UNPKG

mysql2

Version:

fast mysql driver. Implements core protocol, prepared statements, ssl and compression in native JS

sidorares.github.io/node-mysql2/docs

sidorares/node-mysql2

109 lines (92 loc) 3.26 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
'use strict'; // https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/ const PLUGIN_NAME = 'caching_sha2_password'; const crypto = require('crypto'); const { xor, xorRotating } = require('../auth_41'); const REQUEST_SERVER_KEY_PACKET = Buffer.from([2]); const FAST_AUTH_SUCCESS_PACKET = Buffer.from([3]); const PERFORM_FULL_AUTHENTICATION_PACKET = Buffer.from([4]); const STATE_INITIAL = 0; const STATE_TOKEN_SENT = 1; const STATE_WAIT_SERVER_KEY = 2; const STATE_FINAL = -1; function sha256(msg) { const hash = crypto.createHash('sha256'); hash.update(msg); return hash.digest(); } function calculateToken(password, scramble) { if (!password) { return Buffer.alloc(0); } const stage1 = sha256(Buffer.from(password)); const stage2 = sha256(stage1); const stage3 = sha256(Buffer.concat([stage2, scramble])); return xor(stage1, stage3); } function encrypt(password, scramble, key) { const stage1 = xorRotating(Buffer.from(`${password}\0`, 'utf8'), scramble); return crypto.publicEncrypt( { key, padding: crypto.constants.RSA_PKCS1_OAEP_PADDING, }, stage1 ); } module.exports = (pluginOptions = {}) => ({ connection }) => { let state = 0; let scramble = null; const password = connection.config.password; const authWithKey = (serverKey) => { const _password = encrypt(password, scramble, serverKey); state = STATE_FINAL; return _password; }; return (data) => { switch (state) { case STATE_INITIAL: scramble = data.slice(0, 20); state = STATE_TOKEN_SENT; return calculateToken(password, scramble); case STATE_TOKEN_SENT: if (FAST_AUTH_SUCCESS_PACKET.equals(data)) { state = STATE_FINAL; return null; } if (PERFORM_FULL_AUTHENTICATION_PACKET.equals(data)) { const isSecureConnection = typeof pluginOptions.overrideIsSecure === 'undefined' ? connection.config.ssl || connection.config.socketPath : pluginOptions.overrideIsSecure; if (isSecureConnection) { state = STATE_FINAL; return Buffer.from(`${password}\0`, 'utf8'); } // if client provides key we can save one extra roundrip on first connection if (pluginOptions.serverPublicKey) { return authWithKey(pluginOptions.serverPublicKey); } state = STATE_WAIT_SERVER_KEY; return REQUEST_SERVER_KEY_PACKET; } throw new Error( `Invalid AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_TOKEN_SENT state.` ); case STATE_WAIT_SERVER_KEY: if (pluginOptions.onServerPublicKey) { pluginOptions.onServerPublicKey(data); } return authWithKey(data); case STATE_FINAL: throw new Error( `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_FINAL state.` ); } throw new Error( `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in state ${state}` ); }; };