UNPKG

@headwall/trusted-network-providers

Version:

Trusted network hosts and address ranges.

github.com/headwalluk/trusted-network-providers

headwalluk/trusted-network-providers

104 lines (91 loc) 2.95 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
/** * checksum-verifier.js * * Utilities for verifying checksums of bundled assets */ const fs = require('fs'); const path = require('path'); const { calculateSHA256 } = require('./secure-http-client'); let cachedChecksums = null; /** * Load checksums from the checksums.json file * @returns {object} - The checksums configuration */ function loadChecksums() { if (cachedChecksums) { return cachedChecksums; } try { const checksumsPath = path.join(__dirname, '../assets/checksums.json'); const checksumsData = fs.readFileSync(checksumsPath, 'utf8'); cachedChecksums = JSON.parse(checksumsData); return cachedChecksums; } catch (error) { console.warn(`Warning: Could not load checksums file: ${error.message}`); return { providers: {} }; } } /** * Verify the checksum of a bundled asset file * @param {string} filePath - Path to the file to verify * @param {string} providerKey - Key in checksums.json (e.g., 'googlebot') * @param {boolean} strict - If true, throw error on mismatch; if false, log warning * @returns {boolean} - True if checksum matches or verification disabled * @throws {Error} - If strict=true and checksum doesn't match */ function verifyAssetChecksum(filePath, providerKey, strict = false) { const checksums = loadChecksums(); const providerConfig = checksums.providers[providerKey]; // If no checksum configured, skip verification if (!providerConfig || !providerConfig.sha256) { if (strict) { console.warn(`Warning: No checksum configured for ${providerKey}`); } return true; } try { const fileContent = fs.readFileSync(filePath, 'utf8'); const actualChecksum = calculateSHA256(fileContent); const expectedChecksum = providerConfig.sha256; if (actualChecksum !== expectedChecksum) { const message = `Checksum mismatch for ${providerKey} at ${filePath}\n` + `Expected: ${expectedChecksum}\n` + `Got: ${actualChecksum}\n` + 'This may indicate file corruption or tampering.'; if (strict) { throw new Error(message); } else { console.warn(`Warning: ${message}`); return false; } } return true; } catch (error) { if (error.code === 'ENOENT') { const message = `Asset file not found: ${filePath}`; if (strict) { throw new Error(message); } else { console.warn(`Warning: ${message}`); return false; } } throw error; } } /** * Get the expected checksum for a provider * @param {string} providerKey - Key in checksums.json * @returns {string|null} - The expected checksum or null */ function getExpectedChecksum(providerKey) { const checksums = loadChecksums(); const providerConfig = checksums.providers[providerKey]; return providerConfig ? providerConfig.sha256 : null; } module.exports = { loadChecksums, verifyAssetChecksum, getExpectedChecksum, };