UNPKG

@uppy/companion

Version:

OAuth helper and remote fetcher for Uppy's (https://uppy.io) extensible file upload widget with support for drag&drop, resumable uploads, previews, restrictions, file processing/encoding, remote providers like Dropbox and Google Drive, S3 and more :dog:

github.com/transloadit/uppy

transloadit/uppy

268 lines (267 loc) 9.61 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
"use strict"; const crypto = require('node:crypto'); const logger = require('../logger.js'); const authTagLength = 16; const nonceLength = 16; const encryptionKeyLength = 32; const ivLength = 12; /** * * @param {string} value * @param {string[]} criteria * @returns {boolean} */ exports.hasMatch = (value, criteria) => { return criteria.some((i) => { return value === i || new RegExp(i).test(value); }); }; /** * * @param {object} data * @returns {string} */ exports.jsonStringify = (data) => { const cache = []; return JSON.stringify(data, (key, value) => { if (typeof value === 'object' && value !== null) { if (cache.indexOf(value) !== -1) { // Circular reference found, discard key return undefined; } cache.push(value); } return value; }); }; // all paths are assumed to be '/' prepended /** * Returns a url builder * * @param {object} options companion options */ module.exports.getURLBuilder = (options) => { /** * Builds companion targeted url * * @param {string} subPath the tail path of the url * @param {boolean} isExternal if the url is for the external world * @param {boolean} [excludeHost] if the server domain and protocol should be included */ const buildURL = (subPath, isExternal, excludeHost) => { let path = ''; if (isExternal && options.server.implicitPath) { path += options.server.implicitPath; } if (options.server.path) { path += options.server.path; } path += subPath; if (excludeHost) { return path; } return `${options.server.protocol}://${options.server.host}${path}`; }; return buildURL; }; module.exports.getRedirectPath = (providerName) => `/${providerName}/redirect`; /** * Create an AES-CCM encryption key and initialization vector from the provided secret * and a random nonce. * * @param {string|Buffer} secret * @param {Buffer|undefined} nonce */ function createSecrets(secret, nonce) { const key = crypto.hkdfSync('sha256', secret, new Uint8Array(32), nonce, encryptionKeyLength + ivLength); const buf = Buffer.from(key); return { key: buf.subarray(0, encryptionKeyLength), iv: buf.subarray(encryptionKeyLength, encryptionKeyLength + ivLength), }; } /** * Encrypt a buffer or string with AES256 and a random iv. * * @param {string} input * @param {string|Buffer} secret * @returns {string} Ciphertext as a hex string, prefixed with 32 hex characters containing the iv. */ module.exports.encrypt = (input, secret) => { const nonce = crypto.randomBytes(nonceLength); const { key, iv } = createSecrets(secret, nonce); const cipher = crypto.createCipheriv('aes-256-ccm', key, iv, { authTagLength, }); const encrypted = Buffer.concat([ cipher.update(input, 'utf8'), cipher.final(), cipher.getAuthTag(), ]); // add nonce to encrypted string to use for decryption return `${nonce.toString('hex')}${encrypted.toString('base64url')}`; }; // todo backwards compat for old tokens - remove in the future function compatDecrypt(encrypted, secret) { // Need at least 32 chars for the iv if (encrypted.length < 32) { throw new Error('Invalid encrypted value. Maybe it was generated with an old Companion version?'); } // NOTE: The first 32 characters are the iv, in hex format. The rest is the encrypted string, in base64 format. const iv = Buffer.from(encrypted.slice(0, 32), 'hex'); const encryptionWithoutIv = encrypted.slice(32); let decipher; try { const secretHashed = crypto.createHash('sha256'); secretHashed.update(secret); decipher = crypto.createDecipheriv('aes256', secretHashed.digest(), iv); } catch (err) { if (err.code === 'ERR_CRYPTO_INVALID_IV') { throw new Error('Invalid initialization vector'); } else { throw err; } } const urlDecode = (encoded) => encoded.replace(/-/g, '+').replace(/_/g, '/').replace(/~/g, '='); let decrypted = decipher.update(urlDecode(encryptionWithoutIv), 'base64', 'utf8'); decrypted += decipher.final('utf8'); return decrypted; } /** * Decrypt an iv-prefixed or string with AES256. The iv should be in the first 32 hex characters. * * @param {string} encrypted hex encoded string of