dapr
/
components-contrib
mirror of https://github.com/dapr/components-contrib.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
components-contrib/internal/component/cloudflare/workers/code/worker.js

3 lines
18 KiB
JavaScript
Raw Blame History

var se=({base:e="",routes:t=[]}={})=>({__proto__:new Proxy({},{get:(r,n,o)=>(a,...s)=>t.push([n.toUpperCase(),RegExp(`^${(e+a).replace(/(\/?)\*/g,"($1.*)?").replace(/(\/$)|((?<=\/)\/)/,"").replace(/(:(\w+)\+)/,"(?<$2>.*)").replace(/:(\w+)(\?)?(\.)?/g,"$2(?<$1>[^/]+)$2$3").replace(/\.(?=[\w(])/,"\\.").replace(/\)\.\?\(([^\[]+)\[\^/g,"?)\\.?($1(?<=\\.)[^\\.")}/*$`),s])&&o}),routes:t,async handle(r,...n){let o,a,s=new URL(r.url),c=r.query={};for(let[i,l]of s.searchParams)c[i]=c[i]===void 0?l:[c[i],l].flat();for(let[i,l,h]of t)if((i===r.method||i==="ALL")&&(a=s.pathname.match(l))){r.params=a.groups||{};for(let m of h)if((o=await m(r.proxy||r,...n))!==void 0)return o}}});var u=crypto,S=e=>e instanceof CryptoKey;var E=new TextEncoder,w=new TextDecoder,gt=2**32;function H(...e){let t=e.reduce((o,{length:a})=>o+a,0),r=new Uint8Array(t),n=0;return e.forEach(o=>{r.set(o,n),n+=o.length}),r}var ce=e=>{let t=atob(e),r=new Uint8Array(t.length);for(let n=0;n<t.length;n++)r[n]=t.charCodeAt(n);return r},b=e=>{let t=e;t instanceof Uint8Array&&(t=w.decode(t)),t=t.replace(/-/g,"+").replace(/_/g,"/").replace(/\s/g,"");try{return ce(t)}catch{throw new TypeError("The input to be decoded is not correctly encoded.")}};var v=class extends Error{static get code(){return"ERR_JOSE_GENERIC"}constructor(t){var r;super(t),this.code="ERR_JOSE_GENERIC",this.name=this.constructor.name,(r=Error.captureStackTrace)===null||r===void 0||r.call(Error,this,this.constructor)}},g=class extends v{static get code(){return"ERR_JWT_CLAIM_VALIDATION_FAILED"}constructor(t,r="unspecified",n="unspecified"){super(t),this.code="ERR_JWT_CLAIM_VALIDATION_FAILED",this.claim=r,this.reason=n}},I=class extends v{static get code(){return"ERR_JWT_EXPIRED"}constructor(t,r="unspecified",n="unspecified"){super(t),this.code="ERR_JWT_EXPIRED",this.claim=r,this.reason=n}},T=class extends v{constructor(){super(...arguments),this.code="ERR_JOSE_ALG_NOT_ALLOWED"}static get code(){return"ERR_JOSE_ALG_NOT_ALLOWED"}},d=class extends v{constructor(){super(...arguments),this.code="ERR_JOSE_NOT_SUPPORTED"}static get code(){return"ERR_JOSE_NOT_SUPPORTED"}};var p=class extends v{constructor(){super(...arguments),this.code="ERR_JWS_INVALID"}static get code(){return"ERR_JWS_INVALID"}},K=class extends v{constructor(){super(...arguments),this.code="ERR_JWT_INVALID"}static get code(){return"ERR_JWT_INVALID"}};var D=class extends v{constructor(){super(...arguments),this.code="ERR_JWS_SIGNATURE_VERIFICATION_FAILED",this.message="signature verification failed"}static get code(){return"ERR_JWS_SIGNATURE_VERIFICATION_FAILED"}};var B=u.getRandomValues.bind(u);function x(){return typeof WebSocketPair<"u"||typeof navigator<"u"&&navigator.userAgent==="Cloudflare-Workers"||typeof EdgeRuntime<"u"&&EdgeRuntime==="vercel"}function _(e,t="algorithm.name"){return new TypeError(`CryptoKey does not support this operation, its ${t} must be ${e}`)}function O(e,t){return e.name===t}function Y(e){return parseInt(e.name.slice(4),10)}function Ke(e){switch(e){case"ES256":return"P-256";case"ES384":return"P-384";case"ES512":return"P-521";default:throw new Error("unreachable")}}function xe(e,t){if(t.length&&!t.some(r=>e.usages.includes(r))){let r="CryptoKey does not support this operation, its usages must include ";if(t.length>2){let n=t.pop();r+=`one of ${t.join(", ")}, or ${n}.