Matiss/testapi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

tsoa

Browse Source
This commit is contained in:
Matiss Jurevics
2026-03-03 15:23:00 +00:00
parent 5e3726de39
commit 8e223bfbec
3689 changed files with 955330 additions and 1011 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
node_modules/@hapi/iron/LICENSE.md generated vendored Executable file
View File

@@ -0,0 +1,10 @@
Copyright (c) 2012-2022, Project contributors
Copyright (c) 2012-2020, Sideway Inc
All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
* The names of any contributors may not be used to endorse or promote products derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS AND CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS OFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

17
node_modules/@hapi/iron/README.md generated vendored Executable file
View File

@@ -0,0 +1,17 @@
<a href="https://hapi.dev"><img src="https://raw.githubusercontent.com/hapijs/assets/master/images/family.png" width="180px" align="right" /></a>
# @hapi/iron
#### Encapsulated tokens (encrypted and mac'ed objects).
**iron** is part of the **hapi** ecosystem and was designed to work seamlessly with the [hapi web framework](https://hapi.dev) and its other components (but works great on its own or with other frameworks). If you are using a different web framework and find this module useful, check out [hapi](https://hapi.dev) they work even better together.
### Visit the [hapi.dev](https://hapi.dev) Developer Portal for tutorials, documentation, and support
## Useful resources
- [Documentation and API](https://hapi.dev/family/iron/)
- [Versions status](https://hapi.dev/resources/status/#iron) (builds, dependencies, node versions, licenses, eol)
- [Changelog](https://hapi.dev/family/iron/changelog/)
- [Project policies](https://hapi.dev/policies/)
- [Free and commercial support options](https://hapi.dev/support/)

236
node_modules/@hapi/iron/lib/index.d.ts generated vendored Executable file
View File

@@ -0,0 +1,236 @@
/**
Configuration options for built-in algorithms.
*/
export interface Algorithms {
'aes-128-ctr': {
keyBits: number;
ivBits: number;
};
'aes-256-cbc': {
keyBits: number;
ivBits: number;
};
'sha256': {
keyBits: number;
};
}
/**
seal() method options.
*/
export interface SealOptionsSub {
/**
The length of the salt (random buffer used to ensure that two identical objects will generate a different encrypted result). Defaults to 256.
*/
saltBits: number;
/**
The algorithm used. Defaults to 'aes-256-cbc' for encryption and 'sha256' for integrity.
*/
algorithm: keyof Algorithms;
/**
The number of iterations used to derive a key from the password. Defaults to 1.
*/
iterations: number;
/**
Minimum password size. Defaults to 32.
*/
minPasswordlength: number;
}
/**
generateKey() method options.
*/
export interface GenerateKeyOptions extends Pick<SealOptionsSub, 'algorithm' | 'iterations' | 'minPasswordlength'> {
saltBits?: number;
salt?: string;
iv?: Buffer;
}
/**
Options for customizing the key derivation algorithm used to generate encryption and integrity verification keys as well as the algorithms and salt sizes used.
*/
export interface SealOptions {
/**
Encryption step options.
*/
encryption: SealOptionsSub;
/**
Integrity step options.
*/
integrity: SealOptionsSub;
/**
Sealed object lifetime in milliseconds where 0 means forever. Defaults to 0.
*/
ttl: number;
/**
Number of seconds of permitted clock skew for incoming expirations. Defaults to 60 seconds.
*/
timestampSkewSec: number;
/**
Local clock time offset, expressed in number of milliseconds (positive or negative). Defaults to 0.
*/
localtimeOffsetMsec: number;
}
/**
Generated internal key object.
*/
export interface Key {
key: Buffer;
salt: string;
iv: Buffer;
}
/**
Generated HMAC internal results.
*/
export interface HMacResult {
digest: string;
salt: string;
}
/**
Password secret string or buffer.
*/
type Password = string | Buffer
declare namespace password {
/**
Secret object with optional id.
*/
interface Secret {
id?: string,
secret: Password
}
/**
Secret object with optional id and specified password for each encryption and integrity.
*/
interface Specific {
id?: string,
encryption: Password,
integrity: Password
}
/**
Key-value pairs hash of password id to value
*/
interface Hash {
[id: string]: Password | Secret | Specific;
}
}
/**
The default encryption and integrity settings.
*/
export const defaults: SealOptions;
/**
Configuration of each supported algorithm.
*/
export const algorithms: Algorithms;
/**
MAC normalization format version.
*/
export const macFormatVersion: string;
/**
MAC normalization prefix.
*/
export const macPrefix: string;
/**
Generates a key from the password
@param password - A password string or buffer key
@param options - Object used to customize the key derivation algorithm
@returns An object with keys: key, salt, iv
*/
export function generateKey(password: Password, options: GenerateKeyOptions): Promise<Key>
/**
Encrypt data
@param password - A password string or buffer key
@param options - Object used to customize the key derivation algorithm
@param data - String to encrypt
@returns an object with the following keys: encrypted, key
*/
export function encrypt(password: Password, options: GenerateKeyOptions, data: string): Promise<{ encrypted: Buffer, key: Key }>
/**
Decrypt data
@param password - A password string or buffer key
@param options - Object used to customize the key derivation algorithm
@param data - String to decrypt
@returns the decrypted string
*/
export function decrypt(password: Password, options: GenerateKeyOptions, data: string): Promise<string>
/**
Calculates a HMAC digest
@param password - A password string or buffer key
@param options - Object used to customize the key derivation algorithm
@param data - String to calculate the HMAC over
@returns An object with the following keys: digest, salt
*/
export function hmacWithPassword(password: Password, options: GenerateKeyOptions, data: string): Promise<HMacResult>
/**
Serializes, encrypts, and signs objects into an iron protocol string
@param object - Data being sealed
@param password - A string, buffer, or object
@param options - Object used to customize the key derivation algorithm
@returns Iron sealed string
*/
export function seal(object: any, password: Password | password.Secret | password.Specific, options: SealOptions): Promise<string>
/**
Verifies, decrypts, and reconstruct an iron protocol string into an object
@param sealed - The iron protocol string generated with seal()
@param password - A string, buffer, or object
@param options - Object used to customize the key derivation algorithm
@returns the verified decrypted object
*/
export function unseal(sealed: string, password: Password | password.Hash, options?: SealOptions): Promise<any>

