From f47534f9e85132923216f8924143f486286c5675 Mon Sep 17 00:00:00 2001 From: Pol Vallverdu <86187892+polvallverdu@users.noreply.github.com> Date: Mon, 11 Mar 2024 19:00:50 +0100 Subject: [PATCH] fix: removes atob usage and fixes #24 (#25) * feat: removes atob usage and fixes https://github.com/cloudflare/serverless-registry/issues/24 --- package-lock.json | 27 +++++++++++++++++++++++++++ package.json | 1 + pnpm-lock.yaml | 13 +++++++++++++ src/auth.ts | 7 +++---- src/token.ts | 7 ++----- yarn.lock | 12 ++++++++++++ 6 files changed, 58 insertions(+), 9 deletions(-) diff --git a/package-lock.json b/package-lock.json index c30cd99..5399793 100644 --- a/package-lock.json +++ b/package-lock.json @@ -9,6 +9,7 @@ "version": "1.0.0", "license": "Apache-2.0", "dependencies": { + "@cfworker/base64url": "^1.12.5", "@tsndr/cloudflare-worker-jwt": "^2.5.1", "itty-router": "^4.0.27", "zod": "^3.22.4" @@ -36,6 +37,14 @@ "node": ">=0.10.0" } }, + "node_modules/@cfworker/base64url": { + "version": "1.12.5", + "resolved": "https://registry.npmjs.org/@cfworker/base64url/-/base64url-1.12.5.tgz", + "integrity": "sha512-pNLrz0D0MguzFLJisBUv+XOTkpRpRTIMI7/r2QwTWI2MR5VJ7Hysd6ug6DBWksKFy7TK3hCf+qejufdJSN5X+A==", + "dependencies": { + "rfc4648": "^1.5.2" + } + }, "node_modules/@cloudflare/kv-asset-handler": { "version": "0.3.1", "resolved": "https://registry.npmjs.org/@cloudflare/kv-asset-handler/-/kv-asset-handler-0.3.1.tgz", @@ -3016,6 +3025,11 @@ "node": ">=0.10.0" } }, + "node_modules/rfc4648": { + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz", + "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ==" + }, "node_modules/rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", @@ -4255,6 +4269,14 @@ "integrity": "sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA==", "dev": true }, + "@cfworker/base64url": { + "version": "1.12.5", + "resolved": "https://registry.npmjs.org/@cfworker/base64url/-/base64url-1.12.5.tgz", + "integrity": "sha512-pNLrz0D0MguzFLJisBUv+XOTkpRpRTIMI7/r2QwTWI2MR5VJ7Hysd6ug6DBWksKFy7TK3hCf+qejufdJSN5X+A==", + "requires": { + "rfc4648": "^1.5.2" + } + }, "@cloudflare/kv-asset-handler": { "version": "0.3.1", "resolved": "https://registry.npmjs.org/@cloudflare/kv-asset-handler/-/kv-asset-handler-0.3.1.tgz", @@ -6325,6 +6347,11 @@ "integrity": "sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw==", "dev": true }, + "rfc4648": { + "version": "1.5.3", + "resolved": "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz", + "integrity": "sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ==" + }, "rimraf": { "version": "3.0.2", "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz", diff --git a/package.json b/package.json index cc3d99c..25222e9 100644 --- a/package.json +++ b/package.json @@ -10,6 +10,7 @@ "test": "cross-env NODE_OPTIONS=--experimental-vm-modules vitest run" }, "dependencies": { + "@cfworker/base64url": "^1.12.5", "@tsndr/cloudflare-worker-jwt": "^2.5.1", "itty-router": "^4.0.27", "zod": "^3.22.4" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6c9fc14..89eec93 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -5,6 +5,9 @@ settings: excludeLinksFromLockfile: false dependencies: + '@cfworker/base64url': + specifier: ^1.12.5 + version: 1.12.5 '@tsndr/cloudflare-worker-jwt': specifier: ^2.5.1 version: 2.5.1 @@ -48,6 +51,12 @@ packages: engines: {node: '>=0.10.0'} dev: true + /@cfworker/base64url@1.12.5: + resolution: {integrity: sha512-pNLrz0D0MguzFLJisBUv+XOTkpRpRTIMI7/r2QwTWI2MR5VJ7Hysd6ug6DBWksKFy7TK3hCf+qejufdJSN5X+A==} + dependencies: + rfc4648: 1.5.3 + dev: false + /@cloudflare/kv-asset-handler@0.3.1: resolution: {integrity: sha512-lKN2XCfKCmpKb86a1tl4GIwsJYDy9TGuwjhDELLmpKygQhw8X2xR4dusgpC5Tg7q1pB96Eb0rBo81kxSILQMwA==} dependencies: @@ -2106,6 +2115,10 @@ packages: engines: {iojs: '>=1.0.0', node: '>=0.10.0'} dev: true + /rfc4648@1.5.3: + resolution: {integrity: sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ==} + dev: false + /rimraf@3.0.2: resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} hasBin: true diff --git a/src/auth.ts b/src/auth.ts index e85d506..daacdc7 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -1,3 +1,5 @@ +import { decode } from "@cfworker/base64url"; + export type RegistryTokenCapability = "push" | "pull"; export type RegistryAuthProtocolTokenPayload = { username: string; @@ -38,10 +40,7 @@ export function stripUsernamePasswordFromHeader(r: Request): [string, string] | } // Decodes the base64 value and performs unicode normalization. - // @see https://datatracker.ietf.org/doc/html/rfc7613#section-3.3.2 (and #section-4.2.2) - // @see https://dev.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/normalize - const buffer = Uint8Array.from(atob(encoded), (character) => character.charCodeAt(0)); - const decoded = new TextDecoder().decode(buffer).normalize(); + const decoded = decode(encoded); // The username & password are split by the first colon. //=> example: "username:password" diff --git a/src/token.ts b/src/token.ts index 9ec37cd..c6b0a5f 100644 --- a/src/token.ts +++ b/src/token.ts @@ -1,3 +1,4 @@ +import { decode } from "@cfworker/base64url"; import jwt from "@tsndr/cloudflare-worker-jwt"; import { RegistryTokenCapability, @@ -8,11 +9,7 @@ import { export function importKeyFromBase64(key: string): JsonWebKey { // Decodes the base64 value and performs unicode normalization. - // @see https://datatracker.ietf.org/doc/html/rfc7613#section-3.3.2 (and #section-4.2.2) - // @see https://dev.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/normalize - const buffer = Uint8Array.from(atob(key), (character) => character.charCodeAt(0)); - const decoded = new TextDecoder().decode(buffer).normalize(); - return JSON.parse(decoded); + return JSON.parse(decode(key)); } export async function newRegistryTokens(jwtPublicKey: string): Promise { diff --git a/yarn.lock b/yarn.lock index 03032ce..26bce83 100644 --- a/yarn.lock +++ b/yarn.lock @@ -7,6 +7,13 @@ resolved "https://registry.npmjs.org/@aashutoshrathi/word-wrap/-/word-wrap-1.2.6.tgz" integrity sha512-1Yjs2SvM8TflER/OD3cOjhWWOZb58A2t7wpE2S9XfBYTiIl+XFhQG2bjy4Pu1I+EAlCNUzRDYDdFwFYUKvXcIA== +"@cfworker/base64url@^1.12.5": + version "1.12.5" + resolved "https://registry.npmjs.org/@cfworker/base64url/-/base64url-1.12.5.tgz" + integrity sha512-pNLrz0D0MguzFLJisBUv+XOTkpRpRTIMI7/r2QwTWI2MR5VJ7Hysd6ug6DBWksKFy7TK3hCf+qejufdJSN5X+A== + dependencies: + rfc4648 "^1.5.2" + "@cloudflare/kv-asset-handler@0.3.1": version "0.3.1" resolved "https://registry.npmjs.org/@cloudflare/kv-asset-handler/-/kv-asset-handler-0.3.1.tgz" @@ -1488,6 +1495,11 @@ reusify@^1.0.4: resolved "https://registry.npmjs.org/reusify/-/reusify-1.0.4.tgz" integrity sha512-U9nH88a3fc/ekCF1l0/UP1IosiuIjyTh7hBvXVMHYgVcfGvt897Xguj2UOLDeI5BG2m7/uwyaLVT6fbtCwTyzw== +rfc4648@^1.5.2: + version "1.5.3" + resolved "https://registry.npmjs.org/rfc4648/-/rfc4648-1.5.3.tgz" + integrity sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ== + rimraf@^3.0.2: version "3.0.2" resolved "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz"