New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
macattack-express
Advanced tools
macattack-express - npm Package Compare versions
Comparing version 0.0.3 to 0.0.4
25
index.js
@@ -6,3 +6,3 @@ var macattack = require("macattack"); | ||
| var parts = req.headers.authorization.split(' '); | ||
| if (parts.length === 2 && parts[0] === headerKey) { return parts[1]; } | ||
| if (parts.length > 1 && parts[0] === headerKey) { return parts.slice(1).join(" "); } | ||
| } | ||
@@ -15,17 +15,24 @@ throw new Error("macaroon not found"); | ||
| return function (req, res, next){ | ||
| var serializedMac; | ||
| var serializedMacs; | ||
| var pemCert = cert_encoder.convert(req.connection.getPeerCertificate().raw);//certificate for comprison | ||
| try { serializedMac = getTokenFromReq(req, optionsObj.headerKey || 'Bearer'); } | ||
| try { serializedMacs = getTokenFromReq(req, optionsObj.headerKey || 'Bearer'); } | ||
| catch (e) { return next(e); } | ||
| //separate out 3rd party caveat portion | ||
| var eachMac = serializedMacs.split(","); | ||
| var macs = _.map(eachMac, function (serialMac) { return MacaroonsBuilder.deserialize(serialMac); }) | ||
| if(!macattack.validateMac(serializedMac, optionsObj.secret || "secret", req.body)) { | ||
| // validateMac(serializedMac, databaseSecret, requestData); | ||
| var rootMac = macs[0]; | ||
| var dischargeMac = macs[1]; | ||
| return next(new Error("Macaroon is not valid ")); | ||
| } | ||
| var requestReadyMac = dischargeMac && MacaroonsBuilder.modify(rootMac).prepare_for_request(dischargeMac).getMacaroon(); | ||
| var rootMacVerifier = new MacaroonsVerifier(rootMac); | ||
| return next(); | ||
| rootMacVerifier = (requestReadyMac ? rootMacVerifier.satisfy3rdParty(requestReadyMac) : rootMacVerifier) | ||
| rootMacVerifier = macattack.validateMac(rootMacVerifier, req.body, rootMacVerifier); | ||
| var isValid = rootMacVerifier.isValid(optionsObj.secret || "secret"); | ||
| return isValid ? next() : next(new Error("Macaroon is not valid ")); | ||
| } | ||
| }; |
| { | ||
| "name": "macattack-express", | ||
| "version": "0.0.3", | ||
| "version": "0.0.4", | ||
| "description": "macattack for express", | ||
@@ -19,2 +19,3 @@ "main": "index.js", | ||
| "dependencies": { | ||
| "macaroons.js": "^0.3.5", | ||
| "macattack": "latest" | ||
@@ -21,0 +22,0 @@ }, |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by20.7%
3575
- Lines of code
- increased by23.81%
26
Worsened metrics
- Dependency count
- increased by100%
2
Dependency changes
+ Addedmacaroons.js@^0.3.5
+ Addedecma-nacl@2.5.3(transitive)
+ Addedis-typedarray@1.0.0(transitive)
+ Addedmacaroons.js@0.3.9(transitive)
+ Addedtypedarray-to-buffer@3.1.5(transitive)