373
node_modules/@hapi/iron/lib/index.js generated vendored Executable file
View File

@@ -0,0 +1,373 @@
'use strict';
const Crypto = require('crypto');
const B64 = require('@hapi/b64');
const Boom = require('@hapi/boom');
const Bourne = require('@hapi/bourne');
const Cryptiles = require('@hapi/cryptiles');
const Hoek = require('@hapi/hoek');
const internals = {};
exports.defaults = {
encryption: {
saltBits: 256,
algorithm: 'aes-256-cbc',
iterations: 1,
minPasswordlength: 32
},
integrity: {
saltBits: 256,
algorithm: 'sha256',
iterations: 1,
minPasswordlength: 32
},
ttl: 0, // Milliseconds, 0 means forever
timestampSkewSec: 60, // Seconds of permitted clock skew for incoming expirations
localtimeOffsetMsec: 0 // Local clock time offset express in a number of milliseconds (positive or negative)
};
// Algorithm configuration
exports.algorithms = {
'aes-128-ctr': { keyBits: 128, ivBits: 128 },
'aes-256-cbc': { keyBits: 256, ivBits: 128 },
'sha256': { keyBits: 256 }
};
// MAC normalization format version
exports.macFormatVersion = '2'; // Prevent comparison of mac values generated with different normalized string formats
exports.macPrefix = 'Fe26.' + exports.macFormatVersion;
// Generate a unique encryption key
/*
const options = {
saltBits: 256, // Ignored if salt is set
salt: '4d8nr9q384nr9q384nr93q8nruq9348run',
algorithm: 'aes-128-ctr',
iterations: 10000,
iv: 'sdfsdfsdfsdfscdrgercgesrcgsercg', // Optional
minPasswordlength: 32
};
*/
exports.generateKey = async function (password, options) {
if (!password) {
throw new Boom.Boom('Empty password');
}
if (!options ||
typeof options !== 'object') {
throw new Boom.Boom('Bad options');
}
const algorithm = exports.algorithms[options.algorithm];
if (!algorithm) {
throw new Boom.Boom('Unknown algorithm: ' + options.algorithm);
}
const result = {};
if (Buffer.isBuffer(password)) {
if (password.length < algorithm.keyBits / 8) {
throw new Boom.Boom('Key buffer (password) too small');
}
result.key = password;
result.salt = '';
}
else {
if (password.length < options.minPasswordlength) {
throw new Boom.Boom('Password string too short (min ' + options.minPasswordlength + ' characters required)');
}
let salt = options.salt;
if (!salt) {
if (!options.saltBits) {
throw new Boom.Boom('Missing salt and saltBits options');
}
const randomSalt = Cryptiles.randomBits(options.saltBits);
salt = randomSalt.toString('hex');
}
const derivedKey = await internals.pbkdf2(password, salt, options.iterations, algorithm.keyBits / 8, 'sha1');
result.key = derivedKey;
result.salt = salt;
}
if (options.iv) {
result.iv = options.iv;
}
else if (algorithm.ivBits) {
result.iv = Cryptiles.randomBits(algorithm.ivBits);
}
return result;
};
// Encrypt data
// options: see exports.generateKey()
exports.encrypt = async function (password, options, data) {
const key = await exports.generateKey(password, options);
const cipher = Crypto.createCipheriv(options.algorithm, key.key, key.iv);
const encrypted = Buffer.concat([cipher.update(data, 'utf8'), cipher.final()]);
return { encrypted, key };
};
// Decrypt data
// options: see exports.generateKey()
exports.decrypt = async function (password, options, data) {
const key = await exports.generateKey(password, options);
