mastercontroller 1.3.8 โ 1.3.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/.claude/settings.local.json +4 -1
- package/FIXES_APPLIED.md +378 -0
- package/MasterAction.js +10 -263
- package/MasterControl.js +128 -27
- package/MasterRequest.js +6 -0
- package/MasterRouter.js +27 -32
- package/PERFORMANCE_SECURITY_AUDIT.md +677 -0
- package/README.md +117 -43
- package/monitoring/README.md +3112 -0
- package/package.json +1 -1
- package/security/README.md +1805 -0
- package/test-raw-body-preservation.js +128 -0
- package/MasterCors.js.tmp +0 -0
- package/MasterHtml.js +0 -649
- package/MasterPipeline.js.tmp +0 -0
- package/MasterRequest.js.tmp +0 -0
- package/MasterRouter.js.tmp +0 -0
- package/MasterSocket.js.tmp +0 -0
- package/MasterTemp.js.tmp +0 -0
- package/MasterTemplate.js +0 -230
- package/MasterTimeout.js.tmp +0 -0
- package/TemplateOverwrite.js +0 -41
- package/TemplateOverwrite.js.tmp +0 -0
- package/ssr/hydration-client.js +0 -93
- package/ssr/runtime-ssr.cjs +0 -553
- package/ssr/ssr-shims.js +0 -73
|
@@ -0,0 +1,128 @@
|
|
|
1
|
+
// Test for raw body preservation - Critical for webhook signature verification
|
|
2
|
+
|
|
3
|
+
const crypto = require('crypto');
|
|
4
|
+
const EventEmitter = require('events');
|
|
5
|
+
const { MasterRequest } = require('./MasterRequest');
|
|
6
|
+
|
|
7
|
+
console.log('๐งช Testing Raw Body Preservation for Webhook Signatures...\n');
|
|
8
|
+
|
|
9
|
+
// Mock request
|
|
10
|
+
class MockRequest extends EventEmitter {
|
|
11
|
+
constructor(contentType) {
|
|
12
|
+
super();
|
|
13
|
+
this.headers = { 'content-type': contentType };
|
|
14
|
+
}
|
|
15
|
+
|
|
16
|
+
sendData(data) {
|
|
17
|
+
setImmediate(() => {
|
|
18
|
+
if (Array.isArray(data)) {
|
|
19
|
+
data.forEach(chunk => this.emit('data', Buffer.from(chunk)));
|
|
20
|
+
} else {
|
|
21
|
+
this.emit('data', Buffer.from(data));
|
|
22
|
+
}
|
|
23
|
+
this.emit('end');
|
|
24
|
+
});
|
|
25
|
+
}
|
|
26
|
+
}
|
|
27
|
+
|
|
28
|
+
// Test 1: JSON body with raw preservation
|
|
29
|
+
console.log('Test 1: JSON body preserves raw string...');
|
|
30
|
+
const masterReq1 = new MasterRequest();
|
|
31
|
+
masterReq1.init({ maxJsonSize: 1024 * 1024 });
|
|
32
|
+
const mockReq1 = new MockRequest('application/json');
|
|
33
|
+
|
|
34
|
+
const testPayload = '{"event":"payment.success","amount":1000,"currency":"USD"}';
|
|
35
|
+
|
|
36
|
+
masterReq1.jsonStream(mockReq1, (result) => {
|
|
37
|
+
if (result._rawBody === testPayload) {
|
|
38
|
+
console.log('โ
Raw body preserved correctly');
|
|
39
|
+
console.log(' Parsed:', JSON.stringify(result));
|
|
40
|
+
console.log(' Raw:', result._rawBody);
|
|
41
|
+
|
|
42
|
+
// Test 2: Verify webhook signature (Stripe-style HMAC)
|
|
43
|
+
console.log('\nTest 2: Webhook signature verification...');
|
|
44
|
+
const secret = 'webhook_secret_key';
|
|
45
|
+
const signature = crypto
|
|
46
|
+
.createHmac('sha256', secret)
|
|
47
|
+
.update(result._rawBody)
|
|
48
|
+
.digest('hex');
|
|
49
|
+
|
|
50
|
+
// Verify signature
|
|
51
|
+
const verifySignature = crypto
|
|
52
|
+
.createHmac('sha256', secret)
|
|
53
|
+
.update(result._rawBody)
|
|
54
|
+
.digest('hex');
|
|
55
|
+
|
|
56
|
+
if (signature === verifySignature) {
|
|
57
|
+
console.log('โ
Webhook signature verified successfully');
|
|
58
|
+
