diff options
Diffstat (limited to 'deps/npm/node_modules/hawk/lib')
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/browser.js | 150 | ||||
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/client.js | 119 | ||||
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/crypto.js | 42 | ||||
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/index.js | 2 | ||||
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/server.js | 116 | ||||
| -rwxr-xr-x | deps/npm/node_modules/hawk/lib/utils.js | 30 |
6 files changed, 205 insertions, 254 deletions
diff --git a/deps/npm/node_modules/hawk/lib/browser.js b/deps/npm/node_modules/hawk/lib/browser.js index 6635ce52ba..a7945d0dd9 100755 --- a/deps/npm/node_modules/hawk/lib/browser.js +++ b/deps/npm/node_modules/hawk/lib/browser.js @@ -1,15 +1,13 @@ -'use strict'; - /* HTTP Hawk Authentication Scheme - Copyright (c) 2012-2016, Eran Hammer <eran@hammer.io> + Copyright (c) 2012-2014, Eran Hammer <eran@hammer.io> BSD Licensed */ // Declare namespace -const hawk = { +var hawk = { internals: {} }; @@ -47,7 +45,7 @@ hawk.client = { header: function (uri, method, options) { - const result = { + var result = { field: '', artifacts: {} }; @@ -64,11 +62,11 @@ hawk.client = { // Application time - const timestamp = options.timestamp || hawk.utils.nowSec(options.localtimeOffsetMsec); + var timestamp = options.timestamp || hawk.utils.now(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -91,10 +89,10 @@ hawk.client = { // Calculate signature - const artifacts = { + var artifacts = { ts: timestamp, nonce: options.nonce || hawk.utils.randomString(6), - method, + method: method, resource: uri.resource, host: uri.host, port: uri.port, @@ -114,12 +112,12 @@ hawk.client = { artifacts.hash = hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); } - const mac = hawk.crypto.calculateMac('header', credentials, artifacts); + var mac = hawk.crypto.calculateMac('header', credentials, artifacts); // Construct header - const hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed - let header = 'Hawk id="' + credentials.id + + var hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed + var header = 'Hawk id="' + credentials.id + '", ts="' + artifacts.ts + '", nonce="' + artifacts.nonce + (artifacts.hash ? '", hash="' + artifacts.hash : '') + @@ -175,11 +173,11 @@ hawk.client = { // Application time - const now = hawk.utils.nowSec(options.localtimeOffsetMsec); + var now = hawk.utils.now(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -198,8 +196,8 @@ hawk.client = { // Calculate signature - const exp = now + options.ttlSec; - const mac = hawk.crypto.calculateMac('bewit', credentials, { + var exp = now + options.ttlSec; + var mac = hawk.crypto.calculateMac('bewit', credentials, { ts: exp, nonce: '', method: 'GET', @@ -211,14 +209,14 @@ hawk.client = { // Construct bewit: id\exp\mac\ext - const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; + var bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; return hawk.utils.base64urlEncode(bewit); }, // Validate server response /* - request: object created via 'new XMLHttpRequest()' after response received or fetch API 'Response' + request: object created via 'new XMLHttpRequest()' after response received artifacts: object received from header().artifacts options: { payload: optional payload received @@ -230,54 +228,46 @@ hawk.client = { options = options || {}; - const getHeader = function (name) { - - // Fetch API or plain headers - - if (request.headers) { - return (typeof request.headers.get === 'function' ? request.headers.get(name) : request.headers[name]); - } - - // XMLHttpRequest + var getHeader = function (name) { - return (request.getResponseHeader ? request.getResponseHeader(name) : request.getHeader(name)); + return request.getResponseHeader ? request.getResponseHeader(name) : request.getHeader(name); }; - const wwwAuthenticate = getHeader('www-authenticate'); + var wwwAuthenticate = getHeader('www-authenticate'); if (wwwAuthenticate) { // Parse HTTP WWW-Authenticate header - const wwwAttributes = hawk.utils.parseAuthorizationHeader(wwwAuthenticate, ['ts', 'tsm', 'error']); + var wwwAttributes = hawk.utils.parseAuthorizationHeader(wwwAuthenticate, ['ts', 'tsm', 'error']); if (!wwwAttributes) { return false; } if (wwwAttributes.ts) { - const tsm = hawk.crypto.calculateTsMac(wwwAttributes.ts, credentials); + var tsm = hawk.crypto.calculateTsMac(wwwAttributes.ts, credentials); if (tsm !== wwwAttributes.tsm) { return false; } - hawk.utils.setNtpSecOffset(wwwAttributes.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision + hawk.utils.setNtpOffset(wwwAttributes.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision } } // Parse HTTP Server-Authorization header - const serverAuthorization = getHeader('server-authorization'); + var serverAuthorization = getHeader('server-authorization'); if (!serverAuthorization && !options.required) { return true; } - const attributes = hawk.utils.parseAuthorizationHeader(serverAuthorization, ['mac', 'ext', 'hash']); + var attributes = hawk.utils.parseAuthorizationHeader(serverAuthorization, ['mac', 'ext', 'hash']); if (!attributes) { return false; } - const modArtifacts = { + var modArtifacts = { ts: artifacts.ts, nonce: artifacts.nonce, method: artifacts.method, @@ -290,7 +280,7 @@ hawk.client = { dlg: artifacts.dlg }; - const mac = hawk.crypto.calculateMac('response', credentials, modArtifacts); + var mac = hawk.crypto.calculateMac('response', credentials, modArtifacts); if (mac !== attributes.mac) { return false; } @@ -305,7 +295,7 @@ hawk.client = { return false; } - const calculatedHash = hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, getHeader('content-type')); + var calculatedHash = hawk.crypto.calculatePayloadHash(options.payload, credentials.algorithm, getHeader('content-type')); return (calculatedHash === attributes.hash); }, @@ -323,11 +313,11 @@ hawk.client = { // Application time - const timestamp = options.timestamp || hawk.utils.nowSec(options.localtimeOffsetMsec); + var timestamp = options.timestamp || hawk.utils.now(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -343,17 +333,17 @@ hawk.client = { // Calculate signature - const artifacts = { + var artifacts = { ts: timestamp, nonce: options.nonce || hawk.utils.randomString(6), - host, - port, + host: host, + port: port, hash: hawk.crypto.calculatePayloadHash(message, credentials.algorithm) }; // Construct authorization - const result = { + var result = { id: credentials.id, ts: artifacts.ts, nonce: artifacts.nonce, @@ -364,15 +354,15 @@ hawk.client = { return result; }, - authenticateTimestamp: function (message, credentials, updateClock) { // updateClock defaults to true + authenticateTimestamp: function (message, credentials, updateClock) { // updateClock defaults to true - const tsm = hawk.crypto.calculateTsMac(message.ts, credentials); + var tsm = hawk.crypto.calculateTsMac(message.ts, credentials); if (tsm !