Skip to content

Commit 43b002e

Browse files
thibmeuthibmeu
authored
Merge branch 'main' into fixCWE117
2 parents cb3400d + 21cafe0 commit 43b002e

File tree

8 files changed

+4251
-2882
lines changed

8 files changed

+4251
-2882
lines changed

package-lock.json

Lines changed: 4217 additions & 2859 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

package.json

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -38,7 +38,8 @@
3838
"@cloudflare/blindrsa-ts": "0.4.3",
3939
"@cloudflare/vitest-pool-workers": "0.12.5",
4040
"@cloudflare/workers-types": "4.20260122.0",
41-
"@types/node": "25.0.10",
41+
"@types/node": "^25.2.3",
42+
"@types/node-fetch": "^2.6.13",
4243
"@typescript-eslint/eslint-plugin": "6.21.0",
4344
"@typescript-eslint/parser": "6.21.0",
4445
"commander": "12.1.0",
@@ -55,7 +56,7 @@
5556
"wrangler": "4.59.3"
5657
},
5758
"dependencies": {
58-
"@cloudflare/privacypass-ts": "0.7.1",
59+
"@cloudflare/privacypass-ts": "0.8.1",
5960
"@sentry/cli": "2.26.0",
6061
"@sentry/types": "7.95.0",
6162
"@tsndr/cloudflare-worker-jwt": "3.2.1",

src/cache.ts

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -122,13 +122,15 @@ export class InMemoryCryptoKeyCache {
122122
key: string,
123123
setValFn: (key: string) => Promise<CacheElement<CryptoKey>>
124124
): Promise<CryptoKey> {
125+
const prefixedKey = `${this.ctx.prefix ?? ''}/${key}`;
126+
125127
const refreshCache = async () => {
126128
const val = await setValFn(key);
127-
InMemoryCryptoKeyCache.store.set(key, val);
129+
InMemoryCryptoKeyCache.store.set(prefixedKey, val);
128130
return val.value;
129131
};
130132

131-
const cachedValue = InMemoryCryptoKeyCache.store.get(key);
133+
const cachedValue = InMemoryCryptoKeyCache.store.get(prefixedKey);
132134
if (cachedValue) {
133135
this.ctx.waitUntil(
134136
(() => {

src/index.ts

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,7 +30,7 @@ import {
3030
PRIVATE_TOKEN_ISSUER_DIRECTORY,
3131
TOKEN_TYPES,
3232
publicVerif,
33-
arbitraryBatched,
33+
genericBatched,
3434
util,
3535
} from '@cloudflare/privacypass-ts';
3636
import { KeyError } from './context/metrics';
@@ -42,7 +42,11 @@ import {
4242
getDirectoryCache,
4343
} from './cache';
4444
const { BlindRSAMode, Issuer, TokenRequest } = publicVerif;
45-
const { BatchedTokenRequest, BatchedTokenResponse, Issuer: BatchedTokensIssuer } = arbitraryBatched;
45+
const {
46+
BatchedTokenRequest,
47+
GenericBatchTokenResponse,
48+
Issuer: BatchedTokensIssuer,
49+
} = genericBatched;
4650

4751
import { shouldClearKey } from './utils/keyRotation';
4852
import { WorkerEntrypoint } from 'cloudflare:workers';
@@ -170,7 +174,7 @@ export const handleBatchedTokenRequest = async (
170174
// Deserialize the batched token request.
171175
const batchedTokenRequest = BatchedTokenRequest.deserialize(new Uint8Array(buffer));
172176
if (batchedTokenRequest.tokenRequests.length === 0) {
173-
const responseBytes = new BatchedTokenResponse([]).serialize();
177+
const responseBytes = new GenericBatchTokenResponse([]).serialize();
174178
return {
175179
serialized: responseBytes,
176180
status: 200,

test/cache.test.ts

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -3,7 +3,6 @@
33

44
import { PRIVATE_TOKEN_ISSUER_DIRECTORY } from '@cloudflare/privacypass-ts';
55
import { getDirectoryCache, shouldRevalidate, STALE_WHILE_REVALIDATE_IN_MS } from '../src/cache';
6-
import { default as workerObject } from '../src/index';
76
import { MockCache } from './mocks';
87

98
import { describe, it, expect, vi, beforeEach, afterEach } from 'vitest';

test/e2e/e2eUtils.ts

Lines changed: 7 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -5,17 +5,17 @@ import {
55
TOKEN_TYPES,
66
TokenChallenge,
77
publicVerif,
8-
arbitraryBatched,
8+
genericBatched,
99
util,
1010
} from '@cloudflare/privacypass-ts';
1111

12-
const { TokenRequest, Client: BatchedTokensClient, BatchedTokenResponse } = arbitraryBatched;
12+
const { TokenRequest, Client: BatchedTokensClient, GenericBatchTokenResponse } = genericBatched;
1313
import { type Token } from '@cloudflare/privacypass-ts';
1414
const { BlindRSAMode, Client, Origin } = publicVerif;
1515

1616
import { RequestInit } from 'node-fetch';
1717

18-
import { RequestInit as NodeFetchRequestInit, Response as NodeFetchResponse } from 'node-fetch';
18+
import { RequestInit as NodeFetchRequestInit } from 'node-fetch';
1919
// Union type for RequestInit from DOM and node‑fetch
2020
export type UniversalRequestInit = RequestInit | NodeFetchRequestInit;
2121

