@strivve/strivve-sdk - npm Package Compare versions

Comparing version 3.0.0 to 3.0.1

lib/cardsavr/CardsavrJSLibrary-2.0.js

@@ -85,8 +85,8 @@ "use strict";
 var package_json_1 = require("../../package.json");
-var https_proxy_agent_1 = require("https-proxy-agent");
+//import { HttpsProxyAgent } from "https-proxy-agent";
 var CardsavrSession = /** @class */ (function () {
     function CardsavrSession(baseUrl, sessionKey, appName, rejectUnauthorized, cardsavrCert, proxy, debug) {
-        var _this = this;
         if (rejectUnauthorized === void 0) { rejectUnauthorized = true; }
         if (debug === void 0) { debug = false; }
+        var _this = this;
         this.setSessionHeaders = function (headersObject) {
@@ -172,3 +172,3 @@ Object.assign(_this._headers, headersObject);
                             agent = (this._proxy) ?
-                                new https_proxy_agent_1.HttpsProxyAgent(this._proxy) :
+                                /*new HttpsProxyAgent(this._proxy) */ undefined :
                                 new https_1.Agent(__assign({ rejectUnauthorized: this._rejectUnauthorized }, (this._cardsavrCert && { ca: this._cardsavrCert })));
@@ -175,0 +175,0 @@ config = Object.assign(config, {

lib/src/cardsavr/CardsavrHelper.d.ts

 import { CardsavrSession } from "./CardsavrJSLibrary-2.0";
-declare type MessageHandler = (message: jobMessage) => void;
-declare type cardholder_data = {
+type MessageHandler = (message: jobMessage) => void;
+type cardholder_data = {
     [k: string]: any;
 };
-declare type account = {
+type account = {
     [k: string]: any;
 };
-declare type card_data = {
+type card_data = {
     [k: string]: any;
@@ -35,4 +35,12 @@ };
         termination_type?: string;
+        status_message: string;
+        job_duration: number;
     };
     error_message?: string;
+    account_link?: {
+        key_name: string;
+        type: string;
+        secret: string;
+        label: string;
+    }[];
 }
@@ -39,0 +47,0 @@ interface placeCardOnSiteParams extends placeCardParams {

lib/src/cardsavr/CardsavrJSLibrary-2.0.d.ts

@@ -25,3 +25,5 @@ import { APIFilter } from "./CardsavrSessionUtilities";
     private setSessionToken;
-    sendRequest: (path: string, method: "get" | "GET" | "delete" | "DELETE" | "head" | "HEAD" | "options" | "OPTIONS" | "post" | "POST" | "put" | "PUT" | "patch" | "PATCH" | undefined, requestBody?: any, headersToAdd?: {}) => Promise<any>;
+    sendRequest: (path: string, method: "get" | "GET" | "delete" | "DELETE" | "head" | "HEAD" | "options" | "OPTIONS" | "post" | "POST" | "put" | "PUT" | "patch" | "PATCH" | undefined, requestBody?: {
+        [key: string]: unknown;
+    } | undefined, headersToAdd?: {}) => Promise<any>;
     get: (path: string, filter: APIFilter, headersToAdd?: {}) => Promise<any>;
@@ -58,3 +60,3 @@ post: (path: string, body: any, headersToAdd?: {}) => Promise<any>;
     createCard: (body: APIFilter, safeKey?: string | null, headersToAdd?: {}) => Promise<any>;
-    updateCard: (id: number, body: any, safe_key: string | null, headersToAdd?: {}) => Promise<any>;
+    updateCard: (id: number, body: any, safeKey: string | null, headersToAdd?: {}) => Promise<any>;
     deleteCard: (id: number, headersToAdd?: {}) => Promise<any>;
@@ -69,3 +71,3 @@ getCardPlacementResults: (filter: APIFilter, pagingHeader?: {}, headersToAdd?: {}) => Promise<any>;
     registerForJobStatusUpdates: (jobId: number, headersToAdd?: {}) => Promise<any>;
-    getCardholderMessages: (cardholderId: number, cardsavrMessagingAccessKey?: string | undefined, headersToAdd?: {}) => Promise<any>;
+    getCardholderMessages: (cardholderId: number, cardsavrMessagingAccessKey?: string, headersToAdd?: {}) => Promise<any>;
     getJobStatusUpdate: (jobId: number, cardsavrMessagingAccessKey: string, headersToAdd?: {}) => Promise<any>;
@@ -84,2 +86,9 @@ getJobInformationRequest: (jobId: number, headersToAdd?: {}) => Promise<any>;
     authorizeCardholder: (grant: string, headersToAdd?: {}) => Promise<any>;
+    updateCardholderSession: (filter: APIFilter, body: {
+        cuid: string;
+        clickstream: {
+            url: string;
+            timestamp: string;
+        }[];
+    }) => Promise<any>;
     getCardholder: (filter: number, safeKey: string | null, headersToAdd?: {}) => Promise<any>;
@@ -86,0 +95,0 @@ getCardholders: (filter: APIFilter, pagingHeader?: {}, headersToAdd?: {}) => Promise<any>;

lib/src/cardsavr/CardsavrSessionCrypto.d.ts

@@ -12,13 +12,16 @@ /// <reference types="node" />
     static decryptResponse(key: string, body: any): Promise<any>;
-    static decryptAES256(b64cipherText: string, b64IV: string, b64Key: string): Promise<any>;
+    static decryptAES256(b64cipherText: string, b64IV: string, b64Key: string, alg?: string): Promise<any>;
 }
 export declare class Signing {
     static sha256Hash(inputString: string): Promise<ArrayBuffer>;
-    static signRequest(path: string, appName: string, sessionKey: string, body?: any): Promise<{
-        "x-cardsavr-authorization": string;
-        "x-cardsavr-nonce": string;
-        "x-cardsavr-signature": string;
+    static signRequest(path: string, appName: string, sessionKey: string, body?: {
+        [key: string]: unknown;
+    }): Promise<{
+        [k: string]: string;
     }>;
+    static verifySignature(headers: {
+        [k: string]: string;
+    }, path: string, appName: string, keys: string[], body?: string): Promise<boolean>;
     static signSaltWithPasswordKey(sessionSalt: string, passwordKey: string): Promise<string>;
-    static hmacSign(inputString: any, b64Key: string, b64InputString?: boolean): Promise<string>;
+    static hmacSign(inputString: string, b64Key: string, b64InputString?: boolean): Promise<string>;
 }
@@ -25,0 +28,0 @@ export declare class Keys {

lib/src/cardsavr/CardsavrSessionUtilities.d.ts

 export declare const generateHydrationHeader: (hydrationArray: any) => any;
-export declare const generateTraceValue: (bytes?: number | undefined) => string;
-export declare type APIFilter = number | {
-    [key: string]: string | string[];
+export declare const generateTraceValue: (bytes?: number) => string;
+export type APIFilter = number | {
+    [key: string]: number[] | number | string | string[];
 } | null;
@@ -6,0 +6,0 @@ export declare const formatPath: (path: string, filter: APIFilter) => string;

package.json

 {
   "name": "@strivve/strivve-sdk",
-  "version": "3.0.0",
+  "version": "3.0.1",
   "description": "",
@@ -49,9 +49,12 @@ "directories": {
     "eslint": "^8.52.0",
-    "https": "^1.0.0",
-    "https-proxy-agent": "^5.0.1",
     "log-timestamp": "^0.3.0",
     "net": "^1.0.2",
     "node-fetch": "^2.7.0",
+    "node-polyfill-webpack-plugin": "^3.0.0",
     "readline-sync": "^1.4.10"
+  },
+  "browser": {
+    "fs": false,
+    "tls": false
   }
 }

src/cardsavr/CardsavrJSLibrary-2.0.ts

@@ -11,3 +11,3 @@ "use strict";
 import {version} from "../../package.json";
-import { HttpsProxyAgent } from "https-proxy-agent";
+//import { HttpsProxyAgent } from "https-proxy-agent";
 
@@ -131,3 +131,3 @@ export class CardsavrSession {
             const agent = (this._proxy) ?
-                new HttpsProxyAgent(this._proxy) :
+                /*new HttpsProxyAgent(this._proxy) */ undefined :
                 new HTTPSAgent({
@@ -134,0 +134,0 @@ rejectUnauthorized : this._rejectUnauthorized,

src/cardsavr/CardsavrSessionCrypto.ts

@@ -148,27 +148,28 @@ import * as crypto from "crypto";
         const stringParts = body.encrypted_body.split("$");
-        if (stringParts[1].length != 16) {
-            // Not a proper 16-byte base64-encoded IV
-            throw new Error("Response body is not properly encrypted.");
-        }
-        const req = this.decryptAES256(stringParts[0], stringParts[1], key);
+        const req = this.decryptAES256(stringParts[0], stringParts[1], key, stringParts[2]);
         return await req;
     }
 
