Socket
Socket
Sign inDemoInstall

http-signature

Package Overview
Dependencies
15
Maintainers
9
Versions
28
Alerts
File Explorer

Advanced tools

npm Scripts

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.2.0 to 1.3.0

130

lib/parser.js

@@ -29,3 +29,2 @@ // Copyright 2012 Joyent, Inc. All rights reserved.

///--- Specific Errors

@@ -122,7 +121,11 @@

var authzHeaderName = options.authorizationHeaderName || 'authorization';
var headers = request.headers;
var authzHeaderName = options.authorizationHeaderName;
var authz = headers[authzHeaderName] || headers[utils.HEADER.AUTH] || headers[utils.HEADER.SIG];
if (!request.headers[authzHeaderName]) {
throw new MissingHeaderError('no ' + authzHeaderName + ' header ' +
'present in the request');
if (!authz) {
var errHeader = authzHeaderName ? authzHeaderName : utils.HEADER.AUTH + ' or ' + utils.HEADER.SIG;
throw new MissingHeaderError('no ' + errHeader + ' header ' +
'present in the request');
}

@@ -134,3 +137,3 @@

var i = 0;
var state = State.New;
var state = authz === headers[utils.HEADER.SIG] ? State.Params : State.New;
var substate = ParamsState.Name;

@@ -141,3 +144,3 @@ var tmpName = '';

var parsed = {
scheme: '',
scheme: authz === headers[utils.HEADER.SIG] ? 'Signature' : '',
params: {},

@@ -147,3 +150,2 @@ signingString: ''

var authz = request.headers[authzHeaderName];
for (i = 0; i < authz.length; i++) {

@@ -154,49 +156,54 @@ var c = authz.charAt(i);

case State.New:
if (c !== ' ') parsed.scheme += c;
else state = State.Params;
break;
case State.New:
if (c !== ' ') parsed.scheme += c;
else state = State.Params;
break;
case State.Params:
switch (Number(substate)) {
case State.Params:
switch (Number(substate)) {
case ParamsState.Name:
var code = c.charCodeAt(0);
// restricted name of A-Z / a-z
if ((code >= 0x41 && code <= 0x5a) || // A-Z
(code >= 0x61 && code <= 0x7a)) { // a-z
tmpName += c;
} else if (c === '=') {
if (tmpName.length === 0)
throw new InvalidHeaderError('bad param format');
substate = ParamsState.Quote;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Name:
var code = c.charCodeAt(0);
// restricted name of A-Z / a-z
if ((code >= 0x41 && code <= 0x5a) || // A-Z
(code >= 0x61 && code <= 0x7a)) { // a-z
tmpName += c;
} else if (c === '=') {
if (tmpName.length === 0)
throw new InvalidHeaderError('bad param format');
substate = ParamsState.Quote;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Quote:
if (c === '"') {
tmpValue = '';
substate = ParamsState.Value;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Quote:
if (c === '"') {
tmpValue = '';
substate = ParamsState.Value;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
case ParamsState.Value:
if (c === '"') {
parsed.params[tmpName] = tmpValue;
substate = ParamsState.Comma;
} else {
tmpValue += c;
}
break;
case ParamsState.Value:
if (c === '"') {
parsed.params[tmpName] = tmpValue;
substate = ParamsState.Comma;
} else {
tmpValue += c;
}
break;
case ParamsState.Comma:
if (c === ',') {
tmpName = '';
substate = ParamsState.Name;
} else {
throw new InvalidHeaderError('bad param format');
case ParamsState.Comma:
if (c === ',') {
tmpName = '';
substate = ParamsState.Name;
} else {
throw new InvalidHeaderError('bad param format');
}
break;
default:
throw new Error('Invalid substate');
}

@@ -207,7 +214,2 @@ break;

throw new Error('Invalid substate');
}
break;
default:
throw new Error('Invalid substate');
}

@@ -288,7 +290,7 @@

if (request.headers.date || request.headers['x-date']) {
if (request.headers['x-date']) {
date = new Date(request.headers['x-date']);
} else {
date = new Date(request.headers.date);
}
if (request.headers['x-date']) {
date = new Date(request.headers['x-date']);
} else {
date = new Date(request.headers.date);
}
var now = new Date();

@@ -299,5 +301,5 @@ var skew = Math.abs(now.getTime() - date.getTime());

throw new ExpiredRequestError('clock skew of ' +
(skew / 1000) +
's was greater than ' +
options.clockSkew + 's');
(skew / 1000) +
's was greater than ' +
options.clockSkew + 's');
}

@@ -316,3 +318,3 @@ }

throw new InvalidParamsError(parsed.params.algorithm +
' is not a supported algorithm');
' is not a supported algorithm');
}

@@ -319,0 +321,0 @@

14

lib/signer.js

@@ -5,3 +5,2 @@ // Copyright 2012 Joyent, Inc. All rights reserved.

var crypto = require('crypto');
var http = require('http');
var util = require('util');

@@ -25,2 +24,4 @@ var sshpk = require('sshpk');

var SIGNATURE_FMT = 'keyId="%s",algorithm="%s",headers="%s",signature="%s"';
///--- Specific Errors

@@ -394,7 +395,8 @@

request.setHeader(authzHeaderName, sprintf(AUTHZ_FMT,
options.keyId,
options.algorithm,
options.headers.join(' '),
signature));
var FMT = authzHeaderName.toLowerCase() === utils.HEADER.SIG ? SIGNATURE_FMT : AUTHZ_FMT;
request.setHeader(authzHeaderName, sprintf(FMT,
options.keyId,
options.algorithm,
options.headers.join(' '),
signature));

@@ -401,0 +403,0 @@ return true;

6

lib/utils.js

@@ -19,2 +19,7 @@ // Copyright 2012 Joyent, Inc. All rights reserved.

var HEADER = {
AUTH: 'authorization',
SIG: 'signature'
};
function HttpSignatureError(message, caller) {

@@ -58,2 +63,3 @@ if (Error.captureStackTrace)

module.exports = {
HEADER,

@@ -60,0 +66,0 @@ HASH_ALGOS: HASH_ALGOS,

4

package.json
{
"name": "http-signature",
"description": "Reference implementation of Joyent's HTTP Signature scheme.",
"version": "1.2.0",
"version": "1.3.0",
"license": "MIT",

@@ -33,3 +33,3 @@ "author": "Joyent, Inc",

"jsprim": "^1.2.2",
"sshpk": "^1.7.0"
"sshpk": "^1.14.1"
},

@@ -36,0 +36,0 @@ "devDependencies": {

.npmignore
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap

About

Packages

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc