npm - ghc-proxy - Versions diffs - 0.4.1 → 0.5.0 - Mend

ghc-proxy 0.4.1 → 0.5.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/README.md +8 -8
package/dist/{file-type-BNd4XJK1.mjs → file-type-DlzWawJh.mjs} +129 -11
package/dist/file-type-DlzWawJh.mjs.map +1 -0
package/dist/main.mjs +209 -82
package/dist/main.mjs.map +1 -1
package/package.json +1 -1
package/dist/file-type-BNd4XJK1.mjs.map +0 -1

package/README.md CHANGED Viewed

@@ -96,14 +96,14 @@ See the [Claude Code settings docs](https://docs.anthropic.com/en/docs/claude-co
 ghc-proxy sits between your tools and the GitHub Copilot API:
 ```text
-┌─────────────┐      ┌───────────┐      ┌──────────────────────┐
-│ Claude Code  │──────│ ghc-proxy │──────│ api.githubcopilot.com│
-│ Cursor       │      │ :4141     │      │                      │
-│ Any client   │      │           │      │                      │
-└─────────────┘      └───────────┘      └──────────────────────┘
-   OpenAI or            Translates          GitHub Copilot
-   Anthropic            between              API
-   format               formats
+┌──────────────┐      ┌───────────┐      ┌───────────────────────┐
+│ Claude Code  │──────│ ghc-proxy │──────│ api.githubcopilot.com │
+│ Cursor       │      │ :4141     │      │                       │
+│ Any client   │      │           │      │                       │
+└──────────────┘      └───────────┘      └───────────────────────┘
+   OpenAI or           Translates           GitHub Copilot
+   Anthropic           between              API
+   format              formats
 ```
 The proxy authenticates with GitHub using the [device code OAuth flow](https://docs.github.com/en/apps/oauth-apps/building-oauth-apps/authorizing-oauth-apps#device-flow) (the same flow VS Code uses), then exchanges the GitHub token for a short-lived Copilot token that auto-refreshes.

package/dist/{file-type-BNd4XJK1.mjs → file-type-DlzWawJh.mjs} RENAMED Viewed

@@ -2376,12 +2376,20 @@ Primary entry point, Node.js specific entry point is index.js
 const reasonableDetectionSizeInBytes = 4100;
 const maximumMpegOffsetTolerance = reasonableDetectionSizeInBytes - 2;
 const maximumZipEntrySizeInBytes = 1024 * 1024;
+const maximumZipEntryCount = 1024;
+const maximumZipBufferedReadSizeInBytes = 2 ** 31 - 1;
 const maximumUntrustedSkipSizeInBytes = 16 * 1024 * 1024;
+const maximumZipTextEntrySizeInBytes = maximumZipEntrySizeInBytes;
 const maximumNestedGzipDetectionSizeInBytes = maximumUntrustedSkipSizeInBytes;
+const maximumNestedGzipProbeDepth = 1;
 const maximumId3HeaderSizeInBytes = maximumUntrustedSkipSizeInBytes;
 const maximumEbmlDocumentTypeSizeInBytes = 64;
 const maximumEbmlElementPayloadSizeInBytes = maximumUntrustedSkipSizeInBytes;
 const maximumEbmlElementCount = 256;
+const maximumPngChunkCount = 512;
+const maximumAsfHeaderObjectCount = 512;
+const maximumTiffTagCount = 512;
+const maximumDetectionReentryCount = 256;
 const maximumPngChunkSizeInBytes = maximumUntrustedSkipSizeInBytes;
 const maximumTiffIfdOffsetInBytes = maximumUntrustedSkipSizeInBytes;
 const recoverableZipErrorMessages = new Set([
@@ -2389,7 +2397,12 @@ const recoverableZipErrorMessages = new Set([
 	"Encrypted ZIP",
 	"Expected Central-File-Header signature"
 ]);
-const recoverableZipErrorMessagePrefixes = ["Unsupported ZIP compression method:", "ZIP entry decompressed data exceeds "];
+const recoverableZipErrorMessagePrefixes = [
+	"ZIP entry count exceeds ",
+	"Unsupported ZIP compression method:",
+	"ZIP entry compressed data exceeds ",
+	"ZIP entry decompressed data exceeds "
+];
 const recoverableZipErrorCodes = new Set([
 	"Z_BUF_ERROR",
 	"Z_DATA_ERROR",
@@ -2440,10 +2453,83 @@ async function decompressDeflateRawWithLimit(data, { maximumLength = maximumZipE
 	}
 	return uncompressedData;
 }
+const zipDataDescriptorSignature = 134695760;
+const zipDataDescriptorLengthInBytes = 16;
+const zipDataDescriptorOverlapLengthInBytes = zipDataDescriptorLengthInBytes - 1;
