UNPKG

oidc-provider

Version:

OAuth 2.0 Authorization Server implementation for Node.js with OpenID Connect

github.com/panva/node-oidc-provider

panva/node-oidc-provider

112 lines (84 loc) 2.29 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
/* eslint-disable no-plusplus, no-bitwise, no-param-reassign */ import { hkdfSync } from 'node:crypto'; import * as base64url from './base64url.js'; function sixfourbeify(value) { const buf = Buffer.alloc(8); for (let i = buf.length - 1; i >= 0; i--) { buf[i] = value & 0xff; value >>= 8; } return buf; } function compute(secret, info, step) { return base64url.encodeBuffer( Buffer.from( hkdfSync('sha256', secret, sixfourbeify(step), info, 32), ), ); } function compare(server, client) { let result = 0; if (server.length !== client.length) { result = 1; client = server; } for (let i = 0; i < server.length; i++) { result |= server.charCodeAt(i) ^ client.charCodeAt(i); } return result; } const STEP = 60; export const CHALLENGE_OK_WINDOW = STEP * 5; export default class ServerChallenge { #counter; #info; #secret; #prevprev; #prev; #now; #next; #nextnext; constructor(secret, info) { if (!Buffer.isBuffer(secret) || secret.byteLength !== 32) { throw new TypeError('Challenge secret must be a 32-byte Buffer instance'); } if (typeof info !== 'string' || !info.length) { throw new TypeError('Challenge info must be a non-empty string'); } this.#info = info; this.#secret = Uint8Array.prototype.slice.call(secret); this.#counter = Math.floor(Date.now() / 1000 / STEP); [this.#prevprev, this.#prev, this.#now, this.#next, this.#nextnext] = [ this.#counter - 2, this.#counter - 1, this.#counter, this.#counter + 1, this.#counter++ + 2, ].map(compute.bind(undefined, this.#secret, this.#info)); setInterval(() => { [ this.#prevprev, this.#prev, this.#now, this.#next, this.#nextnext, ] = [ this.#prev, this.#now, this.#next, this.#nextnext, compute(this.#secret, this.#info, this.#counter++ + 2), ]; }, STEP * 1000).unref(); } nextChallenge() { return this.#next; } checkChallenge(challenge) { let result = 0; for (const server of [this.#prevprev, this.#prev, this.#now, this.#next, this.#nextnext]) { result ^= compare(server, challenge); } return result === 0; } }