encrypted data * @param {string|Buffer} secret * @returns {string} Decrypted value. */ module.exports.decrypt = (encrypted, secret) => { try { const nonceHexLength = nonceLength * 2; // because hex encoding uses 2 bytes per byte // NOTE: The first 32 characters are the nonce, in hex format. const nonce = Buffer.from(encrypted.slice(0, nonceHexLength), 'hex'); // The rest is the encrypted string, in base64url format. const encryptionWithoutNonce = Buffer.from(encrypted.slice(nonceHexLength), 'base64url'); // The last 16 bytes of the rest is the authentication tag const authTag = encryptionWithoutNonce.subarray(-authTagLength); // and the rest (from beginning) is the encrypted data const encryptionWithoutNonceAndTag = encryptionWithoutNonce.subarray(0, -authTagLength); if (nonce.length < nonceLength) { throw new Error('Invalid encrypted value. Maybe it was generated with an old Companion version?'); } const { key, iv } = createSecrets(secret, nonce); const decipher = crypto.createDecipheriv('aes-256-ccm', key, iv, { authTagLength, }); decipher.setAuthTag(authTag); const decrypted = Buffer.concat([ decipher.update(encryptionWithoutNonceAndTag), decipher.final(), ]); return decrypted.toString('utf8'); } catch (err) { // todo backwards compat for old tokens - remove in the future logger.info('Failed to decrypt - trying old encryption format instead', err); return compatDecrypt(encrypted, secret); } }; module.exports.defaultGetKey = ({ filename }) => { return `${crypto.randomUUID()}-${filename}`; }; /** * Our own HttpError in cases where we can't use `got`'s `HTTPError` */ class HttpError extends Error { statusCode; responseJson; constructor({ statusCode, responseJson }) { super(`Request failed with status ${statusCode}`); this.statusCode = statusCode; this.responseJson = responseJson; this.name = 'HttpError'; } } module.exports.HttpError = HttpError; module.exports.prepareStream = async (stream) => new Promise((resolve, reject) => { stream .on('response', (response) => { const contentLengthStr = response.headers['content-length']; const contentLength = parseInt(contentLengthStr, 10); const size = !Number.isNaN(contentLength) && contentLength >= 0 ? contentLength : undefined; // Don't allow any more data to flow yet. // https://github.com/request/request/issues/1990#issuecomment-184712275 stream.pause(); resolve({ size }); }) .on('error', (err) => { // In this case the error object is not a normal GOT HTTPError where json is already parsed, // we use our own HttpError error for this scenario. if (typeof err.response?.body === 'string' && typeof err.response?.statusCode === 'number') { let responseJson; try { responseJson = JSON.parse(err.response.body); } catch (_err2) { reject(err); return; } reject(new HttpError({ statusCode: err.response.statusCode, responseJson, })); return; } reject(err); }); }); module.exports.getBasicAuthHeader = (key, secret) => { const base64 = Buffer.from(`${key}:${secret}`, 'binary').toString('base64'); return `Basic ${base64}`; }; const rfc2047Encode = (dataIn) => { const data = `${dataIn}`; // biome-ignore lint/suspicious/noControlCharactersInRegex: leave it for now if (/^[\x00-\x7F]*$/.test(data)) return data; // we return ASCII as is return `=?UTF-8?B?${Buffer.from(data).toString('base64')}?=`; // We encode non-ASCII strings }; module.exports.rfc2047EncodeMetadata = (metadata) => Object.fromEntries(Object.entries(metadata).map((entry) => entry.map(rfc2047Encode))); /** * * @param {{ * bucketOrFn: string | ((a: { * req: import('express').Request, * metadata: Record<string, string>, * filename: string | undefined, * }) => string), * req: import('express').Request, * metadata?: Record<string, string>, * filename?: string, * }} param0 * @returns */ module.exports.getBucket = ({ bucketOrFn, req, metadata, filename }) => { const bucket = typeof bucketOrFn === 'function' ? bucketOrFn({ req, metadata, filename }) : bucketOrFn; if (typeof bucket !== 'string' || bucket === '') { // This means a misconfiguration or bug throw new TypeError('s3: bucket key must be a string or a function resolving the bucket string'); } return bucket; }; /** * Truncate filename to a maximum length. * * @param {string} filename * @param {number} maxFilenameLength * @returns {string} */ module.exports.truncateFilename = (filename, maxFilenameLength) => { return filename.slice(maxFilenameLength * -1); };