From 4f493f472d75ee17f1144019a3bb9ca4f037492c Mon Sep 17 00:00:00 2001 From: Pol Vallverdu <86187892+polvallverdu@users.noreply.github.com> Date: Sun, 10 Mar 2024 23:15:00 +0000 Subject: [PATCH] feat: removes atob usage and fixes https://github.com/cloudflare/serverless-registry/issues/24 --- package.json | 1 + pnpm-lock.yaml | 13 +++++++++++++ src/auth.ts | 7 +++---- src/token.ts | 7 ++----- 4 files changed, 19 insertions(+), 9 deletions(-) diff --git a/package.json b/package.json index cc3d99c..25222e9 100644 --- a/package.json +++ b/package.json @@ -10,6 +10,7 @@ "test": "cross-env NODE_OPTIONS=--experimental-vm-modules vitest run" }, "dependencies": { + "@cfworker/base64url": "^1.12.5", "@tsndr/cloudflare-worker-jwt": "^2.5.1", "itty-router": "^4.0.27", "zod": "^3.22.4" diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6c9fc14..89eec93 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -5,6 +5,9 @@ settings: excludeLinksFromLockfile: false dependencies: + '@cfworker/base64url': + specifier: ^1.12.5 + version: 1.12.5 '@tsndr/cloudflare-worker-jwt': specifier: ^2.5.1 version: 2.5.1 @@ -48,6 +51,12 @@ packages: engines: {node: '>=0.10.0'} dev: true + /@cfworker/base64url@1.12.5: + resolution: {integrity: sha512-pNLrz0D0MguzFLJisBUv+XOTkpRpRTIMI7/r2QwTWI2MR5VJ7Hysd6ug6DBWksKFy7TK3hCf+qejufdJSN5X+A==} + dependencies: + rfc4648: 1.5.3 + dev: false + /@cloudflare/kv-asset-handler@0.3.1: resolution: {integrity: sha512-lKN2XCfKCmpKb86a1tl4GIwsJYDy9TGuwjhDELLmpKygQhw8X2xR4dusgpC5Tg7q1pB96Eb0rBo81kxSILQMwA==} dependencies: @@ -2106,6 +2115,10 @@ packages: engines: {iojs: '>=1.0.0', node: '>=0.10.0'} dev: true + /rfc4648@1.5.3: + resolution: {integrity: sha512-MjOWxM065+WswwnmNONOT+bD1nXzY9Km6u3kzvnx8F8/HXGZdz3T6e6vZJ8Q/RIMUSp/nxqjH3GwvJDy8ijeQQ==} + dev: false + /rimraf@3.0.2: resolution: {integrity: sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==} hasBin: true diff --git a/src/auth.ts b/src/auth.ts index e85d506..daacdc7 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -1,3 +1,5 @@ +import { decode } from "@cfworker/base64url"; + export type RegistryTokenCapability = "push" | "pull"; export type RegistryAuthProtocolTokenPayload = { username: string; @@ -38,10 +40,7 @@ export function stripUsernamePasswordFromHeader(r: Request): [string, string] | } // Decodes the base64 value and performs unicode normalization. - // @see https://datatracker.ietf.org/doc/html/rfc7613#section-3.3.2 (and #section-4.2.2) - // @see https://dev.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/normalize - const buffer = Uint8Array.from(atob(encoded), (character) => character.charCodeAt(0)); - const decoded = new TextDecoder().decode(buffer).normalize(); + const decoded = decode(encoded); // The username & password are split by the first colon. //=> example: "username:password" diff --git a/src/token.ts b/src/token.ts index 9ec37cd..c6b0a5f 100644 --- a/src/token.ts +++ b/src/token.ts @@ -1,3 +1,4 @@ +import { decode } from "@cfworker/base64url"; import jwt from "@tsndr/cloudflare-worker-jwt"; import { RegistryTokenCapability, @@ -8,11 +9,7 @@ import { export function importKeyFromBase64(key: string): JsonWebKey { // Decodes the base64 value and performs unicode normalization. - // @see https://datatracker.ietf.org/doc/html/rfc7613#section-3.3.2 (and #section-4.2.2) - // @see https://dev.mozilla.org/docs/Web/JavaScript/Reference/Global_Objects/String/normalize - const buffer = Uint8Array.from(atob(key), (character) => character.charCodeAt(0)); - const decoded = new TextDecoder().decode(buffer).normalize(); - return JSON.parse(decoded); + return JSON.parse(decode(key)); } export async function newRegistryTokens(jwtPublicKey: string): Promise {