Comparing version 8.11.1 to 8.11.2
@@ -7,87 +7,4 @@ 'use strict' | ||
module.exports = require('./utils-legacy') | ||
return | ||
} else { | ||
module.exports = require('./utils-webcrypto'); | ||
} | ||
const nodeCrypto = require('crypto') | ||
module.exports = { | ||
postgresMd5PasswordHash, | ||
randomBytes, | ||
deriveKey, | ||
sha256, | ||
hmacSha256, | ||
md5, | ||
} | ||
/** | ||
* The Web Crypto API - grabbed from the Node.js library or the global | ||
* @type Crypto | ||
*/ | ||
const webCrypto = nodeCrypto.webcrypto || globalThis.crypto | ||
/** | ||
* The SubtleCrypto API for low level crypto operations. | ||
* @type SubtleCrypto | ||
*/ | ||
const subtleCrypto = webCrypto.subtle | ||
const textEncoder = new TextEncoder() | ||
/** | ||
* | ||
* @param {*} length | ||
* @returns | ||
*/ | ||
function randomBytes(length) { | ||
return webCrypto.getRandomValues(Buffer.alloc(length)) | ||
} | ||
async function md5(string) { | ||
try { | ||
return nodeCrypto.createHash('md5').update(string, 'utf-8').digest('hex') | ||
} catch (e) { | ||
// `createHash()` failed so we are probably not in Node.js, use the WebCrypto API instead. | ||
// Note that the MD5 algorithm on WebCrypto is not available in Node.js. | ||
// This is why we cannot just use WebCrypto in all environments. | ||
const data = typeof string === 'string' ? textEncoder.encode(string) : string | ||
const hash = await subtleCrypto.digest('MD5', data) | ||
return Array.from(new Uint8Array(hash)) | ||
.map((b) => b.toString(16).padStart(2, '0')) | ||
.join('') | ||
} | ||
} | ||
// See AuthenticationMD5Password at https://www.postgresql.org/docs/current/static/protocol-flow.html | ||
async function postgresMd5PasswordHash(user, password, salt) { | ||
var inner = await md5(password + user) | ||
var outer = await md5(Buffer.concat([Buffer.from(inner), salt])) | ||
return 'md5' + outer | ||
} | ||
/** | ||
* Create a SHA-256 digest of the given data | ||
* @param {Buffer} data | ||
*/ | ||
async function sha256(text) { | ||
return await subtleCrypto.digest('SHA-256', text) | ||
} | ||
/** | ||
* Sign the message with the given key | ||
* @param {ArrayBuffer} keyBuffer | ||
* @param {string} msg | ||
*/ | ||
async function hmacSha256(keyBuffer, msg) { | ||
const key = await subtleCrypto.importKey('raw', keyBuffer, { name: 'HMAC', hash: 'SHA-256' }, false, ['sign']) | ||
return await subtleCrypto.sign('HMAC', key, textEncoder.encode(msg)) | ||
} | ||
/** | ||
* Derive a key from the password and salt | ||
* @param {string} password | ||
* @param {Uint8Array} salt | ||
* @param {number} iterations | ||
*/ | ||
async function deriveKey(password, salt, iterations) { | ||
const key = await subtleCrypto.importKey('raw', textEncoder.encode(password), 'PBKDF2', false, ['deriveBits']) | ||
const params = { name: 'PBKDF2', hash: 'SHA-256', salt: salt, iterations: iterations } | ||
return await subtleCrypto.deriveBits(params, key, 32 * 8, ['deriveBits']) | ||
} |
{ | ||
"name": "pg", | ||
"version": "8.11.1", | ||
"version": "8.11.2", | ||
"description": "PostgreSQL client - pure javascript & libpq with the same API", | ||
@@ -25,3 +25,3 @@ "keywords": [ | ||
"packet-reader": "1.0.0", | ||
"pg-connection-string": "^2.6.1", | ||
"pg-connection-string": "^2.6.2", | ||
"pg-pool": "^3.6.1", | ||
@@ -64,3 +64,3 @@ "pg-protocol": "^1.6.0", | ||
}, | ||
"gitHead": "eaafac36dc8f4a13f1fecc9e3420d35559fd8e2b" | ||
"gitHead": "a2a355a6807bf75d92d7f0cb0f219588811a5356" | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
77177
20
2202
Updatedpg-connection-string@^2.6.2