summaryrefslogtreecommitdiff
path: root/deps/npm/node_modules/hawk/lib/server.js
diff options
context:
space:
mode:
Diffstat (limited to 'deps/npm/node_modules/hawk/lib/server.js')
-rwxr-xr-xdeps/npm/node_modules/hawk/lib/server.js116
1 files changed, 57 insertions, 59 deletions
diff --git a/deps/npm/node_modules/hawk/lib/server.js b/deps/npm/node_modules/hawk/lib/server.js
index c5b02ae0c5..2f76372355 100755
--- a/deps/npm/node_modules/hawk/lib/server.js
+++ b/deps/npm/node_modules/hawk/lib/server.js
@@ -1,17 +1,15 @@
-'use strict';
-
// Load modules
-const Boom = require('boom');
-const Hoek = require('hoek');
-const Cryptiles = require('cryptiles');
-const Crypto = require('./crypto');
-const Utils = require('./utils');
+var Boom = require('boom');
+var Hoek = require('hoek');
+var Cryptiles = require('cryptiles');
+var Crypto = require('./crypto');
+var Utils = require('./utils');
// Declare internals
-const internals = {};
+var internals = {};
// Hawk authentication
@@ -19,7 +17,7 @@ const internals = {};
/*
req: node's HTTP request object or an object as follows:
- const request = {
+ var request = {
method: 'GET',
url: '/resource/4?a=1&b=2',
host: 'example.com',
@@ -32,7 +30,7 @@ const internals = {};
needed by the application. This function is the equivalent of verifying the username and
password in Basic authentication.
- const credentialsFunc = function (id, callback) {
+ var credentialsFunc = function (id, callback) {
// Lookup credentials in database
db.lookup(id, function (err, item) {
@@ -41,7 +39,7 @@ const internals = {};
return callback(err);
}
- const credentials = {
+ var credentials = {
// Required
key: item.key,
algorithm: item.algorithm,
@@ -95,25 +93,25 @@ exports.authenticate = function (req, credentialsFunc, options, callback) {
// Application time
- const now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing
+ var now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing
// Convert node Http request object to a request configuration object
- const request = Utils.parseRequest(req, options);
+ var request = Utils.parseRequest(req, options);
if (request instanceof Error) {
return callback(Boom.badRequest(request.message));
}
// Parse HTTP Authorization header
- const attributes = Utils.parseAuthorizationHeader(request.authorization);
+ var attributes = Utils.parseAuthorizationHeader(request.authorization);
if (attributes instanceof Error) {
return callback(attributes);
}
// Construct artifacts container
- const artifacts = {
+ var artifacts = {
method: request.method,
host: request.host,
port: request.port,
@@ -140,14 +138,14 @@ exports.authenticate = function (req, credentialsFunc, options, callback) {
// Fetch Hawk credentials
- credentialsFunc(attributes.id, (err, credentials) => {
+ credentialsFunc(attributes.id, function (err, credentials) {
if (err) {
return callback(err, credentials || null, artifacts);
}
if (!credentials) {
- return callback(Utils.unauthorized('Unknown credentials'), null, artifacts);
+ return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, artifacts);
}
if (!credentials.key ||
@@ -162,9 +160,9 @@ exports.authenticate = function (req, credentialsFunc, options, callback) {
// Calculate MAC
- const mac = Crypto.calculateMac('header', credentials, artifacts);
+ var mac = Crypto.calculateMac('header', credentials, artifacts);
if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) {
- return callback(Utils.unauthorized('Bad mac'), credentials, artifacts);
+ return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, artifacts);
}
// Check payload hash
@@ -173,28 +171,28 @@ exports.authenticate = function (req, credentialsFunc, options, callback) {
options.payload === '') {
if (!attributes.hash) {
- return callback(Utils.unauthorized('Missing required payload hash'), credentials, artifacts);
+ return callback(Boom.unauthorized('Missing required payload hash', 'Hawk'), credentials, artifacts);
}
- const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType);
+ var hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType);
