presidium 2.0.1 → 2.1.1

package/Archive.js

@@ -1,6 +1,7 @@
+require('rubico/global')
 const tar = require('tar-stream')
 const fs = require('fs/promises')
-const pathWalk = require('./internal/pathWalk')
+const walk = require('./internal/walk')
 const isArray = require('./internal/isArray')
 const parsePath = require('./internal/parsePath')
 const pipe = require('rubico/pipe')
@@ -50,7 +51,15 @@ class Archive {
     const pack = tar.pack()
 
     pipe(path, [
-      curry.arity(2, pathWalk, __, { ignore }),
+      walk,
+      filter(path => {
+        for (const part of ignore) {
+          if (path.includes(part)) {
+            return false
+          }
+        }
+        return true
+      }),
 
       reduce(async (pack, filepath) => {
         pack.entry({

package/HTTP.js

@@ -69,6 +69,7 @@ class HTTP {
 
   request(options) {
     const { body, ...requestOptions } = options
+
     return new Promise((resolve, reject) => {
       const client = requestOptions.protocol == 'https:' ? https : http
       const request = client.request(requestOptions, response => {

package/Password.js

@@ -1,4 +1,4 @@
-const bcrypt = require('bcrypt')
+const crypto = require('crypto')
 
 /**
  * @name Password
@@ -31,9 +31,15 @@ const Password = {}
  * ```
  */
 Password.hash = async function hash(plaintext) {
-  const salt = await bcrypt.genSalt(10)
-  const hashed = await bcrypt.hash(plaintext, salt)
-  return hashed
+  return new Promise((resolve, reject) => {
+    const salt = crypto.randomBytes(10).toString('hex')
+    crypto.scrypt(plaintext, salt, 64, (error, derivedKey) => {
+      if (error) {
+        reject(error)
+      }
+      resolve(`${salt}:${derivedKey.toString('hex')}`)
+    })
+  })
 }
 
 /**
@@ -68,11 +74,22 @@ Password.hash = async function hash(plaintext) {
  */
 
 Password.verify = async function verify(plaintext, hashed) {
-  const isValid = await bcrypt.compare(plaintext, hashed)
-  if (!isValid) {
-    throw new Error('Invalid password')
+  const [salt, derivedKey] = hashed.split(':')
+  const hashedPlaintext = await Password.hash(plaintext)
+
+  const hashed1 = await new Promise((resolve, reject) => {
+    crypto.scrypt(plaintext, salt, 64, (error, derivedKey1) => {
+      if (error) {
+        reject(error)
+      }
+      resolve(`${salt}:${derivedKey1.toString('hex')}`)
+    })
+  })
+
+  if (hashed == hashed1) {
+    return undefined
   }
-  return undefined
+  throw new Error('Invalid password')
 }
 
 module.exports = Password

package/S3Bucket.js

@@ -9,6 +9,8 @@ const AwsError = require('./internal/AwsError')
 const parseURL = require('./internal/parseURL')
 const createS3DeleteObjectError = require('./internal/createS3DeleteObjectError')
 const XML = require('./XML')
+const HTMLEntities = require('html-entities')
+const encodeURIComponentRFC3986 = require('./internal/encodeURIComponentRFC3986')
 
 /**
  * @name S3Bucket
@@ -327,10 +329,10 @@ class S3Bucket {
 
     if (response.ok) {
       const text = await Readable.Text(response)
-      const data = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       return {
-        LocationConstraint: typeof data.LocationConstraint == 'string'
-          ? data.LocationConstraint
+        LocationConstraint: typeof xmlData.LocationConstraint == 'string'
+          ? xmlData.LocationConstraint
           : null
       }
     }
@@ -979,7 +981,8 @@ class S3Bucket {
         options.ObjectLockLegalHoldStatus
     }
 
-    const response = await this._awsRequest1('PUT', `/${key}`, headers, body)
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
+    const response = await this._awsRequest1('PUT', `/${encodedKey}`, headers, body)
 
     if (response.ok) {
       const data = {}
@@ -1306,11 +1309,12 @@ class S3Bucket {
       searchParams.set('versionId', options.VersionId)
     }
 
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
     const response = await this._awsRequest1(
       'GET',
       searchParams.size > 0
-        ? `/${key}?${searchParams.toString()}`
-        : `/${key}`,
+        ? `/${encodedKey}?${searchParams.toString()}`
+        : `/${encodedKey}`,
       headers,
       ''
     )
@@ -1497,11 +1501,12 @@ class S3Bucket {
       searchParams.set('versionId', options.VersionId)
     }
 
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
     const response = await this._awsRequest1(
       'GET',
       searchParams.size > 0
-        ? `/${key}?acl&${searchParams.toString()}`
-        : `/${key}?acl`,
+        ? `/${encodedKey}?acl&${searchParams.toString()}`
+        : `/${encodedKey}?acl`,
       headers,
       ''
     )
@@ -1510,7 +1515,7 @@ class S3Bucket {
       const data = {}
 
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
       let Grants = xmlData.AccessControlPolicy?.AccessControlList?.Grant
       if (!Array.isArray(Grants)) {
         Grants = [Grants]
@@ -1747,11 +1752,12 @@ class S3Bucket {
       searchParams.set('versionId', options.VersionId)
     }
 
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
     const response = await this._awsRequest1(
       'HEAD',
       searchParams.size > 0
-        ? `/${key}?${searchParams.toString()}`
-        : `/${key}`,
+        ? `/${encodedKey}?${searchParams.toString()}`
+        : `/${encodedKey}`,
       headers,
       ''
     )
@@ -1973,11 +1979,12 @@ class S3Bucket {
       searchParams.set('versionId', options.VersionId)
     }
 
+    const encodedKey = encodeURIComponentRFC3986(key).replace(/%2F/g, '/')
     const response = await this._awsRequest1(
       'DELETE',
       searchParams.size > 0
-        ? `/${key}?${searchParams.toString()}`
-        : `/${key}`,
+        ? `/${encodedKey}?${searchParams.toString()}`
+        : `/${encodedKey}`,
       headers,
       ''
     )
@@ -2077,12 +2084,12 @@ class S3Bucket {
   ${
     keys.map(key => typeof key == 'string' ? `
    <Object>
-      <Key>${key}</Key>
+      <Key>${HTMLEntities.encode(key)}</Key>
    </Object>
     `.trim() : `
    <Object>
-      <Key>${key.Key}</Key>
-      <VersionId>${key.VersionId}</VersionId>
+      <Key>${HTMLEntities.encode(key.Key)}</Key>
+      <VersionId>${HTMLEntities.encode(key.VersionId)}</VersionId>
    </Object>
     `.trim()).join('\n')
   }
@@ -2095,7 +2102,7 @@ class S3Bucket {
 
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
 
       const data = {}
       data.Deleted = xmlData.DeleteResult.Deleted ?? []
@@ -2366,7 +2373,7 @@ class S3Bucket {
 
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
 
       const data = {}
 
@@ -2535,7 +2542,7 @@ class S3Bucket {
 
     if (response.ok) {
       const text = await Readable.Text(response)
-      const xmlData = XML.parse(text)
+      const xmlData = XML.parse(HTMLEntities.decode(text))
 
       const data = {}
 

package/internal/encodeURIComponentRFC3986.js

@@ -0,0 +1,15 @@
+/**
+ * @name encodeURIComponentRFC3986
+ *
+ * @docs
+ * ```coffeescript [specscript]
+ * encodeURIComponentRFC3986(str string) -> encoded string
+ * ```
+ */
+function encodeURIComponentRFC3986(str) {
+  return encodeURIComponent(str).replace(/[!'()*]/g, function(c) {
+    return '%' + c.charCodeAt(0).toString(16).toUpperCase()
+  })
+}
+
+module.exports = encodeURIComponentRFC3986

package/internal/encodeURIComponentRFC3986.test.js

@@ -0,0 +1,35 @@
+const Test = require('thunk-test')
+const encodeURIComponentRFC3986 = require('./encodeURIComponentRFC3986')
+
+const test = new Test('encodeURIComponentRFC3986', encodeURIComponentRFC3986)
+
+.case('aaa', 'aaa')
+.case('', '')
+.case(':', '%3A')
+.case('/', '%2F')
+.case('?', '%3F')
+.case('#', '%23')
+.case('[', '%5B')
+.case(']', '%5D')
+.case('@', '%40')
+.case('!', '%21')
+.case('$', '%24')
+.case('&', '%26')
+.case('\'', '%27')
+.case('(', '%28')
+.case(')', '%29')
+.case('*', '%2A')
+.case('+', '%2B')
+.case(',', '%2C')
+.case(';', '%3B')
+.case('=', '%3D')
+.case('%', '%25')
+.case(' ', '%20')
+.case(undefined, 'undefined')
+.case(null, 'null')
+
+if (process.argv[1] == __filename) {
+  test()
+}
+
+module.exports = test

package/internal/walk.js

@@ -0,0 +1,15 @@
+const fs = require('fs');
+const path = require('path');
+
+async function* walk(dir) {
+  for await (const d of await fs.promises.opendir(dir)) {
+    const entry = path.join(dir, d.name);
+    if (d.isDirectory()) {
+      yield* walk(entry);
+    } else if (d.isFile()) {
+      yield entry;
+    }
+  }
+}
+
+module.exports = walk

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "presidium",
-  "version": "2.0.1",
+  "version": "2.1.1",
   "description": "A library for creating web services",
   "author": "Richard Tong",
   "license": "MIT",
@@ -59,11 +59,10 @@
     "xml"
   ],
   "dependencies": {
-    "bcrypt": "^5.1.0",
-    "minimatch": "^9.0.3",
+    "html-entities": "^2.6.0",
     "presidium-websocket": ">=2.0.1",
     "rubico": "^2.7.7",
-    "tar-stream": "^2.1.4"
+    "tar-stream": "^3.1.7"
   },
   "scripts": {
     "test": "node test.js && mocha **/*.test.js *.test.js",
@@ -73,7 +72,6 @@
     "@aws-sdk/crc64-nvme-crt": "^3.848.0",
     "eslint": "^7.13.0",
     "fast-crc32c": "^2.0.0",
-    "glob": "^7.1.6",
     "mocha": "^10.8.2",
     "nyc": "^17.1.0",
     "thunk-test": "^1.3.1",

package/internal/pathWalk.js

@@ -1,55 +0,0 @@
-require('rubico/global')
-const fs = require('fs/promises')
-const { minimatch } = require('minimatch')
-const resolvePath = require('./resolvePath')
-const isArray = require('./isArray')
-
-/**
- * @name pathWalk
- *
- * @docs
- * ```coffeescript [specscript]
- * pathWalk(path, options? {
- *   ignore: Array<string>, // names or paths
- * }) -> Promise<Array<string>>
- * ```
- *
- * ```javascript
- * pathWalk('./my/path/', {
- *   ignore: ['node_modules', '.github'],
- * }) // -> Promise<paths Array<string>>
- * ```
- */
-const pathWalk = async function (path, options = {}) {
-  const { ignore = [] } = options
-  const absPath = resolvePath(path)
-  const dirents = await fs.readdir(absPath, { withFileTypes: true })
-  const result = []
-
-  for (const dirent of dirents) {
-    const dirName = dirent.name
-    const dirPath = resolvePath(path, dirName)
-    let shouldIgnore = false
-    for (const pattern of ignore) {
-      if (minimatch(dirPath, pattern) || minimatch(dirName, pattern)) {
-        shouldIgnore = true
-        break
-      }
-    }
-
-    if (shouldIgnore) {
-      continue
-    }
-
-    if (dirent.isDirectory()) {
-      const subPaths = await pathWalk(dirPath, options)
-      result.push(...subPaths)
-    } else {
-      result.push(dirPath)
-    }
-  }
-
-  return result
-}
-
-module.exports = pathWalk

package/internal/pathWalk.test.js

@@ -1,25 +0,0 @@
-const assert = require('assert')
-const Test = require('thunk-test')
-const pathWalk = require('./pathWalk')
-const resolvePath = require('./resolvePath')
-
-const test = Test('pathWalk', pathWalk)
-
-.case(__dirname, function (paths) {
-  assert(paths.length > 0)
-  this.allInternalPaths = paths
-})
-
-.case(__dirname, { ignore: ['pathWalk.js'] }, function (paths) {
-  assert.equal(paths.length, this.allInternalPaths.length - 1)
-})
-
-.case(__dirname, { ignore: [resolvePath(__dirname, 'pathWalk.js')] }, function (paths) {
-  assert.equal(paths.length, this.allInternalPaths.length - 1)
-})
-
-if (process.argv[1] == __filename) {
-  test()
-}
-
-module.exports = test