mppx 0.3.6 → 0.3.7
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +5 -4
- package/dist/BodyDigest.d.ts.map +1 -1
- package/dist/BodyDigest.js +2 -1
- package/dist/BodyDigest.js.map +1 -1
- package/dist/Challenge.d.ts.map +1 -1
- package/dist/Challenge.js +1 -9
- package/dist/Challenge.js.map +1 -1
- package/dist/internal/constantTimeEqual.d.ts +3 -0
- package/dist/internal/constantTimeEqual.d.ts.map +1 -0
- package/dist/internal/constantTimeEqual.js +10 -0
- package/dist/internal/constantTimeEqual.js.map +1 -0
- package/dist/tempo/client/Charge.d.ts.map +1 -1
- package/dist/tempo/client/Charge.js +1 -0
- package/dist/tempo/client/Charge.js.map +1 -1
- package/package.json +1 -1
- package/src/BodyDigest.ts +2 -1
- package/src/Challenge.ts +1 -8
- package/src/internal/constantTimeEqual.test.ts +46 -0
- package/src/internal/constantTimeEqual.ts +7 -0
- package/src/tempo/client/Charge.ts +1 -0
package/README.md
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
# mppx
|
|
2
2
|
|
|
3
|
-
TypeScript SDK for the [**Machine Payments Protocol**](https://
|
|
3
|
+
TypeScript SDK for the [**Machine Payments Protocol**](https://mpp.sh)
|
|
4
4
|
|
|
5
5
|
[](https://www.npmjs.com/package/mppx)
|
|
6
6
|
[](LICENSE)
|
|
7
7
|
|
|
8
8
|
## Documentation
|
|
9
9
|
|
|
10
|
-
Full documentation, API reference, and guides are available at **[
|
|
10
|
+
Full documentation, API reference, and guides are available at **[mpp.sh/sdk/typescript](https://mpp.sh/sdk/typescript)**.
|
|
11
11
|
|
|
12
12
|
## Install
|
|
13
13
|
|
|
@@ -51,7 +51,7 @@ Mppx.create({
|
|
|
51
51
|
})
|
|
52
52
|
|
|
53
53
|
// Global fetch now handles 402 automatically
|
|
54
|
-
const res = await fetch('https://
|
|
54
|
+
const res = await fetch('https://mpp.sh/api/ping/paid')
|
|
55
55
|
```
|
|
56
56
|
|
|
57
57
|
## Examples
|
|
@@ -61,6 +61,7 @@ const res = await fetch('https://api.example.com/resource')
|
|
|
61
61
|
| [charge](./examples/charge/) | Payment-gated photo generation API |
|
|
62
62
|
| [session/multi-fetch](./examples/session/multi-fetch/) | Multiple paid requests over a single payment channel |
|
|
63
63
|
| [session/sse](./examples/session/sse/) | Pay-per-token LLM streaming with SSE |
|
|
64
|
+
| [stripe](./examples/stripe/) | Stripe SPT charge with automatic client |
|
|
64
65
|
|
|
65
66
|
```bash
|
|
66
67
|
npx gitpick wevm/mppx/examples/charge
|
|
@@ -136,7 +137,7 @@ This exposes the following routes:
|
|
|
136
137
|
|
|
137
138
|
## Protocol
|
|
138
139
|
|
|
139
|
-
Built on the ["Payment" HTTP Authentication Scheme](https://datatracker.ietf.org/doc/draft-
|
|
140
|
+
Built on the ["Payment" HTTP Authentication Scheme](https://datatracker.ietf.org/doc/draft-ryan-httpauth-payment/). See [mpp-specs](https://github.com/tempoxyz/mpp-specs) for the full specification.
|
|
140
141
|
|
|
141
142
|
## License
|
|
142
143
|
|
package/dist/BodyDigest.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BodyDigest.d.ts","sourceRoot":"","sources":["../src/BodyDigest.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"BodyDigest.d.ts","sourceRoot":"","sources":["../src/BodyDigest.ts"],"names":[],"mappings":"AAGA;;;;;;;;;GASG;AACH,MAAM,MAAM,UAAU,GAAG,WAAW,MAAM,EAAE,CAAA;AAE5C;;;;;;;;;;;;;GAaG;AACH,wBAAgB,OAAO,CAAC,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,UAAU,CAM1E;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,MAAM,CAAC,MAAM,EAAE,UAAU,EAAE,IAAI,EAAE,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,GAAG,MAAM,GAAG,OAAO,CAE1F"}
|
package/dist/BodyDigest.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Base64, Bytes, Hash } from 'ox';
|
|
2
|
+
import { constantTimeEqual } from './internal/constantTimeEqual.js';
|
|
2
3
|
/**
|
|
3
4
|
* Computes a SHA-256 digest of the given body.
|
|
4
5
|
*
|
|
@@ -35,6 +36,6 @@ export function compute(body) {
|
|
|
35
36
|
* ```
|
|
36
37
|
*/
|
|
37
38
|
export function verify(digest, body) {
|
|
38
|
-
return compute(body)
|
|
39
|
+
return constantTimeEqual(compute(body), digest);
|
|
39
40
|
}
|
|
40
41
|
//# sourceMappingURL=BodyDigest.js.map
|
package/dist/BodyDigest.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"BodyDigest.js","sourceRoot":"","sources":["../src/BodyDigest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;
|
|
1
|
+
{"version":3,"file":"BodyDigest.js","sourceRoot":"","sources":["../src/BodyDigest.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AAcnE;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,OAAO,CAAC,IAAsC;IAC5D,MAAM,GAAG,GAAG,OAAO,IAAI,KAAK,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC,IAAI,CAAA;IAClE,MAAM,KAAK,GAAG,KAAK,CAAC,UAAU,CAAC,GAAG,CAAC,CAAA;IACnC,MAAM,IAAI,GAAG,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;IAChD,MAAM,MAAM,GAAG,MAAM,CAAC,SAAS,CAAC,IAAI,CAAC,CAAA;IACrC,OAAO,WAAW,MAAM,EAAE,CAAA;AAC5B,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,MAAM,CAAC,MAAkB,EAAE,IAAsC;IAC/E,OAAO,iBAAiB,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,MAAM,CAAC,CAAA;AACjD,CAAC"}
|
package/dist/Challenge.d.ts.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Challenge.d.ts","sourceRoot":"","sources":["../src/Challenge.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"Challenge.d.ts","sourceRoot":"","sources":["../src/Challenge.ts"],"names":[],"mappings":"AAEA,OAAO,KAAK,EAAE,KAAK,EAAE,MAAM,qBAAqB,CAAA;AAChD,OAAO,KAAK,KAAK,MAAM,MAAM,aAAa,CAAA;AAC1C,OAAO,KAAK,cAAc,MAAM,qBAAqB,CAAA;AACrD,OAAO,KAAK,CAAC,MAAM,UAAU,CAAA;AAE7B;;;;;;;;;GASG;AACH,eAAO,MAAM,MAAM;IACjB,0DAA0D;;IAE1D,0EAA0E;;IAE1E,gDAAgD;;IAEhD,gDAAgD;;IAEhD,+CAA+C;;IAE/C,gDAAgD;;IAEhD,oGAAoG;;IAEpG,qCAAqC;;IAErC,oCAAoC;;iBAEpC,CAAA;AAEF;;;;;;;;;;;;;;;GAeG;AACH,MAAM,MAAM,SAAS,CACnB,OAAO,GAAG,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC,EACjC,MAAM,SAAS,MAAM,GAAG,MAAM,EAC9B,MAAM,SAAS,MAAM,GAAG,MAAM,IAC5B,IAAI,CAAC,CAAC,CAAC,KAAK,CAAC,OAAO,MAAM,CAAC,EAAE,QAAQ,GAAG,QAAQ,GAAG,SAAS,CAAC,GAAG;IAClE,MAAM,EAAE,MAAM,CAAA;IACd,MAAM,EAAE,MAAM,CAAA;IACd,OAAO,EAAE,OAAO,CAAA;CACjB,CAAA;AAED;;GAEG;AACH,MAAM,MAAM,WAAW,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,IAAI;KACjE,MAAM,IAAI,MAAM,OAAO,GAAG,SAAS,CAClC,CAAC,CAAC,MAAM,CAAC,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,EAC9C,OAAO,CAAC,MAAM,CAAC,CAAC,QAAQ,CAAC,EACzB,OAAO,CAAC,MAAM,CAAC,CAAC,MAAM,CAAC,CACxB;CACF,CAAC,MAAM,CAAC,CAAA;AAET;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,wBAAgB,IAAI,CAClB,KAAK,CAAC,UAAU,SAAS,IAAI,CAAC,UAAU,EACxC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,EACtE,UAAU,EAAE,UAAU,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,UAAU,EAAE,OAAO,CAAC,CA6B/F;AAED,MAAM,CAAC,OAAO,WAAW,IAAI,CAAC;IAC5B,KAAK,OAAO,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,IAAI;QAC/E,OAAO,CAAC,EAAE,OAAO,CAAA;KAClB,CAAA;IAED,KAAK,UAAU,GAAG,KAAK,CACnB;QACE,6BAA6B;QAC7B,EAAE,EAAE,MAAM,CAAA;KACX,GACD;QACE,8CAA8C;QAC9C,SAAS,EAAE,MAAM,CAAA;KAClB,CACJ,GAAG;QACF,0DAA0D;QAC1D,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAChC,2CAA2C;QAC3C,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC3B,gDAAgD;QAChD,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,+CAA+C;QAC/C,MAAM,EAAE,MAAM,CAAA;QACd,8IAA8I;QAC9I,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;QACzC,gDAAgD;QAChD,MAAM,EAAE,MAAM,CAAA;QACd,qCAAqC;QACrC,KAAK,EAAE,MAAM,CAAA;QACb,oCAAoC;QACpC,OAAO,EAAE,cAAc,CAAC,OAAO,CAAA;KAChC,CAAA;IAED,KAAK,UAAU,CACb,UAAU,SAAS,UAAU,EAC7B,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,IAC9D,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GACxC,WAAW,CAAC,OAAO,CAAC,GACpB,SAAS,CAAC,UAAU,CAAC,SAAS,CAAC,CAAC,CAAA;CACrC;AAED;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,wBAAgB,UAAU,CAAC,KAAK,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,EAC3D,MAAM,EAAE,MAAM,EACd,UAAU,EAAE,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,GACxC,UAAU,CAAC,UAAU,CAAC,MAAM,CAAC,CAiB/B;AAED,MAAM,CAAC,OAAO,WAAW,UAAU,CAAC;IAClC,KAAK,UAAU,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,IAAI,KAAK,CACjD;QACE,6BAA6B;QAC7B,EAAE,EAAE,MAAM,CAAA;KACX,GACD;QACE,8CAA8C;QAC9C,SAAS,EAAE,MAAM,CAAA;KAClB,CACJ,GAAG;QACF,0DAA0D;QAC1D,WAAW,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAChC,2CAA2C;QAC3C,MAAM,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC3B,gDAAgD;QAChD,OAAO,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;QAC5B,8IAA8I;QAC9I,IAAI,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAAA;QACzC,qCAAqC;QACrC,KAAK,EAAE,MAAM,CAAA;QACb,oCAAoC;QACpC,OAAO,EAAE,CAAC,CAAC,KAAK,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,CAAA;KAC9C,CAAA;IAED,KAAK,UAAU,CAAC,MAAM,SAAS,MAAM,CAAC,MAAM,IAAI,SAAS,CAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,SAAS,CAAC,CAAC,CAAC,CAAA;CACjG;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,SAAS,CAAC,SAAS,EAAE,SAAS,GAAG,MAAM,CAgBtD;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,EAChG,KAAK,EAAE,MAAM,EACb,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAC9B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CA2B3C;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,wBAAgB,WAAW,CAAC,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,EAChG,OAAO,EAAE,OAAO,EAChB,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAC9B,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAI3C;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,wBAAgB,YAAY,CAC1B,KAAK,CAAC,OAAO,SAAS,SAAS,MAAM,CAAC,MAAM,EAAE,GAAG,SAAS,GAAG,SAAS,EACtE,QAAQ,EAAE,QAAQ,EAAE,OAAO,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC,OAAO,CAAC,GAAG,IAAI,CAAC,UAAU,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC,CAGhG;AAED;;;;;;;;;;;;;GAaG;AACH,wBAAgB,MAAM,CAAC,SAAS,EAAE,SAAS,EAAE,OAAO,EAAE,MAAM,CAAC,OAAO,GAAG,OAAO,CAG7E;AAED,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC;IAC9B,KAAK,OAAO,GAAG;QACb,2DAA2D;QAC3D,SAAS,EAAE,MAAM,CAAA;KAClB,CAAA;CACF;AAED,+FAA+F;AAC/F,wBAAgB,IAAI,CAAC,SAAS,EAAE,SAAS,GAAG,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,SAAS,CAE7E"}
|
package/dist/Challenge.js
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Base64, Bytes, Hash } from 'ox';
|
|
2
|
+
import { constantTimeEqual } from './internal/constantTimeEqual.js';
|
|
2
3
|
import * as PaymentRequest from './PaymentRequest.js';
|
|
3
4
|
import * as z from './zod.js';
|
|
4
5
|
/**
|
|
@@ -296,13 +297,4 @@ function computeId(challenge, options) {
|
|
|
296
297
|
const mac = Hash.hmac256(key, data, { as: 'Bytes' });
|
|
297
298
|
return Base64.fromBytes(mac, { url: true, pad: false });
|
|
298
299
|
}
|
|
299
|
-
/** @internal Constant-time string comparison to prevent timing attacks. */