+function findZipDataDescriptorOffset(buffer, bytesConsumed) {
+	if (buffer.length < zipDataDescriptorLengthInBytes) return -1;
+	const lastPossibleDescriptorOffset = buffer.length - zipDataDescriptorLengthInBytes;
+	for (let index = 0; index <= lastPossibleDescriptorOffset; index++) if (UINT32_LE.get(buffer, index) === zipDataDescriptorSignature && UINT32_LE.get(buffer, index + 8) === bytesConsumed + index) return index;
+	return -1;
+}
+function mergeByteChunks(chunks, totalLength) {
+	const merged = new Uint8Array(totalLength);
+	let offset = 0;
+	for (const chunk of chunks) {
+		merged.set(chunk, offset);
+		offset += chunk.length;
+	}
+	return merged;
+}
+async function readZipDataDescriptorEntryWithLimit(zipHandler, { shouldBuffer, maximumLength = maximumZipEntrySizeInBytes } = {}) {
+	const { syncBuffer } = zipHandler;
+	const { length: syncBufferLength } = syncBuffer;
+	const chunks = [];
+	let bytesConsumed = 0;
+	for (;;) {
+		const length = await zipHandler.tokenizer.peekBuffer(syncBuffer, { mayBeLess: true });
+		const dataDescriptorOffset = findZipDataDescriptorOffset(syncBuffer.subarray(0, length), bytesConsumed);
+		const retainedLength = dataDescriptorOffset >= 0 ? 0 : length === syncBufferLength ? Math.min(zipDataDescriptorOverlapLengthInBytes, length - 1) : 0;
+		const chunkLength = dataDescriptorOffset >= 0 ? dataDescriptorOffset : length - retainedLength;
+		if (chunkLength === 0) break;
+		bytesConsumed += chunkLength;
+		if (bytesConsumed > maximumLength) throw new Error(`ZIP entry compressed data exceeds ${maximumLength} bytes`);
+		if (shouldBuffer) {
+			const data = new Uint8Array(chunkLength);
+			await zipHandler.tokenizer.readBuffer(data);
+			chunks.push(data);
+		} else await zipHandler.tokenizer.ignore(chunkLength);
+		if (dataDescriptorOffset >= 0) break;
+	}
+	if (!shouldBuffer) return;
+	return mergeByteChunks(chunks, bytesConsumed);
+}
+async function readZipEntryData(zipHandler, zipHeader, { shouldBuffer } = {}) {
+	if (zipHeader.dataDescriptor && zipHeader.compressedSize === 0) return readZipDataDescriptorEntryWithLimit(zipHandler, { shouldBuffer });
+	if (!shouldBuffer) {
+		await zipHandler.tokenizer.ignore(zipHeader.compressedSize);
+		return;
+	}
+	const maximumLength = getMaximumZipBufferedReadLength(zipHandler.tokenizer);
+	if (!Number.isFinite(zipHeader.compressedSize) || zipHeader.compressedSize < 0 || zipHeader.compressedSize > maximumLength) throw new Error(`ZIP entry compressed data exceeds ${maximumLength} bytes`);
+	const fileData = new Uint8Array(zipHeader.compressedSize);
+	await zipHandler.tokenizer.readBuffer(fileData);
+	return fileData;
+}
 ZipHandler.prototype.inflate = async function(zipHeader, fileData, callback) {
 	if (zipHeader.compressedMethod === 0) return callback(fileData);
 	if (zipHeader.compressedMethod !== 8) throw new Error(`Unsupported ZIP compression method: ${zipHeader.compressedMethod}`);
-	return callback(await decompressDeflateRawWithLimit(fileData, { maximumLength: hasUnknownFileSize(this.tokenizer) ? maximumZipEntrySizeInBytes : Number.MAX_SAFE_INTEGER }));
+	return callback(await decompressDeflateRawWithLimit(fileData, { maximumLength: maximumZipEntrySizeInBytes }));
+};
+ZipHandler.prototype.unzip = async function(fileCallback) {
+	let stop = false;
+	let zipEntryCount = 0;
+	do {
+		const zipHeader = await this.readLocalFileHeader();
+		if (!zipHeader) break;
+		zipEntryCount++;
+		if (zipEntryCount > maximumZipEntryCount) throw new Error(`ZIP entry count exceeds ${maximumZipEntryCount}`);
+		const next = fileCallback(zipHeader);
+		stop = Boolean(next.stop);
+		await this.tokenizer.ignore(zipHeader.extraFieldLength);
+		const fileData = await readZipEntryData(this, zipHeader, { shouldBuffer: Boolean(next.handler) });
+		if (next.handler) await this.inflate(zipHeader, fileData, next.handler);
+		if (zipHeader.dataDescriptor) {
+			const dataDescriptor = new Uint8Array(zipDataDescriptorLengthInBytes);
