perimeterx-js-core 0.11.0 → 0.12.1

package/lib/cjs/activities/utils.js

@@ -11,7 +11,7 @@ var createAsyncActivity = function (activityType, config, context) {
     return {
         type: activityType,
         px_app_id: config.appId,
-        url: context.requestData.rawUrl,
+        url: context.requestData.url.href,
         headers: activityType !== ActivityType_1.ActivityType.ADDITIONAL_S2S
             ? (0, exports.toHeaderEntryArray)((0, utils_1.removeSensitiveHeaders)(context.requestData.headers, config.sensitiveHeaders))
             : undefined,
@@ -74,6 +74,7 @@ var addRootContextDataToDetails = function (details, context) {
         tokenOrigin: 'cookie_origin',
         vidSource: 'enforcer_vid_source',
         graphqlData: 'graphql_operations',
+        enforcerStartTime: 'enforcer_start_time',
     });
 };
 exports.addRootContextDataToDetails = addRootContextDataToDetails;
@@ -131,6 +132,9 @@ var addRequestDataToDetails = function (details, requestData) {
         method: 'http_method',
         requestCookieNames: 'request_cookie_names',
     });
+    if (requestData.isUrlDifferentFromRawUrl) {
+        details.raw_url = requestData.rawUrl;
+    }
 };
 exports.addRequestDataToDetails = addRequestDataToDetails;
 var addTokenDataToDetails = function (details, _a) {
@@ -163,6 +167,7 @@ var addRiskApiDataToAsyncActivityCommonDetails = function (details, context) {
     (0, utils_1.transferExistingProperties)(context.riskApiData, details, {
         riskRtt: 'risk_rtt',
         s2sCallReason: 's2s_call_reason',
+        riskStartTime: 'risk_start_time',
     });
     if ((_a = context.riskApiData.riskResponse) === null || _a === void 0 ? void 0 : _a.additionalRiskInfo) {
         details.additional_risk_info = context.riskApiData.riskResponse.additionalRiskInfo;

package/lib/cjs/blocker/MobileBlocker.js

@@ -32,7 +32,7 @@ var MobileBlocker = /** @class */ (function (_super) {
         return context.isMobile;
     };
     MobileBlocker.prototype.createBlockBody = function (context) {
-        var blockData = (0, blocker_1.createBlockData)(this.config, context);
+        var blockData = (0, blocker_1.createBlockData)(this.config, context, this.base64Utils);
         var html = (0, blocker_1.renderHtml)(this.template, blockData);
         return JSON.stringify({
             action: blocker_1.BLOCK_ACTION_TO_WORD_MAP.get(blockData.blockAction),

package/lib/cjs/blocker/model/BlockActionToWordMap.js

@@ -6,4 +6,5 @@ exports.BLOCK_ACTION_TO_WORD_MAP = new Map([
     [BlockAction_1.BlockAction.CAPTCHA, 'captcha'],
     [BlockAction_1.BlockAction.RATE_LIMIT, 'ratelimit'],
     [BlockAction_1.BlockAction.CHALLENGE, 'challenge'],
+    [BlockAction_1.BlockAction.HYPE_SALE_CHALLENGE, 'captcha'], // this is what mobile HSC expects
 ]);

package/lib/cjs/blocker/utils.js

@@ -16,10 +16,11 @@ var renderHtml = function (htmlTemplate, blockData) {
     return htmlTemplate;
 };
 exports.renderHtml = renderHtml;
-var createBlockData = function (config, context) {
+var createBlockData = function (config, context, base64Utils) {
     var _a, _b;
     var captchaScriptSuffix = '/captcha.js';
-    var captchaParams = "?a=".concat(context.blockAction, "&u=").concat(context.uuid, "&v=").concat(context.vid || '', "&m=").concat(context.isMobile ? '1' : '0');
+    var b64EncodedUrl = base64Utils.base64Encode(context.requestData.url.href);
+    var captchaParams = "?a=".concat(context.blockAction, "&u=").concat(context.uuid, "&v=").concat(context.vid || '', "&m=").concat(context.isMobile ? '1' : '0', "&b=").concat(b64EncodedUrl);
     var jsClientSrc = "".concat(config.backendClientUrl, "/").concat(config.appId, "/main.min.js");
     var blockScript = "".concat(config.backendCaptchaUrl, "/").concat(config.appId).concat(captchaScriptSuffix).concat(captchaParams);
     var hostUrl = config.backendCollectorUrl;

package/lib/cjs/config/ConfigurationBase.js

@@ -620,6 +620,13 @@ var ConfigurationBase = /** @class */ (function () {
         enumerable: false,
         configurable: true
     });
+    Object.defineProperty(ConfigurationBase.prototype, "urlDecodeReservedCharacters", {
+        get: function () {
+            return this.configParams.px_url_decode_reserved_characters;
+        },
+        enumerable: false,
+        configurable: true
+    });
     return ConfigurationBase;
 }());
 exports.ConfigurationBase = ConfigurationBase;

package/lib/cjs/config/defaults/DefaultCommonConfigurationParams.js

@@ -116,4 +116,5 @@ exports.DEFAULT_COMMON_CONFIGURATION_PARAMS = {
     px_cors_create_custom_block_response_headers: null,
     px_remote_config_max_fetch_attempts: 5,
     px_remote_config_retry_interval_ms: 1000,
+    px_url_decode_reserved_characters: false,
 };

package/lib/cjs/config/remote_config/DefaultRemoteConfigUpdater.js

@@ -64,23 +64,25 @@ var DefaultRemoteConfigUpdater = /** @class */ (function () {
                 switch (_b.label) {
                     case 0:
                         this.config.logger.debug('identified an update remote config request');
-                        if (!this.isUpdateRequestValid(request)) {
+                        return [4 /*yield*/, this.isUpdateRequestValid(request)];
+                    case 1:
+                        if (!(_b.sent())) {
                             return [2 /*return*/, false];
                         }
                         return [4 /*yield*/, this.getUpdateRequestData(request)];
-                    case 1:
+                    case 2:
                         updateRequestData = _b.sent();
                         if (!updateRequestData) {
                             return [2 /*return*/, false];
                         }
                         return [4 /*yield*/, this.fetchRemoteConfig(updateRequestData)];
-                    case 2:
+                    case 3:
                         remoteConfig = _b.sent();
                         if (!remoteConfig) {
                             return [2 /*return*/, false];
                         }
                         return [4 /*yield*/, this.storageClient.save(remoteConfig)];
-                    case 3:
+                    case 4:
                         _b.sent();
                         this.config.logger.debug("successfully updated with remote config version ".concat(remoteConfig.version));
                         return [2 /*return*/, true];
@@ -89,14 +91,24 @@ var DefaultRemoteConfigUpdater = /** @class */ (function () {
         });
     };
     DefaultRemoteConfigUpdater.prototype.isUpdateRequestValid = function (request) {
-        var timestampHmacHeader = request.headers.get(utils_1.PUSH_DATA_HMAC_HEADER_NAME);
-        var isValid = this.timestampHmacHeaderValidator.isValid(timestampHmacHeader);
-        if (!isValid) {
-            this.config.logger.error("invalid timestamp hmac header received: ".concat(timestampHmacHeader), {
-                errorType: constants_1.WRITE_REMOTE_CONFIG_ERROR_NAME,
+        return __awaiter(this, void 0, void 0, function () {
+            var timestampHmacHeader, isValid;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        timestampHmacHeader = request.headers.get(utils_1.PUSH_DATA_HMAC_HEADER_NAME);
+                        return [4 /*yield*/, this.timestampHmacHeaderValidator.isValid(timestampHmacHeader)];
+                    case 1:
+                        isValid = _a.sent();
+                        if (!isValid) {
+                            this.config.logger.error("invalid timestamp hmac header received: ".concat(timestampHmacHeader), {
+                                errorType: constants_1.WRITE_REMOTE_CONFIG_ERROR_NAME,
+                            });
+                        }
+                        return [2 /*return*/, isValid];
+                }
             });
-        }
-        return isValid;
+        });
     };
     DefaultRemoteConfigUpdater.prototype.getUpdateRequestData = function (request) {
         return __awaiter(this, void 0, void 0, function () {