|
|
300
|
-
function constantTimeEqual(a, b) {
|
|
301
|
-
if (a.length !== b.length)
|
|
302
|
-
return false;
|
|
303
|
-
let result = 0;
|
|
304
|
-
for (let i = 0; i < a.length; i++)
|
|
305
|
-
result |= a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
306
|
-
return result === 0;
|
|
307
|
-
}
|
|
308
300
|
//# sourceMappingURL=Challenge.js.map
|
package/dist/Challenge.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Challenge.js","sourceRoot":"","sources":["../src/Challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;
|
|
1
|
+
{"version":3,"file":"Challenge.js","sourceRoot":"","sources":["../src/Challenge.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,MAAM,IAAI,CAAA;AACxC,OAAO,EAAE,iBAAiB,EAAE,MAAM,iCAAiC,CAAA;AAGnE,OAAO,KAAK,cAAc,MAAM,qBAAqB,CAAA;AACrD,OAAO,KAAK,CAAC,MAAM,UAAU,CAAA;AAE7B;;;;;;;;;GASG;AACH,MAAM,CAAC,MAAM,MAAM,GAAG,CAAC,CAAC,MAAM,CAAC;IAC7B,0DAA0D;IAC1D,WAAW,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC;IACnC,0EAA0E;IAC1E,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAAE,CAAC,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,EAAE,uBAAuB,CAAC,CAAC,CAAC;IACnF,gDAAgD;IAChD,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,QAAQ,EAAE,CAAC;IACjC,gDAAgD;IAChD,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE;IACd,+CAA+C;IAC/C,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,gDAAgD;IAChD,MAAM,EAAE,CAAC,CAAC,MAAM,EAAE;IAClB,oGAAoG;IACpG,MAAM,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,MAAM,EAAE,CAAC,CAAC;IACpD,qCAAqC;IACrC,KAAK,EAAE,CAAC,CAAC,MAAM,EAAE;IACjB,oCAAoC;IACpC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,MAAM,EAAE,EAAE,CAAC,CAAC,OAAO,EAAE,CAAC;CAC3C,CAAC,CAAA;AAuCF;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAmCG;AACH,MAAM,UAAU,IAAI,CAGlB,UAAsB,EAAE,OAA+B;IACvD,KAAK,OAAO,CAAA;IACZ,MAAM,EACJ,WAAW,EACX,MAAM,EACN,IAAI,EACJ,MAAM,EAAE,UAAU,EAClB,MAAM,EACN,KAAK,EACL,OAAO,EACP,SAAS,GACV,GAAG,UAAU,CAAA;IAEd,MAAM,OAAO,GAAG,CAAC,UAAU,CAAC,OAAO,IAAI,OAAO,CAAC,OAAO,CAAW,CAAA;IACjE,MAAM,EAAE,GAAG,SAAS;QAClB,CAAC,CAAC,SAAS,CAAC,EAAE,GAAG,UAAU,EAAE,OAAO,EAAE,GAAG,CAAC,IAAI,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC,EAAE,EAAE,EAAE,SAAS,EAAE,CAAC;QACrF,CAAC,CAAE,UAA6B,CAAC,EAAE,CAAA;IAErC,OAAO,MAAM,CAAC,KAAK,CAAC;QAClB,EAAE;QACF,KAAK;QACL,MAAM,EAAE,UAAU;QAClB,MAAM;QACN,OAAO;QACP,GAAG,CAAC,WAAW,IAAI,EAAE,WAAW,EAAE,CAAC;QACnC,GAAG,CAAC,MAAM,IAAI,EAAE,MAAM,EAAE,CAAC;QACzB,GAAG,CAAC,OAAO,IAAI,EAAE,OAAO,EAAE,CAAC;QAC3B,GAAG,CAAC,IAAI,IAAI,EAAE,MAAM,EAAE,IAAI,EAAE,CAAC;KAC9B,CAAyC,CAAA;AAC5C,CAAC;AA2CD;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA+BG;AACH,MAAM,UAAU,UAAU,CACxB,MAAc,EACd,UAAyC;IAEzC,MAAM,EAAE,IAAI,EAAE,UAAU,EAAE,MAAM,EAAE,GAAG,MAAM,CAAA;IAC3C,MAAM,EAAE,WAAW,EAAE,MAAM,EAAE,OAAO,EAAE,EAAE,EAAE,IAAI,EAAE,KAAK,EAAE,SAAS,EAAE,GAAG,UAAU,CAAA;IAE/E,MAAM,OAAO,GAAG,cAAc,CAAC,UAAU,CAAC,MAAM,EAAE,UAAU,CAAC,OAAO,CAAC,CAAA;IAErE,OAAO,IAAI,CAAC;QACV,GAAG,CAAC,EAAE,CAAC,CAAC,CAAC,EAAE,EAAE,EAAE,CAAC,CAAC,CAAC,EAAE,SAAS,EAAE,CAAC;QAChC,KAAK;QACL,MAAM,EAAE,UAAU;QAClB,MAAM,EAAE,MAAM;QACd,OAAO;QACP,WAAW;QACX,MAAM;QACN,OAAO;QACP,IAAI;KACc,CAAkC,CAAA;AACxD,CAAC;AA8BD;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,SAAS,CAAC,SAAoB;IAC5C,MAAM,KAAK,GAAG;QACZ,OAAO,SAAS,CAAC,EAAE,GAAG;QACtB,UAAU,SAAS,CAAC,KAAK,GAAG;QAC5B,WAAW,SAAS,CAAC,MAAM,GAAG;QAC9B,WAAW,SAAS,CAAC,MAAM,GAAG;QAC9B,YAAY,cAAc,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC,GAAG;KAC3D,CAAA;IAED,IAAI,SAAS,CAAC,WAAW,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,gBAAgB,SAAS,CAAC,WAAW,GAAG,CAAC,CAAA;IAC7F,IAAI,SAAS,CAAC,MAAM,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,WAAW,SAAS,CAAC,MAAM,GAAG,CAAC,CAAA;IAC9E,IAAI,SAAS,CAAC,OAAO,KAAK,SAAS;QAAE,KAAK,CAAC,IAAI,CAAC,YAAY,SAAS,CAAC,OAAO,GAAG,CAAC,CAAA;IACjF,IAAI,SAAS,CAAC,MAAM,KAAK,SAAS;QAChC,KAAK,CAAC,IAAI,CAAC,WAAW,cAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,GAAG,CAAC,CAAA;IAEtE,OAAO,WAAW,KAAK,CAAC,IAAI,CAAC,IAAI,CAAC,EAAE,CAAA;AACtC,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,WAAW,CACzB,KAAa,EACb,OAA+B;IAE/B,MAAM,WAAW,GAAG,KAAK,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAA;IACpD,IAAI,CAAC,WAAW,EAAE,CAAC,CAAC,CAAC;QAAE,MAAM,IAAI,KAAK,CAAC,yBAAyB,CAAC,CAAA;IAEjE,MAAM,MAAM,GAAG,WAAW,CAAC,CAAC,CAAC,CAAA;IAC7B,MAAM,MAAM,GAA2B,EAAE,CAAA;IAEzC,KAAK,MAAM,KAAK,IAAI,MAAM,CAAC,QAAQ,CAAC,kBAAkB,CAAC,EAAE,CAAC;QACxD,MAAM,GAAG,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACpB,MAAM,KAAK,GAAG,KAAK,CAAC,CAAC,CAAC,CAAA;QACtB,IAAI,GAAG,IAAI,KAAK,EAAE,CAAC;YACjB,IAAI,GAAG,IAAI,MAAM;gBAAE,MAAM,IAAI,KAAK,CAAC,wBAAwB,GAAG,EAAE,CAAC,CAAA;YACjE,MAAM,CAAC,GAAG,CAAC,GAAG,KAAK,CAAA;QACrB,CAAC;IACH,CAAC;IAED,MAAM,EAAE,OAAO,EAAE,MAAM,EAAE,GAAG,IAAI,EAAE,GAAG,MAAM,CAAA;IAC3C,IAAI,CAAC,OAAO;QAAE,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAA;IAE3D,OAAO,IAAI,CACT;QACE,GAAG,IAAI;QACP,OAAO,EAAE,cAAc,CAAC,WAAW,CAAC,OAAO,CAAC;QAC5C,GAAG,CAAC,MAAM,IAAI,EAAE,IAAI,EAAE,cAAc,CAAC,WAAW,CAAC,MAAM,CAA2B,EAAE,CAAC;KACnE,EACpB,OAAO,CACR,CAAA;AACH,CAAC;AAED;;;;;;;;;;;;;;;;GAgBG;AACH,MAAM,UAAU,WAAW,CACzB,OAAgB,EAChB,OAA+B;IAE/B,MAAM,MAAM,GAAG,OAAO,CAAC,GAAG,CAAC,kBAAkB,CAAC,CAAA;IAC9C,IAAI,CAAC,MAAM;QAAE,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAA;IAChE,OAAO,WAAW,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;AACrC,CAAC;AAED;;;;;;;;;;;;;;;;;;GAkBG;AACH,MAAM,UAAU,YAAY,CAE1B,QAAkB,EAAE,OAA+B;IACnD,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG;QAAE,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAA;IAC3E,OAAO,WAAW,CAAC,QAAQ,CAAC,OAAO,EAAE,OAAO,CAAC,CAAA;AAC/C,CAAC;AAED;;;;;;;;;;;;;GAaG;AACH,MAAM,UAAU,MAAM,CAAC,SAAoB,EAAE,OAAuB;IAClE,MAAM,UAAU,GAAG,SAAS,CAAC,SAAS,EAAE,OAAO,CAAC,CAAA;IAChD,OAAO,iBAAiB,CAAC,SAAS,CAAC,EAAE,EAAE,UAAU,CAAC,CAAA;AACpD,CAAC;AASD,+FAA+F;AAC/F,MAAM,UAAU,IAAI,CAAC,SAAoB;IACvC,OAAO,SAAS,CAAC,MAAM,CAAA;AACzB,CAAC;AAED,mEAAmE;AACnE,SAAS,SAAS,CAAC,SAAgC,EAAE,OAA8B;IACjF,6EAA6E;IAC7E,4EAA4E;IAC5E,8EAA8E;IAC9E,wEAAwE;IACxE,MAAM,KAAK,GAAG;QACZ,SAAS,CAAC,KAAK;QACf,SAAS,CAAC,MAAM;QAChB,SAAS,CAAC,MAAM;QAChB,cAAc,CAAC,SAAS,CAAC,SAAS,CAAC,OAAO,CAAC;QAC3C,SAAS,CAAC,OAAO,IAAI,EAAE;QACvB,SAAS,CAAC,MAAM,IAAI,EAAE;QACtB,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,cAAc,CAAC,SAAS,CAAC,SAAS,CAAC,MAAM,CAAC,CAAC,CAAC,CAAC,EAAE;KACnE,CAAC,IAAI,CAAC,GAAG,CAAC,CAAA;IAEX,MAAM,GAAG,GAAG,KAAK,CAAC,UAAU,CAAC,OAAO,CAAC,SAAS,CAAC,CAAA;IAC/C,MAAM,IAAI,GAAG,KAAK,CAAC,UAAU,CAAC,KAAK,CAAC,CAAA;IACpC,MAAM,GAAG,GAAG,IAAI,CAAC,OAAO,CAAC,GAAG,EAAE,IAAI,EAAE,EAAE,EAAE,EAAE,OAAO,EAAE,CAAC,CAAA;IACpD,OAAO,MAAM,CAAC,SAAS,CAAC,GAAG,EAAE,EAAE,GAAG,EAAE,IAAI,EAAE,GAAG,EAAE,KAAK,EAAE,CAAC,CAAA;AACzD,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constantTimeEqual.d.ts","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,wBAAgB,iBAAiB,CAAC,CAAC,EAAE,MAAM,EAAE,CAAC,EAAE,MAAM,GAAG,OAAO,CAK/D"}
|
|
@@ -0,0 +1,10 @@
|
|
|
1
|
+
/** Constant-time string comparison to prevent timing attacks. */
|
|
2
|
+
export function constantTimeEqual(a, b) {
|
|
3
|
+
if (a.length !== b.length)
|
|
4
|
+
return false;
|
|
5
|
+
let result = 0;
|
|
6
|
+
for (let i = 0; i < a.length; i++)
|
|
7
|
+
result |= a.charCodeAt(i) ^ b.charCodeAt(i);
|
|
8
|
+
return result === 0;
|
|
9
|
+
}
|
|
10
|
+
//# sourceMappingURL=constantTimeEqual.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"constantTimeEqual.js","sourceRoot":"","sources":["../../src/internal/constantTimeEqual.ts"],"names":[],"mappings":"AAAA,iEAAiE;AACjE,MAAM,UAAU,iBAAiB,CAAC,CAAS,EAAE,CAAS;IACpD,IAAI,CAAC,CAAC,MAAM,KAAK,CAAC,CAAC,MAAM;QAAE,OAAO,KAAK,CAAA;IACvC,IAAI,MAAM,GAAG,CAAC,CAAA;IACd,KAAK,IAAI,CAAC,GAAG,CAAC,EAAE,CAAC,GAAG,CAAC,CAAC,MAAM,EAAE,CAAC,EAAE;QAAE,MAAM,IAAI,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,GAAG,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAA;IAC9E,OAAO,MAAM,KAAK,CAAC,CAAA;AACrB,CAAC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Charge.d.ts","sourceRoot":"","sources":["../../../src/tempo/client/Charge.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,OAAO,MAAM,uBAAuB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAA;AAC9C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAA;AAKjC;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CAAC,UAAU,GAAE,MAAM,CAAC,UAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
|
|
1
|
+
{"version":3,"file":"Charge.d.ts","sourceRoot":"","sources":["../../../src/tempo/client/Charge.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,OAAO,MAAM,uBAAuB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAA;AAC9C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAA;AAKjC;;;;;;;;;;;;GAYG;AACH,wBAAgB,MAAM,CAAC,UAAU,GAAE,MAAM,CAAC,UAAe;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;mBAkDxD;AAED,MAAM,CAAC,OAAO,WAAW,MAAM,CAAC;IAC9B,KAAK,UAAU,GAAG;QAChB,oFAAoF;QACpF,QAAQ,CAAC,EAAE,MAAM,GAAG,SAAS,CAAA;KAC9B,GAAG,OAAO,CAAC,WAAW,CAAC,UAAU,GAChC,MAAM,CAAC,WAAW,CAAC,UAAU,CAAA;CAChC"}
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Charge.js","sourceRoot":"","sources":["../../../src/tempo/client/Charge.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AACzE,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,KAAK,UAAU,MAAM,qBAAqB,CAAA;AACjD,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,OAAO,MAAM,uBAAuB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAA;AAC9C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAA;AACjC,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAChD,OAAO,KAAK,QAAQ,MAAM,yBAAyB,CAAA;AACnD,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AAExC;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,MAAM,CAAC,aAAgC,EAAE;IACvD,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAA;IAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC;QACnC,KAAK,EAAE,WAAW;QAClB,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,MAAM,EAAE,QAAQ,CAAC,MAAM;KACxB,CAAC,CAAA;IACF,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAA;IAEvE,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;QACrC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;YAChB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAA6C,CAAC;SAC3E,CAAC;QAEF,