mailauth 4.6.8 → 4.7.0

package/CHANGELOG.md

@@ -1,5 +1,20 @@
 # Changelog
 
+## [4.7.0](https://github.com/postalsys/mailauth/compare/v4.6.9...v4.7.0) (2024-10-02)
+
+
+### Features
+
+* **dkim-sign:** Added new Transfor stream class DkimSignStream to sign emails in a stream processing pipeline ([130a1a3](https://github.com/postalsys/mailauth/commit/130a1a3812fac2ad710f244510ca60887c2d33a9))
+
+## [4.6.9](https://github.com/postalsys/mailauth/compare/v4.6.8...v4.6.9) (2024-08-22)
+
+
+### Bug Fixes
+
+* **deps:** Removed uuid dependency in favor of crypto.randomUUID() ([0b5d8f5](https://github.com/postalsys/mailauth/commit/0b5d8f5328d0b82f75daea7fdbd74e1e76e8b642))
+* **dkim-relaxed:** Faster DKIM hash calculation for relaxed body if the body contains extremely long lines ([fd8c89e](https://github.com/postalsys/mailauth/commit/fd8c89edd87a114464f99ebf79a1e903a8287876))
+
 ## [4.6.8](https://github.com/postalsys/mailauth/compare/v4.6.7...v4.6.8) (2024-06-04)
 
 

package/README.md

@@ -157,6 +157,52 @@ DKIM-Signature: a=rsa-sha256; v=1; c=relaxed/relaxed; d=tahvel.info;
 From: ...
 ```
 
+### Signing as a PassThrough Stream
+
+Use `DkimSignStream` stream if you want to use DKIM signing as part of a stream processing pipeline.
+
+```js
+const { DkimSignStream } = require('mailauth/lib/dkim/sign');
+
+const dkimSignStream = new DkimSignStream({
+    // Optional, default canonicalization, default is "relaxed/relaxed"
+    canonicalization: 'relaxed/relaxed', // c=
+
+    // Optional, default signing and hashing algorithm
+    // Mostly useful when you want to use rsa-sha1, otherwise no need to set
+    algorithm: 'rsa-sha256',
+
+    // Optional, default is current time
+    signTime: new Date(), // t=
+
+    // Keys for one or more signatures
+    // Different signatures can use different algorithms (mostly useful when
+    // you want to sign a message both with RSA and Ed25519)
+    signatureData: [
+        {
+            signingDomain: 'tahvel.info', // d=
+            selector: 'test.rsa', // s=
+            // supported key types: RSA, Ed25519
+            privateKey: fs.readFileSync('./test/fixtures/private-rsa.pem'),
+
+            // Optional algorithm, default is derived from the key.
+            // Overrides whatever was set in parent object
+            algorithm: 'rsa-sha256',
+
+            // Optional signature specifc canonicalization, overrides whatever was set in parent object
+            canonicalization: 'relaxed/relaxed' // c=
+
+            // Maximum number of canonicalized body bytes to sign (eg. the "l=" tag).
+            // Do not use though. This is available only for compatibility testing.
+            // maxBodyLength: 12345
+        }
+    ]
+});
+
+// Writes a signed message to the output
+process.stdin.pipe(dkimSignStream).pipe(process.stdout);
+```
+
 ### Verifying
 
 ```js

package/lib/dkim/body/relaxed.js

@@ -122,24 +122,36 @@ class RelaxedHash {
         this._updateBodyHash(chunk);
     }
 
+    /**
+     * Performs the following modifications for a single line:
+     *  - Replace all <LF> chars with <CR><LF>
+     *  - Replace all spaces and tabs with a single space.
+     *  - Remove trailing whitespace
+     * @param {Buffer} line
+     * @returns {Buffer} fixed line
+     */
     fixLineBuffer(line) {
-        let resultLine = [];
+        // Allocate maximum expected buffer length
+        // If the line is only filled with <LF> bytes then we need 2 times the size of the line
+        let lineBuf = Buffer.alloc(line.length * 2);
+        // Start processing the line from the end to beginning
+        let writePos = lineBuf.length - 1;
 
         let nonWspFound = false;
         let prevWsp = false;
 
         for (let i = line.length - 1; i >= 0; i--) {
             if (line[i] === CHAR_LF) {
-                resultLine.unshift(line[i]);
+                lineBuf[writePos--] = line[i];
                 if (i === 0 || line[i - 1] !== CHAR_CR) {
                     // add missing carriage return
-                    resultLine.unshift(CHAR_CR);
+                    lineBuf[writePos--] = CHAR_CR;
                 }
                 continue;
             }
 
             if (line[i] === CHAR_CR) {
-                resultLine.unshift(line[i]);
+                lineBuf[writePos--] = line[i];
                 continue;
             }
 
@@ -151,19 +163,19 @@ class RelaxedHash {
             }
 
             if (prevWsp) {
-                resultLine.unshift(CHAR_SPACE);
+                lineBuf[writePos--] = CHAR_SPACE;
                 prevWsp = false;
             }
 
             nonWspFound = true;
-            resultLine.unshift(line[i]);
+            lineBuf[writePos--] = line[i];
         }
 
         if (prevWsp && nonWspFound) {
-            resultLine.unshift(CHAR_SPACE);
+            lineBuf[writePos--] = CHAR_SPACE;
         }
 
