Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

hawk

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

hawk - npm Package Compare versions

Comparing version 7.0.9 to 7.0.10

2

dist/browser.js

@@ -1,1 +0,1 @@

'use strict';var _typeof='function'==typeof Symbol&&'symbol'==typeof Symbol.iterator?function(c){return typeof c}:function(c){return c&&'function'==typeof Symbol&&c.constructor===Symbol&&c!==Symbol.prototype?'symbol':typeof c},hawk={internals:{}};hawk.client={header:function(c,d,e){if(!c||'string'!=typeof c&&'object'!==('undefined'==typeof c?'undefined':_typeof(c))||!d||'string'!=typeof d||!e||'object'!==('undefined'==typeof e?'undefined':_typeof(e)))throw new Error('Invalid argument type');var f=e.timestamp||hawk.utils.nowSec(e.localtimeOffsetMsec),g=e.credentials;if(!g||!g.id||!g.key||!g.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(g.algorithm))throw new Error('Unknown algorithm');'string'==typeof c&&(c=hawk.utils.parseUri(c));var h={ts:f,nonce:e.nonce||hawk.utils.randomString(6),method:d,resource:c.resource,host:c.host,port:c.port,hash:e.hash,ext:e.ext,app:e.app,dlg:e.dlg};!h.hash&&(e.payload||''===e.payload)&&(h.hash=hawk.crypto.calculatePayloadHash(e.payload,g.algorithm,e.contentType));var i=hawk.crypto.calculateMac('header',g,h),j=null!==h.ext&&void 0!==h.ext&&''!==h.ext,k='Hawk id="'+g.id+'", ts="'+h.ts+'", nonce="'+h.nonce+(h.hash?'", hash="'+h.hash:'')+(j?'", ext="'+hawk.utils.escapeHeaderAttribute(h.ext):'')+'", mac="'+i+'"';return h.app&&(k+=', app="'+h.app+(h.dlg?'", dlg="'+h.dlg:'')+'"'),{artifacts:h,header:k}},bewit:function(c,d){if(!c||'string'!=typeof c||!d||'object'!==('undefined'==typeof d?'undefined':_typeof(d))||!d.ttlSec)throw new Error('Invalid inputs');var e=null===d.ext||d.ext===void 0?'':d.ext,f=hawk.utils.nowSec(d.localtimeOffsetMsec),g=d.credentials;if(!g||!g.id||!g.key||!g.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(g.algorithm))throw new Error('Unknown algorithm');c=hawk.utils.parseUri(c);var h=f+d.ttlSec,i=hawk.crypto.calculateMac('bewit',g,{ts:h,nonce:'',method:'GET',resource:c.resource,host:c.host,port:c.port,ext:e}),j=g.id+'\\'+h+'\\'+i+'\\'+e;return hawk.utils.base64urlEncode(j)},authenticate:function authenticate(c,d,e,f){f=f||{};var g=function(d){return c.headers?'function'==typeof c.headers.get?c.headers.get(d):c.headers[d]:c.getResponseHeader?c.getResponseHeader(d):c.getHeader(d)},h=g('www-authenticate');if(h){var n=hawk.utils.parseAuthorizationHeader(h,['ts','tsm','error']);if(!n)return!1;if(n.ts){var o=hawk.crypto.calculateTsMac(n.ts,d);if(o!==n.tsm)return!1;hawk.utils.setNtpSecOffset(n.ts-Math.floor(Date.now()/1e3))}}var i=g('server-authorization');if(!i&&!f.required)return!0;var j=hawk.utils.parseAuthorizationHeader(i,['mac','ext','hash']);if(!j)return!1;var k={ts:e.ts,nonce:e.nonce,method:e.method,resource:e.resource,host:e.host,port:e.port,hash:j.hash,ext:j.ext,app:e.app,dlg:e.dlg},l=hawk.crypto.calculateMac('response',d,k);if(l!==j.mac)return!1;if(!f.payload&&''!==f.payload)return!0;if(!j.hash)return!1;var m=hawk.crypto.calculatePayloadHash(f.payload,d.algorithm,g('content-type'));return m===j.hash},message:function message(c,d,e,f){if(!c||'string'!=typeof c||!d||'number'!=typeof d||null===e||e===void 0||'string'!=typeof e||!f||'object'!==('undefined'==typeof f?'undefined':_typeof(f)))throw new Error('Invalid inputs');var g=f.timestamp||hawk.utils.nowSec(f.localtimeOffsetMsec),h=f.credentials;if(!h||!h.id||!h.key||!h.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(h.algorithm))throw new Error('Unknown algorithm');var i={ts:g,nonce:f.nonce||hawk.utils.randomString(6),host:c,port:d,hash:hawk.crypto.calculatePayloadHash(e,h.algorithm)},j={id:h.id,ts:i.ts,nonce:i.nonce,hash:i.hash,mac:hawk.crypto.calculateMac('message',h,i)};return j},authenticateTimestamp:function authenticateTimestamp(c,d,e){var f=hawk.crypto.calculateTsMac(c.ts,d);return!(f!==c.tsm)&&(!1!==e&&hawk.utils.setNtpSecOffset(c.ts-Math.floor(Date.now()/1e3)),!0)}},hawk.crypto={headerVersion:'1',algorithms:['sha1','sha256'],calculateMac:function calculateMac(c,d,e){var f=hawk.crypto.generateNormalizedString(c,e),g=CryptoJS['Hmac'+d.algorithm.toUpperCase()](f,d.key);return g.toString(CryptoJS.enc.Base64)},generateNormalizedString:function generateNormalizedString(c,d){var e='hawk.'+hawk.crypto.headerVersion+'.'+c+'\n'+d.ts+'\n'+d.nonce+'\n'+(d.method||'').toUpperCase()+'\n'+(d.resource||'')+'\n'+d.host.toLowerCase()+'\n'+d.port+'\n'+(d.hash||'')+'\n';return d.ext&&(e+=d.ext.replace('\\','\\\\').replace('\n','\\n')),e+='\n',d.app&&(e+=d.app+'\n'+(d.dlg||'')+'\n'),e},calculatePayloadHash:function calculatePayloadHash(c,d,e){var f=CryptoJS.algo[d.toUpperCase()].create();return f.update('hawk.'+hawk.crypto.headerVersion+'.payload\n'),f.update(hawk.utils.parseContentType(e)+'\n'),f.update(c),f.update('\n'),f.finalize().toString(CryptoJS.enc.Base64)},calculateTsMac:function calculateTsMac(c,d){var e=CryptoJS['Hmac'+d.algorithm.toUpperCase()]('hawk.'+hawk.crypto.headerVersion+'.ts\n'+c+'\n',d.key);return e.toString(CryptoJS.enc.Base64)}},hawk.internals.LocalStorage=function(){this._cache={},this.length=0,this.getItem=function(c){return this._cache.hasOwnProperty(c)?this._cache[c]+'':null},this.setItem=function(c,d){this._cache[c]=d+'',this.length=Object.keys(this._cache).length},this.removeItem=function(c){delete this._cache[c],this.length=Object.keys(this._cache).length},this.clear=function(){this._cache={},this.length=0},this.key=function(c){return Object.keys(this._cache)[c||0]}},hawk.utils={storage:new hawk.internals.LocalStorage,setStorage:function setStorage(c){var d=hawk.utils.storage.getItem('hawk_ntp_offset');hawk.utils.storage=c,d&&hawk.utils.setNtpSecOffset(d)},setNtpSecOffset:function setNtpSecOffset(c){try{hawk.utils.storage.setItem('hawk_ntp_offset',c)}catch(c){console.error('[hawk] could not write to storage.'),console.error(c)}},getNtpSecOffset:function getNtpSecOffset(){var c=hawk.utils.storage.getItem('hawk_ntp_offset');return c?parseInt(c,10):0},now:function now(c){return Date.now()+(c||0)+1e3*hawk.utils.getNtpSecOffset()},nowSec:function nowSec(c){return Math.floor(hawk.utils.now(c)/1e3)},escapeHeaderAttribute:function escapeHeaderAttribute(c){return c.replace(/\\/g,'\\\\').replace(/\"/g,'\\"')},parseContentType:function parseContentType(c){return c?c.split(';')[0].replace(/^\s+|\s+$/g,'').toLowerCase():''},parseAuthorizationHeader:function parseAuthorizationHeader(c,d){if(!c)return null;var e=c.match(/^(\w+)(?:\s+(.*))?$/);if(!e)return null;var f=e[1];if('hawk'!==f.toLowerCase())return null;var g=e[2];if(!g)return null;var h={},i=g.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g,function(c,e,f){if(-1!==d.indexOf(e))return null===f.match(/^[ \w\!#\$%&'\(\)\*\+,\-\.\/\:;<\=>\?@\[\]\^`\{\|\}~]+$/)||h.hasOwnProperty(e)?void 0:(h[e]=f,'')});return''===i?h:null},randomString:function randomString(c){for(var d='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',e=d.length,f=[],g=0;g<c;++g)f[g]=d[Math.floor(Math.random()*e)];return f.join('')},uriRegex:/^([^:]+)\:\/\/(?:[^@/]*@)?([^\/:]+)(?:\:(\d+))?([^#]*)(?:#.*)?$/,parseUri:function parseUri(c){var d=c.match(hawk.utils.uriRegex);if(!d)return{host:'',port:'',resource:''};var e=d[1].toLowerCase(),f={host:d[2],port:d[3]||('http'===e?'80':'https'===e?'443':''),resource:d[4]};return f},base64urlEncode:function base64urlEncode(c){var d=CryptoJS.enc.Utf8.parse(c),e=CryptoJS.enc.Base64.stringify(d);return e.replace(/\+/g,'-').replace(/\//g,'_').replace(/\=/g,'')}};var CryptoJS=CryptoJS||function(i,c){var d={},e=d.lib={},g=function(){},h=e.Base={extend:function extend(c){g.prototype=this;var d=new g;return c&&d.mixIn(c),d.hasOwnProperty('init')||(d.init=function(){d.$super.init.apply(this,arguments)}),d.init.prototype=d,d.$super=this,d},create:function create(){var c=this.extend();return c.init.apply(c,arguments),c},init:function init(){},mixIn:function mixIn(c){for(var d in c)c.hasOwnProperty(d)&&(this[d]=c[d]);c.hasOwnProperty('toString')&&(this.toString=c.toString)},clone:function clone(){return this.init.prototype.extend(this)}},k=e.WordArray=h.extend({init:function init(d,e){d=this.words=d||[],this.sigBytes=e==c?4*d.length:e},toString:function toString(c){return(c||j).stringify(this)},concat:function concat(f){var g=this.words,h=f.words,d=this.sigBytes;if(f=f.sigBytes,this.clamp(),d%4)for(var c=0;c<f;c++)g[d+c>>>2]|=(255&h[c>>>2]>>>24-8*(c%4))<<24-8*((d+c)%4);else if(65535<h.length)for(var e=0;e<f;e+=4)g[d+e>>>2]=h[e>>>2];else g.push.apply(g,h);return this.sigBytes+=f,this},clamp:function clamp(){var c=this.words,d=this.sigBytes;c[d>>>2]&=4294967295<<32-8*(d%4),c.length=i.ceil(d/4)},clone:function clone(){var c=h.clone.call(this);return c.words=this.words.slice(0),c},random:function random(c){for(var e=[],f=0;f<c;f+=4)e.push(0|4294967296*i.random());return new k.init(b,c)}}),f=d.enc={},j=f.Hex={stringify:function stringify(f){var g=f.words;f=f.sigBytes;for(var h,e=[],d=0;d<f;d++)h=255&g[d>>>2]>>>24-8*(d%4),e.push((h>>>4).toString(16)),e.push((15&h).toString(16));return e.join('')},parse:function parse(e){for(var f=e.length,g=[],d=0;d<f;d+=2)g[d>>>3]|=parseInt(e.substr(d,2),16)<<24-4*(d%8);return new k.init(g,f/2)}},l=f.Latin1={stringify:function stringify(e){var f=e.words;e=e.sigBytes;for(var g=[],d=0;d<e;d++)g.push(String.fromCharCode(255&f[d>>>2]>>>24-8*(d%4)));return g.join('')},parse:function parse(e){for(var f=e.length,g=[],d=0;d<f;d++)g[d>>>2]|=(255&e.charCodeAt(d))<<24-8*(d%4);return new k.init(g,f)}},m=f.Utf8={stringify:function stringify(c){try{return decodeURIComponent(escape(l.stringify(c)))}catch(c){throw Error('Malformed UTF-8 data')}},parse:function parse(c){return l.parse(unescape(encodeURIComponent(c)))}},n=e.BufferedBlockAlgorithm=h.extend({reset:function reset(){this._data=new k.init,this._nDataBytes=0},_append:function _append(c){'string'==typeof c&&(c=m.parse(c)),this._data.concat(c),this._nDataBytes+=c.sigBytes},_process:function _process(h){var j=this._data,l=j.words,d=j.sigBytes,c=this.blockSize,e=d/(4*c),e=h?i.ceil(e):i.max((0|e)-this._minBufferSize,0);if(h=e*c,d=i.min(4*h,d),h){for(var f=0;f<h;f+=c)this._doProcessBlock(l,f);f=l.splice(0,h),j.sigBytes-=d}return new k.init(f,d)},clone:function clone(){var c=h.clone.call(this);return c._data=this._data.clone(),c},_minBufferSize:0});e.Hasher=n.extend({cfg:h.extend(),init:function init(c){this.cfg=this.cfg.extend(c),this.reset()},reset:function reset(){n.reset.call(this),this._doReset()},update:function update(c){return this._append(c),this._process(),this},finalize:function finalize(c){return c&&this._append(c),this._doFinalize()},blockSize:16,_createHelper:function _createHelper(c){return function(e,f){return new c.init(f).finalize(e)}},_createHmacHelper:function _createHmacHelper(c){return function(e,f){return new o.HMAC.init(c,f).finalize(e)}}});var o=d.algo={};return d}(Math);(function(){var c=CryptoJS,e=c.lib,f=e.WordArray,g=e.Hasher,i=[],e=c.algo.SHA1=g.extend({_doReset:function _doReset(){this._hash=new f.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function _doProcessBlock(d,k){for(var l=this._hash.words,m=l[0],e=l[1],n=l[2],h=l[3],j=l[4],o=0;80>o;o++){if(16>o)i[o]=0|d[k+o];else{var c=i[o-3]^i[o-8]^i[o-14]^i[o-16];i[o]=c<<1|c>>>31}c=(m<<5|m>>>27)+j+i[o],c=20>o?c+((e&n|~e&h)+1518500249):40>o?c+((e^n^h)+1859775393):60>o?c+((e&n|e&h|n&h)-1894007588):c+((e^n^h)-899497514),j=h,h=n,n=e<<30|e>>>2,e=m,m=c}l[0]=0|l[0]+m,l[1]=0|l[1]+e,l[2]=0|l[2]+n,l[3]=0|l[3]+h,l[4]=0|l[4]+j},_doFinalize:function _doFinalize(){var c=this._data,f=c.words,d=8*this._nDataBytes,g=8*c.sigBytes;return f[g>>>5]|=128<<24-g%32,f[(g+64>>>9<<4)+14]=Math.floor(d/4294967296),f[(g+64>>>9<<4)+15]=d,c.sigBytes=4*f.length,this._process(),this._hash},clone:function clone(){var c=g.clone.call(this);return c._hash=this._hash.clone(),c}});c.SHA1=g._createHelper(e),c.HmacSHA1=g._createHmacHelper(e)})(),function(e){for(var c=CryptoJS,f=c.lib,g=f.WordArray,h=f.Hasher,f=c.algo,i=[],o=[],j=function(c){return 0|4294967296*(c-(0|c))},k=2,l=0;64>l;){var m;a:{m=k;for(var d=e.sqrt(m),p=2;p<=d;p++)if(!(m%p)){m=!1;break a}m=!0}m&&(8>l&&(i[l]=j(e.pow(k,.5))),o[l]=j(e.pow(k,1/3)),l++),k++}var r=[],f=f.SHA256=h.extend({_doReset:function _doReset(){this._hash=new g.init(i.slice(0))},_doProcessBlock:function _doProcessBlock(i,n){for(var h=this._hash.words,q=h[0],c=h[1],d=h[2],s=h[3],k=h[4],t=h[5],g=h[6],j=h[7],l=0;64>l;l++){if(16>l)r[l]=0|i[n+l];else{var e=r[l-15],m=r[l-2];r[l]=((e<<25|e>>>7)^(e<<14|e>>>18)^e>>>3)+r[l-7]+((m<<15|m>>>17)^(m<<13|m>>>19)^m>>>10)+r[l-16]}e=j+((k<<26|k>>>6)^(k<<21|k>>>11)^(k<<7|k>>>25))+(k&t^~k&g)+o[l]+r[l],m=((q<<30|q>>>2)^(q<<19|q>>>13)^(q<<10|q>>>22))+(q&c^q&d^c&d),j=g,g=t,t=k,k=0|s+e,s=d,d=c,c=q,q=0|e+m}h[0]=0|h[0]+q,h[1]=0|h[1]+c,h[2]=0|h[2]+d,h[3]=0|h[3]+s,h[4]=0|h[4]+k,h[5]=0|h[5]+t,h[6]=0|h[6]+g,h[7]=0|h[7]+j},_doFinalize:function _doFinalize(){var f=this._data,d=f.words,g=8*this._nDataBytes,h=8*f.sigBytes;return d[h>>>5]|=128<<24-h%32,d[(h+64>>>9<<4)+14]=e.floor(g/4294967296),d[(h+64>>>9<<4)+15]=g,f.sigBytes=4*d.length,this._process(),this._hash},clone:function clone(){var c=h.clone.call(this);return c._hash=this._hash.clone(),c}});c.SHA256=h._createHelper(f),c.HmacSHA256=h._createHmacHelper(f)}(Math),function(){var d=CryptoJS,i=d.enc.Utf8;d.algo.HMAC=d.lib.Base.extend({init:function init(k,l){k=this._hasher=new k.init,'string'==typeof l&&(l=i.parse(l));var m=k.blockSize,c=4*m;l.sigBytes>c&&(l=k.finalize(l)),l.clamp();for(var e=this._oKey=l.clone(),f=this._iKey=l.clone(),g=e.words,h=f.words,j=0;j<m;j++)g[j]^=1549556828,h[j]^=909522486;e.sigBytes=f.sigBytes=c,this.reset()},reset:function reset(){var c=this._hasher;c.reset(),c.update(this._iKey)},update:function update(c){return this._hasher.update(c),this},finalize:function finalize(c){var d=this._hasher;return c=d.finalize(c),d.reset(),d.finalize(this._oKey.clone().concat(c))}})}(),function(){var c=CryptoJS,i=c.lib.WordArray;c.enc.Base64={stringify:function stringify(h){var i=h.words,e=h.sigBytes,f=this._map;h.clamp(),h=[];for(var c=0;c<e;c+=3)for(var j=(255&i[c>>>2]>>>24-8*(c%4))<<16|(255&i[c+1>>>2]>>>24-8*((c+1)%4))<<8|255&i[c+2>>>2]>>>24-8*((c+2)%4),d=0;4>d&&c+.75*d<e;d++)h.push(f.charAt(63&j>>>6*(3-d)));if(i=f.charAt(64))for(;h.length%4;)h.push(i);return h.join('')},parse:function parse(j){var k=j.length,e=this._map,f=e.charAt(64);f&&(f=j.indexOf(f),-1!=f&&(k=f));for(var f=[],c=0,l=0;l<k;l++)if(l%4){var d=e.indexOf(j.charAt(l-1))<<2*(l%4),g=e.indexOf(j.charAt(l))>>>6-2*(l%4);f[c>>>2]|=(d|g)<<24-8*(c%4),c++}return i.create(f,c)},_map:'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='}}(),hawk.crypto.utils=CryptoJS,'undefined'!=typeof module&&module.exports&&(module.exports=hawk);