package/lib/cjs/context/DefaultContext.js

@@ -7,12 +7,12 @@ var risk_token_1 = require("../risk_token");
 var risk_api_1 = require("../risk_api");
 var http_1 = require("../http");
 var utils_1 = require("../utils");
-var DefaultUrlParser_1 = require("../impl/url_parser/DefaultUrlParser");
 var logger_1 = require("../logger");
 var DefaultContext = /** @class */ (function () {
     function DefaultContext(config, request, options) {
+        this.enforcerStartTime = Date.now();
         this.config = config;
-        this.urlParser = options.urlParser || new DefaultUrlParser_1.DefaultUrlParser();
+        this.urlUtils = options.urlUtils;
         this.tokenData = {
             tokenParseResult: risk_token_1.TokenParseResult.NONE,
         };
@@ -42,7 +42,8 @@ var DefaultContext = /** @class */ (function () {
     DefaultContext.prototype.createRequestData = function (config, request, cookieParser) {
         if (cookieParser === void 0) { cookieParser = new utils_1.StringSplitCookieParser(); }
         var rawUrl = request.url;
-        var url = this.urlParser.parse(rawUrl);
+        var url = this.normalizeUrl(rawUrl);
+        var isUrlDifferentFromRawUrl = rawUrl !== url.href;
         var method = request.method;
         var headers = request.headers;
         var cookies = DefaultContext.getCookies(cookieParser, request.headers.get(http_1.COOKIE_HEADER_NAME), request.headers.get(config.customCookieHeader));
@@ -62,6 +63,7 @@ var DefaultContext = /** @class */ (function () {
             requestCookieNames: requestCookieNames,
             request: request,
             httpVersion: httpVersion,
+            isUrlDifferentFromRawUrl: isUrlDifferentFromRawUrl,
         };
     };
     DefaultContext.getCookies = function (cookieParser) {
@@ -75,6 +77,19 @@ var DefaultContext = /** @class */ (function () {
         });
         return cookies;
     };
+    DefaultContext.prototype.normalizeUrl = function (rawUrl) {
+        var url = this.urlUtils.createUrl(rawUrl);
+        if (this.config.urlDecodeReservedCharacters) {
+            try {
+                url = this.urlUtils.createUrl("".concat(url.origin).concat(this.urlUtils.decodeUriComponent(url.pathname)).concat(url.search));
+            }
+            catch (e) {
+                this.config.logger.debug("unable to URL decode reserved characters: ".concat(e));
+            }
+        }
+        url.pathname = url.pathname.replace(/\/+$/, '').replace(/\/+/g, '/');
+        return url;
+    };
     DefaultContext.prototype.extractUserAgentFromHeader = function (config, headers) {
         var _a;
         var userAgent = ((_a = headers[http_1.USER_AGENT_HEADER_NAME]) === null || _a === void 0 ? void 0 : _a[0]) || '';

package/lib/cjs/enforcer/EnforcerBase.js

@@ -227,7 +227,7 @@ var EnforcerBase = /** @class */ (function () {
      * @protected
      */
     EnforcerBase.prototype.getInitializationBlock = function (config, options) {
-        var tokenVersion = options.tokenVersion, httpClient = options.httpClient, base64Utils = options.base64Utils, hmacUtils = options.hmacUtils, hashUtils = options.hashUtils, ipRangeChecker = options.ipRangeChecker;
+        var tokenVersion = options.tokenVersion, httpClient = options.httpClient, base64Utils = options.base64Utils, hmacUtils = options.hmacUtils, hashUtils = options.hashUtils, urlUtils = options.urlUtils, ipRangeChecker = options.ipRangeChecker;
         var cipherUtils = tokenVersion === risk_token_1.TokenVersion.V2 ? null : options.cipherUtils;
         var cors = options.cors || new cors_1.DefaultCors(config);
         var telemetry = options.telemetry || new telemetry_1.DefaultTelemetry(config, httpClient, base64Utils, hmacUtils);
@@ -263,6 +263,7 @@ var EnforcerBase = /** @class */ (function () {
             base64Utils: base64Utils,
             hmacUtils: hmacUtils,
             hashUtils: hashUtils,
+            urlUtils: urlUtils,
             ipRangeChecker: ipRangeChecker,
             cors: cors,
             telemetry: telemetry,
@@ -276,15 +277,15 @@ var EnforcerBase = /** @class */ (function () {
             remoteConfigServiceClient: remoteConfigServiceClient,
             remoteConfigUpdater: remoteConfigUpdater,
         };
-        var products = this.initializeProducts(config, options.products, base64Utils, hashUtils, ipRangeChecker);
+        var products = this.initializeProducts(config, options.products, base64Utils, hashUtils, urlUtils, ipRangeChecker);
         return __assign({ products: products }, allOptions);
     };
-    EnforcerBase.prototype.initializeProducts = function (config, products, base64Utils, hashUtils, ipRangeChecker) {
+    EnforcerBase.prototype.initializeProducts = function (config, products, base64Utils, hashUtils, urlUtils, ipRangeChecker) {
         var _a;
-        var botDefender = (products === null || products === void 0 ? void 0 : products.bd) || new products_1.BotDefender(config, { base64Utils: base64Utils, ipRangeChecker: ipRangeChecker });
+        var botDefender = (products === null || products === void 0 ? void 0 : products.bd) || new products_1.BotDefender(config, { base64Utils: base64Utils, ipRangeChecker: ipRangeChecker, urlUtils: urlUtils });
         var accountDefender = (products === null || products === void 0 ? void 0 : products.ad) || new products_1.AccountDefender(config, { base64Utils: base64Utils });
         var credentialIntelligence = config.ciEnabled
-            ? (products === null || products === void 0 ? void 0 : products.ci) || new products_1.CredentialIntelligence(config, hashUtils)
+            ? (products === null || products === void 0 ? void 0 : products.ci) || new products_1.CredentialIntelligence(config, { hashUtils: hashUtils, urlUtils: urlUtils })
             : null;
         var hypeSaleChallenge = (products === null || products === void 0 ? void 0 : products.hsc) || new products_2.HypeSaleChallenge(config, { base64Utils: base64Utils });
         return _a = {},

package/lib/cjs/http/interfaces/index.js

@@ -24,5 +24,3 @@ __exportStar(require("./IBody"), exports);
 __exportStar(require("./IHeaders"), exports);
 __exportStar(require("./IFormData"), exports);
 __exportStar(require("./ReadonlyHeaders"), exports);
-__exportStar(require("./IURL"), exports);
-__exportStar(require("./IURLSearchParams"), exports);

package/lib/cjs/http/utils/FormDataImpl.js

@@ -5,7 +5,7 @@ var FormDataImpl = /** @class */ (function () {
     function FormDataImpl(data) {
         this.data = data !== null && data !== void 0 ? data : {};
     }
-    FormDataImpl.prototype.append = function (name, value, fileName) {
+    FormDataImpl.prototype.append = function (name, value) {
         this.data[name] = (this.data[name] || []).concat(value);
     };
     FormDataImpl.prototype.delete = function (name) {
@@ -30,13 +30,10 @@ var FormDataImpl = /** @class */ (function () {
     FormDataImpl.prototype.has = function (name) {
         return this.get(name) !== null;
     };
-    FormDataImpl.prototype.set = function (name, value, filename) {
+    FormDataImpl.prototype.set = function (name, value) {
         if (typeof value === 'string') {
             this.data[name] = [value];
         }
-        else if (File) {
-            this.data[name] = [new File([value], filename)];
-        }
     };
     return FormDataImpl;
 }());

