UNPKG

srs.js

Version:

Sender Rewriting Scheme in JS.

github.com/samcday/srs.js

samcday/srs.js

140 lines (111 loc) 3.85 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
"use strict"; var crypto = require("crypto"); // This timestamp code is based on the C libsrs2 implementation. var timeBaseChars = "ABCDEFGHIJKLMNOPQRSTUVWXYZ234567", timeSize = 2, timeBaseBits = 5, timePrecision = (60 * 60 * 24), timeSlots = (1<<(timeBaseBits<<(timeSize-1))), validSeparators = "=-+"; function makeTimestamp() { var now = Math.round(Date.now() / 1000 / timePrecision); var str = timeBaseChars[now & ((1 << timeBaseBits) - 1)]; now = now >> timeBaseBits; str = timeBaseChars[now & ((1 << timeBaseBits) - 1)] + str; return str; } function createHash(secret, timestamp, domain, local) { var hmac = crypto.createHmac("sha1", secret); Array.prototype.slice.call(arguments, 1).forEach(function(data) { hmac.update(data); }); return hmac.digest("hex").substring(0, 4); } function checkTimestamp(str, maxAge) { var then = 0; for (var i = 0; i < str.length; i++) { then = (then << timeBaseBits) | timeBaseChars.indexOf(str[i].toUpperCase()); } var now = Math.round(Date.now() / 1000 / timePrecision) % timeSlots; while(now < then) { now = now + timeSlots; } return now <= then + maxAge; } function SRS(options) { options = options || {}; this.secret = options.secret; this.separator = (options.separator || "=")[0]; this.maxAge = options.maxAge || 21; if (!this.secret) { throw new TypeError("A secret must be provided"); } if (validSeparators.indexOf(this.separator) < 0) { throw new TypeError("Invalid separator"); } this.srs0Re = new RegExp("SRS0[\\-=+]([0-9a-f]{4})=" + "([" + timeBaseChars + "]{2})=" + "([^=]*)=(.*)"); this.srs1Re = new RegExp("SRS1[\\-=+]([0-9a-f]{4})=([^=]*)=(.*)"); } SRS.prototype.isSrs0 = function(local) { return local.indexOf("SRS0") === 0; }; SRS.prototype.isSrs1 = function(local) { return local.indexOf("SRS1") === 0; }; SRS.prototype.rewrite = function(local, domain) { if (this.isSrs0(local)) { // Create a guarded address. var guarded = local.substring(4); return "SRS1" + this.separator + createHash(this.secret, domain, guarded) + this.separator + domain + this.separator + guarded; } else if (this.isSrs1(local)) { var match = this.srs1Re.exec(local); if (!match) { throw new Error("Attempted to rewrite invalid SRS1 address."); } return "SRS1" + this.separator + createHash(this.secret, match[2], match[3]) + "=" + match[2] + "=" + match[3]; } var timestamp = makeTimestamp(); var hash = createHash(this.secret, timestamp, domain, local); return "SRS0" + this.separator + hash + "=" + timestamp + "=" + domain + "=" + local; }; SRS.prototype.reverse = function(address) { var matches, hash, timestamp, domain, local, expectedHash; if (this.isSrs0(address)) { matches = this.srs0Re.exec(address); if (!matches) { throw new TypeError("Unrecognized SRS0 format"); } hash = matches[1]; timestamp = matches[2]; domain = matches[3]; local = matches[4]; expectedHash = createHash(this.secret, timestamp, domain, local); if (expectedHash !== hash) { throw new TypeError("Invalid signature"); } if (!checkTimestamp(timestamp, this.maxAge)) { throw new TypeError("Address has expired"); } return [local, domain]; } else if (this.isSrs1(address)) { matches = this.srs1Re.exec(address); if (!matches) { throw new TypeError("Unrecognized SRS1 format"); } hash = matches[1]; domain = matches[2]; local = matches[3]; expectedHash = createHash(this.secret, domain, local); if (expectedHash !== hash) { throw new TypeError("Invalid signature"); } return ["SRS0" + local, domain]; } return null; }; module.exports = SRS;