pg 8.11.1 → 8.11.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/crypto/utils-webcrypto.js +83 -0
  2. package/lib/crypto/utils.js +2 -85
  3. package/package.json +3 -3
package/lib/crypto/utils-webcrypto.js ADDED
@@ -0,0 +1,83 @@
1
+ const nodeCrypto = require('crypto')
2
+
3
+ module.exports = {
4
+ postgresMd5PasswordHash,
5
+ randomBytes,
6
+ deriveKey,
7
+ sha256,
8
+ hmacSha256,
9
+ md5,
10
+ }
11
+
12
+ /**
13
+ * The Web Crypto API - grabbed from the Node.js library or the global
14
+ * @type Crypto
15
+ */
16
+ const webCrypto = nodeCrypto.webcrypto || globalThis.crypto
17
+ /**
18
+ * The SubtleCrypto API for low level crypto operations.
19
+ * @type SubtleCrypto
20
+ */
21
+ const subtleCrypto = webCrypto.subtle
22
+ const textEncoder = new TextEncoder()
23
+
24
+ /**
25
+ *
26
+ * @param {*} length
27
+ * @returns
28
+ */
29
+ function randomBytes(length) {
30
+ return webCrypto.getRandomValues(Buffer.alloc(length))
31
+ }
32
+
33
+ async function md5(string) {
34
+ try {
35
+ return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
36
+ } catch (e) {
37
+ // `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead.
38
+ // Note that the MD5 algorithm on WebCrypto is not available in Node.js.
39
+ // This is why we cannot just use WebCrypto in all environments.
40
+ const data = typeof string === 'string' ? textEncoder.encode(string) : string
41
+ const hash = await subtleCrypto.digest('MD5', data)
42
+ return Array.from(new Uint8Array(hash))
43
+ .map((b) => b.toString(16).padStart(2, '0'))
44
+ .join('')
45
+ }
46
+ }
47
+
48
+ // See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
49
+ async function postgresMd5PasswordHash(user, password, salt) {
50
+ var inner = await md5(password + user)
51
+ var outer = await md5(Buffer.concat([Buffer.from(inner), salt]))
52
+ return 'md5' + outer
53
+ }
54
+
55
+ /**
56
+ * Create a SHA-256 digest of the given data
57
+ * @param {Buffer} data
58
+ */
59
+ async function sha256(text) {
60
+ return await subtleCrypto.digest('SHA-256', text)
61
+ }
62
+
63
+ /**
64
+ * Sign the message with the given key
65
+ * @param {ArrayBuffer} keyBuffer
66
+ * @param {string} msg
67
+ */
68
+ async function hmacSha256(keyBuffer, msg) {
69
+ const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])
70
+ return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg))
71
+ }
72
+
73
+ /**
74
+ * Derive a key from the password and salt
75
+ * @param {string} password
76
+ * @param {Uint8Array} salt
77
+ * @param {number} iterations
78
+ */
79
+ async function deriveKey(password, salt, iterations) {
80
+ const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits'])
81
+ const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations }
82
+ return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits'])
83
+ }
package/lib/crypto/utils.js CHANGED
@@ -4,89 +4,6 @@ const useLegacyCrypto = parseInt(process.versions && process.versions.node && pr
4
4
  if (useLegacyCrypto) {
5
5
  // We are on an old version of Node.js that requires legacy crypto utilities.
6
6
  module.exports = require('./utils-legacy')
7
- return
8
- }
9
-
10
- const nodeCrypto = require('crypto')
11
-
12
- module.exports = {
13
- postgresMd5PasswordHash,
14
- randomBytes,
15
- deriveKey,
16
- sha256,
17
- hmacSha256,
18
- md5,
19
- }
20
-
21
- /**
22
- * The Web Crypto API - grabbed from the Node.js library or the global
23
- * @type Crypto
24
- */
25
- const webCrypto = nodeCrypto.webcrypto || globalThis.crypto
26
- /**
27
- * The SubtleCrypto API for low level crypto operations.
28
- * @type SubtleCrypto
29
- */
30
- const subtleCrypto = webCrypto.subtle
31
- const textEncoder = new TextEncoder()
32
-
33
- /**
34
- *
35
- * @param {*} length
36
- * @returns
37
- */
38
- function randomBytes(length) {
39
- return webCrypto.getRandomValues(Buffer.alloc(length))
40
- }
41
-
42
- async function md5(string) {
43
- try {
44
- return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex')
45
- } catch (e) {
46
- // `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead.
47
- // Note that the MD5 algorithm on WebCrypto is not available in Node.js.
48
- // This is why we cannot just use WebCrypto in all environments.
49
- const data = typeof string === 'string' ? textEncoder.encode(string) : string
50
- const hash = await subtleCrypto.digest('MD5', data)
51
- return Array.from(new Uint8Array(hash))
52
- .map((b) => b.toString(16).padStart(2, '0'))
53
- .join('')
54
- }
55
- }
56
-
57
- // See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html
58
- async function postgresMd5PasswordHash(user, password, salt) {
59
- var inner = await md5(password + user)
60
- var outer = await md5(Buffer.concat([Buffer.from(inner), salt]))
61
- return 'md5' + outer
62
- }
63
-
64
- /**
65
- * Create a SHA-256 digest of the given data
66
- * @param {Buffer} data
67
- */
68
- async function sha256(text) {
69
- return await subtleCrypto.digest('SHA-256', text)
70
- }
71
-
72
- /**
73
- * Sign the message with the given key
74
- * @param {ArrayBuffer} keyBuffer
75
- * @param {string} msg
76
- */
77
- async function hmacSha256(keyBuffer, msg) {
78
- const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign'])
79
- return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg))
80
- }
81
-
82
- /**
83
- * Derive a key from the password and salt
84
- * @param {string} password
85
- * @param {Uint8Array} salt
86
- * @param {number} iterations
87
- */
88
- async function deriveKey(password, salt, iterations) {
89
- const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits'])
90
- const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations }
91
- return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits'])
7
+ } else {
8
+ module.exports = require('./utils-webcrypto');
92
9
  }
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "pg",
3
- "version": "8.11.1",
3
+ "version": "8.11.2",
4
4
  "description": "PostgreSQL client - pure javascript & libpq with the same API",
5
5
  "keywords": [
6
6
  "database",
@@ -22,7 +22,7 @@
22
22
  "dependencies": {
23
23
  "buffer-writer": "2.0.0",
24
24
  "packet-reader": "1.0.0",
25
- "pg-connection-string": "^2.6.1",
25
+ "pg-connection-string": "^2.6.2",
26
26
  "pg-pool": "^3.6.1",
27
27
  "pg-protocol": "^1.6.0",
28
28
  "pg-types": "^2.1.0",
@@ -60,5 +60,5 @@
60
60
  "engines": {
61
61
  "node": ">= 8.0.0"
62
62
  },
63
- "gitHead": "eaafac36dc8f4a13f1fecc9e3420d35559fd8e2b"
63
+ "gitHead": "a2a355a6807bf75d92d7f0cb0f219588811a5356"
64
64
  }