diff --git a/relay/coverage/base.css b/relay/coverage/base.css deleted file mode 100644 index f418035b..00000000 --- a/relay/coverage/base.css +++ /dev/null @@ -1,224 +0,0 @@ -body, html { - margin:0; padding: 0; - height: 100%; -} -body { - font-family: Helvetica Neue, Helvetica, Arial; - font-size: 14px; - color:#333; -} -.small { font-size: 12px; } -*, *:after, *:before { - -webkit-box-sizing:border-box; - -moz-box-sizing:border-box; - box-sizing:border-box; - } -h1 { font-size: 20px; margin: 0;} -h2 { font-size: 14px; } -pre { - font: 12px/1.4 Consolas, "Liberation Mono", Menlo, Courier, monospace; - margin: 0; - padding: 0; - -moz-tab-size: 2; - -o-tab-size: 2; - tab-size: 2; -} -a { color:#0074D9; text-decoration:none; } -a:hover { text-decoration:underline; } -.strong { font-weight: bold; } -.space-top1 { padding: 10px 0 0 0; } -.pad2y { padding: 20px 0; } -.pad1y { padding: 10px 0; } -.pad2x { padding: 0 20px; } -.pad2 { padding: 20px; } -.pad1 { padding: 10px; } -.space-left2 { padding-left:55px; } -.space-right2 { padding-right:20px; } -.center { text-align:center; } -.clearfix { display:block; } -.clearfix:after { - content:''; - display:block; - height:0; - clear:both; - visibility:hidden; - } -.fl { float: left; } -@media only screen and (max-width:640px) { - .col3 { width:100%; max-width:100%; } - .hide-mobile { display:none!important; } -} - -.quiet { - color: #7f7f7f; - color: rgba(0,0,0,0.5); -} -.quiet a { opacity: 0.7; } - -.fraction { - font-family: Consolas, 'Liberation Mono', Menlo, Courier, monospace; - font-size: 10px; - color: #555; - background: #E8E8E8; - padding: 4px 5px; - border-radius: 3px; - vertical-align: middle; -} - -div.path a:link, div.path a:visited { color: #333; } -table.coverage { - border-collapse: collapse; - margin: 10px 0 0 0; - padding: 0; -} - -table.coverage td { - margin: 0; - padding: 0; - vertical-align: top; -} -table.coverage td.line-count { - text-align: right; - padding: 0 5px 0 20px; -} -table.coverage td.line-coverage { - text-align: right; - padding-right: 10px; - min-width:20px; -} - -table.coverage td span.cline-any { - display: inline-block; - padding: 0 5px; - width: 100%; -} -.missing-if-branch { - display: inline-block; - margin-right: 5px; - border-radius: 3px; - position: relative; - padding: 0 4px; - background: #333; - color: yellow; -} - -.skip-if-branch { - display: none; - margin-right: 10px; - position: relative; - padding: 0 4px; - background: #ccc; - color: white; -} -.missing-if-branch .typ, .skip-if-branch .typ { - color: inherit !important; -} -.coverage-summary { - border-collapse: collapse; - width: 100%; -} -.coverage-summary tr { border-bottom: 1px solid #bbb; } -.keyline-all { border: 1px solid #ddd; } -.coverage-summary td, .coverage-summary th { padding: 10px; } -.coverage-summary tbody { border: 1px solid #bbb; } -.coverage-summary td { border-right: 1px solid #bbb; } -.coverage-summary td:last-child { border-right: none; } -.coverage-summary th { - text-align: left; - font-weight: normal; - white-space: nowrap; -} -.coverage-summary th.file { border-right: none !important; } -.coverage-summary th.pct { } -.coverage-summary th.pic, -.coverage-summary th.abs, -.coverage-summary td.pct, -.coverage-summary td.abs { text-align: right; } -.coverage-summary td.file { white-space: nowrap; } -.coverage-summary td.pic { min-width: 120px !important; } -.coverage-summary tfoot td { } - -.coverage-summary .sorter { - height: 10px; - width: 7px; - display: inline-block; - margin-left: 0.5em; - background: url(sort-arrow-sprite.png) no-repeat scroll 0 0 transparent; -} -.coverage-summary .sorted .sorter { - background-position: 0 -20px; -} -.coverage-summary .sorted-desc .sorter { - background-position: 0 -10px; -} -.status-line { height: 10px; } -/* yellow */ -.cbranch-no { background: yellow !important; color: #111; } -/* dark red */ -.red.solid, .status-line.low, .low .cover-fill { background:#C21F39 } -.low .chart { border:1px solid #C21F39 } -.highlighted, -.highlighted .cstat-no, .highlighted .fstat-no, .highlighted .cbranch-no{ - background: #C21F39 !important; -} -/* medium red */ -.cstat-no, .fstat-no, .cbranch-no, .cbranch-no { background:#F6C6CE } -/* light red */ -.low, .cline-no { background:#FCE1E5 } -/* light green */ -.high, .cline-yes { background:rgb(230,245,208) } -/* medium green */ -.cstat-yes { background:rgb(161,215,106) } -/* dark green */ -.status-line.high, .high .cover-fill { background:rgb(77,146,33) } -.high .chart { border:1px solid rgb(77,146,33) } -/* dark yellow (gold) */ -.status-line.medium, .medium .cover-fill { background: #f9cd0b; } -.medium .chart { border:1px solid #f9cd0b; } -/* light yellow */ -.medium { background: #fff4c2; } - -.cstat-skip { background: #ddd; color: #111; } -.fstat-skip { background: #ddd; color: #111 !important; } -.cbranch-skip { background: #ddd !important; color: #111; } - -span.cline-neutral { background: #eaeaea; } - -.coverage-summary td.empty { - opacity: .5; - padding-top: 4px; - padding-bottom: 4px; - line-height: 1; - color: #888; -} - -.cover-fill, .cover-empty { - display:inline-block; - height: 12px; -} -.chart { - line-height: 0; -} -.cover-empty { - background: white; -} -.cover-full { - border-right: none !important; -} -pre.prettyprint { - border: none !important; - padding: 0 !important; - margin: 0 !important; -} -.com { color: #999 !important; } -.ignore-none { color: #999; font-weight: normal; } - -.wrapper { - min-height: 100%; - height: auto !important; - height: 100%; - margin: 0 auto -48px; -} -.footer, .push { - height: 48px; -} diff --git a/relay/coverage/block-navigation.js b/relay/coverage/block-navigation.js deleted file mode 100644 index 530d1ed2..00000000 --- a/relay/coverage/block-navigation.js +++ /dev/null @@ -1,87 +0,0 @@ -/* eslint-disable */ -var jumpToCode = (function init() { - // Classes of code we would like to highlight in the file view - var missingCoverageClasses = ['.cbranch-no', '.cstat-no', '.fstat-no']; - - // Elements to highlight in the file listing view - var fileListingElements = ['td.pct.low']; - - // We don't want to select elements that are direct descendants of another match - var notSelector = ':not(' + missingCoverageClasses.join('):not(') + ') > '; // becomes `:not(a):not(b) > ` - - // Selector that finds elements on the page to which we can jump - var selector = - fileListingElements.join(', ') + - ', ' + - notSelector + - missingCoverageClasses.join(', ' + notSelector); // becomes `:not(a):not(b) > a, :not(a):not(b) > b` - - // The NodeList of matching elements - var missingCoverageElements = document.querySelectorAll(selector); - - var currentIndex; - - function toggleClass(index) { - missingCoverageElements - .item(currentIndex) - .classList.remove('highlighted'); - missingCoverageElements.item(index).classList.add('highlighted'); - } - - function makeCurrent(index) { - toggleClass(index); - currentIndex = index; - missingCoverageElements.item(index).scrollIntoView({ - behavior: 'smooth', - block: 'center', - inline: 'center' - }); - } - - function goToPrevious() { - var nextIndex = 0; - if (typeof currentIndex !== 'number' || currentIndex === 0) { - nextIndex = missingCoverageElements.length - 1; - } else if (missingCoverageElements.length > 1) { - nextIndex = currentIndex - 1; - } - - makeCurrent(nextIndex); - } - - function goToNext() { - var nextIndex = 0; - - if ( - typeof currentIndex === 'number' && - currentIndex < missingCoverageElements.length - 1 - ) { - nextIndex = currentIndex + 1; - } - - makeCurrent(nextIndex); - } - - return function jump(event) { - if ( - document.getElementById('fileSearch') === document.activeElement && - document.activeElement != null - ) { - // if we're currently focused on the search input, we don't want to navigate - return; - } - - switch (event.which) { - case 78: // n - case 74: // j - goToNext(); - break; - case 66: // b - case 75: // k - case 80: // p - goToPrevious(); - break; - } - }; -})(); -window.addEventListener('keydown', jumpToCode); diff --git a/relay/coverage/favicon.png b/relay/coverage/favicon.png deleted file mode 100644 index c1525b81..00000000 Binary files a/relay/coverage/favicon.png and /dev/null differ diff --git a/relay/coverage/index.html b/relay/coverage/index.html deleted file mode 100644 index a0f8d836..00000000 --- a/relay/coverage/index.html +++ /dev/null @@ -1,191 +0,0 @@ - - - - - - Code coverage report for All files - - - - - - - - - -
-
-

All files

-
- -
- 10.95% - Statements - 892/8144 -
- - -
- 44.96% - Branches - 67/149 -
- - -
- 25.53% - Functions - 24/94 -
- - -
- 10.95% - Lines - 892/8144 -
- - -
-

- Press n or j to go to the next uncovered block, b, p or k for the previous block. -

- -
-
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
FileStatementsBranchesFunctionsLines
src -
-
0%0/6950%0/10%0/10%0/695
src/config -
-
91.86%113/12315.38%6/39100%0/091.86%113/123
src/middleware -
-
19.78%56/28385%17/2036.36%4/1119.78%56/283
src/routes -
-
17.58%445/253152.63%30/5736.36%8/2217.58%445/2531
src/routes/ipfs -
-
8.9%155/1740100%5/520%3/158.9%155/1740
src/utils -
-
4.43%123/277233.33%9/2720%9/454.43%123/2772
-
-
-
- - - - - - - - \ No newline at end of file diff --git a/relay/coverage/prettify.css b/relay/coverage/prettify.css deleted file mode 100644 index b317a7cd..00000000 --- a/relay/coverage/prettify.css +++ /dev/null @@ -1 +0,0 @@ -.pln{color:#000}@media screen{.str{color:#080}.kwd{color:#008}.com{color:#800}.typ{color:#606}.lit{color:#066}.pun,.opn,.clo{color:#660}.tag{color:#008}.atn{color:#606}.atv{color:#080}.dec,.var{color:#606}.fun{color:red}}@media print,projection{.str{color:#060}.kwd{color:#006;font-weight:bold}.com{color:#600;font-style:italic}.typ{color:#404;font-weight:bold}.lit{color:#044}.pun,.opn,.clo{color:#440}.tag{color:#006;font-weight:bold}.atn{color:#404}.atv{color:#060}}pre.prettyprint{padding:2px;border:1px solid #888}ol.linenums{margin-top:0;margin-bottom:0}li.L0,li.L1,li.L2,li.L3,li.L5,li.L6,li.L7,li.L8{list-style-type:none}li.L1,li.L3,li.L5,li.L7,li.L9{background:#eee} diff --git a/relay/coverage/prettify.js b/relay/coverage/prettify.js deleted file mode 100644 index b3225238..00000000 --- a/relay/coverage/prettify.js +++ /dev/null @@ -1,2 +0,0 @@ -/* eslint-disable */ -window.PR_SHOULD_USE_CONTINUATION=true;(function(){var h=["break,continue,do,else,for,if,return,while"];var u=[h,"auto,case,char,const,default,double,enum,extern,float,goto,int,long,register,short,signed,sizeof,static,struct,switch,typedef,union,unsigned,void,volatile"];var p=[u,"catch,class,delete,false,import,new,operator,private,protected,public,this,throw,true,try,typeof"];var l=[p,"alignof,align_union,asm,axiom,bool,concept,concept_map,const_cast,constexpr,decltype,dynamic_cast,explicit,export,friend,inline,late_check,mutable,namespace,nullptr,reinterpret_cast,static_assert,static_cast,template,typeid,typename,using,virtual,where"];var x=[p,"abstract,boolean,byte,extends,final,finally,implements,import,instanceof,null,native,package,strictfp,super,synchronized,throws,transient"];var R=[x,"as,base,by,checked,decimal,delegate,descending,dynamic,event,fixed,foreach,from,group,implicit,in,interface,internal,into,is,lock,object,out,override,orderby,params,partial,readonly,ref,sbyte,sealed,stackalloc,string,select,uint,ulong,unchecked,unsafe,ushort,var"];var r="all,and,by,catch,class,else,extends,false,finally,for,if,in,is,isnt,loop,new,no,not,null,of,off,on,or,return,super,then,true,try,unless,until,when,while,yes";var w=[p,"debugger,eval,export,function,get,null,set,undefined,var,with,Infinity,NaN"];var s="caller,delete,die,do,dump,elsif,eval,exit,foreach,for,goto,if,import,last,local,my,next,no,our,print,package,redo,require,sub,undef,unless,until,use,wantarray,while,BEGIN,END";var I=[h,"and,as,assert,class,def,del,elif,except,exec,finally,from,global,import,in,is,lambda,nonlocal,not,or,pass,print,raise,try,with,yield,False,True,None"];var f=[h,"alias,and,begin,case,class,def,defined,elsif,end,ensure,false,in,module,next,nil,not,or,redo,rescue,retry,self,super,then,true,undef,unless,until,when,yield,BEGIN,END"];var H=[h,"case,done,elif,esac,eval,fi,function,in,local,set,then,until"];var A=[l,R,w,s+I,f,H];var e=/^(DIR|FILE|vector|(de|priority_)?queue|list|stack|(const_)?iterator|(multi)?(set|map)|bitset|u?(int|float)\d*)/;var C="str";var z="kwd";var j="com";var O="typ";var G="lit";var L="pun";var F="pln";var m="tag";var E="dec";var J="src";var P="atn";var n="atv";var N="nocode";var M="(?:^^\\.?|[+-]|\\!|\\!=|\\!==|\\#|\\%|\\%=|&|&&|&&=|&=|\\(|\\*|\\*=|\\+=|\\,|\\-=|\\->|\\/|\\/=|:|::|\\;|<|<<|<<=|<=|=|==|===|>|>=|>>|>>=|>>>|>>>=|\\?|\\@|\\[|\\^|\\^=|\\^\\^|\\^\\^=|\\{|\\||\\|=|\\|\\||\\|\\|=|\\~|break|case|continue|delete|do|else|finally|instanceof|return|throw|try|typeof)\\s*";function k(Z){var ad=0;var S=false;var ac=false;for(var V=0,U=Z.length;V122)){if(!(al<65||ag>90)){af.push([Math.max(65,ag)|32,Math.min(al,90)|32])}if(!(al<97||ag>122)){af.push([Math.max(97,ag)&~32,Math.min(al,122)&~32])}}}}af.sort(function(av,au){return(av[0]-au[0])||(au[1]-av[1])});var ai=[];var ap=[NaN,NaN];for(var ar=0;arat[0]){if(at[1]+1>at[0]){an.push("-")}an.push(T(at[1]))}}an.push("]");return an.join("")}function W(al){var aj=al.source.match(new RegExp("(?:\\[(?:[^\\x5C\\x5D]|\\\\[\\s\\S])*\\]|\\\\u[A-Fa-f0-9]{4}|\\\\x[A-Fa-f0-9]{2}|\\\\[0-9]+|\\\\[^ux0-9]|\\(\\?[:!=]|[\\(\\)\\^]|[^\\x5B\\x5C\\(\\)\\^]+)","g"));var ah=aj.length;var an=[];for(var ak=0,am=0;ak=2&&ai==="["){aj[ak]=X(ag)}else{if(ai!=="\\"){aj[ak]=ag.replace(/[a-zA-Z]/g,function(ao){var ap=ao.charCodeAt(0);return"["+String.fromCharCode(ap&~32,ap|32)+"]"})}}}}return aj.join("")}var aa=[];for(var V=0,U=Z.length;V=0;){S[ac.charAt(ae)]=Y}}var af=Y[1];var aa=""+af;if(!ag.hasOwnProperty(aa)){ah.push(af);ag[aa]=null}}ah.push(/[\0-\uffff]/);V=k(ah)})();var X=T.length;var W=function(ah){var Z=ah.sourceCode,Y=ah.basePos;var ad=[Y,F];var af=0;var an=Z.match(V)||[];var aj={};for(var ae=0,aq=an.length;ae=5&&"lang-"===ap.substring(0,5);if(am&&!(ai&&typeof ai[1]==="string")){am=false;ap=J}if(!am){aj[ag]=ap}}var ab=af;af+=ag.length;if(!am){ad.push(Y+ab,ap)}else{var al=ai[1];var ak=ag.indexOf(al);var ac=ak+al.length;if(ai[2]){ac=ag.length-ai[2].length;ak=ac-al.length}var ar=ap.substring(5);B(Y+ab,ag.substring(0,ak),W,ad);B(Y+ab+ak,al,q(ar,al),ad);B(Y+ab+ac,ag.substring(ac),W,ad)}}ah.decorations=ad};return W}function i(T){var W=[],S=[];if(T.tripleQuotedStrings){W.push([C,/^(?:\'\'\'(?:[^\'\\]|\\[\s\S]|\'{1,2}(?=[^\']))*(?:\'\'\'|$)|\"\"\"(?:[^\"\\]|\\[\s\S]|\"{1,2}(?=[^\"]))*(?:\"\"\"|$)|\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$))/,null,"'\""])}else{if(T.multiLineStrings){W.push([C,/^(?:\'(?:[^\\\']|\\[\s\S])*(?:\'|$)|\"(?:[^\\\"]|\\[\s\S])*(?:\"|$)|\`(?:[^\\\`]|\\[\s\S])*(?:\`|$))/,null,"'\"`"])}else{W.push([C,/^(?:\'(?:[^\\\'\r\n]|\\.)*(?:\'|$)|\"(?:[^\\\"\r\n]|\\.)*(?:\"|$))/,null,"\"'"])}}if(T.verbatimStrings){S.push([C,/^@\"(?:[^\"]|\"\")*(?:\"|$)/,null])}var Y=T.hashComments;if(Y){if(T.cStyleComments){if(Y>1){W.push([j,/^#(?:##(?:[^#]|#(?!##))*(?:###|$)|.*)/,null,"#"])}else{W.push([j,/^#(?:(?:define|elif|else|endif|error|ifdef|include|ifndef|line|pragma|undef|warning)\b|[^\r\n]*)/,null,"#"])}S.push([C,/^<(?:(?:(?:\.\.\/)*|\/?)(?:[\w-]+(?:\/[\w-]+)+)?[\w-]+\.h|[a-z]\w*)>/,null])}else{W.push([j,/^#[^\r\n]*/,null,"#"])}}if(T.cStyleComments){S.push([j,/^\/\/[^\r\n]*/,null]);S.push([j,/^\/\*[\s\S]*?(?:\*\/|$)/,null])}if(T.regexLiterals){var X=("/(?=[^/*])(?:[^/\\x5B\\x5C]|\\x5C[\\s\\S]|\\x5B(?:[^\\x5C\\x5D]|\\x5C[\\s\\S])*(?:\\x5D|$))+/");S.push(["lang-regex",new RegExp("^"+M+"("+X+")")])}var V=T.types;if(V){S.push([O,V])}var U=(""+T.keywords).replace(/^ | $/g,"");if(U.length){S.push([z,new RegExp("^(?:"+U.replace(/[\s,]+/g,"|")+")\\b"),null])}W.push([F,/^\s+/,null," \r\n\t\xA0"]);S.push([G,/^@[a-z_$][a-z_$@0-9]*/i,null],[O,/^(?:[@_]?[A-Z]+[a-z][A-Za-z_$@0-9]*|\w+_t\b)/,null],[F,/^[a-z_$][a-z_$@0-9]*/i,null],[G,new RegExp("^(?:0x[a-f0-9]+|(?:\\d(?:_\\d+)*\\d*(?:\\.\\d*)?|\\.\\d\\+)(?:e[+\\-]?\\d+)?)[a-z]*","i"),null,"0123456789"],[F,/^\\[\s\S]?/,null],[L,/^.[^\s\w\.$@\'\"\`\/\#\\]*/,null]);return g(W,S)}var K=i({keywords:A,hashComments:true,cStyleComments:true,multiLineStrings:true,regexLiterals:true});function Q(V,ag){var U=/(?:^|\s)nocode(?:\s|$)/;var ab=/\r\n?|\n/;var ac=V.ownerDocument;var S;if(V.currentStyle){S=V.currentStyle.whiteSpace}else{if(window.getComputedStyle){S=ac.defaultView.getComputedStyle(V,null).getPropertyValue("white-space")}}var Z=S&&"pre"===S.substring(0,3);var af=ac.createElement("LI");while(V.firstChild){af.appendChild(V.firstChild)}var W=[af];function ae(al){switch(al.nodeType){case 1:if(U.test(al.className)){break}if("BR"===al.nodeName){ad(al);if(al.parentNode){al.parentNode.removeChild(al)}}else{for(var an=al.firstChild;an;an=an.nextSibling){ae(an)}}break;case 3:case 4:if(Z){var am=al.nodeValue;var aj=am.match(ab);if(aj){var ai=am.substring(0,aj.index);al.nodeValue=ai;var ah=am.substring(aj.index+aj[0].length);if(ah){var ak=al.parentNode;ak.insertBefore(ac.createTextNode(ah),al.nextSibling)}ad(al);if(!ai){al.parentNode.removeChild(al)}}}break}}function ad(ak){while(!ak.nextSibling){ak=ak.parentNode;if(!ak){return}}function ai(al,ar){var aq=ar?al.cloneNode(false):al;var ao=al.parentNode;if(ao){var ap=ai(ao,1);var an=al.nextSibling;ap.appendChild(aq);for(var am=an;am;am=an){an=am.nextSibling;ap.appendChild(am)}}return aq}var ah=ai(ak.nextSibling,0);for(var aj;(aj=ah.parentNode)&&aj.nodeType===1;){ah=aj}W.push(ah)}for(var Y=0;Y=S){ah+=2}if(V>=ap){Z+=2}}}var t={};function c(U,V){for(var S=V.length;--S>=0;){var T=V[S];if(!t.hasOwnProperty(T)){t[T]=U}else{if(window.console){console.warn("cannot override language handler %s",T)}}}}function q(T,S){if(!(T&&t.hasOwnProperty(T))){T=/^\s*]*(?:>|$)/],[j,/^<\!--[\s\S]*?(?:-\->|$)/],["lang-",/^<\?([\s\S]+?)(?:\?>|$)/],["lang-",/^<%([\s\S]+?)(?:%>|$)/],[L,/^(?:<[%?]|[%?]>)/],["lang-",/^]*>([\s\S]+?)<\/xmp\b[^>]*>/i],["lang-js",/^]*>([\s\S]*?)(<\/script\b[^>]*>)/i],["lang-css",/^]*>([\s\S]*?)(<\/style\b[^>]*>)/i],["lang-in.tag",/^(<\/?[a-z][^<>]*>)/i]]),["default-markup","htm","html","mxml","xhtml","xml","xsl"]);c(g([[F,/^[\s]+/,null," \t\r\n"],[n,/^(?:\"[^\"]*\"?|\'[^\']*\'?)/,null,"\"'"]],[[m,/^^<\/?[a-z](?:[\w.:-]*\w)?|\/?>$/i],[P,/^(?!style[\s=]|on)[a-z](?:[\w:-]*\w)?/i],["lang-uq.val",/^=\s*([^>\'\"\s]*(?:[^>\'\"\s\/]|\/(?=\s)))/],[L,/^[=<>\/]+/],["lang-js",/^on\w+\s*=\s*\"([^\"]+)\"/i],["lang-js",/^on\w+\s*=\s*\'([^\']+)\'/i],["lang-js",/^on\w+\s*=\s*([^\"\'>\s]+)/i],["lang-css",/^style\s*=\s*\"([^\"]+)\"/i],["lang-css",/^style\s*=\s*\'([^\']+)\'/i],["lang-css",/^style\s*=\s*([^\"\'>\s]+)/i]]),["in.tag"]);c(g([],[[n,/^[\s\S]+/]]),["uq.val"]);c(i({keywords:l,hashComments:true,cStyleComments:true,types:e}),["c","cc","cpp","cxx","cyc","m"]);c(i({keywords:"null,true,false"}),["json"]);c(i({keywords:R,hashComments:true,cStyleComments:true,verbatimStrings:true,types:e}),["cs"]);c(i({keywords:x,cStyleComments:true}),["java"]);c(i({keywords:H,hashComments:true,multiLineStrings:true}),["bsh","csh","sh"]);c(i({keywords:I,hashComments:true,multiLineStrings:true,tripleQuotedStrings:true}),["cv","py"]);c(i({keywords:s,hashComments:true,multiLineStrings:true,regexLiterals:true}),["perl","pl","pm"]);c(i({keywords:f,hashComments:true,multiLineStrings:true,regexLiterals:true}),["rb"]);c(i({keywords:w,cStyleComments:true,regexLiterals:true}),["js"]);c(i({keywords:r,hashComments:3,cStyleComments:true,multilineStrings:true,tripleQuotedStrings:true,regexLiterals:true}),["coffee"]);c(g([],[[C,/^[\s\S]+/]]),["regex"]);function d(V){var U=V.langExtension;try{var S=a(V.sourceNode);var T=S.sourceCode;V.sourceCode=T;V.spans=S.spans;V.basePos=0;q(U,T)(V);D(V)}catch(W){if("console" in window){console.log(W&&W.stack?W.stack:W)}}}function y(W,V,U){var S=document.createElement("PRE");S.innerHTML=W;if(U){Q(S,U)}var T={langExtension:V,numberLines:U,sourceNode:S};d(T);return S.innerHTML}function b(ad){function Y(af){return document.getElementsByTagName(af)}var ac=[Y("pre"),Y("code"),Y("xmp")];var T=[];for(var aa=0;aa=0){var ah=ai.match(ab);var am;if(!ah&&(am=o(aj))&&"CODE"===am.tagName){ah=am.className.match(ab)}if(ah){ah=ah[1]}var al=false;for(var ak=aj.parentNode;ak;ak=ak.parentNode){if((ak.tagName==="pre"||ak.tagName==="code"||ak.tagName==="xmp")&&ak.className&&ak.className.indexOf("prettyprint")>=0){al=true;break}}if(!al){var af=aj.className.match(/\blinenums\b(?::(\d+))?/);af=af?af[1]&&af[1].length?+af[1]:true:false;if(af){Q(aj,af)}S={langExtension:ah,sourceNode:aj,numberLines:af};d(S)}}}if(X]*(?:>|$)/],[PR.PR_COMMENT,/^<\!--[\s\S]*?(?:-\->|$)/],[PR.PR_PUNCTUATION,/^(?:<[%?]|[%?]>)/],["lang-",/^<\?([\s\S]+?)(?:\?>|$)/],["lang-",/^<%([\s\S]+?)(?:%>|$)/],["lang-",/^]*>([\s\S]+?)<\/xmp\b[^>]*>/i],["lang-handlebars",/^]*type\s*=\s*['"]?text\/x-handlebars-template['"]?\b[^>]*>([\s\S]*?)(<\/script\b[^>]*>)/i],["lang-js",/^]*>([\s\S]*?)(<\/script\b[^>]*>)/i],["lang-css",/^]*>([\s\S]*?)(<\/style\b[^>]*>)/i],["lang-in.tag",/^(<\/?[a-z][^<>]*>)/i],[PR.PR_DECLARATION,/^{{[#^>/]?\s*[\w.][^}]*}}/],[PR.PR_DECLARATION,/^{{&?\s*[\w.][^}]*}}/],[PR.PR_DECLARATION,/^{{{>?\s*[\w.][^}]*}}}/],[PR.PR_COMMENT,/^{{![^}]*}}/]]),["handlebars","hbs"]);PR.registerLangHandler(PR.createSimpleLexer([[PR.PR_PLAIN,/^[ \t\r\n\f]+/,null," \t\r\n\f"]],[[PR.PR_STRING,/^\"(?:[^\n\r\f\\\"]|\\(?:\r\n?|\n|\f)|\\[\s\S])*\"/,null],[PR.PR_STRING,/^\'(?:[^\n\r\f\\\']|\\(?:\r\n?|\n|\f)|\\[\s\S])*\'/,null],["lang-css-str",/^url\(([^\)\"\']*)\)/i],[PR.PR_KEYWORD,/^(?:url|rgb|\!important|@import|@page|@media|@charset|inherit)(?=[^\-\w]|$)/i,null],["lang-css-kw",/^(-?(?:[_a-z]|(?:\\[0-9a-f]+ ?))(?:[_a-z0-9\-]|\\(?:\\[0-9a-f]+ ?))*)\s*:/i],[PR.PR_COMMENT,/^\/\*[^*]*\*+(?:[^\/*][^*]*\*+)*\//],[PR.PR_COMMENT,/^(?:)/],[PR.PR_LITERAL,/^(?:\d+|\d*\.\d+)(?:%|[a-z]+)?/i],[PR.PR_LITERAL,/^#(?:[0-9a-f]{3}){1,2}/i],[PR.PR_PLAIN,/^-?(?:[_a-z]|(?:\\[\da-f]+ ?))(?:[_a-z\d\-]|\\(?:\\[\da-f]+ ?))*/i],[PR.PR_PUNCTUATION,/^[^\s\w\'\"]+/]]),["css"]);PR.registerLangHandler(PR.createSimpleLexer([],[[PR.PR_KEYWORD,/^-?(?:[_a-z]|(?:\\[\da-f]+ ?))(?:[_a-z\d\-]|\\(?:\\[\da-f]+ ?))*/i]]),["css-kw"]);PR.registerLangHandler(PR.createSimpleLexer([],[[PR.PR_STRING,/^[^\)\"\']+/]]),["css-str"]); diff --git a/relay/coverage/sort-arrow-sprite.png b/relay/coverage/sort-arrow-sprite.png deleted file mode 100644 index 6ed68316..00000000 Binary files a/relay/coverage/sort-arrow-sprite.png and /dev/null differ diff --git a/relay/coverage/sorter.js b/relay/coverage/sorter.js deleted file mode 100644 index 4ed70ae5..00000000 --- a/relay/coverage/sorter.js +++ /dev/null @@ -1,210 +0,0 @@ -/* eslint-disable */ -var addSorting = (function() { - 'use strict'; - var cols, - currentSort = { - index: 0, - desc: false - }; - - // returns the summary table element - function getTable() { - return document.querySelector('.coverage-summary'); - } - // returns the thead element of the summary table - function getTableHeader() { - return getTable().querySelector('thead tr'); - } - // returns the tbody element of the summary table - function getTableBody() { - return getTable().querySelector('tbody'); - } - // returns the th element for nth column - function getNthColumn(n) { - return getTableHeader().querySelectorAll('th')[n]; - } - - function onFilterInput() { - const searchValue = document.getElementById('fileSearch').value; - const rows = document.getElementsByTagName('tbody')[0].children; - - // Try to create a RegExp from the searchValue. If it fails (invalid regex), - // it will be treated as a plain text search - let searchRegex; - try { - searchRegex = new RegExp(searchValue, 'i'); // 'i' for case-insensitive - } catch (error) { - searchRegex = null; - } - - for (let i = 0; i < rows.length; i++) { - const row = rows[i]; - let isMatch = false; - - if (searchRegex) { - // If a valid regex was created, use it for matching - isMatch = searchRegex.test(row.textContent); - } else { - // Otherwise, fall back to the original plain text search - isMatch = row.textContent - .toLowerCase() - .includes(searchValue.toLowerCase()); - } - - row.style.display = isMatch ? '' : 'none'; - } - } - - // loads the search box - function addSearchBox() { - var template = document.getElementById('filterTemplate'); - var templateClone = template.content.cloneNode(true); - templateClone.getElementById('fileSearch').oninput = onFilterInput; - template.parentElement.appendChild(templateClone); - } - - // loads all columns - function loadColumns() { - var colNodes = getTableHeader().querySelectorAll('th'), - colNode, - cols = [], - col, - i; - - for (i = 0; i < colNodes.length; i += 1) { - colNode = colNodes[i]; - col = { - key: colNode.getAttribute('data-col'), - sortable: !colNode.getAttribute('data-nosort'), - type: colNode.getAttribute('data-type') || 'string' - }; - cols.push(col); - if (col.sortable) { - col.defaultDescSort = col.type === 'number'; - colNode.innerHTML = - colNode.innerHTML + ''; - } - } - return cols; - } - // attaches a data attribute to every tr element with an object - // of data values keyed by column name - function loadRowData(tableRow) { - var tableCols = tableRow.querySelectorAll('td'), - colNode, - col, - data = {}, - i, - val; - for (i = 0; i < tableCols.length; i += 1) { - colNode = tableCols[i]; - col = cols[i]; - val = colNode.getAttribute('data-value'); - if (col.type === 'number') { - val = Number(val); - } - data[col.key] = val; - } - return data; - } - // loads all row data - function loadData() { - var rows = getTableBody().querySelectorAll('tr'), - i; - - for (i = 0; i < rows.length; i += 1) { - rows[i].data = loadRowData(rows[i]); - } - } - // sorts the table using the data for the ith column - function sortByIndex(index, desc) { - var key = cols[index].key, - sorter = function(a, b) { - a = a.data[key]; - b = b.data[key]; - return a < b ? -1 : a > b ? 1 : 0; - }, - finalSorter = sorter, - tableBody = document.querySelector('.coverage-summary tbody'), - rowNodes = tableBody.querySelectorAll('tr'), - rows = [], - i; - - if (desc) { - finalSorter = function(a, b) { - return -1 * sorter(a, b); - }; - } - - for (i = 0; i < rowNodes.length; i += 1) { - rows.push(rowNodes[i]); - tableBody.removeChild(rowNodes[i]); - } - - rows.sort(finalSorter); - - for (i = 0; i < rows.length; i += 1) { - tableBody.appendChild(rows[i]); - } - } - // removes sort indicators for current column being sorted - function removeSortIndicators() { - var col = getNthColumn(currentSort.index), - cls = col.className; - - cls = cls.replace(/ sorted$/, '').replace(/ sorted-desc$/, ''); - col.className = cls; - } - // adds sort indicators for current column being sorted - function addSortIndicators() { - getNthColumn(currentSort.index).className += currentSort.desc - ? ' sorted-desc' - : ' sorted'; - } - // adds event listeners for all sorter widgets - function enableUI() { - var i, - el, - ithSorter = function ithSorter(i) { - var col = cols[i]; - - return function() { - var desc = col.defaultDescSort; - - if (currentSort.index === i) { - desc = !currentSort.desc; - } - sortByIndex(i, desc); - removeSortIndicators(); - currentSort.index = i; - currentSort.desc = desc; - addSortIndicators(); - }; - }; - for (i = 0; i < cols.length; i += 1) { - if (cols[i].sortable) { - // add the click event handler on the th so users - // dont have to click on those tiny arrows - el = getNthColumn(i).querySelector('.sorter').parentElement; - if (el.addEventListener) { - el.addEventListener('click', ithSorter(i)); - } else { - el.attachEvent('onclick', ithSorter(i)); - } - } - } - } - // adds sorting functionality to the UI - return function() { - if (!getTable()) { - return; - } - cols = loadColumns(); - loadData(); - addSearchBox(); - addSortIndicators(); - enableUI(); - }; -})(); - -window.addEventListener('load', addSorting); diff --git a/relay/src/config/env-config.ts b/relay/src/config/env-config.ts index 0c5cad1c..e8905064 100644 --- a/relay/src/config/env-config.ts +++ b/relay/src/config/env-config.ts @@ -99,7 +99,6 @@ export const config = { // ============================================================================ auth: { - adminPassword: process.env.ADMIN_PASSWORD, strictSessionIp: process.env.STRICT_SESSION_IP !== "false", // CORS configuration corsOrigins: process.env.CORS_ORIGINS ? process.env.CORS_ORIGINS.split(",") : ["*"], diff --git a/relay/src/index.ts b/relay/src/index.ts index 36cdcc94..e66eea69 100644 --- a/relay/src/index.ts +++ b/relay/src/index.ts @@ -36,7 +36,7 @@ import { import { startWormholeCleanup } from "./utils/wormhole-cleanup"; import { tokenAuthMiddleware } from "./middleware/token-auth"; -import { secureCompare, hashToken, createProductionErrorHandler, isOriginAllowed } from "./utils/security"; +import { secureCompare, hashToken, createProductionErrorHandler, isOriginAllowed, validateAdminToken } from "./utils/security"; import { ZEN_PATHS, getZenNode } from "./utils/zen-paths"; @@ -167,7 +167,7 @@ async function initializeServer() { // Se ha headers, verifica il token if (msg && msg.headers && msg.headers.token) { - const hasValidAuth = msg.headers.token === authConfig.adminPassword; + const hasValidAuth = validateAdminToken(msg.headers.token); if (hasValidAuth) { loggers.server.info(`🔍 PUT allowed - valid token: ${msg.headers}`); return true; @@ -441,7 +441,7 @@ async function initializeServer() { const formToken = req.query["_auth_token"]; // Token inviato tramite form const token = bearerToken || customToken || formToken; - if (token === authConfig.adminPassword) { + if (validateAdminToken(token as string)) { next(); } else { loggers.server.warn(`❌ Accesso negato a ${path} - Token mancante o non valido`); diff --git a/relay/src/middleware/admin-auth.ts b/relay/src/middleware/admin-auth.ts index 36f03513..a9819326 100644 --- a/relay/src/middleware/admin-auth.ts +++ b/relay/src/middleware/admin-auth.ts @@ -5,22 +5,12 @@ */ import { Request, Response, NextFunction } from "express"; -import { secureCompare, hashToken } from "../utils/security"; +import { secureCompare, hashToken, validateAdminToken, isAdminPasswordConfigured } from "../utils/security"; import { authConfig } from "../config"; import { loggers } from "../utils/logger"; const log = loggers.server || console; -// Cache admin password hash (computed once) -let adminPasswordHash: string | null = null; - -function getAdminPasswordHash(): string | null { - if (!adminPasswordHash && authConfig.adminPassword) { - adminPasswordHash = hashToken(authConfig.adminPassword); - } - return adminPasswordHash; -} - /** * Admin authentication middleware * Requires valid admin token in Authorization header or token header @@ -53,10 +43,10 @@ export function adminAuthMiddleware(req: Request, res: Response, next: NextFunct } // Secure comparison using hash and timing-safe comparison - const tokenHash = hashToken(token); - const adminHash = getAdminPasswordHash(); - if (!adminHash) { + const isConfigured = isAdminPasswordConfigured(); + + if (!isConfigured) { log.error("Admin password not configured"); res.status(503).json({ success: false, @@ -65,7 +55,7 @@ export function adminAuthMiddleware(req: Request, res: Response, next: NextFunct return; } - if (secureCompare(tokenHash, adminHash)) { + if (validateAdminToken(token)) { log.debug( { ip: req.ip || req.connection.remoteAddress, diff --git a/relay/src/middleware/admin-or-api-key-auth.ts b/relay/src/middleware/admin-or-api-key-auth.ts index 5f8306d4..169d0b71 100644 --- a/relay/src/middleware/admin-or-api-key-auth.ts +++ b/relay/src/middleware/admin-or-api-key-auth.ts @@ -6,23 +6,13 @@ */ import { Request, Response, NextFunction } from "express"; -import { secureCompare, hashToken } from "../utils/security"; +import { secureCompare, hashToken, validateAdminToken, isAdminPasswordConfigured } from "../utils/security"; import { authConfig } from "../config"; import { validateApiKey } from "../utils/api-keys-store"; import { loggers } from "../utils/logger"; const log = loggers.server || console; -// Cache admin password hash (computed once) -let adminPasswordHash: string | null = null; - -function getAdminPasswordHash(): string | null { - if (!adminPasswordHash && authConfig.adminPassword) { - adminPasswordHash = hashToken(authConfig.adminPassword); - } - return adminPasswordHash; -} - /** * Admin or API Key authentication middleware * Accepts either admin token OR valid API key @@ -59,9 +49,9 @@ export async function adminOrApiKeyAuthMiddleware( // First, try admin token authentication const tokenHash = hashToken(token); - const adminHash = getAdminPasswordHash(); + const isConfigured = isAdminPasswordConfigured(); - if (adminHash && secureCompare(tokenHash, adminHash)) { + if (isConfigured && validateAdminToken(token)) { log.debug({ ip: req.ip, path: req.path }, "Auth: Admin token accepted"); return next(); } diff --git a/relay/src/middleware/token-auth.ts b/relay/src/middleware/token-auth.ts index 6c721277..837e3d62 100644 --- a/relay/src/middleware/token-auth.ts +++ b/relay/src/middleware/token-auth.ts @@ -1,6 +1,6 @@ import crypto from "crypto"; import { Request, Response, NextFunction } from "express"; -import { secureCompare, hashToken } from "../utils/security"; +import { secureCompare, hashToken, validateAdminToken, isAdminPasswordConfigured } from "../utils/security"; import { authConfig, serverConfig } from "../config/env-config"; import { loggers } from "../utils/logger"; @@ -10,20 +10,6 @@ const AUTH_RATE_WINDOW = 15 * 60 * 1000; // 15 minutes const SESSION_DURATION = 24 * 60 * 60 * 1000; // 24 hours const activeSessions = new Map(); // Simple in-memory session store -// Get stored admin password hash (or compute on first use) -let adminPasswordHash: string | null = null; - -/** - * Get stored admin password hash (or compute on first use) - * @returns {string|null} The admin password hash, or null if not configured - */ -function getAdminPasswordHash(): string | null { - if (!adminPasswordHash && authConfig.adminPassword) { - adminPasswordHash = hashToken(authConfig.adminPassword); - } - return adminPasswordHash; -} - /** * Check if IP is rate limited based on failed authentication attempts * @param {string} ip - The IP address to check @@ -140,10 +126,10 @@ export const tokenAuthMiddleware = (req: Request, res: Response, next: NextFunct } // Secure token comparison using hash and timing-safe comparison - const tokenHash = hashToken(token); - const adminHash = getAdminPasswordHash(); - if (adminHash && secureCompare(tokenHash, adminHash)) { + const isConfigured = isAdminPasswordConfigured(); + + if (isConfigured && validateAdminToken(token)) { // Create session for future requests const sessionId = createSession(clientIp); res.setHeader("X-Session-Token", sessionId); diff --git a/relay/src/routes/index.ts b/relay/src/routes/index.ts index fee321d9..7c5531f7 100644 --- a/relay/src/routes/index.ts +++ b/relay/src/routes/index.ts @@ -6,7 +6,7 @@ import { fileURLToPath } from "url"; import fs from "fs"; import multer from "multer"; import FormData from "form-data"; -import { secureCompare, hashToken } from "../utils/security"; +import { secureCompare, hashToken, validateAdminToken, isAdminPasswordConfigured } from "../utils/security"; import { getZenStorageStats } from "../utils/zen-storage-stats"; // http import removed @@ -16,14 +16,6 @@ const __dirname = path.dirname(__filename); // Configurazione multer per upload file const upload = multer({ storage: multer.memoryStorage() }); -// Cache admin password hash (computed once) -let adminPasswordHash: string | null = null; -function getAdminPasswordHash(): string | null { - if (!adminPasswordHash && authConfig.adminPassword) { - adminPasswordHash = hashToken(authConfig.adminPassword); - } - return adminPasswordHash; -} // Middleware di autenticazione admin (secure, timing-safe) const tokenAuthMiddleware = (req: Request, res: Response, next: NextFunction) => { @@ -47,9 +39,9 @@ const tokenAuthMiddleware = (req: Request, res: Response, next: NextFunction) => // Secure comparison using hash and timing-safe comparison const tokenHash = hashToken(token); - const adminHash = getAdminPasswordHash(); + const isConfigured = isAdminPasswordConfigured(); - if (adminHash && secureCompare(tokenHash, adminHash)) { + if (isConfigured && validateAdminToken(token)) { next(); } else { loggers.server.warn( @@ -394,7 +386,7 @@ export default async (app: express.Application) => { (req.headers["authorization"] && (req.headers["authorization"] as string).split(" ")[1]) || req.headers["token"]; - if (token === authConfig.adminPassword) { + if (validateAdminToken(token as string)) { res.redirect("/api/v1/ipfs/webui/?auth_token=" + encodeURIComponent(token as string)); return; } @@ -617,7 +609,7 @@ export default async (app: express.Application) => { app.get(`${baseRoute}/debug/admin-config`, tokenAuthMiddleware, (req: Request, res: Response) => { res.json({ success: true, - adminPasswordStatus: authConfig.adminPassword ? "CONFIGURED" : "NOT_CONFIGURED", + adminPasswordStatus: isAdminPasswordConfigured() ? "CONFIGURED" : "NOT_CONFIGURED", timestamp: Date.now(), }); }); @@ -636,7 +628,7 @@ export default async (app: express.Application) => { const customToken = req.headers["token"]; const token = bearerToken || customToken; - if (token === authConfig.adminPassword) { + if (validateAdminToken(token as string)) { next(); } else { res.status(401).json({ success: false, error: "Unauthorized" }); diff --git a/relay/src/routes/tpre.ts b/relay/src/routes/tpre.ts index 2365c71f..0d07b478 100644 --- a/relay/src/routes/tpre.ts +++ b/relay/src/routes/tpre.ts @@ -3,7 +3,7 @@ import { loggers } from "../utils/logger"; import * as umbral from "@nucypher/umbral-pre"; import { waitForZenData } from "../utils/zen-utils"; -const router = express.Router(); +const router: express.Router = express.Router(); /** * Re-encrypt Endpoint diff --git a/relay/src/tests/debug-config-exposure.test.ts b/relay/src/tests/debug-config-exposure.test.ts index f9109c5d..8edebc66 100644 --- a/relay/src/tests/debug-config-exposure.test.ts +++ b/relay/src/tests/debug-config-exposure.test.ts @@ -1,6 +1,11 @@ +process.env.ADMIN_PASSWORD = "super-secret-password-12345"; + import { describe, it, expect, vi, beforeEach } from "vitest"; + import express from "express"; + import request from "supertest"; + import setupRoutes from "../routes/index"; // Mock dependencies @@ -16,7 +21,7 @@ vi.mock("../utils/logger", () => ({ })); vi.mock("../config", () => ({ - authConfig: { adminPassword: "super-secret-password-12345" }, + authConfig: {}, ipfsConfig: { enabled: false, gatewayUrl: "http://localhost:8080", diff --git a/relay/src/tests/service-logs-security.test.ts b/relay/src/tests/service-logs-security.test.ts index 94466c32..e911db6b 100644 --- a/relay/src/tests/service-logs-security.test.ts +++ b/relay/src/tests/service-logs-security.test.ts @@ -1,7 +1,13 @@ +process.env.ADMIN_PASSWORD = "test-password"; + import { describe, it, expect, vi, beforeEach } from "vitest"; + import express from "express"; + import request from "supertest"; + import systemRouter from "../routes/system"; + import fs from "fs"; // Mock dependencies @@ -18,7 +24,7 @@ vi.mock("../utils/logger", () => ({ vi.mock("../config", () => ({ packageConfig: { version: "1.0.0" }, - authConfig: { adminPassword: "test-password" }, + authConfig: {}, })); vi.mock("../config/env-config", () => ({ diff --git a/relay/src/tests/system-routes-perf.test.ts b/relay/src/tests/system-routes-perf.test.ts index c474888b..36c5cac5 100644 --- a/relay/src/tests/system-routes-perf.test.ts +++ b/relay/src/tests/system-routes-perf.test.ts @@ -1,8 +1,15 @@ +process.env.ADMIN_PASSWORD = "test-password"; + import { describe, it, expect, vi, beforeEach, afterEach } from "vitest"; + import express from "express"; + import systemRouter from "../routes/system"; + import fs from "fs"; + import path from "path"; + import os from "os"; // Mock dependencies @@ -19,7 +26,7 @@ vi.mock("../utils/logger", () => ({ vi.mock("../config", () => ({ packageConfig: { version: "1.0.0" }, - authConfig: { adminPassword: "test-password" }, + authConfig: {}, })); vi.mock("../config/env-config", () => ({ diff --git a/relay/src/tests/system-routes-security.test.ts b/relay/src/tests/system-routes-security.test.ts index feb300f0..17749cd6 100644 --- a/relay/src/tests/system-routes-security.test.ts +++ b/relay/src/tests/system-routes-security.test.ts @@ -1,7 +1,13 @@ +process.env.ADMIN_PASSWORD = "test-password"; + import { describe, it, expect, vi, beforeEach, afterEach } from "vitest"; + import express from "express"; + import request from "supertest"; + import systemRouter from "../routes/system"; + import fs from "fs"; // Mock dependencies @@ -18,7 +24,7 @@ vi.mock("../utils/logger", () => ({ vi.mock("../config", () => ({ packageConfig: { version: "1.0.0" }, - authConfig: { adminPassword: "test-password" }, + authConfig: {}, })); vi.mock("../config/env-config", () => ({ diff --git a/relay/src/tests/token-auth.test.ts b/relay/src/tests/token-auth.test.ts index 7d18776c..20141286 100644 --- a/relay/src/tests/token-auth.test.ts +++ b/relay/src/tests/token-auth.test.ts @@ -1,4 +1,7 @@ +process.env.ADMIN_PASSWORD = "test-password"; + import { describe, it, expect, vi, beforeEach, afterEach } from "vitest"; + import { isRateLimited, recordFailedAttempt } from "../middleware/token-auth"; // Mock dependencies @@ -14,7 +17,7 @@ vi.mock("../utils/logger", () => ({ })); vi.mock("../config/env-config", () => ({ - authConfig: { adminPassword: "test-password", strictSessionIp: true }, + authConfig: { strictSessionIp: true }, serverConfig: { nodeEnv: "test" }, })); diff --git a/relay/src/utils/security.ts b/relay/src/utils/security.ts index 7206436f..0aa9f1dd 100644 --- a/relay/src/utils/security.ts +++ b/relay/src/utils/security.ts @@ -13,6 +13,43 @@ const log = loggers.server || console; * Secure token comparison to prevent timing attacks * Uses crypto.timingSafeEqual for constant-time comparison */ +// Cache admin password hash (computed once) +let adminPasswordHash: string | null = null; +let isAdminConfigured: boolean = false; + +/** + * Get stored admin password hash (or compute on first use) + * Clears the raw process.env.ADMIN_PASSWORD from memory for security. + */ +export function getAdminPasswordHash(): string | null { + if (!adminPasswordHash && process.env.ADMIN_PASSWORD) { + adminPasswordHash = hashToken(process.env.ADMIN_PASSWORD); + isAdminConfigured = true; + // Clear raw password from memory immediately after hashing + process.env.ADMIN_PASSWORD = ""; + } + return adminPasswordHash; +} + +/** + * Check if the admin password has been configured + */ +export function isAdminPasswordConfigured(): boolean { + // Call getter to ensure initialization has happened if env var exists + getAdminPasswordHash(); + return isAdminConfigured; +} + +/** + * Securely validate an admin token against the hashed password + */ +export function validateAdminToken(token: string | null | undefined): boolean { + if (!token || typeof token !== "string") return false; + const hash = getAdminPasswordHash(); + if (!hash) return false; + return secureCompare(hashToken(token), hash); +} + export function secureCompare(a: string, b: string): boolean { if (a.length !== b.length) { return false;