xypriss 9.7.4 → 9.7.5
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/cjs/src/plugins/core/manager/PluginSecurity.js +55 -57
- package/dist/cjs/src/plugins/core/manager/PluginSecurity.js.map +1 -1
- package/dist/esm/src/plugins/core/manager/PluginSecurity.js +55 -57
- package/dist/esm/src/plugins/core/manager/PluginSecurity.js.map +1 -1
- package/package.json +3 -2
|
@@ -2,7 +2,7 @@
|
|
|
2
2
|
|
|
3
3
|
var fs = require('fs');
|
|
4
4
|
var path = require('path');
|
|
5
|
-
var
|
|
5
|
+
var xyprissSecurity = require('xypriss-security');
|
|
6
6
|
var ProjectDiscovery = require('../../../utils/ProjectDiscovery.js');
|
|
7
7
|
var plugingSchema = require('../../../schemas/plugingSchema.js');
|
|
8
8
|
var OFFICIAL_PLUGINS = require('../../const/OFFICIAL_PLUGINS.js');
|
|
@@ -155,42 +155,53 @@ class PluginSecurity {
|
|
|
155
155
|
const metadata = {};
|
|
156
156
|
for (const line of lines) {
|
|
157
157
|
const trimmedLine = line.trim();
|
|
158
|
-
if (trimmedLine
|
|
159
|
-
|
|
158
|
+
if (!trimmedLine)
|
|
159
|
+
continue;
|
|
160
|
+
const proofMatch = trimmedLine.match(/^--- (BEGIN CRYPTOGRAPHIC PROOF|END XYPRISS SIGNATURE) ---$/);
|
|
161
|
+
if (proofMatch) {
|
|
162
|
+
if (proofMatch[1] === "BEGIN CRYPTOGRAPHIC PROOF") {
|
|
163
|
+
inProof = true;
|
|
164
|
+
}
|
|
165
|
+
else {
|
|
166
|
+
break;
|
|
167
|
+
}
|
|
160
168
|
continue;
|
|
161
|
-
}
|
|
162
|
-
if (trimmedLine.startsWith("--- END XYPRISS SIGNATURE ---")) {
|
|
163
|
-
break;
|
|
164
169
|
}
|
|
165
170
|
if (inProof) {
|
|
166
|
-
|
|
167
|
-
|
|
171
|
+
const b64Match = trimmedLine.match(/^base64:\s*(.+)$/);
|
|
172
|
+
if (b64Match) {
|
|
173
|
+
signatureBase64 = b64Match[1].trim();
|
|
168
174
|
}
|
|
169
175
|
continue;
|
|
170
176
|
}
|
|
171
177
|
// Collect metadata lines (including header) for verification
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
|
|
175
|
-
|
|
176
|
-
const
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
192
|
-
|
|
193
|
-
|
|
178
|
+
sigContentLines.push(line);
|
|
179
|
+
const metaMatch = trimmedLine.match(/^([a-zA-Z0-9-]+):\s*(.+)$/);
|
|
180
|
+
if (metaMatch) {
|
|
181
|
+
const [, key, value] = metaMatch;
|
|
182
|
+
const v = value.trim();
|
|
183
|
+
switch (key) {
|
|
184
|
+
case "Manifest":
|
|
185
|
+
const parts = v.split("@");
|
|
186
|
+
metadata.name = parts[0];
|
|
187
|
+
metadata.version = parts[1];
|
|
188
|
+
break;
|
|
189
|
+
case "Min-Engine":
|
|
190
|
+
metadata.min_version = v;
|
|
191
|
+
break;
|
|
192
|
+
case "Fingerprint":
|
|
193
|
+
metadata.content_hash = v;
|
|
194
|
+
break;
|
|
195
|
+
case "Identity":
|
|
196
|
+
metadata.author_key = v;
|
|
197
|
+
break;
|
|
198
|
+
case "Expires":
|
|
199
|
+
metadata.expires_at = v;
|
|
200
|
+
break;
|
|
201
|
+
case "Revision":
|
|
202
|
+
metadata.prev_sig_hash = v;
|
|
203
|
+
break;
|
|
204
|
+
}
|
|
194
205
|
}
|
|
195
206
|
}
|
|
196
207
|
const sigContent = sigContentLines.join("\n") + "\n";
|
|
@@ -230,42 +241,29 @@ class PluginSecurity {
|
|
|
230
241
|
filesToHash = this.walkDir(pluginRoot);
|
|
231
242
|
}
|
|
232
243
|
// Filter out the signature file itself
|
|
233
|
-
filesToHash = filesToHash.filter((f) =>
|
|
244
|
+
filesToHash = filesToHash.filter((f) => !/\.xsig$/.test(f));
|
|
234
245
|
// Match Go's sort by relative path for deterministic cross-machine hashing
|
|
235
246
|
const fileRelList = filesToHash.map((f) => ({
|
|
236
247
|
abs: f,
|
|
237
248
|
rel: path.relative(pluginRoot, f),
|
|
238
249
|
}));
|
|
239
250
|
fileRelList.sort((a, b) => a.rel < b.rel ? -1 : a.rel > b.rel ? 1 : 0);
|
|
240
|
-
const
|
|
241
|
-
|
|
242
|
-
|
|
243
|
-
}
|
|
244
|
-
const contentHash = `sha256:${hash.digest("hex")}`;
|
|
251
|
+
const fileBuffers = fileRelList.map((file) => fs.readFileSync(file.abs));
|
|
252
|
+
const combinedBuffer = Buffer.concat(fileBuffers);
|
|