if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) {
- return callback(Utils.unauthorized('Bad payload hash'), credentials, artifacts);
+ return callback(Boom.unauthorized('Bad payload hash', 'Hawk'), credentials, artifacts);
}
}
// Check nonce
- options.nonceFunc(credentials.key, attributes.nonce, attributes.ts, (err) => {
+ options.nonceFunc(credentials.key, attributes.nonce, attributes.ts, function (err) {
if (err) {
- return callback(Utils.unauthorized('Invalid nonce'), credentials, artifacts);
+ return callback(Boom.unauthorized('Invalid nonce', 'Hawk'), credentials, artifacts);
}
// Check timestamp staleness
if (Math.abs((attributes.ts * 1000) - now) > (options.timestampSkewSec * 1000)) {
- const tsm = Crypto.timestampMessage(credentials, options.localtimeOffsetMsec);
- return callback(Utils.unauthorized('Stale timestamp', tsm), credentials, artifacts);
+ var tsm = Crypto.timestampMessage(credentials, options.localtimeOffsetMsec);
+ return callback(Boom.unauthorized('Stale timestamp', 'Hawk', tsm), credentials, artifacts);
}
// Successful authentication
@@ -216,7 +214,7 @@ exports.authenticate = function (req, credentialsFunc, options, callback) {
exports.authenticatePayload = function (payload, credentials, artifacts, contentType) {
- const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType);
+ var calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType);
return Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash);
};
@@ -287,18 +285,18 @@ exports.header = function (credentials, artifacts, options) {
artifacts.hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType);
}
- const mac = Crypto.calculateMac('response', credentials, artifacts);
+ var mac = Crypto.calculateMac('response', credentials, artifacts);
// Construct header
- let header = 'Hawk mac="' + mac + '"' +
+ var header = 'Hawk mac="' + mac + '"' +
(artifacts.hash ? ', hash="' + artifacts.hash + '"' : '');
if (artifacts.ext !== null &&
artifacts.ext !== undefined &&
artifacts.ext !== '') { // Other falsey values allowed
- header = header + ', ext="' + Hoek.escapeHeaderAttribute(artifacts.ext) + '"';
+ header += ', ext="' + Hoek.escapeHeaderAttribute(artifacts.ext) + '"';
}
return header;
@@ -321,11 +319,11 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
// Application time
- const now = Utils.now(options.localtimeOffsetMsec);
+ var now = Utils.now(options.localtimeOffsetMsec);
// Convert node Http request object to a request configuration object
- const request = Utils.parseRequest(req, options);
+ var request = Utils.parseRequest(req, options);
if (request instanceof Error) {
return callback(Boom.badRequest(request.message));
}
@@ -336,15 +334,15 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
return callback(Boom.badRequest('Resource path exceeds max length'));
}
- const resource = request.url.match(internals.bewitRegex);
+ var resource = request.url.match(internals.bewitRegex);
if (!resource) {
- return callback(Utils.unauthorized());
+ return callback(Boom.unauthorized(null, 'Hawk'));
}
// Bewit not empty
if (!resource[3]) {
- return callback(Utils.unauthorized('Empty bewit'));
+ return callback(Boom.unauthorized('Empty bewit', 'Hawk'));
}
// Verify method is GET
@@ -352,7 +350,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
if (request.method !== 'GET' &&
request.method !== 'HEAD') {
- return callback(Utils.unauthorized('Invalid method'));
+ return callback(Boom.unauthorized('Invalid method', 'Hawk'));
}
// No other authentication
@@ -363,19 +361,19 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
// Parse bewit
- const bewitString = Hoek.base64urlDecode(resource[3]);
+ var bewitString = Hoek.base64urlDecode(resource[3]);
if (bewitString instanceof Error) {
return callback(Boom.badRequest('Invalid bewit encoding'));
}
// Bewit format: id\exp\mac\ext ('\' is used because it is a reserved header attribute character)
- const bewitParts = bewitString.split('\\');
+ var bewitParts = bewitString.split('\\');
if (bewitParts.length !== 4) {
