Initial commit

node_modules/tsscmp/.travis.yml

@@ -0,0 +1,18 @@
+language: node_js
+node_js:
+  - "10.5"
+  - "9.11"
+  - "8.11"
+  - "7.10"
+  - "6"
+  - "5"
+  - "5.1"
+  - "4"
+  - "4.2"
+  - "4.1"
+  - "4.0"
+  - "0.12"
+  - "0.11"
+  - "0.10"
+  - "0.8"
+  

node_modules/tsscmp/LICENSE

@@ -0,0 +1,21 @@
+The MIT License (MIT)
+
+Copyright (c) 2016
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

node_modules/tsscmp/README.md

@@ -0,0 +1,48 @@
+# Timing safe string compare using double HMAC
+
+[![Node.js Version](https://img.shields.io/node/v/tsscmp.svg?style=flat-square)](https://nodejs.org/en/download)
+[![npm](https://img.shields.io/npm/v/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)
+[![NPM Downloads](https://img.shields.io/npm/dm/tsscmp.svg?style=flat-square)](https://npmjs.org/package/tsscmp)
+[![Build Status](https://img.shields.io/travis/suryagh/tsscmp/master.svg?style=flat-square)](https://travis-ci.org/suryagh/tsscmp)
+[![Build Status](https://img.shields.io/appveyor/ci/suryagh/tsscmp/master.svg?style=flat-square&label=windows)](https://ci.appveyor.com/project/suryagh/tsscmp)
+[![Dependency Status](http://img.shields.io/david/suryagh/tsscmp.svg?style=flat-square)](https://david-dm.org/suryagh/tsscmp)
+[![npm-license](http://img.shields.io/npm/l/tsscmp.svg?style=flat-square)](LICENSE)
+
+
+Prevents [timing attacks](http://codahale.com/a-lesson-in-timing-attacks/) using Brad Hill's
+[Double HMAC pattern](https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/)
+to perform secure string comparison. Double HMAC avoids the timing atacks by blinding the
+timing channel using random time per attempt comparison against iterative brute force attacks.
+
+
+## Install
+
+```
+npm install tsscmp
+```
+## Why
+To compare secret values like **authentication tokens**, **passwords** or
+**capability urls** so that timing information is not
+leaked to the attacker.
+
+## Example
+
+```js
+var timingSafeCompare = require('tsscmp');
+
+var sessionToken = '127e6fbfe24a750e72930c';
+var givenToken = '127e6fbfe24a750e72930c';
+
+if (timingSafeCompare(sessionToken, givenToken)) {
+  console.log('good token');
+} else {
+  console.log('bad token');
+}
+```
+##License: 
+[MIT](LICENSE)
+
+**Credits to:**  [@jsha](https://github.com/jsha) |
+[@bnoordhuis](https://github.com/bnoordhuis) |
+[@suryagh](https://github.com/suryagh) |
+ 

node_modules/tsscmp/appveyor.yml

@@ -0,0 +1,29 @@
+# Test against this version of Node.js
+environment:
+  matrix:
+   # nodejs_version: "0.6" not supported  in Windows x86
+   - nodejs_version: "0.8"
+   - nodejs_version: "0.10"
+   - nodejs_version: "0.11"
+   - nodejs_version: "0.12"
+   - nodejs_version: "4.0"
+   - nodejs_version: "5.0"
+   - nodejs_version: "6.0"
+
+# Install scripts. (runs after repo cloning)
+install:
+  # Get the latest stable version of Node.js or io.js
+  - ps: Install-Product node $env:nodejs_version
+  # install modules
+  - npm install
+
+# Post-install test scripts.
+test_script:
+  # Output useful info for debugging.
+  - node --version
+  - npm --version
+  # run tests
+  - npm test
+
+# Don't actually build.
+build: off

node_modules/tsscmp/lib/index.js

@@ -0,0 +1,38 @@
+'use strict';
+
+// Implements Brad Hill's Double HMAC pattern from
+// https://www.nccgroup.trust/us/about-us/newsroom-and-events/blog/2011/february/double-hmac-verification/.
+// The approach is similar to the node's native implementation of timing safe buffer comparison that will be available on v6+.
+// https://github.com/nodejs/node/issues/3043
+// https://github.com/nodejs/node/pull/3073
+
+var crypto = require('crypto');
+
+function bufferEqual(a, b) {
+  if (a.length !== b.length) {
+    return false;
+  }
+  // `crypto.timingSafeEqual` was introduced in Node v6.6.0
+  // <https://github.com/jshttp/basic-auth/issues/39>
+  if (crypto.timingSafeEqual) {
+    return crypto.timingSafeEqual(a, b);
+  }
+  for (var i = 0; i < a.length; i++) {
+    if (a[i] !== b[i]) {
+      return false;
+    }
+  }
+  return true;
+}
+
+function timeSafeCompare(a, b) {
+  var sa = String(a);
+  var sb = String(b);
+  var key = crypto.pseudoRandomBytes(32);
+  var ah = crypto.createHmac('sha256', key).update(sa).digest();
+  var bh = crypto.createHmac('sha256', key).update(sb).digest();
+
+  return bufferEqual(ah, bh) && a === b;
+}
+
+module.exports = timeSafeCompare;

node_modules/tsscmp/package.json

@@ -0,0 +1,60 @@
+{
+  "_from": "tsscmp@1.0.6",
+  "_id": "tsscmp@1.0.6",
+  "_inBundle": false,
+  "_integrity": "sha512-LxhtAkPDTkVCMQjt2h6eBVY28KCjikZqZfMcC15YBeNjkgUpdCfBu5HoiOTDu86v6smE8yOjyEktJ8hlbANHQA==",
+  "_location": "/tsscmp",
+  "_phantomChildren": {},
+  "_requested": {
+    "type": "version",
+    "registry": true,
+    "raw": "tsscmp@1.0.6",
+    "name": "tsscmp",
+    "escapedName": "tsscmp",
+    "rawSpec": "1.0.6",
+    "saveSpec": null,
+    "fetchSpec": "1.0.6"
+  },
+  "_requiredBy": [
+    "/csrf"
+  ],
+  "_resolved": "https://registry.npmjs.org/tsscmp/-/tsscmp-1.0.6.tgz",
+  "_shasum": "85b99583ac3589ec4bfef825b5000aa911d605eb",
+  "_spec": "tsscmp@1.0.6",
+  "_where": "/home/runner/Socketio-Chat-Template/node_modules/csrf",
+  "author": {
+    "name": "suryagh"
+  },
+  "bugs": {
+    "url": "https://github.com/suryagh/tsscmp/issues"
+  },
+  "bundleDependencies": false,
+  "dependencies": {},
+  "deprecated": false,
+  "description": "Timing safe string compare using double HMAC",
+  "devDependencies": {},
+  "engines": {
+    "node": ">=0.6.x"
+  },
+  "homepage": "https://github.com/suryagh/tsscmp#readme",
+  "keywords": [
+    "timing safe string compare",
+    "double hmac string compare",
+    "safe string compare",
+    "hmac"
+  ],
+  "license": "MIT",
+  "main": "lib/index.js",
+  "name": "tsscmp",
+  "publishConfig": {
+    "registry": "https://registry.npmjs.org"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/suryagh/tsscmp.git"
+  },
+  "scripts": {
+    "test": "node test/unit && node test/benchmark"
+  },
+  "version": "1.0.6"
+}

node_modules/tsscmp/test/benchmark/index.js

@@ -0,0 +1,30 @@
+'use strict';
+
+var timeSafeCompare = require('../../lib/index');
+
+function random(length) {
+
+    length = length || 32;
+    var result = "";
+    var possible = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*()-+/*[]{}-=\|;\':\"<>?,./";
+
+    for( var i=0; i < length; i++ ){
+        result += possible.charAt(Math.floor(Math.random() * possible.length));
+    }
+    return result;
+}
+
+function run(count) {
+    count = count || 100*1000;
+    console.log('benchmark count: ' + count/1000 + 'k');
+    console.time('benchmark');
+    
+    while(count--){
+        timeSafeCompare(random(), random());
+    }
+    console.timeEnd('benchmark');
+}
+
+run(100000);
+
+module.exports = run;

node_modules/tsscmp/test/unit/index.js

@@ -0,0 +1,69 @@
+'use strict';
+
+var assert = require('assert');
+var timeSafeCompare = require('../../lib/index');
+
+process.on('error', function (e) {
+	console.log('caught: ' + e);
+});
+
+function testEqual(a, b) {
+	assert(timeSafeCompare(a, b));
+
+	// lets also do a parity check with the strict equal to operator
+	assert(a === b);
+}
+
+function testNotEqual(a, b) {
+	assert(!timeSafeCompare(a, b));
+
+	// lets also do a parity check with the strict not equal to operator
+	assert(a !== b);
+}
+
+// note: lets also make sure tsscmp can be inline replaced for any types -
+// just incase if anyone is interested
+
+// positive tests
+testEqual('127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935',
+	'127e6fbfe24a750e72930c220a8e138275656b8e5d8f48a98c3c92df2caba935',
+	'test ');
+testEqual('a', 'a');
+testEqual('', '');
+testEqual(undefined, undefined);
+testEqual(true, true);
+testEqual(false, false);
+(function () {
+	var a = { a: 1 };
+	testEqual(a, a);
+})();
+(function () {
+	function f1() { return 1; };
+	testEqual(f1, f1);
+})();
+
+// negative tests
+testNotEqual('');
+testNotEqual('a', 'b');
+testNotEqual('a', 'aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa');
+testNotEqual('aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa', 'a');
+testNotEqual('alpha', 'beta');
+testNotEqual(false, true);
+testNotEqual(false, undefined);
+testNotEqual(function () { }, function () { });
+testNotEqual({}, {});
+testNotEqual({ a: 1 }, { a: 1 });
+testNotEqual({ a: 1 }, { a: 2 });
+testNotEqual([1, 2], [1, 2]);
+testNotEqual([1, 2], [1, 2, 3]);
+(function () {
+	var a = { p: 1 };
+	var b = { p: 1 };
+	testNotEqual(a, b);
+})();
+(function () {
+	function f1() { return 1; };
+	function f2() { return 1; };
+	testNotEqual(f1, f2);
+})();
+console.log('Success: all tests complete.');