253
|
+
const hashResult = xyprissSecurity.Cipher.hash.create(combinedBuffer);
|
|
254
|
+
const contentHash = `sha256:${hashResult}`;
|
|
245
255
|
if (contentHash !== metadata.content_hash) {
|
|
246
|
-
throw new Error(`FATAL(INTERNAL::NODE): Content integrity violation for ${pluginName}. Computed: ${contentHash
|
|
256
|
+
throw new Error(`FATAL(INTERNAL::NODE): Content integrity violation for ${pluginName}. Computed: ${contentHash.slice(0, 10)}..., Manifest: ${metadata.content_hash.slice(0, 10)}...`);
|
|
247
257
|
}
|
|
248
|
-
const
|
|
258
|
+
const authKey = metadata.author_key || "";
|
|
259
|
+
const pubKeyMatch = authKey.match(/^(?:ed25519:)?([a-fA-F0-9]{64})$/);
|
|
260
|
+
const pubKeyHex = pubKeyMatch ? pubKeyMatch[1] : "";
|
|
249
261
|
if (!pubKeyHex)
|
|
250
|
-
throw new Error(`FATAL(INTERNAL::NODE): Missing Identity (author_key) for ${pluginName}`);
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
|
|
254
|
-
|
|
255
|
-
const spkiBuf = Buffer.concat([derPrefix, pubKeyBuf]);
|
|
256
|
-
const pubKey = crypto.createPublicKey({
|
|
257
|
-
key: spkiBuf,
|
|
258
|
-
format: "der",
|
|
259
|
-
type: "spki",
|
|
260
|
-
});
|
|
261
|
-
const isVerified = crypto.verify(null, Buffer.from(sigContent), pubKey, sigBuf);
|
|
262
|
-
if (!isVerified) {
|
|
263
|
-
throw new Error(`FATAL(INTERNAL::NODE): Cryptographic signature verification failed for ${pluginName}`);
|
|
264
|
-
}
|
|
265
|
-
}
|
|
266
|
-
catch (e) {
|
|
267
|
-
console.error("XSec Error: ", e);
|
|
268
|
-
throw new Error(`FATAL(INTERNAL::NODE): Security audit failed for ${pluginName}: ${e.message}`);
|
|
262
|
+
throw new Error(`FATAL(INTERNAL::NODE): Missing or invalid Identity (author_key) for ${pluginName}`);
|
|
263
|
+
const sigBuf = Buffer.from(signatureBase64, "base64");
|
|
264
|
+
const isVerified = xyprissSecurity.Cipher.crypto.ed25519Verify(pubKeyHex, sigContent, sigBuf);
|
|
265
|
+
if (!isVerified) {
|
|
266
|
+
throw new Error(`FATAL(INTERNAL::NODE): Cryptographic signature verification failed for ${pluginName}`);
|
|
269
267
|
}
|
|
270
268
|
}
|
|
271
269
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PluginSecurity.js","sources":["../../../../../../src/plugins/core/manager/PluginSecurity.ts"],"sourcesContent":[null],"names":["getCallerProjectRoot","OFFICIAL_PLUGINS","isCoreFrameworkPath","verifyPluginContract","validatePlgInput"],"mappings":";;;;;;;;;AAAA;;;;;;;AAOiF;
|
|
1
|
+
{"version":3,"file":"PluginSecurity.js","sources":["../../../../../../src/plugins/core/manager/PluginSecurity.ts"],"sourcesContent":[null],"names":["getCallerProjectRoot","OFFICIAL_PLUGINS","isCoreFrameworkPath","verifyPluginContract","Cipher","validatePlgInput"],"mappings":";;;;;;;;;AAAA;;;;;;;AAOiF;AAiBjF;;;;;;;;;AASG;MACU,cAAc,CAAA;AACvB;;;;;;;;;;;;AAYG;AAEI,IAAA,cAAc,CACjB,MAAqB,EACrB,WAAmB,EACnB,mBAA4B,KAAK,EAAA;;;AAIjC,QAAA,IAAI,UAAU,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE;AAEtC,QAAA,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE;;AAElC,YAAA,UAAU,GAAGA,qCAAoB,EAAE,IAAI,EAAE;QAC7C;;QAGA,IAAI,CAAC,UAAU,EAAE;;;YAGb,IAAI,CAAC,gBAAgB,EAAE;gBACnB,MAAM,UAAU,GAAGC,iCAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;gBACzD,IAAI,UAAU,EAAE;;AAEZ,oBAAA,OAAO,EAAE;gBACb;gBAEA,IAAI,CAAC,cAAc,CACf,MAAM,CAAC,IAAI,EACX,+DAA+D,CAClE;YACL;AACA,YAAA,OAAO,EAAE;QACb;;QAGA,MAAM,UAAU,GAAGA,iCAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;AAEzD,QAAA,IAAI,CAACC,oCAAmB,CAAC,UAAU,CAAC,EAAE;YAClC,IAAI,CAAC,UAAU,EAAE;gBACb,MAAM,UAAU,GAAGC,qCAAoB,CACnC,UAAU,EACV,MAAM,CAAC,IAAI,CACd;gBAED,IAAI,CAAC,UAAU,EAAE;oBACb,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC;gBAChD;YACJ;;;;;QAMJ;;AAGA,QAAA,MAAM,CAAC,QAAQ,GAAG,UAAU;AAC5B,QAAA,OAAO,UAAU;IACrB;AAEA;;AAEG;IACK,cAAc,CAAC,UAAkB,EAAE,UAAkB,EAAA;QACzD,MAAM,QAAQ,GACV,CAAA,+DAAA,CAAiE;AACjE,YAAA,CAAA,gBAAA,EAAmB,UAAU,CAAA,gCAAA,CAAkC;AAC/D,YAAA,CAAA,wDAAA,EAA2D,UAAU,CAAA,+DAAA,CAAiE;YACtI,CAAA,4BAAA,EAA+B,UAAU,IAAI,SAAS,CAAA,EAAA,CAAI;AAC1D,YAAA,CAAA,gKAAA,CAAkK;AAEtK,QAAA,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC;AACvB,QAAA,MAAM,IAAI,KAAK,CACX,uCAAuC,UAAU,CAAA,wCAAA,CAA0C,CAC9F;IACL;AAEA;;AAEG;AACK,IAAA,OAAO,CAAC,GAAW,EAAE,QAAA,GAAqB,EAAE,EAAA;AAChD,QAAA,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AAE5D,QAAA,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;AACzB,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;AAC3C,YAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;AACrB,gBAAA,IACI,KAAK,CAAC,IAAI,KAAK,cAAc;oBAC7B,KAAK,CAAC,IAAI,KAAK,MAAM;AACrB,oBAAA,KAAK,CAAC,IAAI,KAAK,OAAO,EACxB;oBACE;gBACJ;AACA,gBAAA,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;YACpC;iBAAO;AACH,gBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE;oBACtC;gBACJ;AACA,gBAAA,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3B;QACJ;AACA,QAAA,OAAO,QAAQ;IACnB;AAEA;;AAEG;IACK,qBAAqB,CAAC,GAAW,EAAE,OAAoB,EAAA;AAC3D,QAAA,MAAM,OAAO,GAAG,EAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AAE5D,QAAA,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;AACzB,YAAA,MAAM,QAAQ,GAAG,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;AAC3C,YAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;AACrB,gBAAA,IACI,KAAK,CAAC,IAAI,KAAK,cAAc;oBAC7B,KAAK,CAAC,IAAI,KAAK,MAAM;AACrB,oBAAA,KAAK,CAAC,IAAI,KAAK,OAAO,EACxB;oBACE;gBACJ;AACA,gBAAA,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC;YACjD;iBAAO;AACH,gBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE;oBACtC;gBACJ;AACA,gBAAA,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YACzB;QACJ;IACJ;AAEA;;;AAGG;IACI,sBAAsB,CACzB,UAAkB,EAClB,UAAkB,EAAA;QAElB,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,qBAAqB,CAAC;QAC5D,IAAI,CAAC,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AACzB,YAAA,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,6BAA6B,CAAC;QAClE;QAEA,MAAM,MAAM,GAAG,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;QAEhC,MAAM,eAAe,GAAa,EAAE;QACpC,IAAI,eAAe,GAAG,EAAE;QACxB,IAAI,OAAO,GAAG,KAAK;QACnB,MAAM,QAAQ,GAAQ,EAAE;AAExB,QAAA,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;AACtB,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE;AAC/B,YAAA,IAAI,CAAC,WAAW;gBAAE;YAElB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAChC,6DAA6D,CAChE;YACD,IAAI,UAAU,EAAE;AACZ,gBAAA,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,2BAA2B,EAAE;oBAC/C,OAAO,GAAG,IAAI;gBAClB;qBAAO;oBACH;gBACJ;gBACA;YACJ;YAEA,IAAI,OAAO,EAAE;gBACT,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,kBAAkB,CAAC;gBACtD,IAAI,QAAQ,EAAE;oBACV,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;gBACxC;gBACA;YACJ;;AAGA,YAAA,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAE1B,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC;YAChE,IAAI,SAAS,EAAE;gBACX,MAAM,GAAG,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS;AAChC,gBAAA,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE;gBAEtB,QAAQ,GAAG;AACP,oBAAA,KAAK,UAAU;wBACX,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;AAC1B,wBAAA,QAAQ,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC;AACxB,wBAAA,QAAQ,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;wBAC3B;AACJ,oBAAA,KAAK,YAAY;AACb,wBAAA,QAAQ,CAAC,WAAW,GAAG,CAAC;wBACxB;AACJ,oBAAA,KAAK,aAAa;AACd,wBAAA,QAAQ,CAAC,YAAY,GAAG,CAAC;wBACzB;AACJ,oBAAA,KAAK,UAAU;AACX,wBAAA,QAAQ,CAAC,UAAU,GAAG,CAAC;wBACvB;AACJ,oBAAA,KAAK,SAAS;AACV,wBAAA,QAAQ,CAAC,UAAU,GAAG,CAAC;wBACvB;AACJ,oBAAA,KAAK,UAAU;AACX,wBAAA,QAAQ,CAAC,aAAa,GAAG,CAAC;wBAC1B;;YAEZ;QACJ;QAEA,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI;;QAGpD,MAAM,OAAO,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;QACrD,IAAI,WAAW,GAAa,EAAE;AAE9B,QAAA,IAAI,EAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AACxB,YAAA,IAAI;AACA,gBAAA,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAAC,EAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,gBAAA,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE;AAEhC,gBAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;;AAErB,oBAAA,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU;AAErC,oBAAA,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;wBAC5B,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;AAElD,wBAAA,IAAI,EAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;4BAC5B,MAAM,KAAK,GAAG,EAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;AACtC,4BAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;;AAErB,gCAAA,IAAI,CAAC,qBAAqB,CACtB,WAAW,EACX,WAAW,CACd;4BACL;iCAAO;AACH,gCAAA,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;4BAChC;wBACJ;oBACJ;AACA,oBAAA,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC;YACJ;YAAE,OAAO,CAAC,EAAE;;YAEZ;QACJ;;;AAIA,QAAA,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;AAC1B,YAAA,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C;;AAGA,QAAA,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;QAG3D,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;AACxC,YAAA,GAAG,EAAE,CAAC;YACN,GAAG,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;AACpC,SAAA,CAAC,CAAC;AACH,QAAA,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAClB,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAC7C;QAED,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,KACrC,EAAE,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5B;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;QACjD,MAAM,UAAU,GAAGC,sBAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;AAErD,QAAA,MAAM,WAAW,GAAG,CAAA,OAAA,EAAU,UAAU,EAAE;AAC1C,QAAA,IAAI,WAAW,KAAK,QAAQ,CAAC,YAAY,EAAE;YACvC,MAAM,IAAI,KAAK,CACX,CAAA,uDAAA,EAA0D,UAAU,CAAA,YAAA,EAAe,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA,eAAA,EAAkB,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA,GAAA,CAAK,CACvK;QACL;AAEA,QAAA,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,IAAI,EAAE;QACzC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC;AACrE,QAAA,MAAM,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,EAAE;AAEnD,QAAA,IAAI,CAAC,SAAS;AACV,YAAA,MAAM,IAAI,KAAK,CACX,uEAAuE,UAAU,CAAA,CAAE,CACtF;QAEL,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;AACrD,QAAA,MAAM,UAAU,GAAGA,sBAAM,CAAC,MAAM,CAAC,aAAa,CAC1C,SAAS,EACT,UAAU,EACV,MAAM,CACT;QAED,IAAI,CAAC,UAAU,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CACX,0EAA0E,UAAU,CAAA,CAAE,CACzF;QACL;IACJ;AAEA;;AAEG;AACI,IAAA,gBAAgB,CAAC,MAAqB,EAAA;QACzC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE;AACjC,YAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC;QACxD;QAEA,MAAM,IAAI,GAAGC,8BAAgB,CAAC;YAC1B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;AAC1B,SAAA,CAAC;AAEF,QAAA,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;AAC1B,YAAA,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC;QACzB;IACJ;AAEA;;;AAGG;AACI,IAAA,sBAAsB,CACzB,MAAW,EACX,UAAkB,EAClB,iBAAoC,EAAA;AAEpC,QAAA,MAAM,iBAAiB,GAAG;YACtB,KAAK;YACL,MAAM;YACN,KAAK;YACL,QAAQ;YACR,OAAO;YACP,SAAS;YACT,MAAM;YACN,SAAS;YACT,OAAO;YACP,KAAK;YACL,KAAK;YACL,QAAQ;YACR,SAAS;SACZ;;QAGD,MAAM,QAAQ,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE;YACnC,GAAG,CAAC,MAAW,EAAE,IAAqB,EAAA;gBAClC,IACI,OAAO,IAAI,KAAK,QAAQ;AACxB,oBAAA,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAClC;;AAEE,oBAAA,IAAI,IAAI,KAAK,SAAS,EAAE;;AAEpB,wBAAA,IAAIJ,iCAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;AACvC,4BAAA,OAAO,MAAM,CAAC,IAAI,CAAC;wBACvB;wBAEA,MAAM,aAAa,GAAG,iBAAiB,CAAC,eAAe,CACnD,UAAU,EACV,SAAS,CACZ;wBAED,IAAI,CAAC,aAAa,EAAE;AAChB,4BAAA,OAAO,SAAS;wBACpB;oBACJ;AAEA,oBAAA,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC;oBAC1B,OAAO,OAAO,KAAK,KAAK;AACpB,0BAAE,KAAK,CAAC,IAAI,CAAC,MAAM;0BACjB,KAAK;gBACf;;AAGA,gBAAA,OAAO,SAAS;YACpB,CAAC;AACJ,SAAA,CAAC;;AAGF,QAAA,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;YACrB,GAAG,CAAC,OAAY,EAAE,IAAqB,EAAA;AACnC,gBAAA,IAAI,IAAI,KAAK,KAAK,EAAE;AAChB,oBAAA,OAAO,QAAQ;gBACnB;AACA,gBAAA,OAAO,SAAS;YACpB,CAAC;AACJ,SAAA,CAA4B;IACjC;AACH;;;;"}
|
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
import fs__default from 'fs';
|
|
2
2
|
import path__default from 'path';
|
|
3
|
-
import
|
|
3
|
+
import { Cipher } from 'xypriss-security';
|
|
4
4
|
import { getCallerProjectRoot, isCoreFrameworkPath, verifyPluginContract } from '../../../utils/ProjectDiscovery.js';
|
|
5
5
|
import { validatePlgInput } from '../../../schemas/plugingSchema.js';
|
|
6
6
|
import { OFFICIAL_PLUGINS } from '../../const/OFFICIAL_PLUGINS.js';
|
|
@@ -153,42 +153,53 @@ class PluginSecurity {
|
|
|
153
153
|
const metadata = {};
|
|
154
154
|
for (const line of lines) {
|
|
155
155
|
const trimmedLine = line.trim();
|
|
156
|
-
if (trimmedLine
|
|
157
|
-
|
|
156
|
+
if (!trimmedLine)
|
|
157
|
+
continue;
|
|
158
|
+
const proofMatch = trimmedLine.match(/^--- (BEGIN CRYPTOGRAPHIC PROOF|END XYPRISS SIGNATURE) ---$/);
|
|
159
|
+
if (proofMatch) {
|
|
160
|
+
if (proofMatch[1] === "BEGIN CRYPTOGRAPHIC PROOF") {
|
|
161
|
+
inProof = true;
|
|
162
|
+
}
|
|
163
|
+
else {
|
|
164
|
+
break;
|
|
165
|
+
}
|
|
158
166
|
continue;
|
|
159
|
-
}
|
|
160
|
-
if (trimmedLine.startsWith("--- END XYPRISS SIGNATURE ---")) {
|
|
161
|
-
break;
|
|
162
167
|
}
|
|
163
168
|
if (inProof) {
|
|
164
|
-
|
|
165
|
-
|
|
169
|
+
const b64Match = trimmedLine.match(/^base64:\s*(.+)$/);
|
|
170
|
+
if (b64Match) {
|
|
171
|
+
signatureBase64 = b64Match[1].trim();
|
|
166
172
|
}
|
|
167
173
|
continue;
|
|
168
174
|
}
|
|
169
175
|
// Collect metadata lines (including header) for verification
|
|
170
|
-
|
|
171
|
-
|
|
172
|
-
|
|
173
|
-
|
|
174
|
-
const
|
|
175
|
-
|
|
176
|
-
|
|
177
|
-
|
|
178
|
-
|
|
179
|
-
|
|
180
|
-
|
|
181
|
-
|
|
182
|
-
|
|
183
|
-
|
|
184
|
-
|
|
185
|
-
|
|
186
|
-
|
|
187
|
-
|
|
188
|
-
|
|
189
|
-
|
|
190
|
-
|
|
191
|
-
|
|
176
|
+
sigContentLines.push(line);
|
|
177
|
+
const metaMatch = trimmedLine.match(/^([a-zA-Z0-9-]+):\s*(.+)$/);
|
|
178
|
+
if (metaMatch) {
|
|
179
|
+
const [, key, value] = metaMatch;
|
|
180
|
+
const v = value.trim();
|
|
181
|
+
switch (key) {
|
|
182
|
+
case "Manifest":
|
|
183
|
+
const parts = v.split("@");
|
|
184
|
+
metadata.name = parts[0];
|
|
185
|
+
metadata.version = parts[1];
|
|
186
|
+
break;
|
|
187
|
+
case "Min-Engine":
|
|
188
|
+
metadata.min_version = v;
|
|
189
|
+
break;
|
|
190
|
+
case "Fingerprint":
|
|
191
|
+
metadata.content_hash = v;
|
|
192
|
+
break;
|
|
193
|
+
case "Identity":
|
|
194
|
+
metadata.author_key = v;
|
|
195
|
+
break;
|
|
196
|
+
case "Expires":
|
|
197
|
+
metadata.expires_at = v;
|
|
198
|
+
break;
|
|
199
|
+
case "Revision":
|
|
200
|
+
metadata.prev_sig_hash = v;
|
|
201
|
+
break;
|
|
202
|
+
}
|
|
192
203
|
}
|
|
193
204
|
}
|
|
194
205
|
const sigContent = sigContentLines.join("\n") + "\n";
|
|
@@ -228,42 +239,29 @@ class PluginSecurity {
|
|
|
228
239
|
filesToHash = this.walkDir(pluginRoot);
|
|
229
240
|
}
|
|
230
241
|
// Filter out the signature file itself
|
|
231
|
-
filesToHash = filesToHash.filter((f) =>
|
|
242
|
+
filesToHash = filesToHash.filter((f) => !/\.xsig$/.test(f));
|
|
232
243
|
// Match Go's sort by relative path for deterministic cross-machine hashing
|
|
233
244
|
const fileRelList = filesToHash.map((f) => ({
|
|
234
245
|
abs: f,
|
|
235
246
|
rel: path__default.relative(pluginRoot, f),
|
|
236
247
|
}));
|
|
237
248
|
fileRelList.sort((a, b) => a.rel < b.rel ? -1 : a.rel > b.rel ? 1 : 0);
|
|
238
|
-
const
|
|
239
|
-
|
|
240
|
-
|
|
241
|
-
}
|
|
242
|
-
const contentHash = `sha256:${hash.digest("hex")}`;
|
|
249
|
+
const fileBuffers = fileRelList.map((file) => fs__default.readFileSync(file.abs));
|
|
250
|
+
const combinedBuffer = Buffer.concat(fileBuffers);
|
|
251
|
+
const hashResult = Cipher.hash.create(combinedBuffer);
|
|
252
|
+
const contentHash = `sha256:${hashResult}`;
|
|
243
253
|
if (contentHash !== metadata.content_hash) {
|
|
244
|
-
throw new Error(`FATAL(INTERNAL::NODE): Content integrity violation for ${pluginName}. Computed: ${contentHash
|
|
254
|
+
throw new Error(`FATAL(INTERNAL::NODE): Content integrity violation for ${pluginName}. Computed: ${contentHash.slice(0, 10)}..., Manifest: ${metadata.content_hash.slice(0, 10)}...`);
|
|
245
255
|
}
|
|
246
|
-
const
|
|
256
|
+
const authKey = metadata.author_key || "";
|
|
257
|
+
const pubKeyMatch = authKey.match(/^(?:ed25519:)?([a-fA-F0-9]{64})$/);
|
|
258
|
+
const pubKeyHex = pubKeyMatch ? pubKeyMatch[1] : "";
|
|
247
259
|
if (!pubKeyHex)
|
|
248
|
-
throw new Error(`FATAL(INTERNAL::NODE): Missing Identity (author_key) for ${pluginName}`);
|
|
249
|
-
|
|
250
|
-
|
|
251
|
-
|
|
252
|
-
|
|
253
|
-
const spkiBuf = Buffer.concat([derPrefix, pubKeyBuf]);
|
|
254
|
-
const pubKey = crypto__default.createPublicKey({
|
|
255
|
-
key: spkiBuf,
|
|
256
|
-
format: "der",
|
|
257
|
-
type: "spki",
|
|
258
|
-
});
|
|
259
|
-
const isVerified = crypto__default.verify(null, Buffer.from(sigContent), pubKey, sigBuf);
|
|
260
|
-
if (!isVerified) {
|
|
261
|
-
throw new Error(`FATAL(INTERNAL::NODE): Cryptographic signature verification failed for ${pluginName}`);
|
|
262
|
-
}
|
|
263
|
-
}
|
|
264
|
-
catch (e) {
|
|
265
|
-
console.error("XSec Error: ", e);
|
|
266
|
-
throw new Error(`FATAL(INTERNAL::NODE): Security audit failed for ${pluginName}: ${e.message}`);
|
|
260
|
+
throw new Error(`FATAL(INTERNAL::NODE): Missing or invalid Identity (author_key) for ${pluginName}`);
|
|
261
|
+
const sigBuf = Buffer.from(signatureBase64, "base64");
|
|
262
|
+
const isVerified = Cipher.crypto.ed25519Verify(pubKeyHex, sigContent, sigBuf);
|
|
263
|
+
if (!isVerified) {
|
|
264
|
+
throw new Error(`FATAL(INTERNAL::NODE): Cryptographic signature verification failed for ${pluginName}`);
|
|
267
265
|
}
|
|
268
266
|
}
|
|
269
267
|
/**
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"PluginSecurity.js","sources":["../../../../../../src/plugins/core/manager/PluginSecurity.ts"],"sourcesContent":[null],"names":["fs","path"
|
|
1
|
+
{"version":3,"file":"PluginSecurity.js","sources":["../../../../../../src/plugins/core/manager/PluginSecurity.ts"],"sourcesContent":[null],"names":["fs","path"],"mappings":";;;;;;;AAAA;;;;;;;AAOiF;AAiBjF;;;;;;;;;AASG;MACU,cAAc,CAAA;AACvB;;;;;;;;;;;;AAYG;AAEI,IAAA,cAAc,CACjB,MAAqB,EACrB,WAAmB,EACnB,mBAA4B,KAAK,EAAA;;;AAIjC,QAAA,IAAI,UAAU,GAAG,MAAM,CAAC,QAAQ,IAAI,EAAE;AAEtC,QAAA,IAAI,CAAC,UAAU,IAAI,CAAC,gBAAgB,EAAE;;AAElC,YAAA,UAAU,GAAG,oBAAoB,EAAE,IAAI,EAAE;QAC7C;;QAGA,IAAI,CAAC,UAAU,EAAE;;;YAGb,IAAI,CAAC,gBAAgB,EAAE;gBACnB,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;gBACzD,IAAI,UAAU,EAAE;;AAEZ,oBAAA,OAAO,EAAE;gBACb;gBAEA,IAAI,CAAC,cAAc,CACf,MAAM,CAAC,IAAI,EACX,+DAA+D,CAClE;YACL;AACA,YAAA,OAAO,EAAE;QACb;;QAGA,MAAM,UAAU,GAAG,gBAAgB,CAAC,QAAQ,CAAC,MAAM,CAAC,IAAI,CAAC;AAEzD,QAAA,IAAI,CAAC,mBAAmB,CAAC,UAAU,CAAC,EAAE;YAClC,IAAI,CAAC,UAAU,EAAE;gBACb,MAAM,UAAU,GAAG,oBAAoB,CACnC,UAAU,EACV,MAAM,CAAC,IAAI,CACd;gBAED,IAAI,CAAC,UAAU,EAAE;oBACb,IAAI,CAAC,cAAc,CAAC,MAAM,CAAC,IAAI,EAAE,UAAU,CAAC;gBAChD;YACJ;;;;;QAMJ;;AAGA,QAAA,MAAM,CAAC,QAAQ,GAAG,UAAU;AAC5B,QAAA,OAAO,UAAU;IACrB;AAEA;;AAEG;IACK,cAAc,CAAC,UAAkB,EAAE,UAAkB,EAAA;QACzD,MAAM,QAAQ,GACV,CAAA,+DAAA,CAAiE;AACjE,YAAA,CAAA,gBAAA,EAAmB,UAAU,CAAA,gCAAA,CAAkC;AAC/D,YAAA,CAAA,wDAAA,EAA2D,UAAU,CAAA,+DAAA,CAAiE;YACtI,CAAA,4BAAA,EAA+B,UAAU,IAAI,SAAS,CAAA,EAAA,CAAI;AAC1D,YAAA,CAAA,gKAAA,CAAkK;AAEtK,QAAA,OAAO,CAAC,KAAK,CAAC,QAAQ,CAAC;AACvB,QAAA,MAAM,IAAI,KAAK,CACX,uCAAuC,UAAU,CAAA,wCAAA,CAA0C,CAC9F;IACL;AAEA;;AAEG;AACK,IAAA,OAAO,CAAC,GAAW,EAAE,QAAA,GAAqB,EAAE,EAAA;AAChD,QAAA,MAAM,OAAO,GAAGA,WAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