pg 8.8.0 → 8.9.0

package/README.md

@@ -46,18 +46,7 @@ You can also follow me [@briancarlson](https://twitter.com/briancarlson) if that
 
 ## Sponsorship :two_hearts:
 
-node-postgres's continued development has been made possible in part by generous finanical support from [the community](https://github.com/brianc/node-postgres/blob/master/SPONSORS.md) and these featured sponsors:
-
-<div align="center">
-<a href="https://crate.io" target="_blank">
-  <img height="80" src="https://node-postgres.com/crate-io.png" />
-</a>
-
-<img src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABQAAAABCAQAAAB0m0auAAAADElEQVR42mNkIBIAAABSAAI2VLqiAAAAAElFTkSuQmCC" />
-<a href="https://www.eaze.com" target="_blank">
-  <img height="80" src="https://node-postgres.com/eaze.png" />
-</a>
-</div>
+node-postgres's continued development has been made possible in part by generous finanical support from [the community](https://github.com/brianc/node-postgres/blob/master/SPONSORS.md).
 
 If you or your company are benefiting from node-postgres and would like to help keep the project financially sustainable [please consider supporting](https://github.com/sponsors/brianc) its development.
 

package/lib/client.js

@@ -1,7 +1,6 @@
 'use strict'
 
 var EventEmitter = require('events').EventEmitter
-var util = require('util')
 var utils = require('./utils')
 var sasl = require('./sasl')
 var pgPass = require('pgpass')
@@ -248,19 +247,31 @@ class Client extends EventEmitter {
 
   _handleAuthSASL(msg) {
     this._checkPgPass(() => {
-      this.saslSession = sasl.startSession(msg.mechanisms)
-      this.connection.sendSASLInitialResponseMessage(this.saslSession.mechanism, this.saslSession.response)
+      try {
+        this.saslSession = sasl.startSession(msg.mechanisms)
+        this.connection.sendSASLInitialResponseMessage(this.saslSession.mechanism, this.saslSession.response)
+      } catch (err) {
+        this.connection.emit('error', err)
+      }
     })
   }
 
   _handleAuthSASLContinue(msg) {
-    sasl.continueSession(this.saslSession, this.password, msg.data)
-    this.connection.sendSCRAMClientFinalMessage(this.saslSession.response)
+    try {
+      sasl.continueSession(this.saslSession, this.password, msg.data)
+      this.connection.sendSCRAMClientFinalMessage(this.saslSession.response)
+    } catch (err) {
+      this.connection.emit('error', err)
+    }
   }
 
   _handleAuthSASLFinal(msg) {
-    sasl.finalizeSession(this.saslSession, msg.data)
-    this.saslSession = null
+    try {
+      sasl.finalizeSession(this.saslSession, msg.data)
+      this.saslSession = null
+    } catch (err) {
+      this.connection.emit('error', err)
+    }
   }
 
   _handleBackendKeyData(msg) {

package/lib/connection.js

@@ -14,7 +14,12 @@ class Connection extends EventEmitter {
   constructor(config) {
     super()
     config = config || {}
+
     this.stream = config.stream || new net.Socket()
+    if (typeof this.stream === 'function') {
+      this.stream = this.stream(config)
+    }
+
     this._keepAlive = config.keepAlive
     this._keepAliveInitialDelayMillis = config.keepAliveInitialDelayMillis
     this.lastBuffer = false
@@ -173,7 +178,6 @@ class Connection extends EventEmitter {
 
   sync() {
     this._ending = true
-    this._send(flushBuffer)
     this._send(syncBuffer)
   }
 

package/lib/native/client.js

@@ -3,7 +3,6 @@
 // eslint-disable-next-line
 var Native = require('pg-native')
 var TypeOverrides = require('../type-overrides')
-var pkg = require('../../package.json')
 var EventEmitter = require('events').EventEmitter
 var util = require('util')
 var ConnectionParameters = require('../connection-parameters')

package/lib/sasl.js

@@ -23,6 +23,9 @@ function continueSession(session, password, serverData) {
   if (typeof password !== 'string') {
     throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: client password must be a string')
   }
+  if (password === '') {
+    throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: client password must be a non-empty string')
+  }
   if (typeof serverData !== 'string') {
     throw new Error('SASL: SCRAM-SERVER-FIRST-MESSAGE: serverData must be a string')
   }
@@ -37,7 +40,7 @@ function continueSession(session, password, serverData) {
 
   var saltBytes = Buffer.from(sv.salt, 'base64')
 
-  var saltedPassword = Hi(password, saltBytes, sv.iteration)
+  var saltedPassword = crypto.pbkdf2Sync(password, saltBytes, sv.iteration, 32, 'sha256')
 
   var clientKey = hmacSha256(saltedPassword, 'Client Key')
   var storedKey = sha256(clientKey)
@@ -191,17 +194,6 @@ function hmacSha256(key, msg) {
   return crypto.createHmac('sha256', key).update(msg).digest()
 }
 
-function Hi(password, saltBytes, iterations) {
-  var ui1 = hmacSha256(password, Buffer.concat([saltBytes, Buffer.from([0, 0, 0, 1])]))
-  var ui = ui1
-  for (var i = 0; i < iterations - 1; i++) {
-    ui1 = hmacSha256(password, ui1)
-    ui = xorBuffers(ui, ui1)
-  }
-
-  return ui
-}
-
 module.exports = {
   startSession,
   continueSession,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pg",
-  "version": "8.8.0",
+  "version": "8.9.0",
   "description": "PostgreSQL client - pure javascript & libpq with the same API",
   "keywords": [
     "database",
@@ -24,7 +24,7 @@
     "packet-reader": "1.0.0",
     "pg-connection-string": "^2.5.0",
     "pg-pool": "^3.5.2",
-    "pg-protocol": "^1.5.0",
+    "pg-protocol": "^1.6.0",
     "pg-types": "^2.1.0",
     "pgpass": "1.x"
   },
@@ -53,5 +53,5 @@
   "engines": {
     "node": ">= 8.0.0"
   },
-  "gitHead": "c99fb2c127ddf8d712500db2c7b9a5491a178655"
+  "gitHead": "20a243e8b30926a348cafc44177e95345618f7bc"
 }