return callback(Boom.badRequest('Invalid bewit structure'));
}
- const bewit = {
+ var bewit = {
id: bewitParts[0],
exp: parseInt(bewitParts[1], 10),
mac: bewitParts[2],
@@ -391,27 +389,27 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
// Construct URL without bewit
- let url = resource[1];
+ var url = resource[1];
if (resource[4]) {
- url = url + resource[2] + resource[4];
+ url += resource[2] + resource[4];
}
// Check expiration
if (bewit.exp * 1000 <= now) {
- return callback(Utils.unauthorized('Access expired'), null, bewit);
+ return callback(Boom.unauthorized('Access expired', 'Hawk'), null, bewit);
}
// Fetch Hawk credentials
- credentialsFunc(bewit.id, (err, credentials) => {
+ credentialsFunc(bewit.id, function (err, credentials) {
if (err) {
return callback(err, credentials || null, bewit.ext);
}
if (!credentials) {
- return callback(Utils.unauthorized('Unknown credentials'), null, bewit);
+ return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, bewit);
}
if (!credentials.key ||
@@ -426,7 +424,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
// Calculate MAC
- const mac = Crypto.calculateMac('bewit', credentials, {
+ var mac = Crypto.calculateMac('bewit', credentials, {
ts: bewit.exp,
nonce: '',
method: 'GET',
@@ -437,7 +435,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) {
});
if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) {
- return callback(Utils.unauthorized('Bad mac'), credentials, bewit);
+ return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, bewit);
}
// Successful authentication
@@ -463,7 +461,7 @@ exports.authenticateMessage = function (host, port, message, authorization, cred
// Application time
- const now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing
+ var now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing
// Validate authorization
@@ -478,14 +476,14 @@ exports.authenticateMessage = function (host, port, message, authorization, cred
// Fetch Hawk credentials
- credentialsFunc(authorization.id, (err, credentials) => {
+ credentialsFunc(authorization.id, function (err, credentials) {
if (err) {
return callback(err, credentials || null);
}
if (!credentials) {
- return callback(Utils.unauthorized('Unknown credentials'));
+ return callback(Boom.unauthorized('Unknown credentials', 'Hawk'));
}
if (!credentials.key ||
@@ -500,40 +498,40 @@ exports.authenticateMessage = function (host, port, message, authorization, cred
// Construct artifacts container
- const artifacts = {
+ var artifacts = {
ts: authorization.ts,
nonce: authorization.nonce,
- host,
- port,
+ host: host,
+ port: port,
hash: authorization.hash
};
// Calculate MAC
- const mac = Crypto.calculateMac('message', credentials, artifacts);
+ var mac = Crypto.calculateMac('message', credentials, artifacts);
if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) {
- return callback(Utils.unauthorized('Bad mac'), credentials);
+ return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials);
}
// Check payload hash
- const hash = Crypto.calculatePayloadHash(message, credentials.algorithm);
+ var hash = Crypto.calculatePayloadHash(message, credentials.algorithm);
if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) {
- return callback(Utils.unauthorized('Bad message hash'), credentials);
+ return callback(Boom.unauthorized('Bad message hash', 'Hawk'), credentials);
}
// Check nonce
- options.nonceFunc(credentials.key, authorization.nonce, authorization.ts, (err) => {
+ options.nonceFunc(credentials.key, authorization.nonce, authorization.ts, function (err) {
if (err) {
- return callback(Utils.unauthorized('Invalid nonce'), credentials);
+ return callback(Boom.unauthorized('Invalid nonce', 'Hawk'), credentials);
}
// Check timestamp staleness
if (Math.abs((authorization.ts * 1000) - now) > (options.timestampSkewSec * 1000)) {
- return callback(Utils.unauthorized('Stale timestamp'), credentials);
+ return callback(Boom.unauthorized('Stale timestamp'), credentials);
}
// Successful authentication
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-19 00:25:03 +0000