'use strict';var _typeof='function'==typeof Symbol&&'symbol'==typeof Symbol.iterator?function(c){return typeof c}:function(c){return c&&'function'==typeof Symbol&&c.constructor===Symbol&&c!==Symbol.prototype?'symbol':typeof c},hawk={internals:{}};hawk.client={header:function(c,d,e){if(!c||'string'!=typeof c&&'object'!==('undefined'==typeof c?'undefined':_typeof(c))||!d||'string'!=typeof d||!e||'object'!==('undefined'==typeof e?'undefined':_typeof(e)))throw new Error('Invalid argument type');var f=e.timestamp||hawk.utils.nowSec(e.localtimeOffsetMsec),g=e.credentials;if(!g||!g.id||!g.key||!g.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(g.algorithm))throw new Error('Unknown algorithm');'string'==typeof c&&(c=hawk.utils.parseUri(c));var h={ts:f,nonce:e.nonce||hawk.utils.randomString(6),method:d,resource:c.resource,host:c.host,port:c.port,hash:e.hash,ext:e.ext,app:e.app,dlg:e.dlg};!h.hash&&(e.payload||''===e.payload)&&(h.hash=hawk.crypto.calculatePayloadHash(e.payload,g.algorithm,e.contentType));var i=hawk.crypto.calculateMac('header',g,h),j=null!==h.ext&&void 0!==h.ext&&''!==h.ext,k='Hawk id="'+g.id+'", ts="'+h.ts+'", nonce="'+h.nonce+(h.hash?'", hash="'+h.hash:'')+(j?'", ext="'+hawk.utils.escapeHeaderAttribute(h.ext):'')+'", mac="'+i+'"';return h.app&&(k+=', app="'+h.app+(h.dlg?'", dlg="'+h.dlg:'')+'"'),{artifacts:h,header:k}},bewit:function(c,d){if(!c||'string'!=typeof c||!d||'object'!==('undefined'==typeof d?'undefined':_typeof(d))||!d.ttlSec)throw new Error('Invalid inputs');var e=null===d.ext||d.ext===void 0?'':d.ext,f=hawk.utils.nowSec(d.localtimeOffsetMsec),g=d.credentials;if(!g||!g.id||!g.key||!g.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(g.algorithm))throw new Error('Unknown algorithm');c=hawk.utils.parseUri(c);var h=f+d.ttlSec,i=hawk.crypto.calculateMac('bewit',g,{ts:h,nonce:'',method:'GET',resource:c.resource,host:c.host,port:c.port,ext:e}),j=g.id+'\\'+h+'\\'+i+'\\'+e;return hawk.utils.base64urlEncode(j)},authenticate:function authenticate(c,d,e,f){f=f||{};var g=function(d){return c.headers?'function'==typeof c.headers.get?c.headers.get(d):c.headers[d]:c.getResponseHeader?c.getResponseHeader(d):c.getHeader(d)},h=g('www-authenticate');if(h){var n=hawk.utils.parseAuthorizationHeader(h,['ts','tsm','error']);if(!n)return!1;if(n.ts){var o=hawk.crypto.calculateTsMac(n.ts,d);if(o!==n.tsm)return!1;hawk.utils.setNtpSecOffset(n.ts-Math.floor(Date.now()/1e3))}}var i=g('server-authorization');if(!i&&!f.required)return!0;var j=hawk.utils.parseAuthorizationHeader(i,['mac','ext','hash']);if(!j)return!1;var k={ts:e.ts,nonce:e.nonce,method:e.method,resource:e.resource,host:e.host,port:e.port,hash:j.hash,ext:j.ext,app:e.app,dlg:e.dlg},l=hawk.crypto.calculateMac('response',d,k);if(l!==j.mac)return!1;if(!f.payload&&''!==f.payload)return!0;if(!j.hash)return!1;var m=hawk.crypto.calculatePayloadHash(f.payload,d.algorithm,g('content-type'));return m===j.hash},message:function message(c,d,e,f){if(!c||'string'!=typeof c||!d||'number'!=typeof d||null===e||e===void 0||'string'!=typeof e||!f||'object'!==('undefined'==typeof f?'undefined':_typeof(f)))throw new Error('Invalid inputs');var g=f.timestamp||hawk.utils.nowSec(f.localtimeOffsetMsec),h=f.credentials;if(!h||!h.id||!h.key||!h.algorithm)throw new Error('Invalid credentials');if(-1===hawk.crypto.algorithms.indexOf(h.algorithm))throw new Error('Unknown algorithm');var i={ts:g,nonce:f.nonce||hawk.utils.randomString(6),host:c,port:d,hash:hawk.crypto.calculatePayloadHash(e,h.algorithm)},j={id:h.id,ts:i.ts,nonce:i.nonce,hash:i.hash,mac:hawk.crypto.calculateMac('message',h,i)};return j},authenticateTimestamp:function authenticateTimestamp(c,d,e){var f=hawk.crypto.calculateTsMac(c.ts,d);return!(f!==c.tsm)&&(!1!==e&&hawk.utils.setNtpSecOffset(c.ts-Math.floor(Date.now()/1e3)),!0)}},hawk.crypto={headerVersion:'1',algorithms:['sha1','sha256'],calculateMac:function calculateMac(c,d,e){var f=hawk.crypto.generateNormalizedString(c,e),g=CryptoJS['Hmac'+d.algorithm.toUpperCase()](f,d.key);return g.toString(CryptoJS.enc.Base64)},generateNormalizedString:function generateNormalizedString(c,d){var e='hawk.'