`}else t.length===2?r+=`one of ${t[0]} or ${t[1]}.`:r+=`${t[0]}.`;throw new TypeError(r)}}function pe(e,t,...r){switch(t){case"HS256":case"HS384":case"HS512":{if(!O(e.algorithm,"HMAC"))throw _("HMAC");let n=parseInt(t.slice(2),10);if(Y(e.algorithm.hash)!==n)throw _(`SHA-${n}`,"algorithm.hash");break}case"RS256":case"RS384":case"RS512":{if(!O(e.algorithm,"RSASSA-PKCS1-v1_5"))throw _("RSASSA-PKCS1-v1_5");let n=parseInt(t.slice(2),10);if(Y(e.algorithm.hash)!==n)throw _(`SHA-${n}`,"algorithm.hash");break}case"PS256":case"PS384":case"PS512":{if(!O(e.algorithm,"RSA-PSS"))throw _("RSA-PSS");let n=parseInt(t.slice(2),10);if(Y(e.algorithm.hash)!==n)throw _(`SHA-${n}`,"algorithm.hash");break}case"EdDSA":{if(e.algorithm.name!=="Ed25519"&&e.algorithm.name!=="Ed448"){if(x()){if(O(e.algorithm,"NODE-ED25519"))break;throw _("Ed25519, Ed448, or NODE-ED25519")}throw _("Ed25519 or Ed448")}break}case"ES256":case"ES384":case"ES512":{if(!O(e.algorithm,"ECDSA"))throw _("ECDSA");let n=Ke(t);if(e.algorithm.namedCurve!==n)throw _(n,"algorithm.namedCurve");break}default:throw new TypeError("CryptoKey does not support this operation")}xe(e,r)}function ue(e,t,...r){if(r.length>2){let n=r.pop();e+=`one of type ${r.join(", ")}, or ${n}.`}else r.length===2?e+=`one of type ${r[0]} or ${r[1]}.`:e+=`of type ${r[0]}.`;return t==null?e+=` Received ${t}`:typeof t=="function"&&t.name?e+=` Received function ${t.name}`:typeof t=="object"&&t!=null&&t.constructor&&t.constructor.name&&(e+=` Received an instance of ${t.constructor.name}`),e}var A=(e,...t)=>ue("Key must be ",e,...t);function Q(e,t,...r){return ue(`Key for the ${e} algorithm must be `,t,...r)}var Z=e=>S(e),f=["CryptoKey"];var Je=(...e)=>{let t=e.filter(Boolean);if(t.length===0||t.length===1)return!0;let r;for(let n of t){let o=Object.keys(n);if(!r||r.size===0){r=new Set(o);continue}for(let a of o){if(r.has(a))return!1;r.add(a)}}return!0},J=Je;function Re(e){return typeof e=="object"&&e!==null}function y(e){if(!Re(e)||Object.prototype.toString.call(e)!=="[object Object]")return!1;if(Object.getPrototypeOf(e)===null)return!0;let t=e;for(;Object.getPrototypeOf(t)!==null;)t=Object.getPrototypeOf(t);return Object.getPrototypeOf(e)===t}var L=(e,t)=>{if(e.startsWith("RS")||e.startsWith("PS")){let{modulusLength:r}=t.algorithm;if(typeof r!="number"||r<2048)throw new TypeError(`${e} requires key modulusLength to be 2048 bits or larger`)}};var W=(e,t,r=0)=>{r===0&&(t.unshift(t.length),t.unshift(6));let n=e.indexOf(t[0],r);if(n===-1)return!1;let o=e.subarray(n,n+t.length);return o.length!==t.length?!1:o.every((a,s)=>a===t[s])||W(e,t,n+1)},le=e=>{switch(!0){case W(e,[42,134,72,206,61,3,1,7]):return"P-256";case W(e,[43,129,4,0,34]):return"P-384";case W(e,[43,129,4,0,35]):return"P-521";case W(e,[43,101,110]):return"X25519";case W(e,[43,101,111]):return"X448";case W(e,[43,101,112]):return"Ed25519";case W(e,[43,101,113]):return"Ed448";default:throw new d("Invalid or unsupported EC Key Curve or OKP Key Sub Type")}},Me=async(e,t,r,n,o)=>{var a,s;let c,i,l=new Uint8Array(atob(r.replace(e,"")).split("").map(m=>m.charCodeAt(0))),h=t==="spki";switch(n){case"PS256":case"PS384":case"PS512":c={name:"RSA-PSS",hash:`SHA-${n.slice(-3)}`},i=h?["verify"]:["sign"];break;case"RS256":case"RS384":case"RS512":c={name:"RSASSA-PKCS1-v1_5",hash:`SHA-${n.slice(-3)}`},i=h?["verify"]:["sign"];break;case"RSA-OAEP":case"RSA-OAEP-256":case"RSA-OAEP-384":case"RSA-OAEP-512":c={name:"RSA-OAEP",hash:`SHA-${parseInt(n.slice(-3),10)||1}`},i=h?["encrypt","wrapKey"]:["decrypt","unwrapKey"];break;case"ES256":c={name:"ECDSA",namedCurve:"P-256"},i=h?["verify"]:["sign"];break;case"ES384":c={name:"ECDSA",namedCurve:"P-384"},i=h?["verify"]:["sign"];break;case"ES512":c={name:"ECDSA",namedCurve:"P-521"},i=h?["verify"]:["sign"];break;case"ECDH-ES":case"ECDH-ES+A128KW":case"ECDH-ES+A192KW":case"ECDH-ES+A256KW":{let m=le(l);c=m.startsWith("P-")?{name:"ECDH",namedCurve:m}:{name:m},i=h?[]:["deriveBits"];break}case"EdDSA":c={name:le(l)},i=h?["verify"]:["sign"];break;default:throw new d('Invalid or unsupported "alg" (Algorithm) value')}try{return await u.subtle.importKey(t,l,c,(a=o?.extractable)!==null&&a!==void 0?a:!1,i)}catch(m){if(c.name==="Ed25519"&&m?.name==="NotSupportedError"&&x())return c={name:"NODE-ED25519",namedCurve:"NODE-ED25519"},await u.subtle.importKey(t,l,c,(s=o?.extractable)!==null&&s!==void 0?s:!1,i);throw m}};var me=(e,t,r)=>Me(/(?:-----(?:BEGIN|END) PUBLIC KEY-----|\s)/g,"spki",e,t,r);async function j(e,t,r){if(typeof e!="string"||e.indexOf("-----BEGIN PUBLIC KEY-----")!==0)throw new TypeError('"spki" must be SPKI formatted string');return me(e,t,r)}var ke=(e,t)=>{if(!(t instanceof Uint8Array)){if(!Z(t))throw new TypeError(Q(e,t,...f,"Uint8Array"));if(t.type!=="secret")throw new TypeError(`${f.join(" or ")} instances for symmetric algorithms must be of type "secret"`)}},Ne=(e,t,r)=>{if(!Z(t))throw new TypeError(Q(e,t,...f));if(t.type==="secret")throw new TypeError(`${f.join(" or ")} instances for asymmetric algorithms must not be of type "secret"`);if(r==="sign"&&t.type==="public")throw new TypeError(`${f.join(" or ")} instances for asymmetric algorithm signing must be of type "private"`);if(r==="decrypt"&&t.type==="public")throw new TypeError(`${f.join(" or ")} instances for asymmetric algorithm decryption must be of type "private"`);if(t.algorithm&&r==="verify"&&t.type==="private")throw new TypeError(`${f.join(" or ")} instances for asymmetric algorithm verifying must be of type "public"`);if(t.algorithm&&r==="encrypt"&&t.type==="private")throw new TypeError(`${f.join(" or ")} instances for asymmetric algorithm encryption must be of type "public"`)},Be=(e,t,r)=>{e.startsWith("HS")||e==="dir"||e.startsWith("PBES2")||/^A\d{3}(?:GCM)?KW$/.test(e)?ke(e,t):Ne(e,t,r)},M=Be;function Xe(e,t,r,n,o){if(o.crit!==void 0&&n.crit===void 0)throw new e('"crit" (Critical) Header Parameter MUST be integrity protected');if(!n||n.crit===void 0)return new Set;if(!Array.isArray(n.crit)||n.crit.length===0||n.crit.some(s=>typeof s!