sync-rpc 1.3.6 → 1.3.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/lib/index.js CHANGED
@@ -3,6 +3,7 @@
3
3
  const path = require('path');
4
4
  const spawn = require('child_process').spawn;
5
5
  const spawnSync = require('child_process').spawnSync;
6
+ const crypto = require('crypto');
6
7
  const JSON = require('./json-buffer');
7
8
 
8
9
  const host = '127.0.0.1';
@@ -21,6 +22,7 @@ function nodeNetCatSrc(port, input) {
21
22
  const FUNCTION_PRIORITY = [nativeNC, nodeNC];
22
23
 
23
24
  let started = false;
25
+ let key;
24
26
  const configuration = {port: null, fastestFunction: null};
25
27
  function start() {
26
28
  if (!spawnSync) {
@@ -29,8 +31,9 @@ function start() {
29
31
  'you can `npm install sync-request@2.2.0`, which was the last version to support older versions of node.'
30
32
  );
31
33
  }
34
+ key = crypto.randomBytes(32).toString('hex');
32
35
  const port = findPort();
33
- const p = spawn(process.execPath, [require.resolve('./worker'), port], {
36
+ const p = spawn(process.execPath, [require.resolve('./worker'), port, key], {
34
37
  stdio: 'inherit',
35
38
  windowsHide: true,
36
39
  });
@@ -131,6 +134,7 @@ function getFastestFunction(port) {
131
134
 
132
135
  function sendMessage(input) {
133
136
  if (!started) start();
137
+ input.k = key;
134
138
  const res = configuration.fastestFunction(
135
139
  configuration.port,
136
140
  JSON.stringify(input) + '\r\n'
@@ -171,7 +175,7 @@ function extractValue(msg) {
171
175
 
172
176
  function createClient(filename, args) {
173
177
  const id = extractValue(sendMessage({t: 1, f: filename, a: args}));
174
- return function(args) {
178
+ return function (args) {
175
179
  return extractValue(sendMessage({t: 0, i: id, a: args}));
176
180
  };
177
181
  }
package/lib/worker.js CHANGED
@@ -1,14 +1,17 @@
1
1
  'use strict';
2
2
 
3
+ const crypto = require('crypto');
3
4
  const net = require('net');
4
5
  const JSON = require('./json-buffer');
5
6
 
7
+ const key = Buffer.from(process.argv[3], 'utf8');
8
+
6
9
  const INIT = 1;
7
10
  const CALL = 0;
8
11
  const modules = [];
9
12
 
10
13
  const NULL_PROMISE = Promise.resolve(null);
11
- const server = net.createServer({allowHalfOpen: true}, c => {
14
+ const server = net.createServer({allowHalfOpen: true}, (c) => {
12
15
  let responded = false;
13
16
  function respond(data) {
14
17
  if (responded) return;
@@ -17,10 +20,10 @@ const server = net.createServer({allowHalfOpen: true}, c => {
17
20
  }
18
21
 
19
22
  let buffer = '';
20
- c.on('error', function(err) {
23
+ c.on('error', function (err) {
21
24
  respond({s: false, v: {code: err.code, message: err.message}});
22
25
  });
23
- c.on('data', function(data) {
26
+ c.on('data', function (data) {
24
27
  buffer += data.toString('utf8');
25
28
  if (/\r\n/.test(buffer)) {
26
29
  onMessage(buffer.trim());
@@ -31,17 +34,21 @@ const server = net.createServer({allowHalfOpen: true}, c => {
31
34
  c.end('pong');
32
35
  return;
33
36
  }
34
- NULL_PROMISE.then(function() {
37
+ NULL_PROMISE.then(function () {
35
38
  const req = JSON.parse(str);
39
+ const k = Buffer.from(req.k, 'utf8');
40
+ if (k.byteLength !== key.byteLength || !crypto.timingSafeEqual(k, key)) {
41
+ throw new Error('Invalid key');
42
+ }
36
43
  if (req.t === INIT) {
37
44
  return init(req.f, req.a);
38
45
  }
39
46
  return modules[req.i](req.a);
40
47
  }).then(
41
- function(response) {
48
+ function (response) {
42
49
  respond({s: true, v: response});
43
50
  },
44
- function(err) {
51
+ function (err) {
45
52
  respond({s: false, v: {code: err.code, message: err.message}});
46
53
  }
47
54
  );
@@ -56,13 +63,13 @@ function init(filename, arg) {
56
63
  if (typeof m !== 'function') {
57
64
  throw new Error(filename + ' did not export a function.');
58
65
  }
59
- return NULL_PROMISE.then(function() {
66
+ return NULL_PROMISE.then(function () {
60
67
  return m(arg);
61
- }).then(function(fn) {
68
+ }).then(function (fn) {
62
69
  const i = modules.length;
63
70
  modules[i] = fn;
64
71
  return i;
65
72
  });
66
73
  }
67
74
 
68
- server.listen(+process.argv[2]);
75
+ server.listen(+process.argv[2], '127.0.0.1');
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "sync-rpc",
3
- "version": "1.3.6",
3
+ "version": "1.3.7",
4
4
  "main": "lib/index.js",
5
5
  "description": "Run asynchronous commands synchronously by putting them in a separate process",
6
6
  "keywords": [],
package/HISTORY.md DELETED
@@ -1,5 +0,0 @@
1
- # Changelog
2
-
3
- ## v0.0.1: 2017-xx-xx
4
-
5
- - Initial release