+hawk.crypto.headerVersion+'.'+c+'\n'+d.ts+'\n'+d.nonce+'\n'+(d.method||'').toUpperCase()+'\n'+(d.resource||'')+'\n'+d.host.toLowerCase()+'\n'+d.port+'\n'+(d.hash||'')+'\n';return d.ext&&(e+=d.ext.replace(/\\/g,'\\\\').replace(/\n/g,'\\n')),e+='\n',d.app&&(e+=d.app+'\n'+(d.dlg||'')+'\n'),e},calculatePayloadHash:function calculatePayloadHash(c,d,e){var f=CryptoJS.algo[d.toUpperCase()].create();return f.update('hawk.'+hawk.crypto.headerVersion+'.payload\n'),f.update(hawk.utils.parseContentType(e)+'\n'),f.update(c),f.update('\n'),f.finalize().toString(CryptoJS.enc.Base64)},calculateTsMac:function calculateTsMac(c,d){var e=CryptoJS['Hmac'+d.algorithm.toUpperCase()]('hawk.'+hawk.crypto.headerVersion+'.ts\n'+c+'\n',d.key);return e.toString(CryptoJS.enc.Base64)}},hawk.internals.LocalStorage=function(){this._cache={},this.length=0,this.getItem=function(c){return this._cache.hasOwnProperty(c)?this._cache[c]+'':null},this.setItem=function(c,d){this._cache[c]=d+'',this.length=Object.keys(this._cache).length},this.removeItem=function(c){delete this._cache[c],this.length=Object.keys(this._cache).length},this.clear=function(){this._cache={},this.length=0},this.key=function(c){return Object.keys(this._cache)[c||0]}},hawk.utils={storage:new hawk.internals.LocalStorage,setStorage:function setStorage(c){var d=hawk.utils.storage.getItem('hawk_ntp_offset');hawk.utils.storage=c,d&&hawk.utils.setNtpSecOffset(d)},setNtpSecOffset:function setNtpSecOffset(c){try{hawk.utils.storage.setItem('hawk_ntp_offset',c)}catch(c){console.error('[hawk] could not write to storage.'),console.error(c)}},getNtpSecOffset:function getNtpSecOffset(){var c=hawk.utils.storage.getItem('hawk_ntp_offset');return c?parseInt(c,10):0},now:function now(c){return Date.now()+(c||0)+1e3*hawk.utils.getNtpSecOffset()},nowSec:function nowSec(c){return Math.floor(hawk.utils.now(c)/1e3)},escapeHeaderAttribute:function escapeHeaderAttribute(c){return c.replace(/\\/g,'\\\\').replace(/\"/g,'\\"')},parseContentType:function parseContentType(c){return c?c.split(';')[0].replace(/^\s+|\s+$/g,'').toLowerCase():''},parseAuthorizationHeader:function parseAuthorizationHeader(c,d){if(!c)return null;var e=c.match(/^(\w+)(?:\s+(.*))?$/);if(!e)return null;var f=e[1];if('hawk'!==f.toLowerCase())return null;var g=e[2];if(!g)return null;var h={},i=g.replace(/(\w+)="([^"\\]*)"\s*(?:,\s*|$)/g,function(c,e,f){if(-1!==d.indexOf(e))return null===f.match(/^[ \w\!#\$%&'\(\)\*\+,\-\.\/\:;<\=>\?@\[\]\^`\{\|\}~]+$/)||h.hasOwnProperty(e)?void 0:(h[e]=f,'')});return''===i?h:null},randomString:function randomString(c){for(var d='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789',e=d.length,f=[],g=0;g<c;++g)f[g]=d[Math.floor(Math.random()*e)];return f.join('')},uriRegex:/^([^:]+)\:\/\/(?:[^@/]*@)?([^\/:]+)(?:\:(\d+))?([^#]*)(?:#.*)?$/,parseUri:function parseUri(c){var d=c.match(hawk.utils.uriRegex);if(!d)return{host:'',port:'',resource:''};var e=d[1].toLowerCase(),f={host:d[2],port:d[3]||('http'===e?'80':'https'===e?'443':''),resource:d[4]};return f},base64urlEncode:function base64urlEncode(c){var d=CryptoJS.enc.Utf8.parse(c),e=CryptoJS.enc.Base64.stringify(d);return e.replace(/\+/g,'-').replace(/\//g,'_').replace(/\=/g,'')}};var CryptoJS=CryptoJS||function(i,c){var d={},e=d.lib={},g=function(){},h=e.Base={extend:function extend(c){g.prototype=this;var d=new g;return c&&d.mixIn(c),d.hasOwnProperty('init')||(d.init=function(){d.$super.init.apply(this,arguments)}),d.init.prototype=d,d.