== message.tsm) { return false; } if (updateClock !== false) { - hawk.utils.setNtpSecOffset(message.ts - Math.floor(Date.now() / 1000)); // Keep offset at 1 second precision + hawk.utils.setNtpOffset(message.ts - Math.floor((new Date()).getTime() / 1000)); // Keep offset at 1 second precision } return true; @@ -388,15 +378,15 @@ hawk.crypto = { calculateMac: function (type, credentials, options) { - const normalized = hawk.crypto.generateNormalizedString(type, options); + var normalized = hawk.crypto.generateNormalizedString(type, options); - const hmac = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()](normalized, credentials.key); + var hmac = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()](normalized, credentials.key); return hmac.toString(CryptoJS.enc.Base64); }, generateNormalizedString: function (type, options) { - let normalized = 'hawk.' + hawk.crypto.headerVersion + '.' + type + '\n' + + var normalized = 'hawk.' + hawk.crypto.headerVersion + '.' + type + '\n' + options.ts + '\n' + options.nonce + '\n' + (options.method || '').toUpperCase() + '\n' + @@ -421,7 +411,7 @@ hawk.crypto = { calculatePayloadHash: function (payload, algorithm, contentType) { - const hash = CryptoJS.algo[algorithm.toUpperCase()].create(); + var hash = CryptoJS.algo[algorithm.toUpperCase()].create(); hash.update('hawk.' + hawk.crypto.headerVersion + '.payload\n'); hash.update(hawk.utils.parseContentType(contentType) + '\n'); hash.update(payload); @@ -431,7 +421,7 @@ hawk.crypto = { calculateTsMac: function (ts, credentials) { - const hash = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()]('hawk.' + hawk.crypto.headerVersion + '.ts\n' + ts + '\n', credentials.key); + var hash = CryptoJS['Hmac' + credentials.algorithm.toUpperCase()]('hawk.' + hawk.crypto.headerVersion + '.ts\n' + ts + '\n', credentials.key); return hash.toString(CryptoJS.enc.Base64); } }; @@ -480,14 +470,14 @@ hawk.utils = { setStorage: function (storage) { - const ntpOffset = hawk.utils.storage.getItem('hawk_ntp_offset'); + var ntpOffset = hawk.utils.storage.getItem('hawk_ntp_offset'); hawk.utils.storage = storage; if (ntpOffset) { - hawk.utils.setNtpSecOffset(ntpOffset); + hawk.utils.setNtpOffset(ntpOffset); } }, - setNtpSecOffset: function (offset) { + setNtpOffset: function (offset) { try { hawk.utils.storage.setItem('hawk_ntp_offset', offset); @@ -498,9 +488,9 @@ hawk.utils = { } }, - getNtpSecOffset: function () { + getNtpOffset: function () { - const offset = hawk.utils.storage.getItem('hawk_ntp_offset'); + var offset = hawk.utils.storage.getItem('hawk_ntp_offset'); if (!offset) { return 0; } @@ -510,12 +500,7 @@ hawk.utils = { now: function (localtimeOffsetMsec) { - return Date.now() + (localtimeOffsetMsec || 0) + (hawk.utils.getNtpSecOffset() * 1000); - }, - - nowSec: function (localtimeOffsetMsec) { - - return Math.floor(hawk.utils.now(localtimeOffsetMsec) / 1000); + return Math.floor(((new Date()).getTime() + (localtimeOffsetMsec || 0)) / 1000) + hawk.utils.getNtpOffset(); }, escapeHeaderAttribute: function (attribute) { @@ -538,23 +523,23 @@ hawk.utils = { return null; } - const headerParts = header.match(/^(\w+)(?:\s+(.*))?$/); // Header: scheme[ something] + var headerParts = header.match(/^(\w+)(?:\s+(.*))?$/); // Header: scheme[ something] if (!headerParts) { return null; } - const scheme = headerParts[1]; + var scheme = headerParts[1]; if (scheme.toLowerCase() !== 'hawk') { return null; } - const attributesString = headerParts[2]; + var attributesString = headerParts[2]; if (!attributesString) { return null; } - const attributes = {}; - const verify = attributesString.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g, ($0, $1, $2) => { + var attributes = {}; + var verify = attributesString.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g, function ($0, $1, $2) { // Check valid attribute names @@ -587,28 +572,27 @@ hawk.utils = { randomString: function (size) { - const randomSource = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; - const len = randomSource.length; + var randomSource = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789'; + var len = randomSource.length; - const result = []; - for (let i = 0; i < size; ++i) { + var result = []; + for (var i = 0; i < size; ++i) { result[i] = randomSource[Math.floor(Math.random() * len)]; } return result.join(''); }, - // 1 2 3 4 - uriRegex: /^([^:]+)\:\/\/(?:[^@/]*@)?([^\/:]+)(?:\:(\d+))?([^#]*)(?:#.*)?$/, // scheme://credentials@host:port/resource#fragment + uriRegex: /^([^:]+)\:\/\/(?:[^@]*@)?([^\/:]+)(?:\:(\d+))?([^#]*)(?:#.*)?$/, // scheme://credentials@host:port/resource#fragment parseUri: function (input) { - const parts = input.match(hawk.utils.uriRegex); + var parts = input.match(hawk.utils.uriRegex); if (!parts) { return { host: '', port: '', resource: '' }; } - const scheme = parts[1].toLowerCase(); - const uri = { + var scheme = parts[1].toLowerCase(); + var uri = { host: parts[2], port: parts[3] || (scheme === 'http' ? '80' : (scheme === 'https' ? '443' : '')), resource: parts[4] @@ -619,8 +603,8 @@ hawk.utils = { base64urlEncode: function (value) { - const wordArray = CryptoJS.enc.Utf8.parse(value); - const encoded = CryptoJS.enc.Base64.stringify(wordArray); + var wordArray = CryptoJS.enc.Utf8.parse(value); + var encoded = CryptoJS.enc.Base64.stringify(wordArray); return encoded.replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, ''); } }; @@ -634,14 +618,14 @@ hawk.utils = { // http://code.google.com/p/crypto-js/ // http://code.google.com/p/crypto-js/wiki/License -var CryptoJS = CryptoJS || function (h, r) { var k = {}, l = k.lib = {}, n = function () { }, f = l.Base = { extend: function (a) { n.prototype = this; var b = new n; a && b.mixIn(a); b.hasOwnProperty("init") || (b.init = function () { b.$super.init.apply(this, arguments) }); b.init.prototype = b; b.