const decipher = Crypto.createDecipheriv(options.algorithm, key.key, key.iv);
let dec = decipher.update(data, null, 'utf8');
dec = dec + decipher.final('utf8');
return dec;
};
// HMAC using a password
// options: see exports.generateKey()
exports.hmacWithPassword = async function (password, options, data) {
const key = await exports.generateKey(password, options);
const hmac = Crypto.createHmac(options.algorithm, key.key).update(data);
const digest = hmac.digest('base64').replace(/\+/g, '-').replace(/\//g, '_').replace(/\=/g, '');
return {
digest,
salt: key.salt
};
};
// Normalizes a password parameter into a { id, encryption, integrity } object
// password: string, buffer or object with { id, secret } or { id, encryption, integrity }
internals.normalizePassword = function (password) {
if (password &&
typeof password === 'object' &&
!Buffer.isBuffer(password)) {
return {
id: password.id,
encryption: password.secret ?? password.encryption,
integrity: password.secret ?? password.integrity
};
}
return {
encryption: password,
integrity: password
};
};
// Encrypt and HMAC an object
// password: string, buffer or object with { id, secret } or { id, encryption, integrity }
// options: see exports.defaults
exports.seal = async function (object, password, options) {
options = Object.assign({}, options); // Shallow cloned to prevent changes during async operations
const now = Date.now() + (options.localtimeOffsetMsec ?? 0); // Measure now before any other processing
// Serialize object
const objectString = internals.stringify(object);
// Obtain password
let passwordId = '';
password = internals.normalizePassword(password);
if (password.id) {
if (!/^\w+$/.test(password.id)) {
throw new Boom.Boom('Invalid password id');
}
passwordId = password.id;
}
// Encrypt object string
const { encrypted, key } = await exports.encrypt(password.encryption, options.encryption, objectString);
// Base64url the encrypted value
const encryptedB64 = B64.base64urlEncode(encrypted);
const iv = B64.base64urlEncode(key.iv);
const expiration = (options.ttl ? now + options.ttl : '');
const macBaseString = exports.macPrefix + '*' + passwordId + '*' + key.salt + '*' + iv + '*' + encryptedB64 + '*' + expiration;
// Mac the combined values
const mac = await exports.hmacWithPassword(password.integrity, options.integrity, macBaseString);
// Put it all together
// prefix*[password-id]*encryption-salt*encryption-iv*encrypted*[expiration]*hmac-salt*hmac
// Allowed URI query name/value characters: *-. \d \w
const sealed = macBaseString + '*' + mac.salt + '*' + mac.digest;
return sealed;
};
// Decrypt and validate sealed string
// password: string, buffer or object with { id: secret } or { id: { encryption, integrity } }
// options: see exports.defaults
exports.unseal = async function (sealed, password, options) {
options = Object.assign({}, options); // Shallow cloned to prevent changes during async operations
const now = Date.now() + (options.localtimeOffsetMsec ?? 0); // Measure now before any other processing
// Break string into components
const parts = sealed.split('*');
if (parts.length !== 8) {
throw new Boom.Boom('Incorrect number of sealed components');