package/lib/cjs/http/utils/index.js

@@ -22,6 +22,3 @@ __exportStar(require("./MultipartFormDataUtils"), exports);
 __exportStar(require("./FormDataImpl"), exports);
 __exportStar(require("./MinimalResponseImpl"), exports);
 __exportStar(require("./OutgoingRequestImpl"), exports);
-__exportStar(require("./UrlImpl"), exports);
-__exportStar(require("./UrlSearchParamsImpl"), exports);
-__exportStar(require("./URLUtils"), exports);

package/lib/cjs/impl/cipher/CryptoCipherUtils.js

@@ -61,6 +61,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CryptoCipherUtils = void 0;
 var crypto = __importStar(require("crypto"));
+var utils_1 = require("../../utils");
 var CryptoCipherUtils = /** @class */ (function () {
     function CryptoCipherUtils(cryptoModule) {
         if (cryptoModule === void 0) { cryptoModule = crypto; }
@@ -72,7 +73,7 @@ var CryptoCipherUtils = /** @class */ (function () {
             return __generator(this, function (_a) {
                 keylen = (options === null || options === void 0 ? void 0 : options.keylen) || 32;
                 ivlen = (options === null || options === void 0 ? void 0 : options.ivlen) || 16;
-                derivation = this.crypto.pbkdf2Sync(secret, Buffer.from(salt, 'base64'), iterations, keylen + ivlen, 'sha256');
+                derivation = this.crypto.pbkdf2Sync(secret, Buffer.from(salt, 'base64'), iterations, keylen + ivlen, (0, utils_1.algoToCryptoString)(utils_1.Algorithm.SHA256));
                 key = derivation.subarray(0, keylen);
                 iv = derivation.subarray(keylen);
                 cipher = this.crypto.createDecipheriv('aes-256-cbc', key, iv);

package/lib/cjs/impl/hash/CryptoHashUtils.js

@@ -61,6 +61,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.CryptoHashUtils = void 0;
 var crypto = __importStar(require("crypto"));
+var utils_1 = require("../../utils");
 var CryptoHashUtils = /** @class */ (function () {
     function CryptoHashUtils(cryptoModule) {
         if (cryptoModule === void 0) { cryptoModule = crypto; }
@@ -69,7 +70,7 @@ var CryptoHashUtils = /** @class */ (function () {
     CryptoHashUtils.prototype.hashString = function (text, algo) {
         return __awaiter(this, void 0, void 0, function () {
             return __generator(this, function (_a) {
-                return [2 /*return*/, this.crypto.createHash(algo).update(text).digest('hex')];
+                return [2 /*return*/, this.crypto.createHash((0, utils_1.algoToCryptoString)(algo)).update(text).digest('hex')];
             });
         });
     };