$super = this; return b }, create: function () { var a = this.extend(); a.init.apply(a, arguments); return a }, init: function () { }, mixIn: function (a) { for (let b in a) a.hasOwnProperty(b) && (this[b] = a[b]); a.hasOwnProperty("toString") && (this.toString = a.toString) }, clone: function () { return this.init.prototype.extend(this) } }, j = l.WordArray = f.extend({ init: function (a, b) { a = this.words = a || []; this.sigBytes = b != r ? b : 4 * a.length }, toString: function (a) { return (a || s).stringify(this) }, concat: function (a) { var b = this.words, d = a.words, c = this.sigBytes; a = a.sigBytes; this.clamp(); if (c % 4) for (let e = 0; e < a; e++) b[c + e >>> 2] |= (d[e >>> 2] >>> 24 - 8 * (e % 4) & 255) << 24 - 8 * ((c + e) % 4); else if (65535 < d.length) for (let e = 0; e < a; e += 4) b[c + e >>> 2] = d[e >>> 2]; else b.push.apply(b, d); this.sigBytes += a; return this }, clamp: function () { var a = this.words, b = this.sigBytes; a[b >>> 2] &= 4294967295 << 32 - 8 * (b % 4); a.length = h.ceil(b / 4) }, clone: function () { var a = f.clone.call(this); a.words = this.words.slice(0); return a }, random: function (a) { for (let b = [], d = 0; d < a; d += 4) b.push(4294967296 * h.random() | 0); return new j.init(b, a) } }), m = k.enc = {}, s = m.Hex = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) { var e = b[c >>> 2] >>> 24 - 8 * (c % 4) & 255; d.push((e >>> 4).toString(16)); d.push((e & 15).toString(16)) } return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c += 2) d[c >>> 3] |= parseInt(a.substr(c, 2), 16) << 24 - 4 * (c % 8); return new j.init(d, b / 2) } }, p = m.Latin1 = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) d.push(String.fromCharCode(b[c >>> 2] >>> 24 - 8 * (c % 4) & 255)); return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c++) d[c >>> 2] |= (a.charCodeAt(c) & 255) << 24 - 8 * (c % 4); return new j.init(d, b) } }, t = m.Utf8 = { stringify: function (a) { try { return decodeURIComponent(escape(p.stringify(a))) } catch (b) { throw Error("Malformed UTF-8 data"); } }, parse: function (a) { return p.parse(unescape(encodeURIComponent(a))) } }, q = l.BufferedBlockAlgorithm = f.extend({ reset: function () { this._data = new j.init; this._nDataBytes = 0 }, _append: function (a) { "string" == typeof a && (a = t.parse(a)); this._data.concat(a); this._nDataBytes += a.sigBytes }, _process: function (a) { var b = this._data, d = b.words, c = b.sigBytes, e = this.blockSize, f = c / (4 * e), f = a ? h.ceil(f) : h.max((f | 0) - this._minBufferSize, 0); a = f * e; c = h.min(4 * a, c); if (a) { for (var g = 0; g < a; g += e) this._doProcessBlock(d, g); g = d.splice(0, a); b.sigBytes -= c } return new j.init(g, c) }, clone: function () { var a = f.clone.call(this); a._data = this._data.clone(); return a }, _minBufferSize: 0 }); l.Hasher = q.extend({ cfg: f.extend(), init: function (a) { this.cfg = this.cfg.extend(a); this.reset() }, reset: function () { q.reset.call(this); this._doReset() }, update: function (a) { this._append(a); this._process(); return this }, finalize: function (a) { a && this._append(a); return this._doFinalize() }, blockSize: 16, _createHelper: function (a) { return function (b, d) { return (new a.init(d)).finalize(b) } }, _createHmacHelper: function (a) { return function (b, d) { return (new u.HMAC.init(a, d)).finalize(b) } } }); var u = k.algo = {}; return k }(Math); -(() => { var k = CryptoJS, b = k.lib, m = b.WordArray, l = b.Hasher, d = [], b = k.algo.SHA1 = l.extend({ _doReset: function () { this._hash = new m.init([1732584193, 4023233417, 2562383102, 271733878, 3285377520]) }, _doProcessBlock: function (n, p) { for (var a = this._hash.words, e = a[0], f = a[1], h = a[2], j = a[3], b = a[4], c = 0; 80 > c; c++) { if (16 > c) d[c] = n[p + c] | 0; else { var g = d[c - 3] ^ d[c - 8] ^ d[c - 14] ^ d[c - 16]; d[c] = g << 1 | g >>> 31 } g = (e << 5 | e >>> 27) + b + d[c]; g = 20 > c ? g + ((f & h | ~f & j) + 1518500249) : 40 > c ? g + ((f ^ h ^ j) + 1859775393) : 60 > c ? g + ((f & h | f & j | h & j) - 1894007588) : g + ((f ^ h ^ j) - 899497514); b = j; j = h; h = f << 30 | f >>> 2; f = e; e = g } a[0] = a[0] + e | 0; a[1] = a[1] + f | 0; a[2] = a[2] + h | 0; a[3] = a[3] + j | 0; a[4] = a[4] + b | 0 }, _doFinalize: function () { var b = this._data, d = b.words, a = 8 * this._nDataBytes, e = 8 * b.sigBytes; d[e >>> 5] |= 128 << 24 - e % 32; d[(e + 64 >>> 9 << 4) + 14] = Math.floor(a / 4294967296); d[(e + 64 >>> 9 << 4) + 15] = a; b.sigBytes = 4 * d.length; this._process(); return this._hash }, clone: function () { var b = l.clone.call(this); b._hash = this._hash.clone(); return b } }); k.SHA1 = l._createHelper(b); k.HmacSHA1 = l._createHmacHelper(b) })(); +var CryptoJS = CryptoJS || function (h, r) { var k = {}, l = k.lib = {}, n = function () { }, f = l.Base = { extend: function (a) { n.prototype = this; var b = new n; a && b.mixIn(a); b.hasOwnProperty("init") || (b.init = function () { b.$super.init.apply(this, arguments) }); b.init.prototype = b; b.$super = this; return b }, create: function () { var a = this.extend(); a.init.apply(a, arguments); return a }, init: function () { }, mixIn: function (a) { for (var b in a) a.hasOwnProperty(b) && (this[b] = a[b]); a.hasOwnProperty("toString") && (this.toString = a.toString) }, clone: function () { return this.init.prototype.extend(this) } }, j = l.WordArray = f.extend({ init: function (a, b) { a = this.words = a || []; this.sigBytes = b != r ? b : 4 * a.length }, toString: function (a) { return (a || s).stringify(this) }, concat: function (a) { var b = this.words, d = a.words, c = this.sigBytes; a = a.sigBytes; this.clamp(); if (c % 4) for (var e = 0; e < a; e++) b[c + e >>> 2] |= (d[e >>> 2] >>> 24 - 8 * (e % 4) & 255) << 24 - 8 * ((c + e) % 4); else if (65535 < d.length) for (e = 0; e < a; e += 4) b[c + e >>> 2] = d[e >>> 2]; else b.push.apply(b, d); this.sigBytes += a; return this }, clamp: function () { var a = this.words, b = this.sigBytes; a[b >>> 2] &= 4294967295 << 32 - 8 * (b % 4); a.length = h.ceil(b / 4) }, clone: function () { var a = f.clone.call(this); a.words = this.words.slice(0); return a }, random: function (a) { for (var b = [], d = 0; d < a; d += 4) b.push(4294967296 * h.random() | 0); return new j.init(b, a) } }), m = k.enc = {}, s = m.Hex = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) { var e = b[c >>> 2] >>> 24 - 8 * (c % 4) & 255; d.push((e >>> 4).toString(16)); d.push((e & 15).toString(16)) } return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c += 2) d[c >>> 3] |= parseInt(a.substr(c, 2), 16) << 24 - 4 * (c % 8); return new j.init(d, b / 2) } }, p = m.Latin1 = { stringify: function (a) { var b = a.words; a = a.sigBytes; for (var d = [], c = 0; c < a; c++) d.push(String.fromCharCode(b[c >>> 2] >>> 24 - 8 * (c % 4) & 255)); return d.join("") }, parse: function (a) { for (var b = a.length, d = [], c = 0; c < b; c++) d[c >>> 2] |= (a.charCodeAt(c) & 255) << 24 - 8 * (c % 4); return new j.init(d, b) } }, t = m.Utf8 = { stringify: function (a) { try { return decodeURIComponent(escape(p.stringify(a))) } catch (b) { throw Error("Malformed UTF-8 data"); } }, parse: function (a) { return p.parse(unescape(encodeURIComponent(a))) } }, q = l.BufferedBlockAlgorithm = f.extend({ reset: function () { this._data = new j.init; this._nDataBytes = 0 }, _append: function (a) { "string" == typeof a && (a = t.parse(a)); this._data.concat(a); this._nDataBytes += a.sigBytes }, _process: function (a) { var b = this._data, d = b.words, c = b.sigBytes, e = this.blockSize, f = c / (4 * e), f = a ? h.ceil(f) : h.max((f | 0) - this._minBufferSize, 0); a = f * e; c = h.min(4 * a, c); if (a) { for (var g = 0; g < a; g += e) this._doProcessBlock(d, g); g = d.splice(0, a); b.sigBytes -= c } return new j.init(g, c) }, clone: function () { var a = f.clone.call(this); a._data = this._data.clone(); return a }, _minBufferSize: 0 }); l.Hasher = q.extend({ cfg: f.extend(), init: function (a) { this.cfg = this.cfg.extend(a); this.reset() }, reset: function () { q.reset.call(this); this._doReset() }, update: function (a) { this._append(a); this._process(); return this }, finalize: function (a) { a && this._append(a); return this._doFinalize() }, blockSize: 16, _createHelper: function (a) { return function (b, d) { return (new a.init(d)).finalize(b) } }, _createHmacHelper: function (a) { return function (b, d) { return (new u.HMAC.init(a, d)).finalize(b) } } }); var u = k.algo = {}; return k }(Math); +(function () { var k = CryptoJS, b = k.lib, m = b.WordArray, l = b.Hasher, d = [], b = k.algo.SHA1 = l.extend({ _doReset: function () { this._hash = new m.init([1732584193, 4023233417, 2562383102, 271733878, 3285377520]) }, _doProcessBlock: function (n, p) { for (var a = this._hash.words, e = a[0], f = a[1], h = a[2], j = a[3], b = a[4], c = 0; 80 > c; c++) { if (16 > c) d[c] = n[p + c] | 0; else { var g = d[c - 3] ^ d[c - 8] ^ d[c - 14] ^ d[c - 16]; d[c] = g << 1 | g >>> 31 } g = (e << 5 | e >>> 27) + b + d[c]; g = 20 > c ? g + ((f & h | ~f & j) + 1518500249) : 40 > c ? g + ((f ^ h ^ j) + 1859775393) : 60 > c ? g + ((f & h | f & j | h & j) - 1894007588) : g + ((f ^ h ^ j) - 899497514); b = j; j = h; h = f << 30 | f >>> 2; f = e; e = g } a[0] = a[0] + e | 0; a[1] = a[1] + f | 0; a[2] = a[2] + h | 0; a[3] = a[3] + j | 0; a[4] = a[4] + b | 0 }, _doFinalize: function () { var b = this._data, d = b.words, a = 8 * this._nDataBytes, e = 8 * b.sigBytes; d[e >>> 5] |= 128 << 24 - e % 32; d[(e + 64 >>> 9 << 4) + 14] = Math.floor(a / 4294967296); d[(e + 64 >>> 9 << 4) + 15] = a; b.sigBytes = 4 * d.length; this._process(); return this._hash }, clone: function () { var b = l.clone.call(this); b._hash = this._hash.clone(); return b } }); k.SHA1 = l._createHelper(b); k.HmacSHA1 = l._createHmacHelper(b) })(); (function (k) { for (var g = CryptoJS, h = g.lib, v = h.WordArray, j = h.Hasher, h = g.algo, s = [], t = [], u = function (q) { return 4294967296 * (q - (q | 0)) | 0 }, l = 2, b = 0; 64 > b;) { var d; a: { d = l; for (var w = k.sqrt(d), r = 2; r <= w; r++) if (!(d % r)) { d = !1; break a } d = !0 } d && (8 > b && (s[b] = u(k.pow(l, 0.5))), t[b] = u(k.pow(l, 1 / 3)), b++); l++ } var n = [], h = h.SHA256 = j.extend({ _doReset: function () { this._hash = new v.init(s.slice(0)) }, _doProcessBlock: function (q, h) { for (var a = this._hash.words, c = a[0], d = a[1], b = a[2], k = a[3], f = a[4], g = a[5], j = a[6], l = a[7], e = 0; 64 > e; e++) { if (16 > e) n[e] = q[h + e] | 0; else { var m = n[e - 15], p = n[e - 2]; n[e] = ((m << 25 | m >>> 7) ^ (m << 14 | m >>> 18) ^ m >>> 3) + n[e - 7] + ((p << 15 | p >>> 17) ^ (p << 13 | p >>> 19) ^ p >>> 10) + n[e - 16] } m = l + ((f << 26 | f >>> 6) ^ (f << 21 | f >>> 11) ^ (f << 7 | f >>> 25)) + (f & g ^ ~f & j) + t[e] + n[e]; p = ((c << 30 | c >>> 2) ^ (c << 19 | c >>> 13) ^ (c << 10 | c >>> 22)) + (c & d ^ c & b ^ d & b); l = j; j = g; g = f; f = k + m | 0; k = b; b = d; d = c; c = m + p | 0 } a[0] = a[0] + c | 0; a[1] = a[1] + d | 0; a[2] = a[2] + b | 0; a[3] = a[3] + k | 0; a[4] = a[4] + f | 0; a[5] = a[5] + g | 0; a[6] = a[6] + j | 0; a[7] = a[7] + l | 0 }, _doFinalize: function () { var d = this._data, b = d.words, a = 8 * this._nDataBytes, c = 8 * d.sigBytes; b[c >>> 5] |= 128 << 24 - c % 32; b[(c + 64 >>> 9 << 4) + 14] = k.floor(a / 4294967296); b[(c + 64 >>> 9 << 4) + 15] = a; d.sigBytes = 4 * b.length; this._process(); return this._hash }, clone: function () { var b = j.clone.call(this); b._hash = this._hash.clone(); return b } }); g.SHA256 = j._createHelper(h); g.HmacSHA256 = j._createHmacHelper(h) })(Math); -(() => { var c = CryptoJS, k = c.enc.Utf8; c.algo.HMAC = c.lib.Base.extend({ init: function (a, b) { a = this._hasher = new a.init; "string" == typeof b && (b = k.parse(b)); var c = a.blockSize, e = 4 * c; b.sigBytes > e && (b = a.finalize(b)); b.clamp(); for (var f = this._oKey = b.clone(), g = this._iKey = b.clone(), h = f.words, j = g.words, d = 0; d < c; d++) h[d] ^= 1549556828, j[d] ^= 909522486; f.sigBytes = g.sigBytes = e; this.reset() }, reset: function () { var a = this._hasher; a.reset(); a.update(this._iKey) }, update: function (a) { this._hasher.update(a); return this }, finalize: function (a) { var b = this._hasher; a = b.finalize(a); b.reset(); return b.finalize(this._oKey.clone().concat(a)) } }) })(); -(() => { var h = CryptoJS, j = h.lib.WordArray; h.enc.Base64 = { stringify: function (b) { var e = b.words, f = b.sigBytes, c = this._map; b.clamp(); b = []; for (var a = 0; a < f; a += 3) for (var d = (e[a >>> 2] >>> 24 - 8 * (a % 4) & 255) << 16 | (e[a + 1 >>> 2] >>> 24 - 8 * ((a + 1) % 4) & 255) << 8 | e[a + 2 >>> 2] >>> 24 - 8 * ((a + 2) % 4) & 255, g = 0; 4 > g && a + 0.75 * g < f; g++) b.push(c.charAt(d >>> 6 * (3 - g) & 63)); if (e = c.charAt(64)) for (; b.length % 4;) b.push(e); return b.join("") }, parse: function (b) { var e = b.length, f = this._map, c = f.charAt(64); c && (c = b.indexOf(c), -1 != c && (e = c)); for (var c = [], a = 0, d = 0; d < e; d++) if (d % 4) { var g = f.indexOf(b.charAt(d - 1)) << 2 * (d % 4), h = f.indexOf(b.charAt(d)) >>> 6 - 2 * (d % 4); c[a >>> 2] |= (g | h) << 24 - 8 * (a % 4); a++ } return j.create(c, a) }, _map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" } })(); +(function () { var c = CryptoJS, k = c.enc.Utf8; c.algo.HMAC = c.lib.Base.extend({ init: function (a, b) { a = this._hasher = new a.init; "string" == typeof b && (b = k.parse(b)); var c = a.blockSize, e = 4 * c; b.sigBytes > e && (b = a.finalize(b)); b.clamp(); for (var f = this._oKey = b.clone(), g = this._iKey = b.clone(), h = f.words, j = g.words, d = 0; d < c; d++) h[d] ^= 1549556828, j[d] ^= 909522486; f.sigBytes = g.sigBytes = e; this.reset() }, reset: function () { var a = this._hasher; a.reset(); a.update(this._iKey) }, update: function (a) { this._hasher.update(a); return this }, finalize: function (a) { var b = this._hasher; a = b.finalize(a); b.reset(); return b.finalize(this._oKey.clone().concat(a)) } }) })(); +(function () { var h = CryptoJS, j = h.lib.WordArray; h.enc.Base64 = { stringify: function (b) { var e = b.words, f = b.sigBytes, c = this._map; b.clamp(); b = []; for (var a = 0; a < f; a += 3) for (var d = (e[a >>> 2] >>> 24 - 8 * (a % 4) & 255) << 16 | (e[a + 1 >>> 2] >>> 24 - 8 * ((a + 1) % 4) & 255) << 8 | e[a + 2 >>> 2] >>> 24 - 8 * ((a + 2) % 4) & 255, g = 0; 4 > g && a + 0.75 * g < f; g++) b.push(c.charAt(d >>> 6 * (3 - g) & 63)); if (e = c.charAt(64)) for (; b.length % 4;) b.push(e); return b.join("") }, parse: function (b) { var e = b.length, f = this._map, c = f.charAt(64); c && (c = b.indexOf(c), -1 != c && (e = c)); for (var c = [], a = 0, d = 0; d < e; d++) if (d % 4) { var g = f.indexOf(b.charAt(d - 1)) << 2 * (d % 4), h = f.indexOf(b.charAt(d)) >>> 6 - 2 * (d % 4); c[a >>> 2] |= (g | h) << 24 - 8 * (a % 4); a++ } return j.create(c, a) }, _map: "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" } })(); +hawk.crypto.internals = CryptoJS; -hawk.crypto.utils = CryptoJS; // Export if used as a module diff --git a/deps/npm/node_modules/hawk/lib/client.js b/deps/npm/node_modules/hawk/lib/client.js index 13bd77b359..f9ae691713 100755 --- a/deps/npm/node_modules/hawk/lib/client.js +++ b/deps/npm/node_modules/hawk/lib/client.js @@ -1,17 +1,15 @@ -'use strict'; - // Load modules -const Url = require('url'); -const Hoek = require('hoek'); -const Cryptiles = require('cryptiles'); -const Crypto = require('./crypto'); -const Utils = require('./utils'); +var Url = require('url'); +var Hoek = require('hoek'); +var Cryptiles = require('cryptiles'); +var Crypto = require('./crypto'); +var Utils = require('./utils'); // Declare internals -const internals = {}; +var internals = {}; // Generate an Authorization header for a given request @@ -32,7 +30,7 @@ const internals = {}; // Optional ext: 'application-specific', // Application specific data sent via the ext attribute - timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds + timestamp: Date.now(), // A pre-calculated timestamp nonce: '2334f34f', // A pre-generated nonce localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided) payload: '{"some":"payload"}', // UTF-8 encoded string for body hash generation (ignored if hash provided) @@ -45,7 +43,7 @@ const internals = {}; exports.header = function (uri, method, options) { - const result = { + var result = { field: '', artifacts: {} }; @@ -62,11 +60,11 @@ exports.header = function (uri, method, options) { // Application time - const timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); + var timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -89,10 +87,10 @@ exports.header = function (uri, method, options) { // Calculate signature - const artifacts = { + var artifacts = { ts: timestamp, nonce: options.nonce || Cryptiles.randomString(6), - method, + method: method, resource: uri.pathname + (uri.search || ''), // Maintain trailing '?' host: uri.hostname, port: uri.port || (uri.protocol === 'http:' ? 80 : 443), @@ -112,12 +110,12 @@ exports.header = function (uri, method, options) { artifacts.hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); } - const mac = Crypto.calculateMac('header', credentials, artifacts); + var mac = Crypto.calculateMac('header', credentials, artifacts); // Construct header - const hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed - let header = 'Hawk id="' + credentials.id + + var hasExt = artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== ''; // Other falsey values allowed + var header = 'Hawk id="' + credentials.id + '", ts="' + artifacts.ts + '", nonce="' + artifacts.nonce + (artifacts.hash ? '", hash="' + artifacts.hash : '') + @@ -125,7 +123,7 @@ exports.header = function (uri, method, options) { '", mac="' + mac + '"'; if (artifacts.app) { - header = header + ', app="' + artifacts.app + + header += ', app="' + artifacts.app + (artifacts.dlg ? '", dlg="' + artifacts.dlg : '') + '"'; } @@ -146,44 +144,26 @@ exports.header = function (uri, method, options) { } */ -exports.authenticate = function (res, credentials, artifacts, options, callback) { +exports.authenticate = function (res, credentials, artifacts, options) { artifacts = Hoek.clone(artifacts); options = options || {}; - let wwwAttributes = null; - let serverAuthAttributes = null; - - const finalize = function (err) { - - if (callback) { - const headers = { - 'www-authenticate': wwwAttributes, - 'server-authorization': serverAuthAttributes - }; - - return callback(err, headers); - } - - return !err; - }; - if (res.headers['www-authenticate']) { // Parse HTTP WWW-Authenticate header - wwwAttributes = Utils.parseAuthorizationHeader(res.headers['www-authenticate'], ['ts', 'tsm', 'error']); + var wwwAttributes = Utils.parseAuthorizationHeader(res.headers['www-authenticate'], ['ts', 'tsm', 'error']); if (wwwAttributes instanceof Error) { - wwwAttributes = null; - return finalize(new Error('Invalid WWW-Authenticate header')); + return false; } // Validate server timestamp (not used to update clock since it is done via the SNPT client) if (wwwAttributes.ts) { - const tsm = Crypto.calculateTsMac(wwwAttributes.ts, credentials); + var tsm = Crypto.calculateTsMac(wwwAttributes.ts, credentials); if (tsm !== wwwAttributes.tsm) { - return finalize(new Error('Invalid server timestamp hash')); + return false; } } } @@ -193,39 +173,34 @@ exports.authenticate = function (res, credentials, artifacts, options, callback) if (!res.headers['server-authorization'] && !options.required) { - return finalize(); + return true; } - serverAuthAttributes = Utils.parseAuthorizationHeader(res.headers['server-authorization'], ['mac', 'ext', 'hash']); - if (serverAuthAttributes instanceof Error) { - serverAuthAttributes = null; - return finalize(new Error('Invalid Server-Authorization header')); + var attributes = Utils.parseAuthorizationHeader(res.headers['server-authorization'], ['mac', 'ext', 'hash']); + if (attributes instanceof Error) { + return false; } - artifacts.ext = serverAuthAttributes.ext; - artifacts.hash = serverAuthAttributes.hash; + artifacts.ext = attributes.ext; + artifacts.hash = attributes.hash; - const mac = Crypto.calculateMac('response', credentials, artifacts); - if (mac !== serverAuthAttributes.mac) { - return finalize(new Error('Bad response mac')); + var mac = Crypto.calculateMac('response', credentials, artifacts); + if (mac !== attributes.mac) { + return false; } if (!options.payload && options.payload !== '') { - return finalize(); - } - - if (!serverAuthAttributes.hash) { - return finalize(new Error('Missing response hash attribute')); + return true; } - const calculatedHash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, res.headers['content-type']); - if (calculatedHash !