@@ -69,10 +69,10 @@ export async function getIssuerConfig(
6969
export async function requestAndFinalizeToken(
7070
baseUrl: string,
7171
challenge: TokenChallenge,
72-
client: any,
72+
client: publicVerif.Client,
7373
customFetch: UniversalFetch
7474
// customFetch: (url: string, init?: RequestInit) => Promise<Response>
75-
): Promise<{ finalizedToken: any; publicKey: CryptoKey; response: Response }> {
75+
): Promise<{ finalizedToken: Token; publicKey: CryptoKey; response: Response }> {
7676
// Get issuer configuration
7777
const { url, publicKey, publicKeyEnc } = await getIssuerConfig(baseUrl, customFetch);
7878

@@ -165,7 +165,7 @@ export async function requestBatchedTokens(
165165
if (!response.ok) {
166166
throw new Error(`Issuer request failed: ${response.status} ${response.statusText}`);
167167
}
168-
const tokenResponse = BatchedTokenResponse.deserialize(
168+
const tokenResponse = GenericBatchTokenResponse.deserialize(
169169
new Uint8Array(await response.arrayBuffer())
170170
);
171171
const responses = tokenResponse.tokenResponses;
@@ -177,8 +177,7 @@ export async function requestBatchedTokens(
177177
continue;
178178
}
179179
try {
180-
const deserializedResponse = publicVerif.TokenResponse.deserialize(res.tokenResponse);
181-
const token = await clients[index].finalize(deserializedResponse);
180+
const token = await clients[index].finalize(res.tokenResponse as publicVerif.TokenResponse);
182181
tokens.push(token);
183182
} catch (err) {
184183
console.error(`[Token ${index}] Finalization failed:`, err);

test/e2e/issuer.ts

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -43,7 +43,7 @@ export async function fetchWithMTLS(mTLS: MTLSConfiguration): Promise<UniversalF
4343
// Return a function that accepts a UniversalRequestInit.
4444
// We force the result to match the global Response type.
4545
return async (url: string, init?: UniversalRequestInit): Promise<Response> => {
46-
return (await fetch(url, { ...(init as any), agent } as any)) as unknown as Response;
46+
return (await fetch(url, { ...init, agent })) as unknown as Response;
4747
};
4848
}
4949

test/index.test.ts

Lines changed: 12 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ import {
1919
MediaType,
2020
PRIVATE_TOKEN_ISSUER_DIRECTORY,
2121
publicVerif,
22-
arbitraryBatched,
22+
genericBatched,
2323
util,
2424
TokenChallenge,
2525
TOKEN_TYPES,
@@ -127,16 +127,16 @@ describe('challenge handlers', () => {
127127
const invs: Uint8Array[] = [];
128128

129129
const tokReqs = new Array<publicVerif.TokenRequest>(nTokens);
130-
const batchedTokenReqs = new Array<arbitraryBatched.TokenRequest>(nTokens);
130+
const batchedTokenReqs = new Array<genericBatched.TokenRequest>(nTokens);
131131

132132
for (let i = 0; i < nTokens; i++) {
133133
const { blindedMsg, inv } = await suite.blind(publicKey, preparedMsg);
134134
tokReqs[i] = new publicVerif.TokenRequest(tokenKeyId, blindedMsg, BLIND_RSA);
135-
batchedTokenReqs[i] = new arbitraryBatched.TokenRequest(tokReqs[i]);
135+
batchedTokenReqs[i] = new genericBatched.TokenRequest(tokReqs[i]);
136136
invs.push(inv);
137137
}
138138

139-
const batchedTokenRequest = new arbitraryBatched.BatchedTokenRequest(batchedTokenReqs);
139+
const batchedTokenRequest = new genericBatched.GenericBatchTokenResponse(batchedTokenReqs);
140140
const request = new Request(tokenRequestURL, {
141141
method: 'POST',
142142
headers: { 'content-type': MediaType.ARBITRARY_BATCHED_TOKEN_REQUEST },
@@ -148,7 +148,8 @@ describe('challenge handlers', () => {
148148
expect(response.headers.get('content-type')).toBe(MediaType.ARBITRARY_BATCHED_TOKEN_RESPONSE);
149149

150150
const responseBytes = new Uint8Array(await response.arrayBuffer());
151-
const batchedTokenResponse = arbitraryBatched.BatchedTokenResponse.deserialize(responseBytes);
151+
const batchedTokenResponse =
152+
genericBatched.GenericBatchTokenResponse.deserialize(responseBytes);
152153

153154
expect(batchedTokenResponse.tokenResponses.length).toBe(nTokens);
154155

@@ -158,7 +159,12 @@ describe('challenge handlers', () => {
158159
expect(tokenResponse.tokenResponse).not.toBeNull();
159160

160161
const blindSignature = tokenResponse.tokenResponse!;
161-
const signature = await suite.finalize(publicKey, preparedMsg, blindSignature, invs[i]);
162+
const signature = await suite.finalize(
163+
publicKey,
164+
preparedMsg,
165+
(blindSignature as publicVerif.TokenResponse).blindSig,
166+
invs[i]
167+
);
162168

163169
const isValid = await suite.verify(publicKey, signature, preparedMsg);
164170
expect(isValid).toBe(true);

0 commit comments

Comments
 (0)