+			await this.tokenizer.readBuffer(dataDescriptor);
+			if (UINT32_LE.get(dataDescriptor, 0) !== zipDataDescriptorSignature) throw new Error(`Expected data-descriptor-signature at position ${this.tokenizer.position - dataDescriptor.length}`);
+		}
+	} while (!stop);
 };
 function createByteLimitedReadableStream(stream, maximumBytes) {
 	const reader = stream.getReader();
@@ -2622,12 +2708,17 @@ function hasUnknownFileSize(tokenizer) {
 function hasExceededUnknownSizeScanBudget(tokenizer, startOffset, maximumBytes) {
 	return hasUnknownFileSize(tokenizer) && tokenizer.position - startOffset > maximumBytes;
 }
+function getMaximumZipBufferedReadLength(tokenizer) {
+	const fileSize = tokenizer.fileInfo.size;
+	const remainingBytes = Number.isFinite(fileSize) ? Math.max(0, fileSize - tokenizer.position) : Number.MAX_SAFE_INTEGER;
+	return Math.min(remainingBytes, maximumZipBufferedReadSizeInBytes);
+}
 function isRecoverableZipError(error) {
 	if (error instanceof EndOfStreamError) return true;
 	if (error instanceof ParserHardLimitError) return true;
 	if (!(error instanceof Error)) return false;
 	if (recoverableZipErrorMessages.has(error.message)) return true;
-	if (error instanceof TypeError && recoverableZipErrorCodes.has(error.code)) return true;
+	if (recoverableZipErrorCodes.has(error.code)) return true;
 	for (const prefix of recoverableZipErrorMessagePrefixes) if (error.message.startsWith(prefix)) return true;
 	return false;
 }
@@ -2703,8 +2794,13 @@ var FileTypeParser = class {
 			}
 		];
 		this.tokenizerOptions = { abortSignal: this.options.signal };
+		this.gzipProbeDepth = 0;
 	}
-	async fromTokenizer(tokenizer) {
+	getTokenizerOptions() {
+		return { ...this.tokenizerOptions };
+	}
+	async fromTokenizer(tokenizer, detectionReentryCount = 0) {
+		this.detectionReentryCount = detectionReentryCount;
 		const initialPosition = tokenizer.position;
 		for (const detector of this.detectors) {
 			let fileType;
@@ -2723,10 +2819,10 @@ var FileTypeParser = class {
 		if (!(input instanceof Uint8Array || input instanceof ArrayBuffer)) throw new TypeError(`Expected the \`input\` argument to be of type \`Uint8Array\` or \`ArrayBuffer\`, got \`${typeof input}\``);
 		const buffer = input instanceof Uint8Array ? input : new Uint8Array(input);
 		if (!(buffer?.length > 1)) return;
-		return this.fromTokenizer(fromBuffer(buffer, this.tokenizerOptions));
+		return this.fromTokenizer(fromBuffer(buffer, this.getTokenizerOptions()));
 	}
 	async fromBlob(blob) {
-		const tokenizer = fromBlob(blob, this.tokenizerOptions);
+		const tokenizer = fromBlob(blob, this.getTokenizerOptions());
 		try {
 			return await this.fromTokenizer(tokenizer);
 		} finally {
@@ -2734,7 +2830,7 @@ var FileTypeParser = class {
 		}
 	}
 	async fromStream(stream) {
-		const tokenizer = fromWebStream(stream, this.tokenizerOptions);
+		const tokenizer = fromWebStream(stream, this.getTokenizerOptions());
 		try {
 			return await this.fromTokenizer(tokenizer);
 		} finally {
@@ -2832,6 +2928,8 @@ var FileTypeParser = class {
 			187,
 			191
 		])) {
+			if (this.detectionReentryCount >= maximumDetectionReentryCount) return;
+			this.detectionReentryCount++;
 			await this.tokenizer.ignore(3);
 			return this.detectConfident(tokenizer);
 		}
@@ -2856,12 +2954,19 @@ var FileTypeParser = class {
 			139,
 			8
 		])) {
+			if (this.gzipProbeDepth >= maximumNestedGzipProbeDepth) return {
+				ext: "gz",
+				mime: "application/gzip"
+			};
 			const limitedInflatedStream = createByteLimitedReadableStream(new GzipHandler(tokenizer).inflate(), maximumNestedGzipDetectionSizeInBytes);
 			let compressedFileType;
 			try {
+				this.gzipProbeDepth++;
 				compressedFileType = await this.fromStream(limitedInflatedStream);
 			} catch (error) {
 				if (error?.name === "AbortError") throw error;
+			} finally {
+				this.gzipProbeDepth--;
 			}
 			if (compressedFileType?.ext === "tar") return {