== serverAuthAttributes.hash) { - return finalize(new Error('Bad response payload mac')); + if (!attributes.hash) { + return false; } - return finalize(); + var calculatedHash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, res.headers['content-type']); + return (calculatedHash === attributes.hash); }; @@ -268,11 +243,11 @@ exports.getBewit = function (uri, options) { // Application time - const now = Utils.now(options.localtimeOffsetMsec); + var now = Utils.now(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -293,8 +268,8 @@ exports.getBewit = function (uri, options) { // Calculate signature - const exp = Math.floor(now / 1000) + options.ttlSec; - const mac = Crypto.calculateMac('bewit', credentials, { + var exp = Math.floor(now / 1000) + options.ttlSec; + var mac = Crypto.calculateMac('bewit', credentials, { ts: exp, nonce: '', method: 'GET', @@ -306,7 +281,7 @@ exports.getBewit = function (uri, options) { // Construct bewit: id\exp\mac\ext - const bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; + var bewit = credentials.id + '\\' + exp + '\\' + mac + '\\' + options.ext; return Hoek.base64urlEncode(bewit); }; @@ -329,7 +304,7 @@ exports.getBewit = function (uri, options) { // Optional - timestamp: Date.now() / 1000, // A pre-calculated timestamp in seconds + timestamp: Date.now(), // A pre-calculated timestamp nonce: '2334f34f', // A pre-generated nonce localtimeOffsetMsec: 400, // Time offset to sync with server time (ignored if timestamp provided) } @@ -349,11 +324,11 @@ exports.message = function (host, port, message, options) { // Application time - const timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); + var timestamp = options.timestamp || Utils.nowSecs(options.localtimeOffsetMsec); // Validate credentials - const credentials = options.credentials; + var credentials = options.credentials; if (!credentials || !credentials.id || !credentials.key || @@ -369,17 +344,17 @@ exports.message = function (host, port, message, options) { // Calculate signature - const artifacts = { + var artifacts = { ts: timestamp, nonce: options.nonce || Cryptiles.randomString(6), - host, - port, + host: host, + port: port, hash: Crypto.calculatePayloadHash(message, credentials.algorithm) }; // Construct authorization - const result = { + var result = { id: credentials.id, ts: artifacts.ts, nonce: artifacts.nonce, diff --git a/deps/npm/node_modules/hawk/lib/crypto.js b/deps/npm/node_modules/hawk/lib/crypto.js index bfa4586c8b..d3c8244a92 100755 --- a/deps/npm/node_modules/hawk/lib/crypto.js +++ b/deps/npm/node_modules/hawk/lib/crypto.js @@ -1,15 +1,13 @@ -'use strict'; - // Load modules -const Crypto = require('crypto'); -const Url = require('url'); -const Utils = require('./utils'); +var Crypto = require('crypto'); +var Url = require('url'); +var Utils = require('./utils'); // Declare internals -const internals = {}; +var internals = {}; // MAC normalization format version @@ -46,25 +44,25 @@ exports.algorithms = ['sha1', 'sha256']; exports.calculateMac = function (type, credentials, options) { - const normalized = exports.generateNormalizedString(type, options); + var normalized = exports.generateNormalizedString(type, options); - const hmac = Crypto.createHmac(credentials.algorithm, credentials.key).update(normalized); - const digest = hmac.digest('base64'); + var hmac = Crypto.createHmac(credentials.algorithm, credentials.key).update(normalized); + var digest = hmac.digest('base64'); return digest; }; exports.generateNormalizedString = function (type, options) { - let resource = options.resource || ''; + var resource = options.resource || ''; if (resource && resource[0] !== '/') { - const url = Url.parse(resource, false); + var url = Url.parse(resource, false); resource = url.path; // Includes query } - let normalized = 'hawk.' + exports.headerVersion + '.' + type + '\n' + + var normalized = 'hawk.' + exports.headerVersion + '.' + type + '\n' + options.ts + '\n' + options.nonce + '\n' + (options.method || '').toUpperCase() + '\n' + @@ -74,14 +72,14 @@ exports.generateNormalizedString = function (type, options) { (options.hash || '') + '\n'; if (options.ext) { - normalized = normalized + options.ext.replace('\\', '\\\\').replace('\n', '\\n'); + normalized += options.ext.replace('\\', '\\\\').replace('\n', '\\n'); } - normalized = normalized + '\n'; + normalized += '\n'; if (options.app) { - normalized = normalized + options.app + '\n' + - (options.dlg || '') + '\n'; + normalized += options.app + '\n' + + (options.dlg || '') + '\n'; } return normalized; @@ -90,7 +88,7 @@ exports.generateNormalizedString = function (type, options) { exports.calculatePayloadHash = function (payload, algorithm, contentType) { - const hash = exports.initializePayloadHash(algorithm, contentType); + var hash = exports.initializePayloadHash(algorithm, contentType); hash.update(payload || ''); return exports.finalizePayloadHash(hash); }; @@ -98,7 +96,7 @@ exports.calculatePayloadHash = function (payload, algorithm, contentType) { exports.initializePayloadHash = function (algorithm, contentType) { - const hash = Crypto.createHash(algorithm); + var hash = Crypto.createHash(algorithm); hash.update('hawk.' + exports.headerVersion + '.payload\n'); hash.update(Utils.parseContentType(contentType) + '\n'); return hash; @@ -114,7 +112,7 @@ exports.finalizePayloadHash = function (hash) { exports.calculateTsMac = function (ts, credentials) { - const hmac = Crypto.createHmac(credentials.algorithm, credentials.key); + var hmac = Crypto.createHmac(credentials.algorithm, credentials.key); hmac.update('hawk.' + exports.headerVersion + '.ts\n' + ts + '\n'); return hmac.digest('base64'); }; @@ -122,7 +120,7 @@ exports.calculateTsMac = function (ts, credentials) { exports.timestampMessage = function (credentials, localtimeOffsetMsec) { - const now = Utils.nowSecs(localtimeOffsetMsec); - const tsm = exports.calculateTsMac(now, credentials); - return { ts: now, tsm }; + var now = Utils.nowSecs(localtimeOffsetMsec); + var tsm = exports.calculateTsMac(now, credentials); + return { ts: now, tsm: tsm }; }; diff --git a/deps/npm/node_modules/hawk/lib/index.js b/deps/npm/node_modules/hawk/lib/index.js index d491eaec25..911b906aab 100755 --- a/deps/npm/node_modules/hawk/lib/index.js +++ b/deps/npm/node_modules/hawk/lib/index.js @@ -1,5 +1,3 @@ -'use strict'; - // Export sub-modules exports.error = exports.Error = require('boom'); diff --git a/deps/npm/node_modules/hawk/lib/server.js b/deps/npm/node_modules/hawk/lib/server.js index c5b02ae0c5..2f76372355 100755 --- a/deps/npm/node_modules/hawk/lib/server.js +++ b/deps/npm/node_modules/hawk/lib/server.js @@ -1,17 +1,15 @@ -'use strict'; - // Load modules -const Boom = require('boom'); -const Hoek = require('hoek'); -const Cryptiles = require('cryptiles'); -const Crypto = require('./crypto'); -const Utils = require('./utils'); +var Boom = require('boom'); +var Hoek = require('hoek'); +var Cryptiles = require('cryptiles'); +var Crypto = require('./crypto'); +var Utils = require('./utils'); // Declare internals -const internals = {}; +var internals = {}; // Hawk authentication @@ -19,7 +17,7 @@ const internals = {}; /* req: node's HTTP request object or an object as follows: - const request = { + var request = { method: 'GET', url: '/resource/4?a=1&b=2', host: 'example.com', @@ -32,7 +30,7 @@ const internals = {}; needed by the application. This function is the equivalent of verifying the username and password in Basic authentication. - const credentialsFunc = function (id, callback) { + var credentialsFunc = function (id, callback) { // Lookup credentials in database db.lookup(id, function (err, item) { @@ -41,7 +39,7 @@ const internals = {}; return callback(err); } - const credentials = { + var credentials = { // Required key: item.key, algorithm: item.algorithm, @@ -95,25 +93,25 @@ exports.authenticate = function (req, credentialsFunc, options, callback) { // Application time - const now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing + var now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing // Convert node Http request object to a request configuration object - const request = Utils.parseRequest(req, options); + var request = Utils.parseRequest(req, options); if (request instanceof Error) { return callback(Boom.badRequest(request.message)); } // Parse HTTP Authorization header - const attributes = Utils.parseAuthorizationHeader(request.authorization); + var attributes = Utils.parseAuthorizationHeader(request.authorization); if (attributes instanceof Error) { return callback(attributes); } // Construct artifacts container - const artifacts = { + var artifacts = { method: request.method, host: request.host, port: request.port, @@ -140,14 +138,14 @@ exports.authenticate = function (req, credentialsFunc, options, callback) { // Fetch Hawk credentials - credentialsFunc(attributes.id, (err, credentials) => { + credentialsFunc(attributes.id, function (err, credentials) { if (err) { return callback(err, credentials || null, artifacts); } if (!credentials) { - return callback(Utils.unauthorized('Unknown credentials'), null, artifacts); + return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, artifacts); } if (!credentials.key || @@ -162,9 +160,9 @@ exports.authenticate = function (req, credentialsFunc, options, callback) { // Calculate MAC - const mac = Crypto.calculateMac('header', credentials, artifacts); + var mac = Crypto.calculateMac('header', credentials, artifacts); if (!Cryptiles.fixedTimeComparison(mac, attributes.mac)) { - return callback(Utils.unauthorized('Bad mac'), credentials, artifacts); + return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, artifacts); } // Check payload hash @@ -173,28 +171,28 @@ exports.authenticate = function (req, credentialsFunc, options, callback) { options.payload === '') { if (!attributes.hash) { - return callback(Utils.unauthorized('Missing required payload hash'), credentials, artifacts); + return callback(Boom.unauthorized('Missing required payload hash', 'Hawk'), credentials, artifacts); } - const hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType); + var hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, request.contentType); if (!Cryptiles.fixedTimeComparison(hash, attributes.hash)) { - return callback(Utils.unauthorized('Bad payload hash'), credentials, artifacts); + return callback(Boom.unauthorized('Bad payload hash', 'Hawk'), credentials, artifacts); } } // Check nonce - options.nonceFunc(credentials.key, attributes.nonce, attributes.ts, (err) => { + options.nonceFunc(credentials.key, attributes.nonce, attributes.ts, function (err) { if (err) { - return callback(Utils.unauthorized('Invalid nonce'), credentials, artifacts); + return callback(Boom.unauthorized('Invalid nonce', 'Hawk'), credentials, artifacts); } // Check timestamp staleness if (Math.abs((attributes.ts * 1000) - now) > (options.timestampSkewSec * 1000)) { - const tsm = Crypto.timestampMessage(credentials, options.localtimeOffsetMsec); - return callback(Utils.unauthorized('Stale timestamp', tsm), credentials, artifacts); + var tsm = Crypto.timestampMessage(credentials, options.localtimeOffsetMsec); + return callback(Boom.unauthorized('Stale timestamp', 'Hawk', tsm), credentials, artifacts); } // Successful authentication @@ -216,7 +214,7 @@ exports.authenticate = function (req, credentialsFunc, options, callback) { exports.authenticatePayload = function (payload, credentials, artifacts, contentType) { - const calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType); + var calculatedHash = Crypto.calculatePayloadHash(payload, credentials.algorithm, contentType); return Cryptiles.fixedTimeComparison(calculatedHash, artifacts.hash); }; @@ -287,18 +285,18 @@ exports.header = function (credentials, artifacts, options) { artifacts.hash = Crypto.calculatePayloadHash(options.payload, credentials.algorithm, options.contentType); } - const mac = Crypto.calculateMac('response', credentials, artifacts); + var mac = Crypto.calculateMac('response', credentials, artifacts); // Construct header - let header = 'Hawk mac="' + mac + '"' + + var header = 'Hawk mac="' + mac + '"' + (artifacts.hash ? ', hash="' + artifacts.hash + '"' : ''); if (artifacts.ext !== null && artifacts.ext !== undefined && artifacts.ext !== '') { // Other falsey values allowed - header = header + ', ext="' + Hoek.escapeHeaderAttribute(artifacts.ext) + '"'; + header += ', ext="' + Hoek.escapeHeaderAttribute(artifacts.ext) + '"'; } return header; @@ -321,11 +319,11 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { // Application time - const now = Utils.now(options.localtimeOffsetMsec); + var now = Utils.now(options.localtimeOffsetMsec); // Convert node Http request object to a request configuration object - const request = Utils.parseRequest(req, options); + var request = Utils.parseRequest(req, options); if (request instanceof Error) { return callback(Boom.badRequest(request.message)); } @@ -336,15 +334,15 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { return callback(Boom.badRequest('Resource path exceeds max length')); } - const resource = request.url.match(internals.bewitRegex); + var resource = request.url.match(internals.bewitRegex); if (!resource) { - return callback(Utils.unauthorized()); + return callback(Boom.unauthorized(null, 'Hawk')); } // Bewit not empty if (!resource[3]) { - return callback(Utils.unauthorized('Empty bewit')); + return callback(Boom.unauthorized('Empty bewit', 'Hawk')); } // Verify method is GET @@ -352,7 +350,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { if (request.method !== 'GET' && request.method !== 'HEAD') { - return callback(Utils.unauthorized('Invalid method')); + return callback(Boom.unauthorized('Invalid method', 'Hawk')); } // No other authentication @@ -363,19 +361,19 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { // Parse bewit - const bewitString = Hoek.base64urlDecode(resource[3]); + var bewitString = Hoek.base64urlDecode(resource[3]); if (bewitString instanceof Error) { return callback(Boom.badRequest('Invalid bewit encoding')); } // Bewit format: id\exp\mac\ext ('\' is used because it is a reserved header attribute character) - const bewitParts = bewitString.split('\\'); + var bewitParts = bewitString.split('\\'); if (bewitParts.length !