vaultkeeper 0.5.1 → 0.5.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/index.cjs +18 -11
- package/dist/index.cjs.map +1 -1
- package/dist/index.js +18 -11
- package/dist/index.js.map +1 -1
- package/package.json +1 -1
package/dist/index.cjs
CHANGED
|
@@ -1617,7 +1617,13 @@ function validateConfig(config) {
|
|
|
1617
1617
|
if (typeof config.defaults.ttlMinutes !== "number" || config.defaults.ttlMinutes <= 0) {
|
|
1618
1618
|
throw new Error("Config defaults.ttlMinutes must be a positive number");
|
|
1619
1619
|
}
|
|
1620
|
-
|
|
1620
|
+
let tier = config.defaults.trustTier;
|
|
1621
|
+
if (typeof tier === "string") {
|
|
1622
|
+
const parsed = Number(tier);
|
|
1623
|
+
if (!Number.isNaN(parsed)) {
|
|
1624
|
+
tier = parsed;
|
|
1625
|
+
}
|
|
1626
|
+
}
|
|
1621
1627
|
if (tier !== 1 && tier !== 2 && tier !== 3) {
|
|
1622
1628
|
throw new Error("Config defaults.trustTier must be 1, 2, or 3");
|
|
1623
1629
|
}
|
|
@@ -2019,7 +2025,6 @@ var SecretAccessorTarget = class {
|
|
|
2019
2025
|
};
|
|
2020
2026
|
function createSecretAccessor(secretValue) {
|
|
2021
2027
|
let consumed = false;
|
|
2022
|
-
const revokeHolder = { fn: void 0 };
|
|
2023
2028
|
function readImpl(callback) {
|
|
2024
2029
|
if (consumed) {
|
|
2025
2030
|
throw new Error("SecretAccessor has already been consumed \u2014 call getSecret() again to obtain a new accessor");
|
|
@@ -2030,7 +2035,6 @@ function createSecretAccessor(secretValue) {
|
|
|
2030
2035
|
callback(buf);
|
|
2031
2036
|
} finally {
|
|
2032
2037
|
buf.fill(0);
|
|
2033
|
-
revokeHolder.fn?.();
|
|
2034
2038
|
}
|
|
2035
2039
|
}
|
|
2036
2040
|
function inspectImpl() {
|
|
@@ -2088,9 +2092,7 @@ function createSecretAccessor(secretValue) {
|
|
|
2088
2092
|
return ["read", INSPECT_CUSTOM];
|
|
2089
2093
|
}
|
|
2090
2094
|
};
|
|
2091
|
-
|
|
2092
|
-
revokeHolder.fn = revoke;
|
|
2093
|
-
return proxy;
|
|
2095
|
+
return new Proxy(target, handler);
|
|
2094
2096
|
}
|
|
2095
2097
|
|
|
2096
2098
|
// src/access/sign-util.ts
|
|
@@ -2336,6 +2338,7 @@ function buildCheckList(platform) {
|
|
|
2336
2338
|
|
|
2337
2339
|
// src/vault.ts
|
|
2338
2340
|
var usageCounts = /* @__PURE__ */ new Map();
|
|
2341
|
+
var USAGE_MAP_MAX_SIZE = 1e4;
|
|
2339
2342
|
var VaultKeeper = class _VaultKeeper {
|
|
2340
2343
|
#config;
|
|
2341
2344
|
#keyManager;
|
|
@@ -2431,12 +2434,16 @@ var VaultKeeper = class _VaultKeeper {
|
|
|
2431
2434
|
const jti = claims.jti;
|
|
2432
2435
|
const currentCount = usageCounts.get(jti) ?? 0;
|
|
2433
2436
|
validateClaims(claims, currentCount);
|
|
2434
|
-
|
|
2435
|
-
|
|
2436
|
-
usageCounts.delete(jti);
|
|
2437
|
-
blockToken(jti);
|
|
2438
|
-
} else {
|
|
2437
|
+
if (claims.use !== null) {
|
|
2438
|
+
const newCount = currentCount + 1;
|
|
2439
2439
|
usageCounts.set(jti, newCount);
|
|
2440
|
+
if (usageCounts.size > USAGE_MAP_MAX_SIZE) {
|
|
2441
|
+
const oldest = usageCounts.keys().next().value;
|
|
2442
|
+
if (oldest !== void 0) {
|
|
2443
|
+
usageCounts.delete(oldest);
|
|
2444
|
+
blockToken(oldest);
|
|
2445
|
+
}
|
|
2446
|
+
}
|
|
2440
2447
|
}
|
|
2441
2448
|
const token = createCapabilityToken(claims);
|
|
2442
2449
|
const response = { keyStatus };
|