@sap/xssec
Advanced tools
@sap/xssec - npm Package Compare versions
Comparing version 3.2.5 to 3.2.7
| # Change Log | ||
| All notable changes to this project will be documented in this file. | ||
| ## 3.2.7 - 2020-09-15 | ||
| - replace got with axios library because of a bug in got lib during https get | ||
@@ -5,0 +7,0 @@ ## 3.2.5 - 2020-09-07 |
| 'use strict'; | ||
| const constants = require('./constants'); | ||
| const got = require('got'); | ||
| const axios = require('axios'); | ||
| const url = require('url'); | ||
| const https = require('https'); | ||
@@ -19,57 +20,31 @@ const errors = require('./errors'); | ||
| const timeoutOptions = { | ||
| lookup: 100, | ||
| connect: 1000, | ||
| secureConnect: 1000, | ||
| socket: 2000, | ||
| send: 2000, | ||
| response: 2000 | ||
| } | ||
| const DEFAULT_TIMEOUT = 2000; | ||
| const DEFAULT_USER_TOKEN_TIMEOUT = 10 * 1000; | ||
| function createHttpClient() { | ||
| return got.extend({ | ||
| headers: { | ||
| "User-Agent": constants.USER_AGENT, | ||
| }, | ||
| followRedirect: false, | ||
| timeout: timeoutOptions, | ||
| retry: { | ||
| limit: retryLimit | ||
| } | ||
| }); | ||
| } | ||
| async function _requestToNetworkAXIOS(fnc, options, cb) { | ||
| debugTrace(fnc + '::HTTP Call with %O', options); | ||
| let retryLimit = 3; | ||
| let httpClient = createHttpClient(3); | ||
| const axios_options = { | ||
| maxRedirects: 0, //no followRedirect | ||
| headers: options.headers, | ||
| url: options.url, | ||
| method: options.method, | ||
| timeout: options.timeout || DEFAULT_TIMEOUT | ||
| }; | ||
| //have a way to change one or all parameters from outside | ||
| module.exports.setTimeoutOptions = function(to, retry) { | ||
| for(var n in timeoutOptions) { | ||
| timeoutOptions[n] = to[n] || timeoutOptions[n]; | ||
| if(options.form) { | ||
| axios_options.data = new url.URLSearchParams(options.form).toString(); | ||
| } | ||
| if(Number.isInteger(retry)) { | ||
| retryLimit = retry; | ||
| if(options.https) { | ||
| axios_options.httpsAgent = new https.Agent({ | ||
| cert: options.https.certificate, | ||
| key: options.https.key | ||
| }); | ||
| } | ||
| //update httpClient, too | ||
| httpClient = createHttpClient(); | ||
| } | ||
| module.exports.setRetryLimit = function(retry) { | ||
| retryLimit = retry; | ||
| //update httpClient, too | ||
| httpClient = createHttpClient(); | ||
| } | ||
| async function _requestToNetwork(fnc, options, cb) { | ||
| debugTrace(fnc + '::HTTP Call with %O', options); | ||
| try { | ||
| const result = await got(options); | ||
| if(result.statusCode === 200) { | ||
| const json = JSON.parse(result.body); | ||
| cb(null, json.id_token || json.access_token || json, json); | ||
| } else { | ||
| throw new Error(`Call with options: ${options} responded with ${result.statusCode} - ${result.body}`); | ||
| } | ||
| const result = await axios(axios_options); | ||
| const json = result.data; | ||
| cb(null, json.id_token || json.access_token || json, json); | ||
| } catch (e) { | ||
@@ -80,2 +55,4 @@ return cb(e); | ||
| let _requestToNetwork = _requestToNetworkAXIOS; | ||
| function validateParameters(serviceCredentials, cb) { | ||
@@ -98,3 +75,2 @@ // input validation | ||
| function buildSubdomain(serviceCredentials, subdomain) { | ||
@@ -144,5 +120,5 @@ var urlWithCorrectSubdomain = serviceCredentials.url; | ||
| function buildOptions(serviceCredentials, additionalAttributes, url, grantType, zoneId) { | ||
| function buildOptions(serviceCredentials, additionalAttributes, url, grantType, zoneId, timeout) { | ||
| // jwt bearer flow | ||
| var options = { | ||
| const options = { | ||
| method: 'POST', | ||
@@ -156,9 +132,10 @@ url: url + '/oauth/token', | ||
| }, | ||
| https: {}, | ||
| timeout: timeoutOptions | ||
| timeout: timeout || DEFAULT_TIMEOUT | ||
| }; | ||
| if (serviceCredentials.certificate) { | ||
| options.https.key = serviceCredentials.key; | ||
| options.https.certificate = serviceCredentials.certificate; | ||
| options.https = { | ||
| key: serviceCredentials.key, | ||
| certificate: serviceCredentials.certificate | ||
| } | ||
| } else { | ||
@@ -182,3 +159,3 @@ //make sure we have a client_secret set here | ||
| followRedirect: false, | ||
| timeout: timeoutOptions, | ||
| timeout: DEFAULT_TIMEOUT, | ||