AAE5D,QAAA,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;AACzB,YAAA,MAAM,QAAQ,GAAGC,aAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;AAC3C,YAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;AACrB,gBAAA,IACI,KAAK,CAAC,IAAI,KAAK,cAAc;oBAC7B,KAAK,CAAC,IAAI,KAAK,MAAM;AACrB,oBAAA,KAAK,CAAC,IAAI,KAAK,OAAO,EACxB;oBACE;gBACJ;AACA,gBAAA,IAAI,CAAC,OAAO,CAAC,QAAQ,EAAE,QAAQ,CAAC;YACpC;iBAAO;AACH,gBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE;oBACtC;gBACJ;AACA,gBAAA,QAAQ,CAAC,IAAI,CAAC,QAAQ,CAAC;YAC3B;QACJ;AACA,QAAA,OAAO,QAAQ;IACnB;AAEA;;AAEG;IACK,qBAAqB,CAAC,GAAW,EAAE,OAAoB,EAAA;AAC3D,QAAA,MAAM,OAAO,GAAGD,WAAE,CAAC,WAAW,CAAC,GAAG,EAAE,EAAE,aAAa,EAAE,IAAI,EAAE,CAAC;AAE5D,QAAA,KAAK,MAAM,KAAK,IAAI,OAAO,EAAE;AACzB,YAAA,MAAM,QAAQ,GAAGC,aAAI,CAAC,IAAI,CAAC,GAAG,EAAE,KAAK,CAAC,IAAI,CAAC;AAC3C,YAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;AACrB,gBAAA,IACI,KAAK,CAAC,IAAI,KAAK,cAAc;oBAC7B,KAAK,CAAC,IAAI,KAAK,MAAM;AACrB,oBAAA,KAAK,CAAC,IAAI,KAAK,OAAO,EACxB;oBACE;gBACJ;AACA,gBAAA,IAAI,CAAC,qBAAqB,CAAC,QAAQ,EAAE,OAAO,CAAC;YACjD;iBAAO;AACH,gBAAA,IAAI,KAAK,CAAC,IAAI,KAAK,qBAAqB,EAAE;oBACtC;gBACJ;AACA,gBAAA,OAAO,CAAC,GAAG,CAAC,QAAQ,CAAC;YACzB;QACJ;IACJ;AAEA;;;AAGG;IACI,sBAAsB,CACzB,UAAkB,EAClB,UAAkB,EAAA;QAElB,MAAM,OAAO,GAAGA,aAAI,CAAC,IAAI,CAAC,UAAU,EAAE,qBAAqB,CAAC;QAC5D,IAAI,CAACD,WAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AACzB,YAAA,IAAI,CAAC,cAAc,CAAC,UAAU,EAAE,6BAA6B,CAAC;QAClE;QAEA,MAAM,MAAM,GAAGA,WAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC;QAChD,MAAM,KAAK,GAAG,MAAM,CAAC,KAAK,CAAC,IAAI,CAAC;QAEhC,MAAM,eAAe,GAAa,EAAE;QACpC,IAAI,eAAe,GAAG,EAAE;QACxB,IAAI,OAAO,GAAG,KAAK;QACnB,MAAM,QAAQ,GAAQ,EAAE;AAExB,QAAA,KAAK,MAAM,IAAI,IAAI,KAAK,EAAE;AACtB,YAAA,MAAM,WAAW,GAAG,IAAI,CAAC,IAAI,EAAE;AAC/B,YAAA,IAAI,CAAC,WAAW;gBAAE;YAElB,MAAM,UAAU,GAAG,WAAW,CAAC,KAAK,CAChC,6DAA6D,CAChE;YACD,IAAI,UAAU,EAAE;AACZ,gBAAA,IAAI,UAAU,CAAC,CAAC,CAAC,KAAK,2BAA2B,EAAE;oBAC/C,OAAO,GAAG,IAAI;gBAClB;qBAAO;oBACH;gBACJ;gBACA;YACJ;YAEA,IAAI,OAAO,EAAE;gBACT,MAAM,QAAQ,GAAG,WAAW,CAAC,KAAK,CAAC,kBAAkB,CAAC;gBACtD,IAAI,QAAQ,EAAE;oBACV,eAAe,GAAG,QAAQ,CAAC,CAAC,CAAC,CAAC,IAAI,EAAE;gBACxC;gBACA;YACJ;;AAGA,YAAA,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC;YAE1B,MAAM,SAAS,GAAG,WAAW,CAAC,KAAK,CAAC,2BAA2B,CAAC;YAChE,IAAI,SAAS,EAAE;gBACX,MAAM,GAAG,GAAG,EAAE,KAAK,CAAC,GAAG,SAAS;AAChC,gBAAA,MAAM,CAAC,GAAG,KAAK,CAAC,IAAI,EAAE;gBAEtB,QAAQ,GAAG;AACP,oBAAA,KAAK,UAAU;wBACX,MAAM,KAAK,GAAG,CAAC,CAAC,KAAK,CAAC,GAAG,CAAC;AAC1B,wBAAA,QAAQ,CAAC,IAAI,GAAG,KAAK,CAAC,CAAC,CAAC;AACxB,wBAAA,QAAQ,CAAC,OAAO,GAAG,KAAK,CAAC,CAAC,CAAC;wBAC3B;AACJ,oBAAA,KAAK,YAAY;AACb,wBAAA,QAAQ,CAAC,WAAW,GAAG,CAAC;wBACxB;AACJ,oBAAA,KAAK,aAAa;AACd,wBAAA,QAAQ,CAAC,YAAY,GAAG,CAAC;wBACzB;AACJ,oBAAA,KAAK,UAAU;AACX,wBAAA,QAAQ,CAAC,UAAU,GAAG,CAAC;wBACvB;AACJ,oBAAA,KAAK,SAAS;AACV,wBAAA,QAAQ,CAAC,UAAU,GAAG,CAAC;wBACvB;AACJ,oBAAA,KAAK,UAAU;AACX,wBAAA,QAAQ,CAAC,aAAa,GAAG,CAAC;wBAC1B;;YAEZ;QACJ;QAEA,MAAM,UAAU,GAAG,eAAe,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,IAAI;;QAGpD,MAAM,OAAO,GAAGC,aAAI,CAAC,IAAI,CAAC,UAAU,EAAE,cAAc,CAAC;QACrD,IAAI,WAAW,GAAa,EAAE;AAE9B,QAAA,IAAID,WAAE,CAAC,UAAU,CAAC,OAAO,CAAC,EAAE;AACxB,YAAA,IAAI;AACA,gBAAA,MAAM,GAAG,GAAG,IAAI,CAAC,KAAK,CAACA,WAAE,CAAC,YAAY,CAAC,OAAO,EAAE,OAAO,CAAC,CAAC;AACzD,gBAAA,MAAM,QAAQ,GAAG,GAAG,CAAC,KAAK,IAAI,EAAE;AAEhC,gBAAA,IAAI,QAAQ,CAAC,MAAM,GAAG,CAAC,EAAE;;AAErB,oBAAA,MAAM,WAAW,GAAG,IAAI,GAAG,EAAU;AAErC,oBAAA,KAAK,MAAM,OAAO,IAAI,QAAQ,EAAE;wBAC5B,MAAM,WAAW,GAAGC,aAAI,CAAC,IAAI,CAAC,UAAU,EAAE,OAAO,CAAC;AAElD,wBAAA,IAAID,WAAE,CAAC,UAAU,CAAC,WAAW,CAAC,EAAE;4BAC5B,MAAM,KAAK,GAAGA,WAAE,CAAC,QAAQ,CAAC,WAAW,CAAC;AACtC,4BAAA,IAAI,KAAK,CAAC,WAAW,EAAE,EAAE;;AAErB,gCAAA,IAAI,CAAC,qBAAqB,CACtB,WAAW,EACX,WAAW,CACd;4BACL;iCAAO;AACH,gCAAA,WAAW,CAAC,GAAG,CAAC,WAAW,CAAC;4BAChC;wBACJ;oBACJ;AACA,oBAAA,WAAW,GAAG,KAAK,CAAC,IAAI,CAAC,WAAW,CAAC;gBACzC;YACJ;YAAE,OAAO,CAAC,EAAE;;YAEZ;QACJ;