elena/receipe-django-react
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Project files

Browse Source
This commit is contained in:
Elena Arenskötter
2023-11-09 18:47:11 +01:00
parent 695abe054b
commit c415135aae
8554 changed files with 858111 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

412
receipeServer/frontend_old/node_modules/node-forge/CHANGELOG.md generated vendored Normal file
View File

@@ -0,0 +1,412 @@
Forge ChangeLog
===============
## 1.3.1 - 2022-03-29
### Fixes
- RFC 3447 and RFC 8017 allow for optional `DigestAlgorithm` `NULL` parameters
for `sha*` algorithms and require `NULL` paramters for `md2` and `md5`
algorithms.
## 1.3.0 - 2022-03-17
### Security
- Three RSA PKCS#1 v1.5 signature verification issues were reported by Moosa
Yahyazadeh (moosa-yahyazadeh@uiowa.edu).
- **HIGH**: Leniency in checking `digestAlgorithm` structure can lead to
signature forgery.
- The code is lenient in checking the digest algorithm structure. This can
allow a crafted structure that steals padding bytes and uses unchecked
portion of the PKCS#1 encoded message to forge a signature when a low
public exponent is being used. For more information, please see
["Bleichenbacher's RSA signature forgery based on implementation
error"](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/)
by Hal Finney.
- CVE ID: [CVE-2022-24771](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24771)
- GHSA ID: [GHSA-cfm4-qjh2-4765](https://github.com/digitalbazaar/forge/security/advisories/GHSA-cfm4-qjh2-4765)
- **HIGH**: Failing to check tailing garbage bytes can lead to signature
forgery.
- The code does not check for tailing garbage bytes after decoding a
`DigestInfo` ASN.1 structure. This can allow padding bytes to be removed
and garbage data added to forge a signature when a low public exponent is
being used. For more information, please see ["Bleichenbacher's RSA
signature forgery based on implementation
error"](https://mailarchive.ietf.org/arch/msg/openpgp/5rnE9ZRN1AokBVj3VqblGlP63QE/)
by Hal Finney.
- CVE ID: [CVE-2022-24772](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24772)
- GHSA ID: [GHSA-x4jg-mjrx-434g](https://github.com/digitalbazaar/forge/security/advisories/GHSA-x4jg-mjrx-434g)
- **MEDIUM**: Leniency in checking type octet.
- `DigestInfo` is not properly checked for proper ASN.1 structure. This can
lead to successful verification with signatures that contain invalid
structures but a valid digest.
- CVE ID: [CVE-2022-24773](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24773)
- GHSA ID: [GHSA-2r2c-g63r-vccr](https://github.com/digitalbazaar/forge/security/advisories/GHSA-2r2c-g63r-vccr)
### Fixed
- [asn1] Add fallback to pretty print invalid UTF8 data.
- [asn1] `fromDer` is now more strict and will default to ensuring all input
bytes are parsed or throw an error. A new option `parseAllBytes` can disable
this behavior.
- **NOTE**: The previous behavior is being changed since it can lead to
security issues with crafted inputs. It is possible that code doing custom
DER parsing may need to adapt to this new behavior and optional flag.
- [rsa] Add and use a validator to check for proper structure of parsed ASN.1
`RSASSA-PKCS-v1_5` `DigestInfo` data. Additionally check that the hash
algorithm identifier is a known value from RFC 8017
`PKCS1-v1-5DigestAlgorithms`. An invalid `DigestInfo` or algorithm identifier
will now throw an error.
- **NOTE**: The previous lenient behavior is being changed to be more strict
since it could lead to security issues with crafted inputs. It is possible
that code may have to handle the errors from these stricter checks.
### Added
- [oid] Added missing RFC 8017 PKCS1-v1-5DigestAlgorithms algorithm
identifiers:
- `1.2.840.113549.2.2` / `md2`
- `2.16.840.1.101.3.4.2.4` / `sha224`
- `2.16.840.1.101.3.4.2.5` / `sha512-224`
- `2.16.840.1.101.3.4.2.6` / `sha512-256`
## 1.2.1 - 2022-01-11
### Fixed
- [tests]: Load entire module to improve top-level testing and coverage
reporting.