-    static async decryptAES256(b64cipherText: string, b64IV: string, b64Key: string) {
+    static async decryptAES256(b64cipherText: string, b64IV: string, b64Key: string, alg?: string) {
 
         if (!browserCrypto) {
 
-            const binaryEncryptionKey = Buffer.alloc(32);
-            binaryEncryptionKey.write(b64Key, "base64");
-
+            // decryption has support for both gcm and cdc for backward compatibility (CU config.json)
+            const predicted_alg = b64IV.length === 16 ? "aes-256-gcm" : (b64IV.length === 24 ? "aes-256-cbc" : undefined);
+            if (!predicted_alg || (alg && alg != predicted_alg)) {
+                // Not a proper 16-byte base64-encoded IV, doesn't care about alg, not supported except in-browser
+                throw new Error("Response body is not properly encrypted.");
+            }
+            const binaryEncryptionKey = Buffer.from(b64Key, "base64");
+            const iv = Buffer.from(b64IV, "base64");
             const encrypted_buf = Buffer.from(b64cipherText, "base64");
 
-            const [encoded, auth_tag] = [
+            const [encoded, auth_tag] = predicted_alg === "aes-256-gcm" ? [
                 encrypted_buf.subarray(0, encrypted_buf.length - 16), 
-                encrypted_buf.subarray(encrypted_buf.length - 16, encrypted_buf.length)];
+                encrypted_buf.subarray(encrypted_buf.length - 16, encrypted_buf.length)
+            ] : [encrypted_buf, Buffer.from("")];
 
-            const iv = Buffer.from(b64IV, "base64");
-
-            const decryptor = crypto.createDecipheriv("aes-256-gcm", binaryEncryptionKey, iv);
-            decryptor.setAuthTag(auth_tag);
+            const decryptor = crypto.createDecipheriv(predicted_alg, binaryEncryptionKey, iv);
+            if (auth_tag) { (decryptor as crypto.DecipherGCM).setAuthTag(auth_tag); }
+            
             const decryptedJSON = Buffer.concat([decryptor.update(encoded), decryptor.final()]);
@@ -180,2 +181,7 @@ const decryptedString = decryptedJSON.toString("utf8");
 
+            if (b64IV.length !== 16) {
+                // Not a proper 16-byte base64-encoded IV, doesn't care about alg, not supported except in-browser
+                throw new Error("Response body is not properly encrypted.");
+            }
+
             const decryptKey = await browserCrypto.subtle.importKey(
@@ -182,0 +188,0 @@ "raw",

src/tsconfig.json

@@ -8,3 +8,3 @@ {
         "outDir": "../lib/",
-        "rootDir": ".",
+//        "rootDir": ".",
         "esModuleInterop": true,  
@@ -11,0 +11,0 @@ "strict": true,

tsconfig.json

@@ -8,3 +8,3 @@ {
         "outDir": ".",
-        "rootDir": ".",
+//        "rootDir": ".",
         "esModuleInterop": true,  
@@ -11,0 +11,0 @@ "strict": true,

webpack.config.js

 const path = require("path");
 
+const NodePolyfillPlugin = require('node-polyfill-webpack-plugin');
+
 module.exports = {
     entry : "./src/cardsavr/CardsavrHelper.ts",
+	plugins: [
+		new NodePolyfillPlugin()
+	],
     module : {
@@ -6,0 +11,0 @@ rules : [

Fixed alerts

Network access

Supply chain risk

This module accesses the network.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

723929

increased by43.99%

Dependency count

6

decreased by-14.29%

Number of package files

96

increased by41.18%

Lines of code

11834

increased by37.44%

Dependency changes

• + Addednode-polyfill-webpack-plugin@^3.0.0

• + Added@jridgewell/gen-mapping@0.3.5(transitive)

• + Added@jridgewell/resolve-uri@3.1.2(transitive)

• + Added@jridgewell/set-array@1.2.1(transitive)

• + Added@jridgewell/source-map@0.3.6(transitive)

• + Added@jridgewell/sourcemap-codec@1.4.15(transitive)

• + Added@jridgewell/trace-mapping@0.3.25(transitive)

• + Added@types/eslint@8.56.10(transitive)

• + Added@types/eslint-scope@3.7.7(transitive)

• + Added@types/estree@1.0.5(transitive)

• + Added@types/json-schema@7.0.15(transitive)

• + Added@types/node@20.12.12(transitive)

• + Added@webassemblyjs/ast@1.12.1(transitive)

• + Added@webassemblyjs/floating-point-hex-parser@1.11.6(transitive)

• + Added@webassemblyjs/helper-api-error@1.11.6(transitive)

• + Added@webassemblyjs/helper-buffer@1.12.1(transitive)

• + Added@webassemblyjs/helper-numbers@1.11.6(transitive)

• + Added@webassemblyjs/helper-wasm-bytecode@1.11.6(transitive)

• + Added@webassemblyjs/helper-wasm-section@1.12.1(transitive)

• + Added@webassemblyjs/ieee754@1.11.6(transitive)

• + Added@webassemblyjs/leb128@1.11.6(transitive)

• + Added@webassemblyjs/utf8@1.11.6(transitive)

• + Added@webassemblyjs/wasm-edit@1.12.1(transitive)

• + Added@webassemblyjs/wasm-gen@1.12.1(transitive)

• + Added@webassemblyjs/wasm-opt@1.12.1(transitive)

• + Added@webassemblyjs/wasm-parser@1.12.1(transitive)

• + Added@webassemblyjs/wast-printer@1.12.1(transitive)

• + Added@xtuc/ieee754@1.2.0(transitive)

• + Added@xtuc/long@4.2.2(transitive)

• + Addedabort-controller@3.0.0(transitive)

• + Addedacorn-import-assertions@1.9.0(transitive)

• + Addedajv-keywords@3.5.2(transitive)

• + Addedasn1.js@4.10.1(transitive)

• + Addedassert@2.1.0(transitive)

• + Addedavailable-typed-arrays@1.0.7(transitive)

• + Addedbase64-js@1.5.1(transitive)

• + Addedbn.js@4.12.05.2.1(transitive)

• + Addedbrorand@1.1.0(transitive)

• + Addedbrowserify-aes@1.2.0(transitive)

• + Addedbrowserify-cipher@1.0.1(transitive)

• + Addedbrowserify-des@1.0.2(transitive)

• + Addedbrowserify-rsa@4.1.0(transitive)

• + Addedbrowserify-sign@4.2.3(transitive)

• + Addedbrowserify-zlib@0.2.0(transitive)

• + Addedbrowserslist@4.23.0(transitive)

• + Addedbuffer@6.0.3(transitive)

• + Addedbuffer-from@1.1.2(transitive)

• + Addedbuffer-xor@1.0.3(transitive)

• + Addedbuiltin-status-codes@3.0.0(transitive)

• + Addedcall-bind@1.0.7(transitive)

• + Addedcaniuse-lite@1.0.30001620(transitive)

• + Addedchrome-trace-event@1.0.3(transitive)

• + Addedcipher-base@1.0.4(transitive)

• + Addedcommander@2.20.3(transitive)

• + Addedconsole-browserify@1.2.0(transitive)

• + Addedconstants-browserify@1.0.0(transitive)

• + Addedcore-util-is@1.0.3(transitive)

• + Addedcreate-ecdh@4.0.4(transitive)

• + Addedcreate-hash@1.2.0(transitive)

• + Addedcreate-hmac@1.1.7(transitive)

• + Addedcrypto-browserify@3.12.0(transitive)

• + Addeddefine-data-property@1.1.4(transitive)

• + Addeddefine-properties@1.2.1(transitive)

• + Addeddes.js@1.1.0(transitive)

• + Addeddiffie-hellman@5.0.3(transitive)

• + Addeddomain-browser@4.23.0(transitive)

• + Addedelectron-to-chromium@1.4.774(transitive)

• + Addedelliptic@6.5.5(transitive)

• + Addedenhanced-resolve@5.16.1(transitive)

• + Addedes-define-property@1.0.0(transitive)

• + Addedes-errors@1.3.0(transitive)

• + Addedes-module-lexer@1.5.3(transitive)

• + Addedescalade@3.1.2(transitive)

• + Addedeslint-scope@5.1.1(transitive)

• + Addedestraverse@4.3.0(transitive)

• + Addedevent-target-shim@5.0.1(transitive)

• + Addedevents@3.3.0(transitive)

• + Addedevp_bytestokey@1.0.3(transitive)

• + Addedfor-each@0.3.3(transitive)

• + Addedfunction-bind@1.1.2(transitive)

• + Addedget-intrinsic@1.2.4(transitive)

• + Addedglob-to-regexp@0.4.1(transitive)

• + Addedgopd@1.0.1(transitive)

• + Addedgraceful-fs@4.2.11(transitive)

• + Addedhas-property-descriptors@1.0.2(transitive)

• + Addedhas-proto@1.0.3(transitive)

• + Addedhas-symbols@1.0.3(transitive)

• + Addedhas-tostringtag@1.0.2(transitive)

• + Addedhash-base@3.0.4(transitive)

• + Addedhash.js@1.1.7(transitive)

• + Addedhasown@2.0.2(transitive)

• + Addedhmac-drbg@1.0.1(transitive)

• + Addedhttps-browserify@1.0.0(transitive)

• + Addedieee754@1.2.1(transitive)

• + Addedis-arguments@1.1.1(transitive)

• + Addedis-callable@1.2.7(transitive)

• + Addedis-generator-function@1.0.10(transitive)

• + Addedis-nan@1.3.2(transitive)

• + Addedis-typed-array@1.1.13(transitive)

• + Addedisarray@1.0.0(transitive)

• + Addedjest-worker@27.5.1(transitive)

• + Addedjson-parse-even-better-errors@2.3.1(transitive)

• + Addedloader-runner@4.3.0(transitive)

• + Addedmd5.js@1.3.5(transitive)

• + Addedmerge-stream@2.0.0(transitive)

• + Addedmiller-rabin@4.0.1(transitive)

• + Addedmime-db@1.52.0(transitive)

• + Addedmime-types@2.1.35(transitive)

• + Addedminimalistic-assert@1.0.1(transitive)

• + Addedminimalistic-crypto-utils@1.0.1(transitive)

• + Addedneo-async@2.6.2(transitive)

• + Addednode-polyfill-webpack-plugin@3.0.0(transitive)

• + Addednode-releases@2.0.14(transitive)

• + Addedobject-inspect@1.13.1(transitive)

• + Addedobject-is@1.1.6(transitive)

• + Addedobject-keys@1.1.1(transitive)

• + Addedobject.assign@4.1.5(transitive)

• + Addedos-browserify@0.3.0(transitive)

• + Addedpako@1.0.11(transitive)

• + Addedparse-asn1@5.1.7(transitive)

• + Addedpath-browserify@1.0.1(transitive)

• + Addedpbkdf2@3.1.2(transitive)

• + Addedpicocolors@1.0.1(transitive)

• + Addedpossible-typed-array-names@1.0.0(transitive)

• + Addedprocess@0.11.10(transitive)

• + Addedprocess-nextick-args@2.0.1(transitive)

• + Addedpublic-encrypt@4.0.3(transitive)

• + Addedpunycode@1.4.1(transitive)

• + Addedqs@6.12.1(transitive)

• + Addedquerystring-es3@0.2.1(transitive)

• + Addedrandombytes@2.1.0(transitive)

• + Addedrandomfill@1.0.4(transitive)

• + Addedreadable-stream@2.3.83.6.24.5.2(transitive)

• + Addedripemd160@2.0.2(transitive)

• + Addedsafe-buffer@5.1.25.2.1(transitive)

• + Addedschema-utils@3.3.0(transitive)

• + Addedserialize-javascript@6.0.2(transitive)

• + Addedset-function-length@1.2.2(transitive)

• + Addedsetimmediate@1.0.5(transitive)

• + Addedsha.js@2.4.11(transitive)

• + Addedside-channel@1.0.6(transitive)

• + Addedsource-map@0.6.1(transitive)

• + Addedsource-map-support@0.5.21(transitive)

• + Addedstream-browserify@3.0.0(transitive)

• + Addedstream-http@3.2.0(transitive)

• + Addedstring_decoder@1.1.11.3.0(transitive)

• + Addedsupports-color@8.1.1(transitive)

• + Addedtapable@2.2.1(transitive)

• + Addedterser@5.31.0(transitive)

• + Addedterser-webpack-plugin@5.3.10(transitive)

• + Addedtimers-browserify@2.0.12(transitive)

• + Addedtty-browserify@0.0.1(transitive)

• + Addedtype-fest@4.18.2(transitive)

• + Addedundici-types@5.26.5(transitive)

• + Addedupdate-browserslist-db@1.0.16(transitive)

• + Addedurl@0.11.3(transitive)

• + Addedutil@0.12.5(transitive)

• + Addedutil-deprecate@1.0.2(transitive)

• + Addedvm-browserify@1.1.2(transitive)

• + Addedwatchpack@2.4.1(transitive)

• + Addedwebpack@5.91.0(transitive)

• + Addedwebpack-sources@3.2.3(transitive)

• + Addedwhich-typed-array@1.1.15(transitive)

• + Addedxtend@4.0.2(transitive)

• - Removedhttps@^1.0.0

• - Removedhttps-proxy-agent@^5.0.1

• - Removedagent-base@6.0.2(transitive)

• - Removedhttps@1.0.0(transitive)

• - Removedhttps-proxy-agent@5.0.1(transitive)