="string"||s.length===0))throw new e('"crit" (Critical) Header Parameter MUST be an array of non-empty strings when present');let a;r!==void 0?a=new Map([...Object.entries(r),...t.entries()]):a=t;for(let s of n.crit){if(!a.has(s))throw new d(`Extension Header Parameter "${s}" is not recognized`);if(o[s]===void 0)throw new e(`Extension Header Parameter "${s}" is missing`);if(a.get(s)&&n[s]===void 0)throw new e(`Extension Header Parameter "${s}" MUST be integrity protected`)}return new Set(n.crit)}var R=Xe;var qe=(e,t)=>{if(t!==void 0&&(!Array.isArray(t)||t.some(r=>typeof r!="string")))throw new TypeError(`"${e}" option must be an array of strings`);if(t)return new Set(t)},te=qe;var Ze=Symbol();function $(e,t){let r=`SHA-${e.slice(-3)}`;switch(e){case"HS256":case"HS384":case"HS512":return{hash:r,name:"HMAC"};case"PS256":case"PS384":case"PS512":return{hash:r,name:"RSA-PSS",saltLength:e.slice(-3)>>3};case"RS256":case"RS384":case"RS512":return{hash:r,name:"RSASSA-PKCS1-v1_5"};case"ES256":case"ES384":case"ES512":return{hash:r,name:"ECDSA",namedCurve:t.namedCurve};case"EdDSA":return x()&&t.name==="NODE-ED25519"?{name:"NODE-ED25519",namedCurve:"NODE-ED25519"}:{name:t.name};default:throw new d(`alg ${e} is not supported either by JOSE or your javascript runtime`)}}function G(e,t,r){if(S(t))return pe(t,e,r),t;if(t instanceof Uint8Array){if(!e.startsWith("HS"))throw new TypeError(A(t,...f));return u.subtle.importKey("raw",t,{hash:`SHA-${e.slice(-3)}`,name:"HMAC"},!1,[r])}throw new TypeError(A(t,...f,"Uint8Array"))}var je=async(e,t,r,n)=>{let o=await G(e,t,"verify");L(e,o);let a=$(e,o.algorithm);try{return await u.subtle.verify(a,o,r,n)}catch{return!1}},Ee=je;async function V(e,t,r){var n;if(!y(e))throw new p("Flattened JWS must be an object");if(e.protected===void 0&&e.header===void 0)throw new p('Flattened JWS must have either of the "protected" or "header" members');if(e.protected!==void 0&&typeof e.protected!="string")throw new p("JWS Protected Header incorrect type");if(e.payload===void 0)throw new p("JWS Payload missing");if(typeof e.signature!="string")throw new p("JWS Signature missing or incorrect type");if(e.header!==void 0&&!y(e.header))throw new p("JWS Unprotected Header incorrect type");let o={};if(e.protected)try{let ie=b(e.protected);o=JSON.parse(w.decode(ie))}catch{throw new p("JWS Protected Header is invalid")}if(!J(o,e.header))throw new p("JWS Protected and JWS Unprotected Header Parameter names must be disjoint");let a={...o,...e.header},s=R(p,new Map([["b64",!0]]),r?.crit,o,a),c=!0;if(s.has("b64")&&(c=o.b64,typeof c!="boolean"))throw new p('The "b64" (base64url-encode payload) Header Parameter must be a boolean');let{alg:i}=a;if(typeof i!="string"||!i)throw new p('JWS "alg" (Algorithm) Header Parameter missing or invalid');let l=r&&te("algorithms",r.algorithms);if(l&&!l.has(i))throw new T('"alg" (Algorithm) Header Parameter not allowed');if(c){if(typeof e.payload!="string")throw new p("JWS Payload must be a string")}else if(typeof e.payload!="string"&&!(e.payload instanceof Uint8Array))throw new p("JWS Payload must be a string or an Uint8Array instance");let h=!1;typeof t=="function"&&(t=await t(o,e),h=!0),M(i,t,"verify");let m=H(E.encode((n=e.protected)!==null&&n!==void 0?n:""),E.encode("."),typeof e.payload=="string"?E.encode(e.payload):e.payload),q=b(e.signature);if(!await Ee(i,t,q,m))throw new D;let k;c?k=b(e.payload):typeof e.payload=="string"?k=E.encode(e.payload):k=e.payload;let N={payload:k};return e.protected!==void 0&&(N.protectedHeader=o),e.header!==void 0&&(N.unprotectedHeader=e.header),h?{...N,key:t}:N}async function re(e,t,r){if(e instanceof Uint8Array&&(e=w.decode(e)),typeof e!="string")throw new p("Compact JWS must be a string or Uint8Array");let{0:n,1:o,2:a,length:s}=e.split(".");if(s!==3)throw new p("Invalid Compact JWS");let c=await V({payload:o,protected:n,signature:a},t,r),i={payload:c.payload,protectedHeader:c.protectedHeader};return typeof t=="function"?{...i,key:c.key}:i}var ne=e=>Math.floor(e.getTime()/1e3);var et=/^(\d+|\d+\.\d+) ?(seconds?|secs?|s|minutes?|mins?|m|hours?|hrs?|h|days?|d|weeks?|w|years?|yrs?|y)$/i,z=e=>{let t=et.exec(e);if(!t)throw new TypeError("Invalid time period format");let r=parseFloat(t[1]);switch(t[2].toLowerCase()){case"sec":case"secs":case"second":case"seconds":case"s":return Math.round(r);case"minute":case"minutes":case"min":case"mins":case"m":return Math.round(r*60);case"hour":case"hours":case"hr":case"hrs":case"h":return Math.round(r*3600);case"day":case"days":case"d":return Math.round(r*86400);case"week":case"weeks":case"w":return Math.round(r*604800);default:return Math.round(r*31557600)}};var ge=e=>e.toLowerCase().replace(/^application\//,""),tt=(e,t)=>typeof e=="string"?t.includes(e):Array.isArray(e)?t.some(Set.prototype.has.bind(new Set(e))):!1,F=(e,t,r={})=>{let{typ:n}=r;if(n&&(typeof e.typ!="string"||ge(e.typ)!==ge(n)))throw new g('unexpected "typ" JWT header value',"typ","check_failed");let o;try{o=JSON.parse(w.decode(t))}catch{}if(!y(o))throw new K("JWT Claims Set must be a top-level JSON object");let{issuer:a}=r;if(a&&!(Array.isArray(a)?a:[a]).includes(o.iss))throw new g('unexpected "iss" claim value',"iss","check_failed");let{subject:s}=r;if(s&&o.sub!==s)throw new g('unexpected "sub" claim value',"sub","check_failed");let{audience:c}=r;if(c&&!tt(o.aud,typeof c=="string"?[c]:c))throw new g('unexpected "aud" claim value',"aud","check_failed");let i;switch(typeof r.clockTolerance){case"string":i=z(r.clockTolerance);break;case"number":i=r.clockTolerance;break;case"undefined":i=0;break;default:throw new TypeError("Invalid clockTolerance option type")}let{currentDate:l}=r,h=ne(l||new Date);if((o.iat!==void 0||r.maxTokenAge)&&typeof o.iat!="number")throw new g('"iat" claim must be a number',"iat","invalid");if(o.nbf!==void 0){if(typeof o.nbf!="number")throw new g('"nbf" claim must be a number',"nbf","invalid");if(o.nbf>h+i)throw new g('"nbf" claim timestamp check failed',"nbf","check_failed")}if(o.exp!==void 0){if(typeof o.exp!="number")throw new g('"exp" claim must be a number',"exp","invalid");if(o.exp<=h-i)throw new I('"exp" claim timestamp check failed',"exp","check_failed")}if(r.maxTokenAge){let m=h-o.iat,q=typeof r.maxTokenAge=="number"?r.maxTokenAge:z(r.maxTokenAge);if(m-i>q)throw new I('"iat" claim timestamp check failed (too far in the past)',"iat","check_failed");if(m<0-i)throw new g('"iat" claim timestamp check failed (it should be in the past)',"iat","check_failed")}return o};async function oe(e,t,r){var n;let o=await re(e,t,r);if(!