package/lib/cjs/impl/hash/SubtleCryptoHashUtils.js

@@ -1,27 +1,4 @@
 "use strict";
-var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    var desc = Object.getOwnPropertyDescriptor(m, k);
-    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
-      desc = { enumerable: true, get: function() { return m[k]; } };
-    }
-    Object.defineProperty(o, k2, desc);
-}) : (function(o, m, k, k2) {
-    if (k2 === undefined) k2 = k;
-    o[k2] = m[k];
-}));
-var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
-    Object.defineProperty(o, "default", { enumerable: true, value: v });
-}) : function(o, v) {
-    o["default"] = v;
-});
-var __importStar = (this && this.__importStar) || function (mod) {
-    if (mod && mod.__esModule) return mod;
-    var result = {};
-    if (mod != null) for (var k in mod) if (k !== "default" && Object.prototype.hasOwnProperty.call(mod, k)) __createBinding(result, mod, k);
-    __setModuleDefault(result, mod);
-    return result;
-};
 var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
     function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
     return new (P || (P = Promise))(function (resolve, reject) {
@@ -60,7 +37,6 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.SubtleCryptoHashUtils = void 0;
-var crypto = __importStar(require("crypto"));
 var utils_1 = require("../../utils");
 var SubtleCryptoHashUtils = /** @class */ (function () {
     function SubtleCryptoHashUtils(subtleCrypto) {
@@ -74,7 +50,7 @@ var SubtleCryptoHashUtils = /** @class */ (function () {
                 switch (_a.label) {
                     case 0:
                         textUint8 = new TextEncoder().encode(text);
-                        return [4 /*yield*/, this.subtle.digest(this.convertAlgo(algo), textUint8)];
+                        return [4 /*yield*/, this.subtle.digest((0, utils_1.algoToSubtleCryptoString)(algo), textUint8)];
                     case 1:
                         hashBuffer = _a.sent();
                         hashArray = Array.from(new Uint8Array(hashBuffer));
@@ -83,13 +59,6 @@ var SubtleCryptoHashUtils = /** @class */ (function () {
             });
         });
     };
-    SubtleCryptoHashUtils.prototype.convertAlgo = function (algo) {
-        switch (algo) {
-            case utils_1.Algorithm.SHA256:
-            default:
-                return 'SHA-256';
-        }
-    };
     return SubtleCryptoHashUtils;
 }());
 exports.SubtleCryptoHashUtils = SubtleCryptoHashUtils;

package/lib/cjs/impl/hmac/CryptoHmacUtils.js

@@ -32,16 +32,11 @@ var CryptoHmacUtils = /** @class */ (function () {
         this.crypto = cryptoModule;
     }
     CryptoHmacUtils.prototype.createHmac = function (algo, payload, secret) {
-        switch (algo) {
-            case utils_1.Algorithm.SHA256:
-                var hmac = this.crypto.createHmac('sha256', secret);
-                hmac.setEncoding('hex');
-                hmac.write(payload);
-                hmac.end();
-                return hmac.read();
-            default:
-                return '';
-        }
+        var hmac = this.crypto.createHmac((0, utils_1.algoToCryptoString)(algo), secret);
+        hmac.setEncoding('hex');
+        hmac.write(payload);
+        hmac.end();
+        return hmac.read();
     };
     return CryptoHmacUtils;
 }());

package/lib/cjs/impl/hmac/SubtleCryptoHmacUtils.js

@@ -0,0 +1,72 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __generator = (this && this.__generator) || function (thisArg, body) {
+    var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g;
+    return g = { next: verb(0), "throw": verb(1), "return": verb(2) }, typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
+    function verb(n) { return function (v) { return step([n, v]); }; }
+    function step(op) {
+        if (f) throw new TypeError("Generator is already executing.");
+        while (g && (g = 0, op[0] && (_ = 0)), _) try {
+            if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
+            if (y = 0, t) op = [op[0] & 2, t.value];
+            switch (op[0]) {
+                case 0: case 1: t = op; break;
+                case 4: _.label++; return { value: op[1], done: false };
+                case 5: _.label++; y = op[1]; op = [0]; continue;
+                case 7: op = _.ops.pop(); _.trys.pop(); continue;
+                default:
+                    if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
+                    if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
+                    if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
+                    if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
+                    if (t[2]) _.ops.pop();
+                    _.trys.pop(); continue;
+            }
+            op = body.call(thisArg, _);
+        } catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
+        if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
+    }
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SubtleCryptoHmacUtils = void 0;
+var utils_1 = require("../../utils");
+var SubtleCryptoHmacUtils = /** @class */ (function () {
+    function SubtleCryptoHmacUtils(subtleCrypto) {
+        if (subtleCrypto === void 0) { subtleCrypto = crypto.subtle; }
+        this.subtle = subtleCrypto;
+    }
+    SubtleCryptoHmacUtils.prototype.createHmac = function (algo, payload, secret) {
+        return __awaiter(this, void 0, void 0, function () {
+            var encodedStr, encodedPassword, importedKey, signature;
+            return __generator(this, function (_a) {
+                switch (_a.label) {
+                    case 0:
+                        encodedStr = new TextEncoder().encode(payload);
+                        encodedPassword = new TextEncoder().encode(secret);
+                        return [4 /*yield*/, this.subtle.importKey('raw', encodedPassword, { name: 'HMAC', hash: { name: (0, utils_1.algoToSubtleCryptoString)(algo) } }, false, ['sign'])];
+                    case 1:
+                        importedKey = _a.sent();
+                        return [4 /*yield*/, this.subtle.sign({ name: 'HMAC' }, importedKey, encodedStr)];
+                    case 2:
+                        signature = _a.sent();
+                        return [2 /*return*/, this.bufferToHex(signature)];
+                }
+            });
+        });
+    };
+    SubtleCryptoHmacUtils.prototype.bufferToHex = function (buffer) {
+        return Array.prototype.map
+            .call(new Uint8Array(buffer), function (x) { return ('00' + x.toString(16)).slice(-2); })
+            .join('');
+    };
+    return SubtleCryptoHmacUtils;
+}());
+exports.SubtleCryptoHmacUtils = SubtleCryptoHmacUtils;

package/lib/cjs/impl/http/phin/PhinIncomingResponse.js

@@ -38,6 +38,7 @@ var __generator = (this && this.__generator) || function (thisArg, body) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.PhinIncomingResponse = void 0;
 var http_1 = require("../../../http");
+var DefaultUrlUtils_1 = require("../../url/DefaultUrlUtils");
 var PhinIncomingResponse = /** @class */ (function () {
     function PhinIncomingResponse(response) {
         this.status = response.statusCode;
@@ -67,9 +68,11 @@ var PhinIncomingResponse = /** @class */ (function () {
             return __generator(this, function (_c) {
                 switch (_c.label) {
                     case 0:
-                        _b = (_a = http_1.URLUtils).parseSearchParams;
+                        _b = (_a = new DefaultUrlUtils_1.DefaultUrlUtils()).createUrlSearchParams;
                         return [4 /*yield*/, this.text()];
-                    case 1: return [2 /*return*/, _b.apply(_a, [_c.sent()])];
+                    case 1: 
+                    // Using DefaultUrlUtils since Phin safely assumes Node.js environment
+                    return [2 /*return*/, _b.apply(_a, [_c.sent()])];
                 }
             });
         });

package/lib/cjs/impl/url/CustomImplUrlUtils.js

@@ -0,0 +1,71 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CustomImplUrlUtils = void 0;
+var utils_1 = require("../../utils");
+var UrlImpl_1 = require("./UrlImpl");
+var UrlSearchParamsImpl_1 = require("./UrlSearchParamsImpl");
+var CustomImplUrlUtils = /** @class */ (function () {
+    function CustomImplUrlUtils() {
+    }
+    CustomImplUrlUtils.prototype.createUrl = function (rawUrl) {
+        return new UrlImpl_1.UrlImpl(rawUrl);
+    };
+    CustomImplUrlUtils.prototype.createUrlSearchParams = function (params) {
+        return new UrlSearchParamsImpl_1.UrlSearchParamsImpl(this, params);
+    };
+    CustomImplUrlUtils.prototype.decodeUriComponent = function (uriComponent) {
+        // https://www.npmjs.com/package/as-uri-encode-decode
+        // Note: Does not work well with multibyte characters
+        var result = '';
+        for (var i = 0; i < uriComponent.length; i++) {
+            if (uriComponent.charAt(i) === '+') {
+                result += ' ';
+                continue;
+            }
+            if (uriComponent.charAt(i) === '%' &&
+                uriComponent.charAt(i + 1) !== '%' &&
+                uriComponent.charAt(i + 2) !== '%') {
+                var charCode = parseInt(uriComponent.charAt(i + 1) + uriComponent.charAt(i + 2), 16);
+                var char = String.fromCharCode(charCode);
+                result += char;
+                i += 2;
+                continue;
+            }
+            result += uriComponent.charAt(i);
+        }
+        return result;
+    };
+    CustomImplUrlUtils.prototype.encodeUriComponent = function (uriComponent) {
+        // https://www.npmjs.com/package/as-uri-encode-decode
+        // Note: Does not work well with multibyte characters
