Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
_makeCodeChallenge(codeVrifier) {
// calculate SHA-256 hash
const hashEncoder = new jsSHA('SHA-256', 'TEXT');
hashEncoder.update(codeVrifier);
// Base64 encoding and Remove any trailing '='
let codeChallenge = hashEncoder.getHash('B64').split('=')[0];
// Replace enable url charactor for Base64url
codeChallenge = codeChallenge.replace(/\+/g, '-');
codeChallenge = codeChallenge.replace(/\//g, '_');
return codeChallenge;
}
}
async handler (request) {
try {
const shaObj = new JsSHA('SHA-1', 'TEXT')
shaObj.setHMACKey(SYSTEM.TOKEN, 'TEXT')
shaObj.update(JSON.stringify(request.payload))
const hash = shaObj.getHMAC('HEX')
if (request.headers && request.headers['x-hub-signature'] === 'sha1=' + hash) {
const updateCodeRes = await gitCodeUpdate(SYSTEM.BUILD_TYPE)
if (updateCodeRes) {
const packageJson = JSON.parse(fs.readFileSync(path.join(sourcePath, 'package.json'), 'utf-8'))
if (packageJson && packageJson.name && packageJson.version) {
const name = packageJson.name
const version = packageJson.version
if (SYSTEM.BUILD_TYPE.includes('mac')) {
macBuild(name, version) // async
await sleep(500)
}
public static getOTP(secret): string {
try {
const epoch = Math.round(new Date().getTime() / 1000.0);
const time = this.leftpad(this.dec2hex(Math.floor(epoch / 30)), 16, '0');
const shaObj = new JsSHA('SHA-1', 'HEX');
shaObj.setHMACKey(this.base32tohex(secret), 'HEX');
shaObj.update(time);
const hmac = shaObj.getHMAC('HEX');
const offset = this.hex2dec(hmac.substring(hmac.length - 1));
let otp = (TOTP.hex2dec(hmac.substr(offset * 2, 8)) & this.hex2dec('7fffffff')) + '';
otp = (otp).substr(otp.length - 6, 6);
return otp;
} catch (err) {
throw new Error('One-Time-Password could not be calcualted: ' + err);
}
}
export function buildHMAC(password) {
const time = Math.floor(Date.now() / 1000);
let shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.update(password);
const key = shaObj.getHash("HEX");
shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.update(time + key);
return {
time: time,
passphrase: shaObj.getHash("HEX"),
};
}
sha256(string) {
const shaObj = new Sha('SHA-256', 'HEX');
shaObj.update(string);
return shaObj.getHash('HEX');
},
export function buildHMAC(password) {
const time = Math.floor(Date.now() / 1000);
let shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.update(password);
const key = shaObj.getHash("HEX");
shaObj = new jsSHA("SHA-256", "TEXT");
shaObj.update(time + key);
return {
time: time,
passphrase: shaObj.getHash("HEX"),
};
}
export default ({body, timestamp, secretKey}) => {
const shaObj = new JSSHA('SHA-512', 'TEXT')
shaObj.setHMACKey(secretKey, 'TEXT')
shaObj.update(timestamp + body)
return shaObj.getHMAC('HEX')
}
sha256(hexString) {
const sha = new SHA('SHA-256', 'HEX');
sha.update(hexString);
return sha.getHash('HEX');
},
};
sha256(string) {
const shaObj = new Sha('SHA-256', 'HEX');
shaObj.update(string);
return shaObj.getHash('HEX');
},
base58ToHex(string) {
protected _createToken(
expiry: number,
audience: string,
hashInput?: string | Buffer
): AccessToken {
audience = encodeURIComponent(audience);
const keyName = encodeURIComponent(this.keyName);
const stringToSign = audience + "\n" + expiry;
hashInput = hashInput || this.key;
let shaObj: any;
if (isBuffer(hashInput)) {
shaObj = new jssha("SHA-256", "ARRAYBUFFER");
shaObj.setHMACKey(hashInput, "ARRAYBUFFER");
shaObj.update(Buffer.from(stringToSign));
} else {
shaObj = new jssha("SHA-256", "TEXT");
shaObj.setHMACKey(hashInput, "TEXT");
shaObj.update(stringToSign);
}
const sig = encodeURIComponent(shaObj.getHMAC("B64"));
return {
token: `SharedAccessSignature sr=${audience}&sig=${sig}&se=${expiry}&skn=${keyName}`,
expiresOnTimestamp: expiry
};
}