opcjs-base 0.1.39-alpha → 0.1.40-alpha

package/dist/index.cjs

@@ -17870,15 +17870,16 @@ var SecureChannelMessageDecoder = class extends TransformStream {
   }
   logger = getLogger("secureChannel.SecureChannelMessageDecoder");
   /**
-   * Validates that `sequenceNumber` is monotonically increasing from the last
-   * seen remote sequence.  Allows exactly one UInt32 wrap-around per token.
+   * Validates that `sequenceNumber` is monotonically increasing from the
+   * highest seen remote sequence.  Allows UInt32 wrap-around per token.
    *
-   * Forward gaps are tolerated with a warning because some server implementations
-   * may consume sequence numbers internally (e.g. cancelled responses) without
-   * sending them on the wire.  Backward jumps and duplicates are rejected as
-   * errors since they indicate replay or reordering.
+   * Over TLS/WSS the transport already provides integrity and replay
+   * protection, so small out-of-order deliveries (caused by multi-threaded
+   * server writes) are tolerated with a warning rather than tearing down the
+   * channel.  Only truly anomalous conditions (e.g. a very large backward
+   * jump that could indicate corruption) are treated as errors.
    */
-  validateSequenceNumber(sequenceNumber, msgType, controller) {
+  validateSequenceNumber(sequenceNumber, msgType) {
     const last = this.context.lastRemoteSequenceNumber;
     if (last === void 0) {
       this.context.lastRemoteSequenceNumber = sequenceNumber;
@@ -17886,18 +17887,22 @@ var SecureChannelMessageDecoder = class extends TransformStream {
       return true;
     }
     const isWrap = last >= SEQ_WRAP_THRESHOLD2 && sequenceNumber < SEQ_WRAP_MAX;
-    const isForward = sequenceNumber > last;
-    if (!isForward && !isWrap) {
-      this.logger.error(`[${msgType}] Invalid remote sequence number: expected > ${last}, got ${sequenceNumber}`);
-      controller.error(new Error(`Invalid remote sequence number: expected > ${last}, got ${sequenceNumber}`));
-      return false;
+    if (isWrap) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      this.logger.debug(`[${msgType}] Sequence number wrapped: ${last} \u2192 ${sequenceNumber}`);
+      return true;
     }
-    if (sequenceNumber !== last + 1 && !isWrap) {
-      this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
-    } else {
+    if (sequenceNumber === last + 1) {
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
       this.logger.debug(`[${msgType}] Sequence number advanced: ${last} \u2192 ${sequenceNumber}`);
+      return true;
+    }
+    if (sequenceNumber > last + 1) {
+      this.logger.warn(`[${msgType}] Remote sequence number gap: expected ${last + 1}, got ${sequenceNumber} (skipped ${sequenceNumber - last - 1})`);
+      this.context.lastRemoteSequenceNumber = sequenceNumber;
+      return true;
     }
-    this.context.lastRemoteSequenceNumber = sequenceNumber;
+    this.logger.warn(`[${msgType}] Out-of-order remote sequence number: highest seen ${last}, got ${sequenceNumber}`);
     return true;
   }
   transform(data, controller) {
@@ -17914,7 +17919,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
           secHeader,
           this.context.securityAlgorithm
         );
-        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN", controller)) return;
+        if (!this.validateSequenceNumber(msgAsym.sequenceHeader.sequenceNumber, "OPN")) return;
         controller.enqueue(msgAsym);
         break;
       }
@@ -17922,7 +17927,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received Abort message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-A")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17930,7 +17935,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Chunk message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-C")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17938,7 +17943,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.debug("SecureChannel received Final message");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F", controller)) return;
+        if (!this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "MSG-F")) return;
         controller.enqueue(msgSym);
         break;
       }
@@ -17946,7 +17951,7 @@ var SecureChannelMessageDecoder = class extends TransformStream {
         this.logger.warn("SecureChannel received CloseFinal message.");
         const secHeader = MsgSecurityHeaderSymmetric.decode(buffer);
         const msgSym = MsgSymmetric.decode(buffer, header, secHeader, this.context.securityAlgorithm);
-        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F", controller);
+        this.validateSequenceNumber(msgSym.sequenceHeader.sequenceNumber, "CLO-F");
         break;
       }
       default: