mpns - npm Package Compare versions

Comparing version 1.2.7 to 1.2.8

lib/mpns.js

@@ -131,2 +131,7 @@ // Copyright Jeff Wilcox
 
+            case 403:
+                err = result;
+                err.innerError = 'Authenticated push notifications certificate problem.';
+                break;
+
             // Method Not Allowed (bug in this library)          
@@ -149,2 +154,7 @@ case 405:
 
+        // The message object received in the 'response' event is a stream, 
+        // and must be consumed since Node.js version 0.10.x before the 
+        // connection is released back to the pool.
+        message.resume();
+
         if (callback)
@@ -151,0 +161,0 @@ callback(err, err === undefined ? result : undefined);

package.json

 {
   "name": "mpns",
   "description": "A Node.js interface to the Microsoft Push Notification Service (MPNS) for Windows Phone.",
-  "version": "1.2.7",
+  "version": "1.2.8",
   "author": "Jeff Wilcox <jeffwilcox+github@gmail.com>",
@@ -6,0 +6,0 @@ "contributors": [

README.md

@@ -5,3 +5,3 @@ #mpns
 
-Send toast and live tile updates to Windows Phones through the Microsoft Push Notification Service (MPNS). Intended for the cloud and Node.js.
+Send toast and live tile updates to Windows Phones through the Microsoft Push Notification Service (MPNS). Intended for cloud applications powered by Node.js.
 
@@ -168,2 +168,3 @@ ## Installation
 - Yavor Georgiev: https://github.com/yavorg
+- Stephan Eckbauer: https://github.com/ste99
 
@@ -191,2 +192,10 @@ ## License
 
+1.2.8:
+
+* Adds a fix for Node 0.10.10+ to properly consume response data via stream resume
+
+1.2.7:
+
+* Mild refactoring
+
 1.2.6:
@@ -193,0 +202,0 @@

scripts/sendToast.js

@@ -19,3 +19,4 @@ // Copyright Jeff Wilcox
 
-var mpns = require('../lib/mpns');
+var   mpns = require('../lib/mpns')
+    , fs = require('fs');
 
@@ -27,3 +28,18 @@ var args = process.argv;
 function help() {
-	console.log(cmd + ' pushUri [Message]');
+	console.log('Node.js MPNS Module Test Toaster');
+	console.log('Please provide the pushUri to a Microsoft Push Notification Service (MPNS) endpoint to a Windows Phone device.');
+	console.log();
+	console.log('Parameters:');
+	console.log('    ' + cmd + ' pushUri [Message]');
+	console.log();
+
+	// Right now my implementation for auth push testing is specific to my key use practices.
+	console.log('Authenticated push notification channels are supported with the appropriate environment variables:');
+	console.log('    MPNS_CERT: Point to a certificate file.');
+	console.log('    MPNS_CA: Point to a certificate authority or intermediate chain file.');
+	console.log('    MPNS_KEY: Point to a private key file.');
+	console.log();
+	console.log('Or for authenticated push with a PKCS12 package format:');
+	console.log('    MPNS_PFX: The PKCS12 file.');
+	console.log('    MPNS_PASSPHRASE: The optional password for the PKCS12 file.')
 }
@@ -42,6 +58,2 @@
 
-if (uri.indexOf('https') == 0) {
-	throw new Error('Authenticated push channels are not currently supported by this test application.');
-}
-
 var options = {
@@ -52,10 +64,41 @@ text1: args.shift() || TEST_TITLE,
 
-mpns.sendToast(uri, options, function (err, result) {
-	if (err) {
-		console.dir(err);
-		throw new Error('There was a problem with the toast or push channel.');
+var authenticationReady = false;
+var fileEncoding = undefined;
+if (process.env.MPNS_CERT && process.env.MPNS_KEY) {
+	options.cert = fs.readFileSync(process.env.MPNS_CERT, fileEncoding);
+	options.key = fs.readFileSync(process.env.MPNS_KEY, fileEncoding);
+	var ca = process.env.MPNS_CA;
+	if (ca !== undefined) {
+		options.ca = fs.readFileSync(ca, fileEncoding);
+	}
+	authenticationReady = true;
+} else if (process.env.MPNS_PFX) {
+	options.pfx = fs.readFileSync(process.env.MPNS_PFX, fileEncoding);
+	var passphrase = process.env.MPNS_PASSPHRASE;
+	if (passphrase !== undefined) {
+		options.passphrase = passphrase;
+	}
+	authenticationReady = true;
+}
+
+if (uri.indexOf('https') == 0) {
+	if (!authenticationReady) {
+		throw new Error('Authenticated push channels are not currently supported by this test application unless environment variables are set properly.');
 	} else {
-		console.log('OK.');
-		console.dir(result);
+		var keys = [];
+		for (var k in mpns.Properties.ssl) {
+			var key = mpns.Properties.ssl[k];
+			if (options[key]) {
+				keys.push(key);
+			}
+		}
+		console.log('Authenticated push notification channel: ' + keys.join(', '));
 	}
+}
+
+console.log('Sending a toast...');
+
+mpns.sendToast(uri, options, function (err, result) {
+	console.log(err ? 'Error' : 'OK');
+	console.dir(err || result);
 });

New alerts

Environment variable access

Supply chain risk

Package accesses environment variables, which may be a sign of credential stuffing or data theft.

Found 5 instances in 1 package

Filesystem access

Supply chain risk

Accesses the file system, and could potentially read sensitive data.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

31488

increased by8.41%

Lines of code

527

increased by10.02%

Number of lines in readme file

258

increased by3.61%

Worsened metrics

Number of low supply chain risk alerts

10

increased by900%

No dependency changes