Convert some functions to web standards

Author: pozylon

packages/api/src/express/createERCMetadataMiddleware.ts

@@ -1,4 +1,3 @@
-import path from 'node:path';
 import { createLogger } from '@unchainedshop/logger';
 import { Context } from '../context.js';
 import { Request, RequestHandler } from 'express';
@@ -25,16 +24,20 @@ const ercMetadataMiddleware: RequestHandler = async (
 
     const { services, modules, loaders, locale } = req.unchainedContext;
     const url = new URL(req.url, ROOT_URL);
-    const parsedPath = path.parse(url.pathname);
 
-    if (parsedPath.ext !== '.json') throw new Error('Invalid ERC Metadata URI');
+    // Replace path.parse with URL/string methods
+    const pathname = url.pathname;
+    if (!pathname.toLowerCase().endsWith('.json')) throw new Error('Invalid ERC Metadata URI');
+
+    const fileName = pathname.split('/').pop();
+    const chainTokenId = fileName.slice(0, fileName.lastIndexOf('.'));
 
     const [, productId, localeOrTokenFilename, tokenFileName] = url.pathname.split('/');
 
     const product = await loaders.productLoader.load({ productId });
 
     const [token] = await modules.warehousing.findTokens({
-      chainTokenId: parsedPath.name,
+      chainTokenId,
       contractAddress: product?.tokenization?.contractAddress,
     });
 
@@ -49,11 +52,10 @@ const ercMetadataMiddleware: RequestHandler = async (
     }
 
     const body = JSON.stringify(ercMetadata);
-    res.writeHead(200, {
-      'Content-Length': Buffer.byteLength(body),
-      'Content-Type': 'text/plain',
-    });
-    res.end(body);
+    res.status(200);
+    res.setHeader('Content-Type', 'application/json');
+    res.setHeader('Content-Length', new TextEncoder().encode(body).length);
+    return res.send(body);
   } catch (e) {
     logger.error(e.message);
     res.writeHead(503);

packages/api/src/fastify/bulkImportHandler.ts

@@ -46,7 +46,7 @@ const bulkImportHandler: RouteHandlerMethod = async (
 
     const body = JSON.stringify(work);
     res.status(200);
-    res.header('Content-Length', Buffer.byteLength(body));
+    res.header('Content-Length', new TextEncoder().encode(body).length);
     res.header('Content-Type', 'application/json');
     return res.send(body);
   } catch (e) {

packages/api/src/fastify/ercMetadataHandler.ts

@@ -41,7 +41,7 @@ const ercMetadataHandler: RouteHandlerMethod = async (
 
     const body = JSON.stringify(ercMetadata);
     res.status(200);
-    res.header('Content-Length', Buffer.byteLength(body));
+    res.header('Content-Length', new TextEncoder().encode(body).length);
     res.header('Content-Type', 'application/json');
     return res.send(body);
   } catch (e) {

packages/api/src/fastify/tempUploadHandler.ts

@@ -39,7 +39,7 @@ const tempUploadHandler: RouteHandlerMethod = async (
     const url = context.modules.files.normalizeUrl(rawUrl, {});
     const body = JSON.stringify({ fileId: file._id, url, expires: expires.toISOString() });
     res.status(200);
-    res.header('Content-Length', Buffer.byteLength(body));
+    res.header('Content-Length', new TextEncoder().encode(body).length);
     res.header('Content-Type', 'application/json');
     return res.send(body);
   } catch (e) {

packages/core-users/src/module/configureUsersWebAuthnModule.ts

@@ -86,7 +86,8 @@ export const configureUsersWebAuthnModule = async ({ db }: ModuleInput<any>) =>
       if (!f2l) return null;
 
       const registrationOptions = await f2l.attestationOptions(extensionOptions);
-      const challenge = Buffer.from(registrationOptions.challenge).toString('base64');
+      // Convert challenge to base64 without using Buffer
+      const challenge = btoa(String.fromCharCode(...new Uint8Array(registrationOptions.challenge)));
       const { insertedId } = await WebAuthnCredentialsCreationRequests.insertOne({
         _id: new Date().getTime(),
         challenge,
@@ -110,7 +111,8 @@ export const configureUsersWebAuthnModule = async ({ db }: ModuleInput<any>) =>
       if (!f2l) return null;
 
       const loginOptions = await f2l.assertionOptions(extensionOptions);
-      const challenge = Buffer.from(loginOptions.challenge).toString('base64');
+      // Convert challenge to base64 without using Buffer
+      const challenge = btoa(String.fromCharCode(...new Uint8Array(loginOptions.challenge)));
       const { insertedId } = await WebAuthnCredentialsCreationRequests.insertOne({
         _id: new Date().getTime(),
         challenge,

packages/core-users/src/module/pbkdf2.ts

@@ -5,7 +5,11 @@ const PBKDF2_SALT_LENGTH = 16; // Bytes
 
 export function generateSalt(saltLength = PBKDF2_SALT_LENGTH) {
   const array = new Uint8Array(saltLength);
-  return Buffer.from(crypto.getRandomValues(array)).toString('hex');
+  crypto.getRandomValues(array);
+  // Convert to hex string without using Buffer
+  return Array.from(array)
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
 }
 
 export async function getDerivedKey(
@@ -30,7 +34,10 @@ export async function getDerivedKey(
     importedKey,
     keyLength,
   );
-  return Buffer.from(bits).toString('hex');
+  // Convert ArrayBuffer to hex string without using Buffer
+  return Array.from(new Uint8Array(bits))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
 }
 
 export async function compare(password: string, hash: string, salt: string) {

packages/plugins/src/payment/postfinance-checkout/api-client.ts

@@ -1,5 +1,3 @@
-import crypto from 'crypto';
-
 const API_BASE_URL = 'https://checkout.postfinance.ch/api';
 
 interface ApiConfig {
@@ -22,7 +20,7 @@ export class PostFinanceApiClient {
     this.config = config;
   }
 
-  private generateMacHeaders(method: string, path: string): MacHeaders {
+  private async generateMacHeaders(method: string, path: string): Promise<MacHeaders> {
     const version = '1';
     const timestamp = Math.floor(Date.now() / 1000).toString();
     const userId = this.config.userId.toString();
@@ -32,10 +30,17 @@ export class PostFinanceApiClient {
 
     const dataToSign = [version, userId, timestamp, method, resourcePath].join('|');
 
-    const macValue = crypto
-      .createHmac('sha512', Buffer.from(this.config.apiSecret, 'base64'))
-      .update(dataToSign, 'utf8')
-      .digest('base64');
+    // Use Web Crypto API instead of crypto.createHmac
+    const secretBytes = Uint8Array.from(atob(this.config.apiSecret), (c) => c.charCodeAt(0));
+    const key = await crypto.subtle.importKey(
+      'raw',
+      secretBytes,
+      { name: 'HMAC', hash: 'SHA-512' },
+      false,
+      ['sign'],
+    );
+    const signature = await crypto.subtle.sign('HMAC', key, new TextEncoder().encode(dataToSign));
+    const macValue = btoa(String.fromCharCode(...new Uint8Array(signature)));
 
     return {
       'x-mac-version': version,
@@ -50,7 +55,7 @@ export class PostFinanceApiClient {
     const urlObj = new URL(url);
     // Include both pathname and search (query parameters) for MAC signature
     const pathWithQuery = urlObj.pathname + urlObj.search;
-    const macHeaders = this.generateMacHeaders(method, pathWithQuery);
+    const macHeaders = await this.generateMacHeaders(method, pathWithQuery);
 
     const headers: Record<string, string> = {
       ...macHeaders,

packages/ticketing/src/module.ts

@@ -188,7 +188,10 @@ const configurePasses = async ({ db }: ModuleInput<Record<string, never>>) => {
   const buildMagicKey = async (orderId: string) => {
     const msgUint8 = new TextEncoder().encode([orderId, process.env.UNCHAINED_SECRET].join(''));
     const hashBuffer = await crypto.subtle.digest('SHA-256', msgUint8);
-    return Buffer.from(hashBuffer).toString('hex');
+    // Convert ArrayBuffer to hex string without using Buffer
+    return Array.from(new Uint8Array(hashBuffer))
+      .map((b) => b.toString(16).padStart(2, '0'))
+      .join('');
   };
 
   const cancelTicket = async (tokenId: string) => {

packages/utils/src/sha1.ts

@@ -1,5 +1,6 @@
 export default async function sha1(message) {
   const bytes = new TextEncoder().encode(message);
   const hashBuffer = await crypto.subtle.digest('SHA-1', bytes);
-  return Buffer.from(hashBuffer);
+  // Return Uint8Array instead of Buffer
+  return new Uint8Array(hashBuffer);
 }

packages/utils/src/sha256.ts

@@ -1,5 +1,8 @@
 export default async function sha256(message) {
   const bytes = new TextEncoder().encode(message);
   const hashBuffer = await crypto.subtle.digest('SHA-256', bytes);
-  return Buffer.from(hashBuffer).toString('hex');
+  // Convert ArrayBuffer to hex string without using Buffer
+  return Array.from(new Uint8Array(hashBuffer))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
 }