((n=o.protectedHeader.crit)===null||n===void 0)&&n.includes("b64")&&o.protectedHeader.b64===!1)throw new K("JWTs MUST NOT use unencoded payload");let s={payload:F(o.protectedHeader,o.payload,r),protectedHeader:o.protectedHeader};return typeof t=="function"?{...s,key:o.key}:s}var dt=/^(?:Bearer )?([A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+\.[A-Za-z0-9_\-]+)/i;async function X(e,t){if(t.SKIP_AUTH==="true")return!0;let r=dt.exec(e.headers.get("authorization")||"");if(!r||!r[1])return!1;let n=await j(t.PUBLIC_KEY,"EdDSA");try{await oe(r[1],n,{issuer:"dapr.io/cloudflare",audience:t.TOKEN_AUDIENCE,algorithms:["EdDSA"],clockTolerance:300})}catch(o){return console.error("Failed to validate JWT: "+o),!1}return!0}var be="20230216";var ut=se().get("/.well-known/dapr/info",async(e,t)=>{if(!await X(e,t))return new Response("Unauthorized",{status:401});let n=[],o=[],a=[],s=Object.keys(t);for(let i=0;i<s.length;i++){if(!s[i])continue;let l=t[s[i]];if(!(!l||typeof l!="object"||!l.constructor))switch(l.constructor.name){case"KvNamespace":case"KVNamespace":o.push(s[i]);break;case"WorkerQueue":case"Queue":n.push(s[i]);break;case"R2Bucket":a.push(s[i]);break}}let c=JSON.stringify({version:be,queues:n&&n.length?n:void 0,kv:o&&o.length?o:void 0,r2:a&&a.length?a:void 0});return new Response(c,{headers:{"content-type":"application/json"}})}).get("/kv/:namespace/:key",async(e,t)=>{let{namespace:r,key:n,errorRes:o}=await ae(e,t);if(o)return o;let a=await r.get(n,"stream");return a?new Response(a,{status:200}):new Response("",{status:404})}).post("/kv/:namespace/:key",async(e,t)=>{let{namespace:r,key:n,errorRes:o}=await ae(e,t);if(o)return o;let a,s=new URL(e.url),c=parseInt(s.searchParams.get("ttl")||"",10);return c>0&&(a=c),await r.put(n,e.body,{expirationTtl:a}),new Response("",{status:201})}).delete("/kv/:namespace/:key",async(e,t)=>{let{namespace:r,key:n,errorRes:o}=await ae(e,t);return o||(await r.delete(n),new Response("",{status:204}))}).post("/queues/:queue",async(e,t)=>{let{queue:r,errorRes:n}=await ft(e,t);if(n)return n;let o=await e.text();return await r.send(o),new Response("",{status:201})}).all("*",()=>new Response("Not found",{status:404}));async function ae(e,t){if(!e?.text||!e.params?.namespace||!e.params?.key)return{errorRes:new Response("Bad request",{status:400})};let r=t[e.params.namespace];return typeof r!="object"||!["KVNamespace","KvNamespace"].includes(r?.constructor?.name)?{errorRes:new Response(`Worker is not bound to KV '${e.params.kv}'`,{status:412})}:await X(e,t)?{namespace:r,key:e.params.key}:{errorRes:new Response("Unauthorized",{status:401})}}async function ft(e,t){if(!e?.text||!e.params?.queue)return{errorRes:new Response("Bad request",{status:400})};let r=t[e.params.queue];return typeof r!="object"||!["WorkerQueue","Queue"].includes(r?.constructor?.name)?{errorRes:new Response(`Worker is not bound to queue '${e.params.queue}'`,{status:412})}:await X(e,t)?{queue:r}:{errorRes:new Response("Unauthorized",{status:401})}}var Uc={fetch:ut.handle};export{Uc as default};
//# sourceMappingURL=worker.js.map
Reference in New Issue View Git Blame Copy Permalink