console.log(' Signature:', signature.substring(0, 20) + '...');
|
|
59
|
+
|
|
60
|
+
// Test 3: URL-encoded body
|
|
61
|
+
console.log('\nTest 3: URL-encoded body preserves raw string...');
|
|
62
|
+
const masterReq3 = new MasterRequest();
|
|
63
|
+
masterReq3.init({ maxBodySize: 1024 * 1024 });
|
|
64
|
+
const mockReq3 = new MockRequest('application/x-www-form-urlencoded');
|
|
65
|
+
|
|
66
|
+
const formData = 'name=John+Doe&email=john%40example.com&amount=100';
|
|
67
|
+
|
|
68
|
+
masterReq3.urlEncodeStream(mockReq3, (result) => {
|
|
69
|
+
if (result._rawBody === formData) {
|
|
70
|
+
console.log('โ
URL-encoded raw body preserved');
|
|
71
|
+
console.log(' Parsed:', JSON.stringify(result));
|
|
72
|
+
console.log(' Raw:', result._rawBody);
|
|
73
|
+
|
|
74
|
+
// Test 4: Chunked JSON (simulates streaming)
|
|
75
|
+
console.log('\nTest 4: Chunked data reassembly...');
|
|
76
|
+
const masterReq4 = new MasterRequest();
|
|
77
|
+
masterReq4.init({ maxJsonSize: 1024 * 1024 });
|
|
78
|
+
const mockReq4 = new MockRequest('application/json');
|
|
79
|
+
|
|
80
|
+
const chunks = ['{"big":"', 'payload","with":', '"multiple","chunks":', '123}'];
|
|
81
|
+
const fullPayload = chunks.join('');
|
|
82
|
+
|
|
83
|
+
masterReq4.jsonStream(mockReq4, (result) => {
|
|
84
|
+
if (result._rawBody === fullPayload) {
|
|
85
|
+
console.log('โ
Chunked data reassembled correctly');
|
|
86
|
+
console.log(' Chunks sent:', chunks.length);
|
|
87
|
+
console.log(' Raw body length:', result._rawBody.length);
|
|
88
|
+
console.log(' Parsed:', JSON.stringify(result));
|
|
89
|
+
|
|
90
|
+
console.log('\nโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ');
|
|
91
|
+
console.log('โจ ALL TESTS PASSED - Raw Body Preservation Works!');
|
|
92
|
+
console.log('โโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโโ');
|
|
93
|
+
console.log('\nUse Cases Enabled:');
|
|
94
|
+
console.log('โ
Stripe webhook signature verification');
|
|
95
|
+
console.log('โ
GitHub webhook signature verification');
|
|
96
|
+
console.log('โ
Shopify HMAC verification');
|
|
97
|
+
console.log('โ
PayPal IPN verification');
|
|
98
|
+
console.log('โ
Any cryptographic signature verification');
|
|
99
|
+
console.log('โ
Content hashing (MD5, SHA256)');
|
|
100
|
+
console.log('โ
Audit logging of exact payloads');
|
|
101
|
+
console.log('\nAccess raw body: request.body._rawBody');
|
|
102
|
+
} else {
|
|
103
|
+
console.log('โ Chunked data test failed');
|
|
104
|
+
console.log(' Expected:', fullPayload);
|
|
105
|
+
console.log(' Got:', result._rawBody);
|
|
106
|
+
}
|
|
107
|
+
});
|
|
108
|
+
|
|
109
|
+
mockReq4.sendData(chunks);
|
|
110
|
+
} else {
|
|
111
|
+
console.log('โ URL-encoded raw body test failed');
|
|
112
|
+
console.log(' Expected:', formData);
|
|
113
|
+
console.log(' Got:', result._rawBody);
|
|
114
|
+
}
|
|
115
|
+
});
|
|
116
|
+
|
|
117
|
+
mockReq3.sendData(formData);
|
|
118
|
+
} else {
|
|
119
|
+
console.log('โ Signature verification failed');
|
|
120
|
+
}
|
|
121
|
+
} else {
|
|
122
|
+
console.log('โ Raw body preservation failed');
|
|
123
|
+
console.log(' Expected:', testPayload);
|
|
124
|
+
console.log(' Got:', result._rawBody);
|
|
125
|
+
}
|
|
126
|
+
});
|
|
127
|
+
|
|
128
|
+
mockReq1.sendData(testPayload);
|
package/MasterCors.js.tmp
DELETED
|
File without changes
|