+        var result = '';
+        for (var i = 0; i < uriComponent.length; i++) {
+            var c = uriComponent.charAt(i);
+            if (this.isSafe(c)) {
+                result += c;
+            }
+            else {
+                result += '%' + c.charCodeAt(0).toString(16).toUpperCase();
+            }
+        }
+        return result;
+    };
+    CustomImplUrlUtils.prototype.encodeUri = function (uri) {
+        throw new utils_1.EnforcerError('method not implemented: CustomImplUrlUtils.encodeUri()');
+    };
+    CustomImplUrlUtils.prototype.decodeUri = function (uri) {
+        throw new utils_1.EnforcerError('method not implemented: CustomImplUrlUtils.decodeUri()');
+    };
+    CustomImplUrlUtils.prototype.isSafe = function (c) {
+        return ((c >= 'a' && c <= 'z') ||
+            (c >= 'A' && c <= 'Z') ||
+            (c >= '0' && c <= '9') ||
+            c == '-' ||
+            c == '_' ||
+            c == '.' ||
+            c == '*' ||
+            c == '!');
+    };
+    return CustomImplUrlUtils;
+}());
+exports.CustomImplUrlUtils = CustomImplUrlUtils;

package/lib/cjs/impl/url/DefaultUrlUtils.js

@@ -0,0 +1,27 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultUrlUtils = void 0;
+var DefaultUrlUtils = /** @class */ (function () {
+    function DefaultUrlUtils() {
+    }
+    DefaultUrlUtils.prototype.createUrl = function (rawUrl) {
+        return new URL(rawUrl);
+    };
+    DefaultUrlUtils.prototype.createUrlSearchParams = function (params) {
+        return new URLSearchParams(params);
+    };
+    DefaultUrlUtils.prototype.decodeUriComponent = function (uriComponent) {
+        return decodeURIComponent(uriComponent);
+    };
+    DefaultUrlUtils.prototype.encodeUriComponent = function (uriComponent) {
+        return encodeURIComponent(uriComponent);
+    };
+    DefaultUrlUtils.prototype.decodeUri = function (uri) {
+        return decodeURI(uri);
+    };
+    DefaultUrlUtils.prototype.encodeUri = function (uri) {
+        return encodeURI(uri);
+    };
+    return DefaultUrlUtils;
+}());
+exports.DefaultUrlUtils = DefaultUrlUtils;

package/lib/cjs/{http/utils → impl/url}/UrlImpl.js

@@ -2,7 +2,8 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.UrlImpl = void 0;
 var utils_1 = require("../../utils");
-var URLUtils_1 = require("./URLUtils");
+var UrlSearchParamsImpl_1 = require("./UrlSearchParamsImpl");
+var CustomImplUrlUtils_1 = require("./CustomImplUrlUtils");
 var UrlImpl = /** @class */ (function () {
     function UrlImpl(rawUrl) {
         var match = rawUrl.match(utils_1.URL_REGEX);
@@ -56,7 +57,7 @@ var UrlImpl = /** @class */ (function () {
     });
     Object.defineProperty(UrlImpl.prototype, "searchParams", {
         get: function () {
-            return URLUtils_1.URLUtils.parseSearchParams(this.search);
+            return new UrlSearchParamsImpl_1.UrlSearchParamsImpl(new CustomImplUrlUtils_1.CustomImplUrlUtils(), this.search);
         },
         enumerable: false,
         configurable: true