 				ext: "tar.gz",
@@ -2904,7 +3009,9 @@ var FileTypeParser = class {
 				if (error instanceof EndOfStreamError) return;
 				throw error;
 			}
-			return this.fromTokenizer(tokenizer);
+			if (this.detectionReentryCount >= maximumDetectionReentryCount) return;
+			this.detectionReentryCount++;
+			return this.fromTokenizer(tokenizer, this.detectionReentryCount);
 		}
 		if (this.checkString("MP+")) return {
 			ext: "mpc",
@@ -2988,7 +3095,7 @@ var FileTypeParser = class {
 							};
 							return { stop: true };
 						case "mimetype":
-							if (!canReadZipEntryForDetection(zipHeader)) return {};
+							if (!canReadZipEntryForDetection(zipHeader, maximumZipTextEntrySizeInBytes)) return {};
 							return {
 								async handler(fileData) {
 									fileType = getFileTypeFromMimeType(new TextDecoder("utf-8").decode(fileData).trim());
@@ -2997,7 +3104,7 @@ var FileTypeParser = class {
 							};
 						case "[Content_Types].xml":
 							openXmlState.hasContentTypesEntry = true;
-							if (!canReadZipEntryForDetection(zipHeader, hasUnknownFileSize(tokenizer) ? maximumZipEntrySizeInBytes : Number.MAX_SAFE_INTEGER)) {
+							if (!canReadZipEntryForDetection(zipHeader, maximumZipTextEntrySizeInBytes)) {
 								openXmlState.hasUnparseableContentTypes = true;
 								return {};
 							}
@@ -3242,6 +3349,7 @@ var FileTypeParser = class {
 				while (children > 0) {
 					ebmlElementCount++;
 					if (ebmlElementCount > maximumEbmlElementCount) return;
+					const previousPosition = tokenizer.position;
 					const element = await readElement();
 					if (element.id === 17026) {
 						if (element.len > maximumEbmlDocumentTypeSizeInBytes) return;
@@ -3254,6 +3362,7 @@ var FileTypeParser = class {
 						reason: "EBML payload"
 					});
 					--children;
+					if (tokenizer.position <= previousPosition) return;
 				}
 			}
 			switch (await readChildren((await readElement()).len)) {
@@ -3572,8 +3681,12 @@ var FileTypeParser = class {
 			}
 			const isUnknownPngStream = hasUnknownFileSize(tokenizer);
 			const pngScanStart = tokenizer.position;
+			let pngChunkCount = 0;
 			do {
+				pngChunkCount++;
+				if (pngChunkCount > maximumPngChunkCount) break;
 				if (hasExceededUnknownSizeScanBudget(tokenizer, pngScanStart, maximumPngChunkSizeInBytes)) break;
+				const previousPosition = tokenizer.position;
 				const chunk = await readChunkHeader();
 				if (chunk.length < 0) return;
 				switch (chunk.type) {
@@ -3591,6 +3704,7 @@ var FileTypeParser = class {
 							throw error;
 						}
 				}
+				if (tokenizer.position <= previousPosition) break;
 			} while (tokenizer.position + 8 < tokenizer.fileInfo.size);
 			return pngFileType;
 		}
@@ -3836,7 +3950,10 @@ var FileTypeParser = class {
 				});
 				const isUnknownFileSize = hasUnknownFileSize(tokenizer);
 				const asfHeaderScanStart = tokenizer.position;
+				let asfHeaderObjectCount = 0;
 				while (tokenizer.position + 24 < tokenizer.fileInfo.size) {
+					asfHeaderObjectCount++;
+					if (asfHeaderObjectCount > maximumAsfHeaderObjectCount) break;
 					if (hasExceededUnknownSizeScanBudget(tokenizer, asfHeaderScanStart, maximumUntrustedSkipSizeInBytes)) break;
 					const previousPosition = tokenizer.position;
 					const header = await readHeader();
@@ -4419,6 +4536,7 @@ var FileTypeParser = class {
 	}
 	async readTiffIFD(bigEndian) {
 		const numberOfTags = await this.tokenizer.readToken(bigEndian ? UINT16_BE : UINT16_LE);
+		if (numberOfTags > maximumTiffTagCount) return;
 		if (hasUnknownFileSize(this.tokenizer) && 2 + numberOfTags * 12 > maximumTiffIfdOffsetInBytes) return;
 		for (let n = 0; n < numberOfTags; ++n) {
 			const fileType = await this.readTiffTag(bigEndian);
@@ -4524,4 +4642,4 @@ const supportedMimeTypes = new Set(mimeTypes);
 //#endregion
 export { fileTypeFromBlob };
-//# sourceMappingURL=file-type-BNd4XJK1.mjs.map
+//# sourceMappingURL=file-type-DlzWawJh.mjs.map