-        result += base64abc[(uint8[i - 2]) >> 2];
-        result += base64abc[((uint8[i - 2]) & 0x03) << 4];
-        result += "==";
-    }
-    if (i === l) {
-        result += base64abc[(uint8[i - 2]) >> 2];
-        result += base64abc[(((uint8[i - 2]) & 0x03) << 4) |
-            ((uint8[i - 1]) >> 4)];
-        result += base64abc[((uint8[i - 1]) & 0x0f) << 2];
-        result += "=";
-    }
-    return result;
-}
-exports.encodeBase64 = encodeBase64;
-function decodeBase64(b64) {
-    const binString = atob(b64);
-    const size = binString.length;
-    const bytes = new Uint8Array(size);
-    for (let i = 0; i < size; i++) {
-        bytes[i] = binString.charCodeAt(i);
-    }
-    return bytes;
-}
-exports.decodeBase64 = decodeBase64;
-const base64abc = [
-    "A",
-    "B",
-    "C",
-    "D",
-    "E",
-    "F",
-    "G",
-    "H",
-    "I",
-    "J",
-    "K",
-    "L",
-    "M",
-    "N",
-    "O",
-    "P",
-    "Q",
-    "R",
-    "S",
-    "T",
-    "U",
-    "V",
-    "W",
-    "X",
-    "Y",
-    "Z",
-    "a",
-    "b",
-    "c",
-    "d",
-    "e",
-    "f",
-    "g",
-    "h",
-    "i",
-    "j",
-    "k",
-    "l",
-    "m",
-    "n",
-    "o",
-    "p",
-    "q",
-    "r",
-    "s",
-    "t",
-    "u",
-    "v",
-    "w",
-    "x",
-    "y",
-    "z",
-    "0",
-    "1",
-    "2",
-    "3",
-    "4",
-    "5",
-    "6",
-    "7",
-    "8",
-    "9",
-    "+",
-    "/",
-];