| url: serviceCredentialsUrl + '/.well-known/openid-configuration', | ||
@@ -199,3 +176,3 @@ headers: { | ||
| followRedirect: false, | ||
| timeout: timeoutOptions, | ||
| timeout: DEFAULT_TIMEOUT, | ||
| headers: { | ||
@@ -235,3 +212,4 @@ 'Accept': 'application/json', | ||
| 'urn:ietf:params:oauth:grant-type:jwt-bearer', | ||
| zoneId); | ||
| zoneId, | ||
| DEFAULT_USER_TOKEN_TIMEOUT); | ||
@@ -275,3 +253,4 @@ //add Assertion | ||
| 'client_credentials', | ||
| zoneId); | ||
| zoneId, | ||
| DEFAULT_TIMEOUT); | ||
@@ -288,14 +267,13 @@ appendAdditonalAttribites(options, additionalAttributes); | ||
| module.exports.fetchKeyFromXSUAA = async function (tokenKeyUrl, zid, cb) { | ||
| // try to obtain key from UAA | ||
| try { | ||
| const result = await httpClient(tokenKeyUrl); | ||
| if(result.statusCode === 200) { | ||
| const response = JSON.parse(result.body); | ||
| cb(null, response); | ||
| } else { | ||
| throw new Error(`${tokenKeyUrl} with zid: ${zid} responded with ${result.statusCode} - ${result.body}`); | ||
| } | ||
| } catch (e) { | ||
| return cb(e); | ||
| const options = { | ||
| headers: { | ||
| "User-Agent": constants.USER_AGENT | ||
| }, | ||
| method: "GET", | ||
| url: tokenKeyUrl, | ||
| followRedirect: false, | ||
| timeout: DEFAULT_TIMEOUT | ||
| } | ||
| _requestToNetwork("fetchKeyFromXSUAA", options, cb); | ||
| } | ||
@@ -302,0 +280,0 @@ |
| { | ||
| "name": "@sap/xssec", | ||
| "version": "3.2.5", | ||
| "version": "3.2.7", | ||
| "description": "XS Advanced Container Security API for node.js", | ||
@@ -26,10 +26,11 @@ "main": "./lib", | ||
| "devDependencies": { | ||
| "mocha": "^5.2.0", | ||
| "@sap/xsenv": "^3.1.1", | ||
| "istanbul": "^0.4.5", | ||
| "should": "^13.2.1", | ||
| "jwt-decode": "^3.1.2", | ||
| "@sap/xsenv": "^3.1.1", | ||
| "node-forge": "^0.10.0" | ||
| "mocha": "^5.2.0", | ||
| "node-forge": "^0.10.0", | ||
| "should": "^13.2.1" | ||
| }, | ||
| "dependencies": { | ||
| "axios": "^0.21.4", | ||
| "debug": "4.3.2", | ||
@@ -39,5 +40,4 @@ "jsonwebtoken": "^8.5.1", | ||
| "node-rsa": "^1.1.1", | ||
| "got": "^11.8.2", | ||
| "valid-url": "1.0.9" | ||
| } | ||
| } |
@@ -335,3 +335,3 @@ @sap/xssec: XS Advanced Container Security API for node.js | ||
| checks a instance specific scope that is published by the current application in the xs-security.json file. | ||
| checks a instance specific scope that is published by the current application in the xs-security.json file. Use this to check a scope from a service instance. | ||
@@ -338,0 +338,0 @@ Parameters: |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Network access
Supply chain riskThis module accesses the network.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Worsened metrics
- Total package byte prevSize
- decreased by-0.32%
119691
- Lines of code
- decreased by-1.24%
1674
- Number of medium supply chain risk alerts
- increased byInfinity%
1
Dependency changes
+ Addedaxios@^0.21.4
+ Addedaxios@0.21.4(transitive)
+ Addedfollow-redirects@1.15.9(transitive)
- Removedgot@^11.8.2
- Removed@sindresorhus/is@4.6.0(transitive)
- Removed@szmarczak/http-timer@4.0.6(transitive)
- Removed@types/cacheable-request@6.0.3(transitive)
- Removed@types/http-cache-semantics@4.0.4(transitive)
- Removed@types/keyv@3.1.4(transitive)
- Removed@types/node@22.5.5(transitive)
- Removed@types/responselike@1.0.3(transitive)
- Removedcacheable-lookup@5.0.4(transitive)
- Removedcacheable-request@7.0.4(transitive)
- Removedclone-response@1.0.3(transitive)
- Removeddecompress-response@6.0.0(transitive)
- Removeddefer-to-connect@2.0.1(transitive)
- Removedend-of-stream@1.4.4(transitive)
- Removedget-stream@5.2.0(transitive)
- Removedgot@11.8.6(transitive)
- Removedhttp-cache-semantics@4.1.1(transitive)
- Removedhttp2-wrapper@1.0.3(transitive)
- Removedjson-buffer@3.0.1(transitive)
- Removedkeyv@4.5.4(transitive)
- Removedlowercase-keys@2.0.0(transitive)
- Removedmimic-response@1.0.13.1.0(transitive)
- Removednormalize-url@6.1.0(transitive)
- Removedonce@1.4.0(transitive)
- Removedp-cancelable@2.1.1(transitive)
- Removedpump@3.0.2(transitive)
- Removedquick-lru@5.1.1(transitive)
- Removedresolve-alpn@1.2.1(transitive)
- Removedresponselike@2.0.1(transitive)
- Removedundici-types@6.19.8(transitive)
- Removedwrappy@1.0.2(transitive)