$super=this,d},create:function create(){var c=this.extend();return c.init.apply(c,arguments),c},init:function init(){},mixIn:function mixIn(c){for(var d in c)c.hasOwnProperty(d)&&(this[d]=c[d]);c.hasOwnProperty('toString')&&(this.toString=c.toString)},clone:function clone(){return this.init.prototype.extend(this)}},k=e.WordArray=h.extend({init:function init(d,e){d=this.words=d||[],this.sigBytes=e==c?4*d.length:e},toString:function toString(c){return(c||j).stringify(this)},concat:function concat(f){var g=this.words,h=f.words,d=this.sigBytes;if(f=f.sigBytes,this.clamp(),d%4)for(var c=0;c<f;c++)g[d+c>>>2]|=(255&h[c>>>2]>>>24-8*(c%4))<<24-8*((d+c)%4);else if(65535<h.length)for(var e=0;e<f;e+=4)g[d+e>>>2]=h[e>>>2];else g.push.apply(g,h);return this.sigBytes+=f,this},clamp:function clamp(){var c=this.words,d=this.sigBytes;c[d>>>2]&=4294967295<<32-8*(d%4),c.length=i.ceil(d/4)},clone:function clone(){var c=h.clone.call(this);return c.words=this.words.slice(0),c},random:function random(c){for(var e=[],f=0;f<c;f+=4)e.push(0|4294967296*i.random());return new k.init(b,c)}}),f=d.enc={},j=f.Hex={stringify:function stringify(f){var g=f.words;f=f.sigBytes;for(var h,e=[],d=0;d<f;d++)h=255&g[d>>>2]>>>24-8*(d%4),e.push((h>>>4).toString(16)),e.push((15&h).toString(16));return e.join('')},parse:function parse(e){for(var f=e.length,g=[],d=0;d<f;d+=2)g[d>>>3]|=parseInt(e.substr(d,2),16)<<24-4*(d%8);return new k.init(g,f/2)}},l=f.Latin1={stringify:function stringify(e){var f=e.words;e=e.sigBytes;for(var g=[],d=0;d<e;d++)g.push(String.fromCharCode(255&f[d>>>2]>>>24-8*(d%4)));return g.join('')},parse:function parse(e){for(var f=e.length,g=[],d=0;d<f;d++)g[d>>>2]|=(255&e.charCodeAt(d))<<24-8*(d%4);return new k.init(g,f)}},m=f.Utf8={stringify:function stringify(c){try{return decodeURIComponent(escape(l.stringify(c)))}catch(c){throw Error('Malformed UTF-8 data')}},parse:function parse(c){return l.parse(unescape(encodeURIComponent(c)))}},n=e.BufferedBlockAlgorithm=h.extend({reset:function reset(){this._data=new k.init,this._nDataBytes=0},_append:function _append(c){'string'==typeof c&&(c=m.parse(c)),this._data.concat(c),this._nDataBytes+=c.sigBytes},_process:function _process(h){var j=this._data,l=j.words,d=j.sigBytes,c=this.blockSize,e=d/(4*c),e=h?i.ceil(e):i.max((0|e)-this._minBufferSize,0);if(h=e*c,d=i.min(4*h,d),h){for(var f=0;f<h;f+=c)this._doProcessBlock(l,f);f=l.splice(0,h),j.sigBytes-=d}return new k.init(f,d)},clone:function clone(){var c=h.clone.call(this);return c._data=this._data.clone(),c},_minBufferSize:0});e.Hasher=n.extend({cfg:h.extend(),init:function init(c){this.cfg=this.cfg.extend(c),this.reset()},reset:function reset(){n.reset.call(this),this._doReset()},update:function update(c){return this._append(c),this._process(),this},finalize:function finalize(c){return c&&this._append(c),this._doFinalize()},blockSize:16,_createHelper:function _createHelper(c){return function(e,f){return new c.init(f).finalize(e)}},_createHmacHelper:function _createHmacHelper(c){return function(e,f){return new o.HMAC.init(c,f).finalize(e)}}});var o=d.algo={};return d}(Math);(function(){var c=CryptoJS,e=c.lib,f=e.WordArray,g=e.Hasher,i=[],e=c.algo.SHA1=g.extend({_doReset:function _doReset(){this._hash=new f.init([1732584193,4023233417,2562383102,271733878,3285377520])},_doProcessBlock:function _doProcessBlock(d,k){for(var l=this._hash.words,m=l[0],e=l[1],n=l[2],h=l[3],j=l[4],o=0;80>o;o++){if(16>o)i[o]=0|d[k+o];else{var c=i[o-3]^i[o-8]^i[o-14]^i[o-16];i[o]=c<<1|c>>>31}c=(m<<5|m>>>27)+j+i[o],c=20>o?c+((e&n|~e&h)+1518500249):40>o?c+((e^n^h)+1859775393):60>o?c+((e&n|e&h|n&h)-1894007588):c+((e^n^h)-899497514),j=h,h=n,n=e<<30|e>>>2,e=m,m=c}l[0]=0|l[0]+m,l[1]=0|l[1]+e,l[2]=0|l[2]+n,l[3]=0|l[3]+h,l[4]=0|l[4]+j},_doFinalize:function _doFinalize(){var c=this._data,f=c.words,d=8*this._nDataBytes,g=8*c.sigBytes;return f[g>>>5]|=128<<24-g%32,f[(g+64>>>9<<4)+14]=Math.floor(d/4294967296),f[(g+64>>>9<<4)+15]=d,c.sigBytes=4*f.length,this._process(),this._hash},clone:function clone(){var c=g.clone.call(this);return c._hash=this._hash.clone(),c}});c.SHA1=g._createHelper(e),c.HmacSHA1=g._createHmacHelper(e)})(),function(e){for(var c=CryptoJS,f=c.lib,g=f.WordArray,h=f.Hasher,f=c.algo,i=[],o=[],j=function(c){return 0|4294967296*(c-(0|c))},k=2,l=0;64>l;){var m;a:{m=k;for(var d=e.sqrt(m),p=2;p<=d;p++)if(!