- [log]: Refactor logging setup to avoid use of `URLSearchParams`.
## 1.2.0 - 2022-01-07
### Fixed
- [x509] 'Expected' and 'Actual' issuers were backwards in verification failure
message.
### Added
- [oid,x509]: Added OID `1.3.14.3.2.29 / sha1WithRSASignature` for sha1 with
RSA. Considered a deprecated equivalent to `1.2.840.113549.1.1.5 /
sha1WithRSAEncryption`. See [discussion and
links](https://github.com/digitalbazaar/forge/issues/825).
### Changed
- [x509]: Reduce duplicate code. Add helper function to create a signature
digest given an signature algorithm OID. Add helper function to verify
signatures.
## 1.1.0 - 2022-01-06
### Fixed
- [x509]: Correctly compute certificate issuer and subject hashes to match
behavior of openssl.
- [pem]: Accept certificate requests with "NEW" in the label. "BEGIN NEW
CERTIFICATE REQUEST" handled as "BEGIN CERTIFICATE REQUEST".
## 1.0.0 - 2022-01-04
### Notes
- **1.0.0**!
- This project is over a decade old! Time for a 1.0.0 release.
- The URL related changes may expose bugs in some of the networking related
code (unrelated to the much wider used cryptography code). The automated and
manual test coverage for this code is weak at best. Issues or patches to
update the code or tests would be appreciated.
### Removed
- **SECURITY**, **BREAKING**: Remove `forge.debug` API. The API has the
potential for prototype pollution. This API was only briefly used by the
maintainers for internal project debug purposes and was never intended to be
used with untrusted user inputs. This API was not documented or advertised
and is being removed rather than fixed.
- **SECURITY**, **BREAKING**: Remove `forge.util.parseUrl()` (and
`forge.http.parseUrl` alias) and use the [WHATWG URL
Standard](https://url.spec.whatwg.org/). `URL` is supported by modern browers
and modern Node.js. This change is needed to address URL parsing security
issues. If `forge.util.parseUrl()` is used directly or through `forge.xhr` or
`forge.http` APIs, and support is needed for environments without `URL`
support, then a polyfill must be used.
- **BREAKING**: Remove `forge.task` API. This API was never used, documented,
or advertised by the maintainers. If anyone was using this API and wishes to
continue development it in other project, please let the maintainers know.
Due to use in the test suite, a modified version is located in
`tests/support/`.
- **BREAKING**: Remove `forge.util.makeLink`, `forge.util.makeRequest`,
`forge.util.parseFragment`, `forge.util.getQueryVariables`. Replace with
`URL`, `URLSearchParams`, and custom code as needed.
### Changed
- **BREAKING**: Increase supported Node.js version to 6.13.0 for URL support.
- **BREAKING**: Renamed `master` branch to `main`.
- **BREAKING**: Release process updated to use tooling that prefixes versions
with `v`. Other tools, scripts, or scanners may need to adapt.
- **BREAKING**: Remove docs related to Bower and
[forge-dist](https://github.com/digitalbazaar/forge-dist). Install using
[another method](./README.md#installation).
### Added
- OIDs for `surname`, `title`, and `givenName`.
### Fixed
- **BREAKING**: OID 2.5.4.5 name fixed from `serialName` to `serialNumber`.
Depending on how applications used this id to name association it could cause
compatibility issues.
## 0.10.0 - 2020-09-01
### Changed
- **BREAKING**: Node.js 4 no longer supported. The code *may* still work, and
non-invasive patches to keep it working will be considered. However, more
modern tools no longer support old Node.js versions making testing difficult.
### Removed
- **BREAKING**: Remove `util.getPath`, `util.setPath`, and `util.deletePath`.
`util.setPath` had a potential prototype pollution security issue when used
with unsafe inputs. These functions are not used by `forge` itself. They date
from an early time when `forge` was targeted at providing general helper
functions. The library direction changed to be more focused on cryptography.
Many other excellent libraries are more suitable for general utilities. If
you need a replacement for these functions, consider `get`, `set`, and `unset`
from [lodash](https://lodash.com/). But also consider the potential similar
security issues with those APIs.
