Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@fastify/bearer-auth
Advanced tools
@fastify/bearer-auth - npm Package Compare versions
Comparing version 8.0.0 to 8.0.1
| { | ||
| "name": "@fastify/bearer-auth", | ||
| "version": "8.0.0", | ||
| "version": "8.0.1", | ||
| "description": "An authentication plugin for Fastify", | ||
@@ -34,3 +34,3 @@ "main": "plugin.js", | ||
| "@fastify/pre-commit": "^2.0.2", | ||
| "@types/node": "^17.0.0", | ||
| "@types/node": "^18.0.0", | ||
| "fastify": "^4.0.0-rc.2", | ||
@@ -40,3 +40,3 @@ "snazzy": "^9.0.0", | ||
| "tap": "^16.0.0", | ||
| "tsd": "^0.20.0" | ||
| "tsd": "^0.22.0" | ||
| }, | ||
@@ -43,0 +43,0 @@ "dependencies": { |
@@ -21,2 +21,9 @@ 'use strict' | ||
| for (let i = 0, il = keys.length; i < il; ++i) { | ||
| if (typeof keys[i] !== 'string') { | ||
| throw new Error('options.keys has to contain only string entries') | ||
| } | ||
| keys[i] = Buffer.from(keys[i]) | ||
| } | ||
| return function verifyBearerAuth (request, reply, done) { | ||
@@ -93,3 +100,4 @@ const header = request.raw.headers.authorization | ||
| function authenticate (keys, key) { | ||
| return keys.findIndex((a) => compare(a, key)) !== -1 | ||
| const b = Buffer.from(key) | ||
| return keys.findIndex((a) => compare(a, b)) !== -1 | ||
| } | ||
@@ -99,8 +107,9 @@ | ||
| function compare (a, b) { | ||
| try { | ||
| // may throw if they have different length, can't convert to Buffer, etc... | ||
| return crypto.timingSafeEqual(Buffer.from(a), Buffer.from(b)) | ||
| } catch { | ||
| if (a.length !== b.length) { | ||
| // Delay return with cryptographically secure timing check. | ||
| crypto.timingSafeEqual(a, a) | ||
| return false | ||
| } | ||
| return crypto.timingSafeEqual(a, b) | ||
| } | ||
@@ -112,7 +121,7 @@ | ||
| if (!Object.hasOwnProperty.call(fastify.log, 'error') || | ||
| if (!Object.prototype.hasOwnProperty.call(fastify.log, 'error') || | ||
| (typeof fastify.log.error) !== 'function') options.verifyErrorLogLevel = null | ||
| if (options.verifyErrorLogLevel != null && | ||
| (typeof options.verifyErrorLogLevel !== 'string' || | ||
| !Object.hasOwnProperty.call(fastify.log, options.verifyErrorLogLevel) || | ||
| !Object.prototype.hasOwnProperty.call(fastify.log, options.verifyErrorLogLevel) || | ||
| (typeof fastify.log[options.verifyErrorLogLevel]) !== 'function' | ||
@@ -119,0 +128,0 @@ )) { |
@@ -5,4 +5,2 @@ # @fastify/bearer-auth | ||
| [](https://www.npmjs.com/package/@fastify/bearer-auth) | ||
| [](https://snyk.io/test/github/fastify/fastify-bearer-auth) | ||
| [](https://coveralls.io/github/fastify/fastify-bearer-auth?branch=master) | ||
| [](https://standardjs.com/) | ||
@@ -9,0 +7,0 @@ |
@@ -23,1 +23,9 @@ 'use strict' | ||
| }) | ||
| test('verifyBearerAuthFactory', (t) => { | ||
| t.plan(1) | ||
| fastify.ready(() => { | ||
| const keys = { keys: new Set([123456]) } | ||
| t.throws(() => fastify.verifyBearerAuthFactory(keys), /keys has to contain only string entries/) | ||
| }) | ||
| }) |
Sorry, the diff of this file is not supported yet
Fixed alerts
New author
Supply chain riskA new npm collaborator published a version of the package for the first time. New collaborators are usually benign additions to a project, but do indicate a change to the security surface area of a package.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by1.51%
940
- Number of medium supply chain risk alerts
- decreased by-100%
0
Worsened metrics
- Total package byte prevSize
- decreased by-3.02%
34991
- Number of lines in readme file
- decreased by-1.44%
137
No dependency changes