;;AAIA,QAAA,IAAI,WAAW,CAAC,MAAM,KAAK,CAAC,EAAE;AAC1B,YAAA,WAAW,GAAG,IAAI,CAAC,OAAO,CAAC,UAAU,CAAC;QAC1C;;AAGA,QAAA,WAAW,GAAG,WAAW,CAAC,MAAM,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;;QAG3D,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,CAAC,MAAM;AACxC,YAAA,GAAG,EAAE,CAAC;YACN,GAAG,EAAEC,aAAI,CAAC,QAAQ,CAAC,UAAU,EAAE,CAAC,CAAC;AACpC,SAAA,CAAC,CAAC;AACH,QAAA,WAAW,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,CAAC,KAClB,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,EAAE,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,CAAC,GAAG,GAAG,CAAC,GAAG,CAAC,CAC7C;QAED,MAAM,WAAW,GAAG,WAAW,CAAC,GAAG,CAAC,CAAC,IAAI,KACrCD,WAAE,CAAC,YAAY,CAAC,IAAI,CAAC,GAAG,CAAC,CAC5B;QACD,MAAM,cAAc,GAAG,MAAM,CAAC,MAAM,CAAC,WAAW,CAAC;QACjD,MAAM,UAAU,GAAG,MAAM,CAAC,IAAI,CAAC,MAAM,CAAC,cAAc,CAAC;AAErD,QAAA,MAAM,WAAW,GAAG,CAAA,OAAA,EAAU,UAAU,EAAE;AAC1C,QAAA,IAAI,WAAW,KAAK,QAAQ,CAAC,YAAY,EAAE;YACvC,MAAM,IAAI,KAAK,CACX,CAAA,uDAAA,EAA0D,UAAU,CAAA,YAAA,EAAe,WAAW,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA,eAAA,EAAkB,QAAQ,CAAC,YAAY,CAAC,KAAK,CAAC,CAAC,EAAE,EAAE,CAAC,CAAA,GAAA,CAAK,CACvK;QACL;AAEA,QAAA,MAAM,OAAO,GAAG,QAAQ,CAAC,UAAU,IAAI,EAAE;QACzC,MAAM,WAAW,GAAG,OAAO,CAAC,KAAK,CAAC,kCAAkC,CAAC;AACrE,QAAA,MAAM,SAAS,GAAG,WAAW,GAAG,WAAW,CAAC,CAAC,CAAC,GAAG,EAAE;AAEnD,QAAA,IAAI,CAAC,SAAS;AACV,YAAA,MAAM,IAAI,KAAK,CACX,uEAAuE,UAAU,CAAA,CAAE,CACtF;QAEL,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,eAAe,EAAE,QAAQ,CAAC;AACrD,QAAA,MAAM,UAAU,GAAG,MAAM,CAAC,MAAM,CAAC,aAAa,CAC1C,SAAS,EACT,UAAU,EACV,MAAM,CACT;QAED,IAAI,CAAC,UAAU,EAAE;AACb,YAAA,MAAM,IAAI,KAAK,CACX,0EAA0E,UAAU,CAAA,CAAE,CACzF;QACL;IACJ;AAEA;;AAEG;AACI,IAAA,gBAAgB,CAAC,MAAqB,EAAA;QACzC,IAAI,CAAC,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,CAAC,OAAO,EAAE;AACjC,YAAA,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC;QACxD;QAEA,MAAM,IAAI,GAAG,gBAAgB,CAAC;YAC1B,IAAI,EAAE,MAAM,CAAC,IAAI;YACjB,OAAO,EAAE,MAAM,CAAC,OAAO;AAC1B,SAAA,CAAC;AAEF,QAAA,IAAI,OAAO,IAAI,KAAK,QAAQ,EAAE;AAC1B,YAAA,MAAM,IAAI,KAAK,CAAC,IAAI,CAAC;QACzB;IACJ;AAEA;;;AAGG;AACI,IAAA,sBAAsB,CACzB,MAAW,EACX,UAAkB,EAClB,iBAAoC,EAAA;AAEpC,QAAA,MAAM,iBAAiB,GAAG;YACtB,KAAK;YACL,MAAM;YACN,KAAK;YACL,QAAQ;YACR,OAAO;YACP,SAAS;YACT,MAAM;YACN,SAAS;YACT,OAAO;YACP,KAAK;YACL,KAAK;YACL,QAAQ;YACR,SAAS;SACZ;;QAGD,MAAM,QAAQ,GAAG,IAAI,KAAK,CAAC,MAAM,CAAC,GAAG,EAAE;YACnC,GAAG,CAAC,MAAW,EAAE,IAAqB,EAAA;gBAClC,IACI,OAAO,IAAI,KAAK,QAAQ;AACxB,oBAAA,iBAAiB,CAAC,QAAQ,CAAC,IAAI,CAAC,EAClC;;AAEE,oBAAA,IAAI,IAAI,KAAK,SAAS,EAAE;;AAEpB,wBAAA,IAAI,gBAAgB,CAAC,QAAQ,CAAC,UAAU,CAAC,EAAE;AACvC,4BAAA,OAAO,MAAM,CAAC,IAAI,CAAC;wBACvB;wBAEA,MAAM,aAAa,GAAG,iBAAiB,CAAC,eAAe,CACnD,UAAU,EACV,SAAS,CACZ;wBAED,IAAI,CAAC,aAAa,EAAE;AAChB,4BAAA,OAAO,SAAS;wBACpB;oBACJ;AAEA,oBAAA,MAAM,KAAK,GAAG,MAAM,CAAC,IAAI,CAAC;oBAC1B,OAAO,OAAO,KAAK,KAAK;AACpB,0BAAE,KAAK,CAAC,IAAI,CAAC,MAAM;0BACjB,KAAK;gBACf;;AAGA,gBAAA,OAAO,SAAS;YACpB,CAAC;AACJ,SAAA,CAAC;;AAGF,QAAA,OAAO,IAAI,KAAK,CAAC,MAAM,EAAE;YACrB,GAAG,CAAC,OAAY,EAAE,IAAqB,EAAA;AACnC,gBAAA,IAAI,IAAI,KAAK,KAAK,EAAE;AAChB,oBAAA,OAAO,QAAQ;gBACnB;AACA,gBAAA,OAAO,SAAS;YACpB,CAAC;AACJ,SAAA,CAA4B;IACjC;AACH;;;;"}
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "xypriss",
|
|
3
|
-
"version": "9.7.
|
|
3
|
+
"version": "9.7.5",
|
|
4
4
|
"description": "XyPriss is a high-performance, TypeScript-first hyper-system web framework powered by a native Go core (XHSC), featuring robust multi-tenant sandboxing, secure native file streaming, and zero Express dependencies.",
|
|
5
5
|
"author": {
|
|
6
6
|
"name": "Nehonix",
|
|
@@ -74,7 +74,8 @@
|
|
|
74
74
|
"ws": "^8.19.0",
|
|
75
75
|
"xss": "^1.0.15",
|
|
76
76
|
"xypriss-compression-pluging": "^1.0.3",
|
|
77
|
-
"xypriss-security": "^2.1.
|
|
77
|
+
"xypriss-security": "^2.1.16",
|
|
78
|
+
"xypriss-swagger": "workspace:*"
|
|
78
79
|
},
|
|
79
80
|
"devDependencies": {
|
|
80
81
|
"@rollup/plugin-commonjs": "^25.0.8",
|