== 4) { return callback(Boom.badRequest('Invalid bewit structure')); } - const bewit = { + var bewit = { id: bewitParts[0], exp: parseInt(bewitParts[1], 10), mac: bewitParts[2], @@ -391,27 +389,27 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { // Construct URL without bewit - let url = resource[1]; + var url = resource[1]; if (resource[4]) { - url = url + resource[2] + resource[4]; + url += resource[2] + resource[4]; } // Check expiration if (bewit.exp * 1000 <= now) { - return callback(Utils.unauthorized('Access expired'), null, bewit); + return callback(Boom.unauthorized('Access expired', 'Hawk'), null, bewit); } // Fetch Hawk credentials - credentialsFunc(bewit.id, (err, credentials) => { + credentialsFunc(bewit.id, function (err, credentials) { if (err) { return callback(err, credentials || null, bewit.ext); } if (!credentials) { - return callback(Utils.unauthorized('Unknown credentials'), null, bewit); + return callback(Boom.unauthorized('Unknown credentials', 'Hawk'), null, bewit); } if (!credentials.key || @@ -426,7 +424,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { // Calculate MAC - const mac = Crypto.calculateMac('bewit', credentials, { + var mac = Crypto.calculateMac('bewit', credentials, { ts: bewit.exp, nonce: '', method: 'GET', @@ -437,7 +435,7 @@ exports.authenticateBewit = function (req, credentialsFunc, options, callback) { }); if (!Cryptiles.fixedTimeComparison(mac, bewit.mac)) { - return callback(Utils.unauthorized('Bad mac'), credentials, bewit); + return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials, bewit); } // Successful authentication @@ -463,7 +461,7 @@ exports.authenticateMessage = function (host, port, message, authorization, cred // Application time - const now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing + var now = Utils.now(options.localtimeOffsetMsec); // Measure now before any other processing // Validate authorization @@ -478,14 +476,14 @@ exports.authenticateMessage = function (host, port, message, authorization, cred // Fetch Hawk credentials - credentialsFunc(authorization.id, (err, credentials) => { + credentialsFunc(authorization.id, function (err, credentials) { if (err) { return callback(err, credentials || null); } if (!credentials) { - return callback(Utils.unauthorized('Unknown credentials')); + return callback(Boom.unauthorized('Unknown credentials', 'Hawk')); } if (!credentials.key || @@ -500,40 +498,40 @@ exports.authenticateMessage = function (host, port, message, authorization, cred // Construct artifacts container - const artifacts = { + var artifacts = { ts: authorization.ts, nonce: authorization.nonce, - host, - port, + host: host, + port: port, hash: authorization.hash }; // Calculate MAC - const mac = Crypto.calculateMac('message', credentials, artifacts); + var mac = Crypto.calculateMac('message', credentials, artifacts); if (!Cryptiles.fixedTimeComparison(mac, authorization.mac)) { - return callback(Utils.unauthorized('Bad mac'), credentials); + return callback(Boom.unauthorized('Bad mac', 'Hawk'), credentials); } // Check payload hash - const hash = Crypto.calculatePayloadHash(message, credentials.algorithm); + var hash = Crypto.calculatePayloadHash(message, credentials.algorithm); if (!Cryptiles.fixedTimeComparison(hash, authorization.hash)) { - return callback(Utils.unauthorized('Bad message hash'), credentials); + return callback(Boom.unauthorized('Bad message hash', 'Hawk'), credentials); } // Check nonce - options.nonceFunc(credentials.key, authorization.nonce, authorization.ts, (err) => { + options.nonceFunc(credentials.key, authorization.nonce, authorization.ts, function (err) { if (err) { - return callback(Utils.unauthorized('Invalid nonce'), credentials); + return callback(Boom.unauthorized('Invalid nonce', 'Hawk'), credentials); } // Check timestamp staleness if (Math.abs((authorization.ts * 1000) - now) > (options.timestampSkewSec * 1000)) { - return callback(Utils.unauthorized('Stale timestamp'), credentials); + return callback(Boom.unauthorized('Stale timestamp'), credentials); } // Successful authentication diff --git a/deps/npm/node_modules/hawk/lib/utils.js b/deps/npm/node_modules/hawk/lib/utils.js index 565b1c7a7b..2da3343904 100755 --- a/deps/npm/node_modules/hawk/lib/utils.js +++ b/deps/npm/node_modules/hawk/lib/utils.js @@ -1,14 +1,12 @@ -'use strict'; - // Load modules -const Sntp = require('sntp'); -const Boom = require('boom'); +var Sntp = require('sntp'); +var Boom = require('boom'); // Declare internals -const internals = {}; +var internals = {}; exports.version = function () { @@ -31,7 +29,7 @@ internals.hostHeaderRegex = /^(?:(?:\r\n)?\s)*((?:[^:]+)|(?:\[[^\]]+\]))(?::(\d+ exports.parseHost = function (req, hostHeaderName) { hostHeaderName = (hostHeaderName ? hostHeaderName.toLowerCase() : 'host'); - const hostHeader = req.headers[hostHeaderName]; + var hostHeader = req.headers[hostHeaderName]; if (!hostHeader) { return null; } @@ -40,7 +38,7 @@ exports.parseHost = function (req, hostHeaderName) { return null; } - const hostParts = hostHeader.match(internals.hostHeaderRegex); + var hostParts = hostHeader.match(internals.hostHeaderRegex); if (!hostParts) { return null; } @@ -74,7 +72,7 @@ exports.parseRequest = function (req, options) { // Obtain host and port information - let host; + var host; if (!options.host || !options.port) { @@ -84,7 +82,7 @@ exports.parseRequest = function (req, options) { } } - const request = { + var request = { method: req.method, url: req.url, host: options.host || host.name, @@ -127,24 +125,24 @@ exports.parseAuthorizationHeader = function (header, keys) { return Boom.badRequest('Header length too long'); } - const headerParts = header.match(internals.authHeaderRegex); + var headerParts = header.match(internals.authHeaderRegex); if (!headerParts) { return Boom.badRequest('Invalid header syntax'); } - const scheme = headerParts[1]; + var scheme = headerParts[1]; if (scheme.toLowerCase() !== 'hawk') { return Boom.unauthorized(null, 'Hawk'); } - const attributesString = headerParts[2]; + var attributesString = headerParts[2]; if (!attributesString) { return Boom.badRequest('Invalid header syntax'); } - const attributes = {}; - let errorMessage = ''; - const verify = attributesString.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g, ($0, $1, $2) => { + var attributes = {}; + var errorMessage = ''; + var verify = attributesString.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g, function ($0, $1, $2) { // Check valid attribute names @@ -181,5 +179,5 @@ exports.parseAuthorizationHeader = function (header, keys) { exports.unauthorized = function (message, attributes) { - return Boom.unauthorized(message || null, 'Hawk', attributes); + return Boom.unauthorized(message, 'Hawk', attributes); }; |