npm - presidium - Versions diffs - 2.0.0 → 2.1.0 - Mend

presidium 2.0.0 → 2.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (11) hide show

package/Archive.js +11 -2
package/HTTP.js +1 -0
package/Password.js +25 -8
package/S3Bucket.js +14 -11
package/StrictValidator.js +1 -1
package/internal/encodeURIComponentRFC3986.js +15 -0
package/internal/encodeURIComponentRFC3986.test.js +35 -0
package/internal/walk.js +15 -0
package/package.json +4 -6
package/internal/pathWalk.js +0 -55
package/internal/pathWalk.test.js +0 -25

package/Archive.js CHANGED Viewed

@@ -1,6 +1,7 @@
+require('rubico/global')
 const tar = require('tar-stream')
 const fs = require('fs/promises')
-const pathWalk = require('./internal/pathWalk')
+const walk = require('./internal/walk')
 const isArray = require('./internal/isArray')
 const parsePath = require('./internal/parsePath')
 const pipe = require('rubico/pipe')
@@ -50,7 +51,15 @@ class Archive {
     const pack = tar.pack()
     pipe(path, [
-      curry.arity(2, pathWalk, __, { ignore }),
+      walk,
+      filter(path => {
+        for (const part of ignore) {
+          if (path.includes(part)) {
+            return false
+          }
+        }
+        return true
+      }),
       reduce(async (pack, filepath) => {
         pack.entry({

package/HTTP.js CHANGED Viewed

@@ -69,6 +69,7 @@ class HTTP {
   request(options) {
     const { body, ...requestOptions } = options
     return new Promise((resolve, reject) => {
       const client = requestOptions.protocol == 'https:' ? https : http
       const request = client.request(requestOptions, response => {

package/Password.js CHANGED Viewed

@@ -1,4 +1,4 @@
-const bcrypt = require('bcrypt')
+const crypto = require('crypto')
 /**
  * @name Password
@@ -31,9 +31,15 @@ const Password = {}
  * ```
  */
 Password.hash = async function hash(plaintext) {
-  const salt = await bcrypt.genSalt(10)
-  const hashed = await bcrypt.hash(plaintext, salt)
-  return hashed
+  return new Promise((resolve, reject) => {
+    const salt = crypto.randomBytes(10).toString('hex')
+    crypto.scrypt(plaintext, salt, 64, (error, derivedKey) => {
+      if (error) {
+        reject(error)
+      }
+      resolve(`${salt}:${derivedKey.toString('hex')}`)
+    })
+  })
 }
 /**
@@ -68,11 +74,22 @@ Password.hash = async function hash(plaintext) {
  */
 Password.verify = async function verify(plaintext, hashed) {
-  const isValid = await bcrypt.compare(plaintext, hashed)
-  if (!isValid) {
-    throw new Error('Invalid password')
+  const [salt, derivedKey] = hashed.split(':')
+  const hashedPlaintext = await Password.hash(plaintext)
+  const hashed1 = await new Promise((resolve, reject) => {
+    crypto.scrypt(plaintext, salt, 64, (error, derivedKey1) => {
+      if (error) {
+        reject(error)
+      }
+      resolve(`${salt}:${derivedKey1.toString('hex')}`)
+    })
+  })
+  if (hashed == hashed1) {
+    return undefined
   }
-  return undefined
+  throw new Error('Invalid password')
 }
 module.exports = Password

package/S3Bucket.js CHANGED Viewed

@@ -9,6 +9,8 @@ const AwsError = require('./internal/AwsError')
 const parseURL = require('./internal/parseURL')
 const createS3DeleteObjectError = require('./internal/createS3DeleteObjectError')
 const XML = require('./XML')
+const HTMLEntities = require('html-entities')
+const encodeURIComponentRFC3986 = require('./internal/encodeURIComponentRFC3986')
 /**
  * @name S3Bucket
@@ -327,10 +329,10 @@ class S3Bucket {
     if (response.ok) {
       const text = await Readable.Text(response)
-      const data = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       return {
-        LocationConstraint: typeof data.LocationConstraint == 'string'
-          ? data.LocationConstraint
+        LocationConstraint: typeof xmlData.LocationConstraint == 'string'
+          ? xmlData.LocationConstraint
           : null
       }
     }
@@ -979,7 +981,8 @@ class S3Bucket {
         options.ObjectLockLegalHoldStatus
     }
-    const response = await this._awsRequest1('PUT', `/${key}`, headers, body)
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
+    const response = await this._awsRequest1('PUT', `/${encodedKey}`, headers, body)
     if (response.ok) {
       const data = {}
@@ -1510,7 +1513,7 @@ class S3Bucket {
       const data = {}
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       let Grants = xmlData.AccessControlPolicy?.AccessControlList?.Grant
       if (!Array.isArray(Grants)) {
         Grants = [Grants]
@@ -2077,12 +2080,12 @@ class S3Bucket {
   ${
     keys.map(key => typeof key == 'string' ? `
    <Object>
-      <Key>${key}</Key>
+      <Key>${HTMLEntities.encode(key)}</Key>
    </Object>
     `.trim() : `
    <Object>
-      <Key>${key.Key}</Key>
-      <VersionId>${key.VersionId}</VersionId>
+      <Key>${HTMLEntities.encode(key.Key)}</Key>
+      <VersionId>${HTMLEntities.encode(key.VersionId)}</VersionId>
    </Object>
     `.trim()).join('\n')
   }
@@ -2095,7 +2098,7 @@ class S3Bucket {
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       const data = {}
       data.Deleted = xmlData.DeleteResult.Deleted ?? []
@@ -2366,7 +2369,7 @@ class S3Bucket {
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       const data = {}
@@ -2535,7 +2538,7 @@ class S3Bucket {
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       const data = {}

package/StrictValidator.js CHANGED Viewed

@@ -14,7 +14,7 @@
  * ) -> strictValidator Validator
  * ```
  *
- * Creates a strict validator. A strict validator validates each field of a `data` object with the corresponding `parserValidator` function. A strict validator throws an error if any of the required fields specified by the `parserValidatorSchema` are missing.
+ * Creates a strict validator. A strict validator validates each field of a `data` object with the corresponding `parserValidator` function. A strict validator throws an error if any of the required fields specified by the `parserValidatorSchema` are missing (not in the data object).
  *
  * Arguments:
  *   * `parserValidatorSchema` - an object of parser validator functions.

package/internal/encodeURIComponentRFC3986.js ADDED Viewed

@@ -0,0 +1,15 @@
+/**
+ * @name encodeURIComponentRFC3986
+ *
+ * @docs
+ * ```coffeescript [specscript]
+ * encodeURIComponentRFC3986(str string) -> encoded string
+ * ```
+ */
+function encodeURIComponentRFC3986(str) {
+  return encodeURIComponent(str).replace(/[!'()*]/g, function(c) {
+    return '%' + c.charCodeAt(0).toString(16).toUpperCase()
+  })
+}
+module.exports = encodeURIComponentRFC3986

package/internal/encodeURIComponentRFC3986.test.js ADDED Viewed

@@ -0,0 +1,35 @@
+const Test = require('thunk-test')
+const encodeURIComponentRFC3986 = require('./encodeURIComponentRFC3986')
+const test = new Test('encodeURIComponentRFC3986', encodeURIComponentRFC3986)
+.case('aaa', 'aaa')
+.case('', '')
+.case(':', '%3A')
+.case('/', '%2F')
+.case('?', '%3F')
+.case('#', '%23')
+.case('[', '%5B')
+.case(']', '%5D')
+.case('@', '%40')
+.case('!', '%21')
+.case('$', '%24')
+.case('&', '%26')
+.case('\'', '%27')
+.case('(', '%28')
+.case(')', '%29')
+.case('*', '%2A')
+.case('+', '%2B')
+.case(',', '%2C')
+.case(';', '%3B')
+.case('=', '%3D')
+.case('%', '%25')
+.case(' ', '%20')
+.case(undefined, 'undefined')
+.case(null, 'null')
+if (process.argv[1] == __filename) {
+  test()
+}
+module.exports = test

package/internal/walk.js ADDED Viewed

@@ -0,0 +1,15 @@
+const fs = require('fs');
+const path = require('path');
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+module.exports = walk

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "presidium",
-  "version": "2.0.0",
+  "version": "2.1.0",
   "description": "A library for creating web services",
   "author": "Richard Tong",
   "license": "MIT",
@@ -59,11 +59,10 @@
     "xml"
   ],
   "dependencies": {
-    "bcrypt": "^5.1.0",
-    "minimatch": "^9.0.3",
-    "presidium-websocket": ">=1.1.2",
+    "html-entities": "^2.6.0",
+    "presidium-websocket": ">=2.0.1",
     "rubico": "^2.7.7",
-    "tar-stream": "^2.1.4"
+    "tar-stream": "^3.1.7"
   },
   "scripts": {
     "test": "node test.js && mocha **/*.test.js *.test.js",
@@ -73,7 +72,6 @@
     "@aws-sdk/crc64-nvme-crt": "^3.848.0",
     "eslint": "^7.13.0",
     "fast-crc32c": "^2.0.0",
-    "glob": "^7.1.6",
     "mocha": "^10.8.2",
     "nyc": "^17.1.0",
     "thunk-test": "^1.3.1",

package/internal/pathWalk.js DELETED Viewed

@@ -1,55 +0,0 @@
-require('rubico/global')
-const fs = require('fs/promises')
-const { minimatch } = require('minimatch')
-const resolvePath = require('./resolvePath')
-const isArray = require('./isArray')
-/**
- * @name pathWalk
- *
- * @docs
- * ```coffeescript [specscript]
- * pathWalk(path, options? {
- *   ignore: Array<string>, // names or paths
- * }) -> Promise<Array<string>>
- * ```
- *
- * ```javascript
- * pathWalk('./my/path/', {
- *   ignore: ['node_modules', '.github'],
- * }) // -> Promise<paths Array<string>>
- * ```
- */
-const pathWalk = async function (path, options = {}) {
-  const { ignore = [] } = options
-  const absPath = resolvePath(path)
-  const dirents = await fs.readdir(absPath, { withFileTypes: true })
-  const result = []
-  for (const dirent of dirents) {
-    const dirName = dirent.name
-    const dirPath = resolvePath(path, dirName)
-    let shouldIgnore = false
-    for (const pattern of ignore) {
-      if (minimatch(dirPath, pattern) || minimatch(dirName, pattern)) {
-        shouldIgnore = true
-        break
-      }
-    }
-    if (shouldIgnore) {
-      continue
-    }
-    if (dirent.isDirectory()) {
-      const subPaths = await pathWalk(dirPath, options)
-      result.push(...subPaths)
-    } else {
-      result.push(dirPath)
-    }
-  }
-  return result
-}
-module.exports = pathWalk

package/internal/pathWalk.test.js DELETED Viewed

@@ -1,25 +0,0 @@
-const assert = require('assert')
-const Test = require('thunk-test')
-const pathWalk = require('./pathWalk')
-const resolvePath = require('./resolvePath')
-const test = Test('pathWalk', pathWalk)
-.case(__dirname, function (paths) {
-  assert(paths.length > 0)
-  this.allInternalPaths = paths
-})
-.case(__dirname, { ignore: ['pathWalk.js'] }, function (paths) {
-  assert.equal(paths.length, this.allInternalPaths.length - 1)
-})
-.case(__dirname, { ignore: [resolvePath(__dirname, 'pathWalk.js')] }, function (paths) {
-  assert.equal(paths.length, this.allInternalPaths.length - 1)
-})
-if (process.argv[1] == __filename) {
-  test()
-}
-module.exports = test