-        return Buffer.from(resultLine);
+        return lineBuf.subarray(writePos + 1);
     }
 
     update(chunk, final) {

package/lib/dkim/dkim-verifier.js

@@ -8,7 +8,6 @@ const { generateCanonicalizedHeader } = require('./header');
 const { getARChain } = require('../arc');
 const addressparser = require('nodemailer/lib/addressparser');
 const crypto = require('node:crypto');
-const { v4: uuidv4 } = require('uuid');
 const libmime = require('libmime');
 
 class DkimVerifier extends MessageParser {
@@ -333,7 +332,7 @@ class DkimVerifier extends MessageParser {
                 let result = {
                     id: signatureHeader.parsed?.b?.value
                         ? crypto.createHash('sha256').update(Buffer.from(signatureHeader.parsed?.b?.value, 'base64')).digest('hex')
-                        : uuidv4(),
+                        : crypto.randomUUID(),
                     signingDomain: signatureHeader.signingDomain,
                     selector: signatureHeader.selector,
                     signature: signatureHeader.parsed?.b?.value,

package/lib/dkim/sign.js

@@ -2,6 +2,7 @@
 
 const { writeToStream } = require('../../lib/tools');
 const { DkimSigner } = require('./dkim-signer');
+const { Transform } = require('node:stream');
 
 const dkimSign = async (input, options) => {
     let dkimSigner = new DkimSigner(options);
@@ -10,4 +11,67 @@ const dkimSign = async (input, options) => {
     return { signatures: dkimSigner.signatureHeaders.join('\r\n') + '\r\n', arc: dkimSigner.arc, errors: dkimSigner.errors };
 };
 
-module.exports = { dkimSign };
+class DkimSignStream extends Transform {
+    constructor(options) {
+        super(options);
+        this.signer = new DkimSigner(options);
+
+        this.chunks = [];
+        this.chunklen = 0;
+
+        this.errors = null;
+
+        this.finished = false;
+        this.finishCb = null;
+        this.signer.on('end', () => this.finishStream());
+        this.signer.on('finish', () => this.finishStream());
+        this.signer.on('error', err => {
+            this.finished = true;
+            this.destroy(err);
+        });
+    }
+
+    finishStream() {
+        if (this.finished || !this.finishCb) {
+            return;
+        }
+        this.finished = true;
+        let done = this.finishCb;
+        this.finishCb = null;
+
+        this.errors = this.signer.errors;
+
+        this.push(Buffer.from(this.signer.signatureHeaders.join('\r\n') + '\r\n'));
+        this.push(Buffer.concat(this.chunks, this.chunklen));
+        done();
+    }
+
+    _transform(chunk, encoding, done) {
+        if (!chunk || !chunk.length || this.finished) {
+            return done();
+        }
+
+        if (typeof chunk === 'string') {
+            chunk = Buffer.from(chunk, encoding);
+        }
+
+        this.chunks.push(chunk);
+        this.chunklen += chunk.length;
+
+        if (this.signer.write(chunk) === false) {
+            // wait for drain
+            return this.signer.once('drain', done);
+        }
+        done();
+    }
+
+    _flush(done) {
+        if (this.finished) {
+            return done();
+        }
+        this.finishCb = done;
+        this.signer.end();
+    }
+}
+
+module.exports = { dkimSign, DkimSignStream };

package/lib/gatherer-stream.js

@@ -41,9 +41,9 @@ class GathererStream extends Transform {
         return stream;
     }
 
-    _transform(chunk, encodng, done) {
+    _transform(chunk, encoding, done) {
         if (typeof chunk === 'string') {
-            chunk = Buffer.from(chunk, encodng);
+            chunk = Buffer.from(chunk, encoding);
         }
 
         if (!chunk || !chunk.length) {

package/man/mailauth.1

@@ -1,4 +1,4 @@
-.TH "MAILAUTH" "1" "June 2024" "v4.6.8" "Mailauth Help"
+.TH "MAILAUTH" "1" "October 2024" "v4.7.0" "Mailauth Help"
 .SH "NAME"
 \fBmailauth\fR
 .QP

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "mailauth",
-    "version": "4.6.8",
+    "version": "4.7.0",
     "description": "Email authentication library for Node.js",
     "main": "lib/mailauth.js",
     "scripts": {
@@ -38,23 +38,22 @@
         "eslint-config-nodemailer": "1.2.0",
         "eslint-config-prettier": "9.1.0",
         "js-yaml": "4.1.0",
-        "license-report": "6.5.0",
+        "license-report": "6.7.0",
         "marked": "0.7.0",
         "marked-man": "0.7.0",
         "mbox-reader": "1.2.0",
-        "mocha": "10.4.0"
+        "mocha": "10.7.3"
     },
     "dependencies": {
         "@postalsys/vmc": "1.0.8",
-        "fast-xml-parser": "4.4.0",
+        "fast-xml-parser": "4.5.0",
         "ipaddr.js": "2.2.0",
-        "joi": "17.13.1",
+        "joi": "17.13.3",
         "libmime": "5.3.5",
-        "nodemailer": "6.9.13",
+        "nodemailer": "6.9.15",
         "punycode.js": "2.3.1",
-        "tldts": "6.1.24",
+        "tldts": "6.1.49",
         "undici": "5.28.4",
-        "uuid": "9.0.1",
         "yargs": "17.7.2"
     },
     "engines": {