From 4cdcc7a85d5a482fe53bd73094ad55a43631744b Mon Sep 17 00:00:00 2001 From: Kilian Panot Date: Thu, 29 Aug 2024 19:27:34 +0900 Subject: [PATCH] feat(sdk-core): migrate middleware auth plugin to ES6 crypto base --- packages/@ama-sdk/core/src/plugins/index.ts | 1 + .../mgw-mdw-auth/mgw-mdw-auth.request.ts | 28 ++++++++----------- .../plugins/mgw-mdw-auth/mgw-mdw-auth.spec.ts | 2 +- 3 files changed, 13 insertions(+), 18 deletions(-) diff --git a/packages/@ama-sdk/core/src/plugins/index.ts b/packages/@ama-sdk/core/src/plugins/index.ts index 09d7dce2a3..479b178ab5 100644 --- a/packages/@ama-sdk/core/src/plugins/index.ts +++ b/packages/@ama-sdk/core/src/plugins/index.ts @@ -12,6 +12,7 @@ export * from './fetch-cache/index'; export * from './fetch-credentials/index'; export * from './json-token/index'; export * from './keepalive/index'; +export * from './mgw-mdw-auth/index'; export * from './mock-intercept/index'; export * from './perf-metric/index'; export * from './pii-tokenizer/index'; diff --git a/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.request.ts b/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.request.ts index ea353d6f45..2e6f04beda 100644 --- a/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.request.ts +++ b/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.request.ts @@ -1,7 +1,6 @@ import { v4 } from 'uuid'; import { base64EncodeUrl, createBase64Encoder, createBase64UrlEncoder } from '../../utils/json-token'; import { PluginRunner, RequestOptions, RequestPlugin } from '../core'; -import type { createHmac as createHmacType, webcrypto } from 'node:crypto'; /** @@ -10,9 +9,7 @@ import type { createHmac as createHmacType, webcrypto } from 'node:crypto'; */ export async function sha256(value: string) { const utf8 = new TextEncoder().encode(value); - // TODO: Use new Ecmascript crypto feature to avoid "require" call (issue #2110) - // eslint-disable-next-line @typescript-eslint/no-require-imports - const hashBuffer = await (globalThis.crypto || (require('node:crypto').webcrypto as typeof webcrypto)).subtle.digest('SHA-256', utf8); + const hashBuffer = await crypto.subtle.digest('SHA-256', utf8); const hashArray = Array.from(new Uint8Array(hashBuffer)); const hashHex = hashArray .map((bytes) => bytes.toString(16).padStart(2, '0')) @@ -27,17 +24,14 @@ export async function sha256(value: string) { * @param value Value to hash * @param secretKey Secret cryptographic key */ -export function hmacSHA256(value: string, secretKey: string) { - try { - // TODO: Use new Ecmascript crypto feature to avoid "require" call (issue #2110) - // eslint-disable-next-line @typescript-eslint/no-require-imports - const { createHmac }: { createHmac: typeof createHmacType } = require('node:crypto'); - return createHmac('sha256', secretKey) - .update(value, 'latin1') - .digest('base64'); - } catch (err) { - throw new Error('Crypto module is not available.'); - } +export async function hmacSHA256(value: string, secretKey: string) { + const enc = new TextEncoder(); + const algorithm = { name: 'HMAC', hash: 'SHA-256' }; + + const key = await crypto.subtle.importKey('raw', enc.encode(secretKey), algorithm, false, ['sign', 'verify']); + const signature = await crypto.subtle.sign(algorithm.name, key, enc.encode(value)); + const digest = btoa(String.fromCharCode(...new Uint8Array(signature))); + return digest; } /** @@ -230,9 +224,9 @@ export class MicroGatewayMiddlewareAuthenticationRequest implements RequestPlugi * @param payload JWT payload * @param secretKey secret key used to generate the signature */ - private sign(payload: JsonTokenPayload, secretKey: string) { + private async sign(payload: JsonTokenPayload, secretKey: string) { const message = `${this.base64UrlEncoder(JSON.stringify(jwsHeader))}.${this.base64UrlEncoder(JSON.stringify(payload))}`; - const signature = hmacSHA256(message, secretKey); + const signature = await hmacSHA256(message, secretKey); const encodedSignature = base64EncodeUrl(signature); return `${message}.${encodedSignature}`; } diff --git a/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.spec.ts b/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.spec.ts index d83b44dbb0..77cd9a54b3 100644 --- a/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.spec.ts +++ b/packages/@ama-sdk/core/src/plugins/mgw-mdw-auth/mgw-mdw-auth.spec.ts @@ -124,7 +124,7 @@ describe('JSON auth token request plugin', () => { const secretKey = await sha256(jsonAuthTokenOptions.apiKey + (await sha256(jsonAuthTokenOptions.secret + payload.jti + payload.iat + routePath))); // eslint-disable-next-line @typescript-eslint/restrict-template-expressions const message = `${base64UrlEncoder(JSON.stringify(header))}.${base64UrlEncoder(JSON.stringify(payload))}`; - const signCheck = base64EncodeUrl(hmacSHA256(message, secretKey)); + const signCheck = base64EncodeUrl(await hmacSHA256(message, secretKey)); expect(signature).toEqual(signCheck); });