}
const macPrefix = parts[0];
const passwordId = parts[1];
const encryptionSalt = parts[2];
const encryptionIv = parts[3];
const encryptedB64 = parts[4];
const expiration = parts[5];
const hmacSalt = parts[6];
const hmac = parts[7];
const macBaseString = macPrefix + '*' + passwordId + '*' + encryptionSalt + '*' + encryptionIv + '*' + encryptedB64 + '*' + expiration;
// Check prefix
if (macPrefix !== exports.macPrefix) {
throw new Boom.Boom('Wrong mac prefix');
}
// Check expiration
if (expiration) {
if (!expiration.match(/^\d+$/)) {
throw new Boom.Boom('Invalid expiration');
}
const exp = parseInt(expiration, 10);
if (exp <= (now - (options.timestampSkewSec * 1000))) {
throw new Boom.Boom('Expired seal');
}
}
// Obtain password
if (!password) {
throw new Boom.Boom('Empty password');
}
if (typeof password === 'object' &&
!Buffer.isBuffer(password)) {
password = password[passwordId || 'default'];
if (!password) {
throw new Boom.Boom('Cannot find password: ' + passwordId);
}
}
password = internals.normalizePassword(password);
// Check hmac
const macOptions = Hoek.clone(options.integrity);
macOptions.salt = hmacSalt;
const mac = await exports.hmacWithPassword(password.integrity, macOptions, macBaseString);
if (!Cryptiles.fixedTimeComparison(mac.digest, hmac)) {
throw new Boom.Boom('Bad hmac value');
}
// Decrypt
try {
var encrypted = B64.base64urlDecode(encryptedB64, 'buffer');
}
catch (err) {
throw Boom.boomify(err);
}
const decryptOptions = Hoek.clone(options.encryption);
decryptOptions.salt = encryptionSalt;
try {
decryptOptions.iv = B64.base64urlDecode(encryptionIv, 'buffer');
}
catch (err) {
throw Boom.boomify(err);
}
const decrypted = await exports.decrypt(password.encryption, decryptOptions, encrypted);
// Parse JSON
try {
return Bourne.parse(decrypted);
}
catch (err) {
throw new Boom.Boom('Failed parsing sealed object JSON: ' + err.message);
}
};
internals.stringify = function (object) {
try {
return JSON.stringify(object);
}
catch (err) {
throw new Boom.Boom('Failed to stringify object: ' + err.message);
}
};
internals.pbkdf2 = function (...args) {
return new Promise((resolve, reject) => {
const next = (err, result) => {
if (err) {
return reject(Boom.boomify(err));
}
resolve(result);
};
args.push(next);
Crypto.pbkdf2(...args);
});
};

40
node_modules/@hapi/iron/package.json generated vendored Executable file
View File

@@ -0,0 +1,40 @@
{
"name": "@hapi/iron",
"description": "Encapsulated tokens (encrypted and mac'ed objects)",
"version": "7.0.1",
"repository": "git://github.com/hueniverse/iron",
"main": "lib/index.js",
"types": "lib/index.d.ts",
"files": [
"lib"
],
"keywords": [
"authentication",
"encryption",
"data integrity"
],
"eslintConfig": {
"extends": [
"plugin:@hapi/module"
]
},
"dependencies": {
"@hapi/hoek": "^11.0.2",
"@hapi/b64": "^6.0.1",
"@hapi/boom": "^10.0.1",
"@hapi/bourne": "^3.0.0",
"@hapi/cryptiles": "^6.0.1"
},
"devDependencies": {
"@hapi/code": "^9.0.3",
"@hapi/eslint-plugin": "*",
"@hapi/lab": "^25.1.2",
"@types/node": "^17.0.31",
"typescript": "~4.6.4"
},
"scripts": {
"test": "lab -a @hapi/code -t 100 -L -Y",
"test-cov-html": "lab -a @hapi/code -t 100 -L -r html -o coverage.html"
},
"license": "BSD-3-Clause"
}