vaultfs 1.0.2 → 1.0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +139 -232
- package/bin/postinstall.js +138 -129
- package/bin/vaultfs-npm.js +148 -147
- package/install.bat +261 -0
- package/install.sh +1 -1
- package/package.json +34 -34
- package/src/auth/AuthConfig.java +9 -0
- package/src/auth/AuthManager.java +111 -355
- package/src/filesystem/DiskService.java +3 -0
- package/src/filesystem/FileSystem.java +9 -6
- package/src/sync/FirestoreSync.java +10 -2
- package/src/utils/EnvParser.java +25 -4
- package/version.txt +1 -1
|
@@ -99,7 +99,13 @@ public class FirestoreSync {
|
|
|
99
99
|
if (attempt == maxRetries) {
|
|
100
100
|
Logger.warn("[sync] Push failed after " + maxRetries + " attempts");
|
|
101
101
|
} else {
|
|
102
|
-
|
|
102
|
+
try {
|
|
103
|
+
Thread.sleep((long) Math.pow(2, attempt) * 1000); // Exponential backoff
|
|
104
|
+
} catch (InterruptedException ie) {
|
|
105
|
+
Thread.currentThread().interrupt();
|
|
106
|
+
Logger.warn("[sync] Push interrupted");
|
|
107
|
+
break;
|
|
108
|
+
}
|
|
103
109
|
}
|
|
104
110
|
}
|
|
105
111
|
}
|
|
@@ -136,7 +142,9 @@ public class FirestoreSync {
|
|
|
136
142
|
return null;
|
|
137
143
|
}
|
|
138
144
|
|
|
139
|
-
//
|
|
145
|
+
// Best-effort zeroing: char array can be wiped, but intermediate String
|
|
146
|
+
// instances (strippedKey, jwt) remain in the JVM string pool until GC.
|
|
147
|
+
// For stronger guarantees, consider an HSM or vault-based signer.
|
|
140
148
|
char[] privateKeyChars = privateKey.toCharArray();
|
|
141
149
|
privateKey = null; // Release string reference
|
|
142
150
|
|
package/src/utils/EnvParser.java
CHANGED
|
@@ -11,17 +11,38 @@ public class EnvParser {
|
|
|
11
11
|
private static final Map<String, String> envMap = new HashMap<>();
|
|
12
12
|
|
|
13
13
|
static {
|
|
14
|
-
|
|
14
|
+
// Try user.dir first (development), then VAULTFS_HOME / -Dvaultfs.home (global install)
|
|
15
|
+
String userDir = System.getProperty("user.dir");
|
|
16
|
+
String envPath = userDir + "/.env";
|
|
17
|
+
if (!new java.io.File(envPath).exists()) {
|
|
18
|
+
String home = System.getProperty("vaultfs.home");
|
|
19
|
+
if (home == null || home.isEmpty()) {
|
|
20
|
+
home = System.getenv("VAULTFS_HOME");
|
|
21
|
+
}
|
|
22
|
+
if (home != null && !home.isEmpty()) {
|
|
23
|
+
envPath = home + "/.env";
|
|
24
|
+
}
|
|
25
|
+
}
|
|
26
|
+
loadEnvFile(envPath);
|
|
15
27
|
}
|
|
16
28
|
|
|
17
29
|
private static void loadEnvFile(String path) {
|
|
18
|
-
// Validate the .env path is within
|
|
30
|
+
// Validate the .env path is within an allowed base directory
|
|
19
31
|
try {
|
|
20
32
|
java.io.File envFile = new java.io.File(path);
|
|
21
33
|
String canonicalEnv = envFile.getCanonicalPath();
|
|
22
34
|
String canonicalBase = new java.io.File(System.getProperty("user.dir")).getCanonicalPath();
|
|
23
|
-
|
|
24
|
-
|
|
35
|
+
boolean allowed = canonicalEnv.startsWith(canonicalBase);
|
|
36
|
+
if (!allowed) {
|
|
37
|
+
String home = System.getProperty("vaultfs.home");
|
|
38
|
+
if (home == null || home.isEmpty()) home = System.getenv("VAULTFS_HOME");
|
|
39
|
+
if (home != null && !home.isEmpty()) {
|
|
40
|
+
String canonicalHome = new java.io.File(home).getCanonicalPath();
|
|
41
|
+
allowed = canonicalEnv.startsWith(canonicalHome);
|
|
42
|
+
}
|
|
43
|
+
}
|
|
44
|
+
if (!allowed) {
|
|
45
|
+
System.err.println("[EnvParser] Warning: .env path outside allowed directories, skipping");
|
|
25
46
|
return;
|
|
26
47
|
}
|
|
27
48
|
} catch (IOException e) {
|
package/version.txt
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.0.
|
|
1
|
+
1.0.4
|