(m%p)){m=!1;break a}m=!0}m&&(8>l&&(i[l]=j(e.pow(k,.5))),o[l]=j(e.pow(k,1/3)),l++),k++}var r=[],f=f.SHA256=h.extend({_doReset:function _doReset(){this._hash=new g.init(i.slice(0))},_doProcessBlock:function _doProcessBlock(i,n){for(var h=this._hash.words,q=h[0],c=h[1],d=h[2],s=h[3],k=h[4],t=h[5],g=h[6],j=h[7],l=0;64>l;l++){if(16>l)r[l]=0|i[n+l];else{var e=r[l-15],m=r[l-2];r[l]=((e<<25|e>>>7)^(e<<14|e>>>18)^e>>>3)+r[l-7]+((m<<15|m>>>17)^(m<<13|m>>>19)^m>>>10)+r[l-16]}e=j+((k<<26|k>>>6)^(k<<21|k>>>11)^(k<<7|k>>>25))+(k&t^~k&g)+o[l]+r[l],m=((q<<30|q>>>2)^(q<<19|q>>>13)^(q<<10|q>>>22))+(q&c^q&d^c&d),j=g,g=t,t=k,k=0|s+e,s=d,d=c,c=q,q=0|e+m}h[0]=0|h[0]+q,h[1]=0|h[1]+c,h[2]=0|h[2]+d,h[3]=0|h[3]+s,h[4]=0|h[4]+k,h[5]=0|h[5]+t,h[6]=0|h[6]+g,h[7]=0|h[7]+j},_doFinalize:function _doFinalize(){var f=this._data,d=f.words,g=8*this._nDataBytes,h=8*f.sigBytes;return d[h>>>5]|=128<<24-h%32,d[(h+64>>>9<<4)+14]=e.floor(g/4294967296),d[(h+64>>>9<<4)+15]=g,f.sigBytes=4*d.length,this._process(),this._hash},clone:function clone(){var c=h.clone.call(this);return c._hash=this._hash.clone(),c}});c.SHA256=h._createHelper(f),c.HmacSHA256=h._createHmacHelper(f)}(Math),function(){var d=CryptoJS,i=d.enc.Utf8;d.algo.HMAC=d.lib.Base.extend({init:function init(k,l){k=this._hasher=new k.init,'string'==typeof l&&(l=i.parse(l));var m=k.blockSize,c=4*m;l.sigBytes>c&&(l=k.finalize(l)),l.clamp();for(var e=this._oKey=l.clone(),f=this._iKey=l.clone(),g=e.words,h=f.words,j=0;j<m;j++)g[j]^=1549556828,h[j]^=909522486;e.sigBytes=f.sigBytes=c,this.reset()},reset:function reset(){var c=this._hasher;c.reset(),c.update(this._iKey)},update:function update(c){return this._hasher.update(c),this},finalize:function finalize(c){var d=this._hasher;return c=d.finalize(c),d.reset(),d.finalize(this._oKey.clone().concat(c))}})}(),function(){var c=CryptoJS,i=c.lib.WordArray;c.enc.Base64={stringify:function stringify(h){var i=h.words,e=h.sigBytes,f=this._map;h.clamp(),h=[];for(var c=0;c<e;c+=3)for(var j=(255&i[c>>>2]>>>24-8*(c%4))<<16|(255&i[c+1>>>2]>>>24-8*((c+1)%4))<<8|255&i[c+2>>>2]>>>24-8*((c+2)%4),d=0;4>d&&c+.75*d<e;d++)h.push(f.charAt(63&j>>>6*(3-d)));if(i=f.charAt(64))for(;h.length%4;)h.push(i);return h.join('')},parse:function parse(j){var k=j.length,e=this._map,f=e.charAt(64);f&&(f=j.indexOf(f),-1!=f&&(k=f));for(var f=[],c=0,l=0;l<k;l++)if(l%4){var d=e.indexOf(j.charAt(l-1))<<2*(l%4),g=e.indexOf(j.charAt(l))>>>6-2*(l%4);f[c>>>2]|=(d|g)<<24-8*(c%4),c++}return i.create(f,c)},_map:'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/='}}(),hawk.crypto.utils=CryptoJS,'undefined'!=typeof module&&module.exports&&(module.exports=hawk);

@@ -396,3 +396,3 @@ 'use strict';

if (options.ext) {
normalized += options.ext.replace('\\', '\\\\').replace('\n', '\\n');
normalized += options.ext.replace(/\\/g, '\\\\').replace(/\n/g, '\\n');
}

@@ -399,0 +399,0 @@

@@ -78,3 +78,3 @@ 'use strict';

if (options.ext) {
normalized = normalized + options.ext.replace('\\', '\\\\').replace('\n', '\\n');
normalized = normalized + options.ext.replace(/\\/g, '\\\\').replace(/\n/g, '\\n');
}

@@ -81,0 +81,0 @@

{
"name": "hawk",
"description": "HTTP Hawk Authentication Scheme",
"version": "7.0.9",
"version": "7.0.10",
"repository": "git://github.com/hueniverse/hawk",

@@ -6,0 +6,0 @@ "main": "lib/index.js",

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc