http-signature - npm Package Compare versions

http-signature

Package Overview

Dependencies

Maintainers

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Install

Comparing version 1.3.4 to 1.3.5

CHANGES.md

		@@ -7,2 +7,7 @@ # node-http-signature changelog

		## 1.3.5

		- Add keyPassphrase option to signer (#115)
		- Add support for created and expires values (#110)

		## 1.3.4
		@@ -9,0 +14,0 @@

lib/parser.js

		@@ -26,3 +26,4 @@ // Copyright 2012 Joyent, Inc. All rights reserved.
		Value: 2,
		Comma: 3
		Comma: 3,
		Number: 4
		};
		@@ -184,3 +185,9 @@
		} else {
		throw new InvalidHeaderError('bad param format');
		//number
		substate = ParamsState.Number;
		code = c.charCodeAt(0);
		if (code < 0x30 \|\| code > 0x39) { //character not in 0-9
		throw new InvalidHeaderError('bad param format');
		}
		tmpValue = c;
		}
		@@ -198,2 +205,17 @@ break;

		case ParamsState.Number:
		if (c === ',') {
		parsed.params[tmpName] = parseInt(tmpValue, 10);
		tmpName = '';
		substate = ParamsState.Name;
		} else {
		code = c.charCodeAt(0);
		if (code < 0x30 \|\| code > 0x39) { //character not in 0-9
		throw new InvalidHeaderError('bad param format');
		}
		tmpValue += c;
		}
		break;


		case ParamsState.Comma:
		@@ -286,2 +308,6 @@ if (c === ',') {
		parsed.signingString += '(opaque): ' + opaque;
		} else if (h === '(created)') {
		parsed.signingString += '(created): ' + parsed.params.created;
		} else if (h === '(expires)') {
		parsed.signingString += '(expires): ' + parsed.params.expires;
		} else {
		@@ -300,2 +326,3 @@ var value = request.headers[h];
		var date;
		var skew;
		if (request.headers.date \|\| request.headers['x-date']) {
		@@ -308,3 +335,3 @@ if (request.headers['x-date']) {
		var now = new Date();
		var skew = Math.abs(now.getTime() - date.getTime());
		skew = Math.abs(now.getTime() - date.getTime());

		@@ -319,2 +346,19 @@ if (skew > options.clockSkew * 1000) {

		if (parsed.params.created) {
		skew = parsed.params.created - Math.floor(Date.now() / 1000);
		if (skew > options.clockSkew) {
		throw new ExpiredRequestError('Created lies in the future (with ' +
		'skew ' + skew + 's greater than allowed ' + options.clockSkew +
		's');
		}
		}

		if (parsed.params.expires) {
		var expiredSince = Math.floor(Date.now() / 1000) - parsed.params.expires;
		if (expiredSince > options.clockSkew) {
		throw new ExpiredRequestError('Request expired with skew ' +
		expiredSince + 's greater than allowed ' + options.clockSkew + 's');
		}
		}

		headers.forEach(function (hdr) {
		@@ -321,0 +365,0 @@ // Remember that we already checked any headers in the params

lib/signer.js

		@@ -20,3 +20,4 @@ // Copyright 2012 Joyent, Inc. All rights reserved.

		var AUTHZ_PARAMS = [ 'keyId', 'algorithm', 'opaque', 'headers', 'signature' ];
		var AUTHZ_PARAMS = [ 'keyId', 'algorithm', 'created', 'expires', 'opaque',
		'headers', 'signature' ];

		@@ -45,5 +46,9 @@ ///--- Specific Errors
		continue;
		assert.string(value, 'params.' + param);
		if (typeof (value) === 'number') {
		authz += prefix + sprintf('%s=%d', param, value);
		} else {
		assert.string(value, 'params.' + param);

		authz += prefix + sprintf('%s="%s"', param, value);
		authz += prefix + sprintf('%s="%s"', param, value);
		}
		prefix = ',';
		@@ -104,3 +109,6 @@ }
		if (typeof (key) === 'string' \|\| Buffer.isBuffer(key))
		key = sshpk.parsePrivateKey(key);
		assert.optionalString(options.keyPassphrase, 'options.keyPassphrase');
		key = sshpk.parsePrivateKey(key, 'auto', {
		passphrase: options.keyPassphrase
		});

		@@ -267,2 +275,3 @@ assert.ok(sshpk.PrivateKey.isPrivateKey(key, [1, 2]),
		* - {String} algorithm (optional, required for HMAC)
		* - {String} keyPassphrase (optional, not for HMAC)
		* or:
		@@ -301,2 +310,9 @@ * - {Func} sign (data, cb)
		* - {Boolean} strict optional; defaults to 'false'.
		* - {int} expiresIn optional; defaults to 60. The
		* seconds after which the signature should
		* expire;
		* - {String} keyPassphrase optional; The passphrase to
		* pass to sshpk to parse the privateKey.
		* This doesn't do anything if algorithm is
		* HMAC.
		* @return {Boolean} true if Authorization (and optionally Date) were added.
		@@ -318,2 +334,4 @@ * @throws {TypeError} on bad parameter types (input).
		assert.optionalString(options.httpVersion, 'options.httpVersion');
		assert.optionalNumber(options.expiresIn, 'options.expiresIn');
		assert.optionalString(options.keyPassphrase, 'options.keyPassphrase');

		@@ -340,3 +358,5 @@ if (!request.getHeader('Date'))
		if (typeof (key) === 'string' \|\| Buffer.isBuffer(key))
		key = sshpk.parsePrivateKey(options.key);
		key = sshpk.parsePrivateKey(options.key, 'auto', {
		passphrase: options.keyPassphrase
		});

		@@ -365,2 +385,7 @@ assert.ok(sshpk.PrivateKey.isPrivateKey(key, [1, 2]),

		var params = {
		'keyId': options.keyId,
		'algorithm': options.algorithm
		};

		var i;
		@@ -402,2 +427,14 @@ var stringToSign = '';
		stringToSign += '(opaque): ' + opaque;
		} else if (h === '(created)') {
		var created = Math.floor(Date.now() / 1000);
		params.created = created;
		stringToSign += '(created): ' + created;
		} else if (h === '(expires)') {
		var expiresIn = options.expiresIn;
		if (expiresIn === undefined) {
		expiresIn = 60;
		}
		const expires = Math.floor(Date.now() / 1000) + expiresIn;
		params.expires = expires;
		stringToSign += '(expires): ' + expires;
		} else {
		@@ -443,7 +480,4 @@ var value = request.getHeader(h);

		var params = {
		'keyId': options.keyId,
		'algorithm': options.algorithm,
		'signature': signature
		};
		params.signature = signature;

		if (options.opaque)
		@@ -450,0 +484,0 @@ params.opaque = options.opaque;

package.json

		{
		"name": "http-signature",
		"description": "Reference implementation of Joyent's HTTP Signature scheme.",
		"version": "1.3.4",
		"version": "1.3.5",
		"license": "MIT",
		@@ -6,0 +6,0 @@ "author": "Joyent, Inc",

README.md

		@@ -39,3 +39,4 @@ # node-http-signature
		key: key,
		keyId: './cert.pem'
		keyId: './cert.pem',
		keyPassphrase: 'secret' // (optional)
		});
		@@ -42,0 +43,0 @@

Improved metrics