## 0.9.2 - 2020-09-01
### Changed
- Added `util.setPath` security note to function docs and to README.
### Notes
- **SECURITY**: The `util.setPath` function has the potential to cause
prototype pollution if used with unsafe input.
- This function is **not** used internally by `forge`.
- The rest of the library is unaffected by this issue.
- **Do not** use unsafe input with this function.
- Usage with known input should function as expected. (Including input
intentionally using potentially problematic keys.)
- No code changes will be made to address this issue in 0.9.x. The current
behavior *could* be considered a feature rather than a security issue.
0.10.0 will be released that removes `util.getPath` and `util.setPath`.
Consider `get` and `set` from [lodash](https://lodash.com/) if you need
replacements. But also consider the potential similar security issues with
those APIs.
- https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7720
## 0.9.1 - 2019-09-26
### Fixed
- Ensure DES-CBC given IV is long enough for block size.
## 0.9.0 - 2019-09-04
### Added
- Add ed25519.publicKeyFromAsn1 and ed25519.privateKeyFromAsn1 APIs.
- A few OIDs used in EV certs.
### Fixed
- Improve ed25519 NativeBuffer check.
## 0.8.5 - 2019-06-18
### Fixed
- Remove use of `const`.
## 0.8.4 - 2019-05-22
### Changed
- Replace all instances of Node.js `new Buffer` with `Buffer.from` and `Buffer.alloc`.
## 0.8.3 - 2019-05-15
### Fixed
- Use basic character set for code.
## 0.8.2 - 2019-03-18
### Fixed
- Fix tag calculation when continuing an AES-GCM block.
### Changed
- Switch to eslint.
## 0.8.1 - 2019-02-23
### Fixed
- Fix off-by-1 bug with kem random generation.
## 0.8.0 - 2019-01-31
### Fixed
- Handle creation of certificates with `notBefore` and `notAfter` dates less
than Jan 1, 1950 or greater than or equal to Jan 1, 2050.
### Added
- Add OID 2.5.4.13 "description".
- Add OID 2.16.840.1.113730.1.13 "nsComment".
- Also handle extension when creating a certificate.
- `pki.verifyCertificateChain`:
- Add `validityCheckDate` option to allow checking the certificate validity
period against an arbitrary `Date` or `null` for no check at all. The
current date is used by default.
- `tls.createConnection`:
- Add `verifyOptions` option that passes through to
`pki.verifyCertificateChain`. Can be used for the above `validityCheckDate`
option.
### Changed
- Support WebCrypto API in web workers.
- `rsa.generateKeyPair`:
- Use `crypto.generateKeyPair`/`crypto.generateKeyPairSync` on Node.js if
available (10.12.0+) and not in pure JS mode.
- Use JS fallback in `rsa.generateKeyPair` if `prng` option specified since
this isn't supported by current native APIs.
- Only run key generation comparison tests if keys will be deterministic.
- PhantomJS is deprecated, now using Headless Chrome with Karma.
- **Note**: Using Headless Chrome vs PhantomJS may cause newer JS features to
slip into releases without proper support for older runtimes and browsers.
Please report such issues and they will be addressed.
- `pki.verifyCertificateChain`:
- Signature changed to `(caStore, chain, options)`. Older `(caStore, chain,
verify)` signature is still supported. New style is to to pass in a
`verify` option.
## 0.7.6 - 2018-08-14
### Added
- Test on Node.js 10.x.
- Support for PKCS#7 detached signatures.
### Changed
- Improve webpack/browser detection.
## 0.7.5 - 2018-03-30
### Fixed
- Remove use of `const`.
## 0.7.4 - 2018-03-07
### Fixed
- Potential regex denial of service in form.js.
### Added
- Support for ED25519.
- Support for baseN/base58.
## 0.7.3 - 2018-03-05
- Re-publish with npm 5.6.0 due to file timestamp issues.
## 0.7.2 - 2018-02-27
### Added
- Support verification of SHA-384 certificates.
- `1.2.840.10040.4.3'`/`dsa-with-sha1` OID.
### Fixed
- Support importing PKCS#7 data with no certificates. RFC 2315 sec 9.1 states
certificates are optional.
- `asn1.equals` loop bug.
- Fortuna implementation bugs.
## 0.7.1 - 2017-03-27
### Fixed
- Fix digestLength for hashes based on SHA-512.
## 0.7.0 - 2017-02-07
### Fixed
- Fix test looping bugs so all tests are run.
- Improved ASN.1 parsing. Many failure cases eliminated. More sanity checks.
Better behavior in default mode of parsing BIT STRINGs. Better handling of
parsed BIT STRINGs in `toDer()`. More tests.
- Improve X.509 BIT STRING handling by using new capture modes.
### Changed
- Major refactor to use CommonJS plus a browser build system.
- Updated tests, examples, docs.
- Updated dependencies.
- Updated flash build system.
- Improve OID mapping code.
- Change test servers from Python to JavaScript.
- Improve PhantomJS support.
- Move Bower/bundle support to
[forge-dist](https://github.com/digitalbazaar/forge-dist).
- **BREAKING**: Require minimal digest algorithm dependencies from individual
modules.
- Enforce currently supported bit param values for byte buffer access. May be
**BREAKING** for code that depended on unspecified and/or incorrect behavior.
- Improve `asn1.prettyPrint()` BIT STRING display.
### Added
- webpack bundler support via `npm run build`:
- Builds `.js`, `.min.js`, and basic sourcemaps.
- Basic build: `forge.js`.
- Build with extra utils and networking support: `forge.all.js`.
- Build WebWorker support: `prime.worker.js`.
- Browserify support in package.json.
- Karma browser testing.
- `forge.options` field.
- `forge.options.usePureJavaScript` flag.
- `forge.util.isNodejs` flag (used to select "native" APIs).
- Run PhantomJS tests in Travis-CI.
- Add "Donations" section to README.
- Add IRC to "Contact" section of README.
- Add "Security Considerations" section to README.
- Add pbkdf2 usePureJavaScript test.
- Add rsa.generateKeyPair async and usePureJavaScript tests.
- Add .editorconfig support.
- Add `md.all.js` which includes all digest algorithms.
- Add asn1 `equals()` and `copy()`.
- Add asn1 `validate()` capture options for BIT STRING contents and value.
### Removed
- **BREAKING**: Can no longer call `forge({...})` to create new instances.
- Remove a large amount of old cruft.
### Migration from 0.6.x to 0.7.x
- (all) If you used the feature to create a new forge instance with new
configuration options you will need to rework your code. That ability has
been removed due to implementation complexity. The main rare use was to set
the option to use pure JavaScript. That is now available as a library global
flag `forge.options.usePureJavaScript`.
- (npm,bower) If you used the default main file there is little to nothing to
change.
- (npm) If you accessed a sub-resource like `forge/js/pki` you should either
switch to just using the main `forge` and access `forge.pki` or update to
`forge/lib/pki`.
- (bower) If you used a sub-resource like `forge/js/pki` you should switch to
just using `forge` and access `forge.pki`. The bower release bundles
everything in one minified file.
- (bower) A configured workerScript like
`/bower_components/forge/js/prime.worker.js` will need to change to
`/bower_components/forge/dist/prime.worker.min.js`.
- (all) If you used the networking support or flash socket support, you will
need to use a custom build and/or adjust where files are loaded from. This
functionality is not included in the bower distribution by default and is
also now in a different directory.
- (all) The library should now directly support building custom bundles with
webpack, browserify, or similar.
- (all) If building a custom bundle ensure the correct dependencies are
included. In particular, note there is now a `md.all.js` file to include all
digest algorithms. Individual files limit what they include by default to
allow smaller custom builds. For instance, `pbdkf2.js` has a `sha1` default
but does not include any algorithm files by default. This allows the
possibility to include only `sha256` without the overhead of `sha1` and
`sha512`.
### Notes
- This major update requires updating the version to 0.7.x. The existing
work-in-progress "0.7.x" branch will be painfully rebased on top of this new
0.7.x and moved forward to 0.8.x or later as needed.
- 0.7.x is a start of simplifying forge based on common issues and what has
appeared to be the most common usage. Please file issues with feedback if the
changes are problematic for your use cases.
