UNPKG

kafka-ts

Version:

**KafkaTS** is a Apache Kafka client library for Node.js. It provides both a low-level API for communicating directly with the Apache Kafka cluster and high-level APIs for publishing and subscribing to Kafka topics.

github.com/priitkaard/kafka-ts

priitkaard/kafka-ts

41 lines (40 loc) 2.15 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.saslScramSha512 = exports.saslScramSha256 = void 0; const api_1 = require("../api"); const crypto_1 = require("../utils/crypto"); const error_1 = require("../utils/error"); const saslScram = ({ mechanism, keyLength, digest }) => ({ username, password }) => ({ mechanism, authenticate: async ({ sendRequest }) => { const nonce = (0, crypto_1.generateNonce)(); const firstMessage = `n=${username},r=${nonce}`; const { authBytes } = await sendRequest(api_1.API.SASL_AUTHENTICATE, { authBytes: Buffer.from(`n,,${firstMessage}`), }); if (!authBytes) { throw new error_1.KafkaTSError('No auth response'); } const response = Object.fromEntries(authBytes .toString() .split(',') .map((pair) => pair.split('='))); const rnonce = response.r; if (!rnonce.startsWith(nonce)) { throw new error_1.KafkaTSError('Invalid nonce'); } const iterations = parseInt(response.i); const salt = (0, crypto_1.base64Decode)(response.s); const saltedPassword = await (0, crypto_1.saltPassword)(password, salt, iterations, keyLength, digest); const clientKey = (0, crypto_1.hmac)(saltedPassword, 'Client Key', digest); const clientKeyHash = (0, crypto_1.hash)(clientKey, digest); let finalMessage = `c=${(0, crypto_1.base64Encode)('n,,')},r=${rnonce}`; const fullMessage = `${firstMessage},${authBytes.toString()},${finalMessage}`; const clientSignature = (0, crypto_1.hmac)(clientKeyHash, fullMessage, digest); const clientProof = (0, crypto_1.base64Encode)((0, crypto_1.xor)(clientKey, clientSignature)); finalMessage += `,p=${clientProof}`; await sendRequest(api_1.API.SASL_AUTHENTICATE, { authBytes: Buffer.from(finalMessage) }); }, }); exports.saslScramSha256 = saslScram({ mechanism: 'SCRAM-SHA-256', keyLength: 32, digest: 'sha256' }); exports.saslScramSha512 = saslScram({ mechanism: 'SCRAM-SHA-512', keyLength: 64, digest: 'sha512' });