KAAK,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE;YAC3C,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAA;YACxD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YAE3C,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAA;YAC7B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,CAAA;YAE9D,MAAM,IAAI,GAAG,aAAa,EAAE,IAAI;gBAC9B,CAAC,CAAE,aAAa,CAAC,IAAgB;gBACjC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE/D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE;gBACvD,OAAO;gBACP,KAAK,EAAE;oBACL,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;wBAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;wBACtB,IAAI;wBACJ,EAAE,EAAE,SAAoB;wBACxB,KAAK,EAAE,QAAmB;qBAC3B,CAAC;iBACH;gBACD,GAAG,CAAC,aAAa,EAAE,QAAQ,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;
|
|
1
|
+
{"version":3,"file":"Charge.js","sourceRoot":"","sources":["../../../src/tempo/client/Charge.ts"],"names":[],"mappings":"AACA,OAAO,EAAE,yBAAyB,EAAE,eAAe,EAAE,MAAM,cAAc,CAAA;AACzE,OAAO,EAAE,KAAK,IAAI,WAAW,EAAE,MAAM,aAAa,CAAA;AAClD,OAAO,EAAE,OAAO,EAAE,MAAM,YAAY,CAAA;AACpC,OAAO,KAAK,UAAU,MAAM,qBAAqB,CAAA;AACjD,OAAO,KAAK,MAAM,MAAM,iBAAiB,CAAA;AACzC,OAAO,KAAK,OAAO,MAAM,uBAAuB,CAAA;AAChD,OAAO,KAAK,MAAM,MAAM,sBAAsB,CAAA;AAC9C,OAAO,KAAK,CAAC,MAAM,cAAc,CAAA;AACjC,OAAO,KAAK,WAAW,MAAM,mBAAmB,CAAA;AAChD,OAAO,KAAK,QAAQ,MAAM,yBAAyB,CAAA;AACnD,OAAO,KAAK,OAAO,MAAM,eAAe,CAAA;AAExC;;;;;;;;;;;;GAYG;AACH,MAAM,UAAU,MAAM,CAAC,aAAgC,EAAE;IACvD,MAAM,EAAE,QAAQ,EAAE,GAAG,UAAU,CAAA;IAC/B,MAAM,SAAS,GAAG,MAAM,CAAC,WAAW,CAAC;QACnC,KAAK,EAAE,WAAW;QAClB,SAAS,EAAE,UAAU,CAAC,SAAS;QAC/B,MAAM,EAAE,QAAQ,CAAC,MAAM;KACxB,CAAC,CAAA;IACF,MAAM,UAAU,GAAG,OAAO,CAAC,WAAW,CAAC,EAAE,OAAO,EAAE,UAAU,CAAC,OAAO,EAAE,CAAC,CAAA;IAEvE,OAAO,MAAM,CAAC,QAAQ,CAAC,OAAO,CAAC,MAAM,EAAE;QACrC,OAAO,EAAE,CAAC,CAAC,MAAM,CAAC;YAChB,OAAO,EAAE,CAAC,CAAC,QAAQ,CAAC,CAAC,CAAC,MAAM,EAA6C,CAAC;SAC3E,CAAC;QAEF,KAAK,CAAC,gBAAgB,CAAC,EAAE,SAAS,EAAE,OAAO,EAAE;YAC3C,MAAM,OAAO,GAAG,SAAS,CAAC,OAAO,CAAC,aAAa,EAAE,OAAO,CAAA;YACxD,MAAM,MAAM,GAAG,MAAM,SAAS,CAAC,EAAE,OAAO,EAAE,CAAC,CAAA;YAC3C,MAAM,OAAO,GAAG,UAAU,CAAC,MAAM,EAAE,OAAO,CAAC,CAAA;YAE3C,MAAM,EAAE,OAAO,EAAE,GAAG,SAAS,CAAA;YAC7B,MAAM,EAAE,MAAM,EAAE,QAAQ,EAAE,SAAS,EAAE,aAAa,EAAE,GAAG,OAAO,CAAA;YAE9D,MAAM,IAAI,GAAG,aAAa,EAAE,IAAI;gBAC9B,CAAC,CAAE,aAAa,CAAC,IAAgB;gBACjC,CAAC,CAAC,WAAW,CAAC,MAAM,CAAC,EAAE,QAAQ,EAAE,SAAS,CAAC,KAAK,EAAE,QAAQ,EAAE,CAAC,CAAA;YAE/D,MAAM,QAAQ,GAAG,MAAM,yBAAyB,CAAC,MAAM,EAAE;gBACvD,OAAO;gBACP,KAAK,EAAE;oBACL,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC;wBAC1B,MAAM,EAAE,MAAM,CAAC,MAAM,CAAC;wBACtB,IAAI;wBACJ,EAAE,EAAE,SAAoB;wBACxB,KAAK,EAAE,QAAmB;qBAC3B,CAAC;iBACH;gBACD,GAAG,CAAC,aAAa,EAAE,QAAQ,IAAI,EAAE,QAAQ,EAAE,IAAI,EAAE,CAAC;gBAClD,QAAQ,EAAE,UAAU;aACZ,CAAC,CAAA;YACX,0DAA0D;YAC1D,QAAQ,CAAC,GAAG,GAAG,QAAQ,CAAC,GAAI,GAAG,KAAM,CAAA;YACrC,MAAM,SAAS,GAAG,MAAM,eAAe,CAAC,MAAM,EAAE,QAAiB,CAAC,CAAA;YAElE,OAAO,UAAU,CAAC,SAAS,CAAC;gBAC1B,SAAS;gBACT,OAAO,EAAE,EAAE,SAAS,EAAE,IAAI,EAAE,aAAa,EAAE;gBAC3C,MAAM,EAAE,kBAAkB,OAAO,IAAI,OAAO,CAAC,OAAO,EAAE;aACvD,CAAC,CAAA;QACJ,CAAC;KACF,CAAC,CAAA;AACJ,CAAC"}
|
package/package.json
CHANGED
package/src/BodyDigest.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Base64, Bytes, Hash } from 'ox'
|
|
2
|
+
import { constantTimeEqual } from './internal/constantTimeEqual.js'
|
|
2
3
|
|
|
3
4
|
/**
|
|
4
5
|
* A body digest string in the format "algorithm=base64hash".
|
|
@@ -49,5 +50,5 @@ export function compute(body: Record<string, unknown> | string): BodyDigest {
|
|
|
49
50
|
* ```
|
|
50
51
|
*/
|
|
51
52
|
export function verify(digest: BodyDigest, body: Record<string, unknown> | string): boolean {
|
|
52
|
-
return compute(body)
|
|
53
|
+
return constantTimeEqual(compute(body), digest)
|
|
53
54
|
}
|
package/src/Challenge.ts
CHANGED
|
@@ -1,4 +1,5 @@
|
|
|
1
1
|
import { Base64, Bytes, Hash } from 'ox'
|
|
2
|
+
import { constantTimeEqual } from './internal/constantTimeEqual.js'
|
|
2
3
|
import type { OneOf } from './internal/types.js'
|
|
3
4
|
import type * as Method from './Method.js'
|
|
4
5
|
import * as PaymentRequest from './PaymentRequest.js'
|
|
@@ -450,11 +451,3 @@ function computeId(challenge: Omit<Challenge, 'id'>, options: { secretKey: strin
|
|
|
450
451
|
const mac = Hash.hmac256(key, data, { as: 'Bytes' })
|
|
451
452
|
return Base64.fromBytes(mac, { url: true, pad: false })
|
|
452
453
|
}
|
|
453
|
-
|
|
454
|
-
/** @internal Constant-time string comparison to prevent timing attacks. */
|
|
455
|
-
function constantTimeEqual(a: string, b: string): boolean {
|
|
456
|
-
if (a.length !== b.length) return false
|
|
457
|
-
let result = 0
|
|
458
|
-
for (let i = 0; i < a.length; i++) result |= a.charCodeAt(i) ^ b.charCodeAt(i)
|
|
459
|
-
return result === 0
|
|
460
|
-
}
|
|
@@ -0,0 +1,46 @@
|
|
|
1
|
+
import { describe, expect, test } from 'vitest'
|
|
2
|
+
import { constantTimeEqual } from './constantTimeEqual.js'
|
|
3
|
+
|
|
4
|
+
describe('constantTimeEqual', () => {
|
|
5
|
+
test('returns true for identical strings', () => {
|
|
6
|
+
expect(constantTimeEqual('abc', 'abc')).toBe(true)
|
|
7
|
+
})
|
|
8
|
+
|
|
9
|
+
test('returns true for empty strings', () => {
|
|
10
|
+
expect(constantTimeEqual('', '')).toBe(true)
|
|
11
|
+
})
|
|
12
|
+
|
|
13
|
+
test('returns false for different strings of same length', () => {
|
|
14
|
+
expect(constantTimeEqual('abc', 'abd')).toBe(false)
|
|
15
|
+
})
|
|
16
|
+
|
|
17
|
+
test('returns false for different lengths', () => {
|
|
18
|
+
expect(constantTimeEqual('abc', 'abcd')).toBe(false)
|
|
19
|
+
expect(constantTimeEqual('abcd', 'abc')).toBe(false)
|
|
20
|
+
})
|
|
21
|
+
|
|
22
|
+
test('returns false for empty vs non-empty', () => {
|
|
23
|
+
expect(constantTimeEqual('', 'a')).toBe(false)
|
|
24
|
+
expect(constantTimeEqual('a', '')).toBe(false)
|
|
25
|
+
})
|
|
26
|
+
|
|
27
|
+
test('returns false when only first character differs', () => {
|
|
28
|
+
expect(constantTimeEqual('xbc', 'abc')).toBe(false)
|
|
29
|
+
})
|
|
30
|
+
|
|
31
|
+
test('returns false when only last character differs', () => {
|
|
32
|
+
expect(constantTimeEqual('abx', 'abc')).toBe(false)
|
|
33
|
+
})
|
|
34
|
+
|
|
35
|
+
test('handles base64url strings (typical HMAC output)', () => {
|
|
36
|
+
const a = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
|
|
37
|
+
const b = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
|
|
38
|
+
expect(constantTimeEqual(a, b)).toBe(true)
|
|
39
|
+
})
|
|
40
|
+
|
|
41
|
+
test('detects single-bit difference in base64url strings', () => {
|
|
42
|
+
const a = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXk'
|
|
43
|
+
const b = 'dBjftJeZ4CVP-mB92K27uhbUJU1p1r_wW1gFWFOEjXl'
|
|
44
|
+
expect(constantTimeEqual(a, b)).toBe(false)
|
|
45
|
+
})
|
|
46
|
+
})
|
|
@@ -0,0 +1,7 @@
|
|
|
1
|
+
/** Constant-time string comparison to prevent timing attacks. */
|
|
2
|
+
export function constantTimeEqual(a: string, b: string): boolean {
|
|
3
|
+
if (a.length !== b.length) return false
|
|
4
|
+
let result = 0
|
|
5
|
+
for (let i = 0; i < a.length; i++) result |= a.charCodeAt(i) ^ b.charCodeAt(i)
|
|
6
|
+
return result === 0
|
|
7
|
+
}
|
|
@@ -61,6 +61,7 @@ export function charge(parameters: charge.Parameters = {}) {
|
|
|
61
61
|
}),
|
|
62
62
|
],
|
|
63
63
|
...(methodDetails?.feePayer && { feePayer: true }),
|
|
64
|
+
nonceKey: 'expiring',
|
|
64
65
|
} as never)
|
|
65
66
|
// FIXME: figure out gas estimation issue for fee payer tx
|
|
66
67
|
prepared.gas = prepared.gas! + 5_000n
|