## 0.6.x - 2016 and earlier
- See Git commit log or https://github.com/digitalbazaar/forge.

331
receipeServer/frontend_old/node_modules/node-forge/LICENSE generated vendored Normal file
View File

@@ -0,0 +1,331 @@
You may use the Forge project under the terms of either the BSD License or the
GNU General Public License (GPL) Version 2.
The BSD License is recommended for most projects. It is simple and easy to
understand and it places almost no restrictions on what you can do with the
Forge project.
If the GPL suits your project better you are also free to use Forge under
that license.
You don't have to do anything special to choose one license or the other and
you don't have to notify anyone which license you are using. You are free to
use this project in commercial projects as long as the copyright header is
left intact.
If you are a commercial entity and use this set of libraries in your
commercial software then reasonable payment to Digital Bazaar, if you can
afford it, is not required but is expected and would be appreciated. If this
library saves you time, then it's saving you money. The cost of developing
the Forge software was on the order of several hundred hours and tens of
thousands of dollars. We are attempting to strike a balance between helping
the development community while not being taken advantage of by lucrative
commercial entities for our efforts.
-------------------------------------------------------------------------------
New BSD License (3-clause)
Copyright (c) 2010, Digital Bazaar, Inc.
All rights reserved.
Redistribution and use in source and binary forms, with or without
modification, are permitted provided that the following conditions are met:
* Redistributions of source code must retain the above copyright
notice, this list of conditions and the following disclaimer.
* Redistributions in binary form must reproduce the above copyright
notice, this list of conditions and the following disclaimer in the
documentation and/or other materials provided with the distribution.
* Neither the name of Digital Bazaar, Inc. nor the
names of its contributors may be used to endorse or promote products
derived from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND
ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL DIGITAL BAZAAR BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------------------------------------------------------
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
Copyright (C) 1989, 1991 Free Software Foundation, Inc.
51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The licenses for most software are designed to take away your
freedom to share and change it. By contrast, the GNU General Public
License is intended to guarantee your freedom to share and change free
software--to make sure the software is free for all its users. This
General Public License applies to most of the Free Software
Foundation's software and to any other program whose authors commit to
using it. (Some other Free Software Foundation software is covered by
the GNU Lesser General Public License instead.) You can apply it to
your programs, too.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
this service if you wish), that you receive source code or can get it
if you want it, that you can change the software or use pieces of it
in new free programs; and that you know you can do these things.
To protect your rights, we need to make restrictions that forbid
anyone to deny you these rights or to ask you to surrender the rights.
These restrictions translate to certain responsibilities for you if you
distribute copies of the software, or if you modify it.
For example, if you distribute copies of such a program, whether
gratis or for a fee, you must give the recipients all the rights that
you have. You must make sure that they, too, receive or can get the
source code. And you must show them these terms so they know their
rights.
We protect your rights with two steps: (1) copyright the software, and
(2) offer you this license which gives you legal permission to copy,
distribute and/or modify the software.
Also, for each author's protection and ours, we want to make certain
that everyone understands that there is no warranty for this free
software. If the software is modified by someone else and passed on, we
want its recipients to know that what they have is not the original, so
that any problems introduced by others will not reflect on the original
authors' reputations.
Finally, any free program is threatened constantly by software
patents. We wish to avoid the danger that redistributors of a free
program will individually obtain patent licenses, in effect making the
program proprietary. To prevent this, we have made it clear that any
patent must be licensed for everyone's free use or not licensed at all.
The precise terms and conditions for copying, distribution and
modification follow.
GNU GENERAL PUBLIC LICENSE
TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION
0. This License applies to any program or other work which contains
a notice placed by the copyright holder saying it may be distributed
under the terms of this General Public License. The "Program", below,
refers to any such program or work, and a "work based on the Program"
means either the Program or any derivative work under copyright law:
that is to say, a work containing the Program or a portion of it,
either verbatim or with modifications and/or translated into another
language. (Hereinafter, translation is included without limitation in
the term "modification".) Each licensee is addressed as "you".
Activities other than copying, distribution and modification are not
covered by this License; they are outside its scope. The act of
running the Program is not restricted, and the output from the Program
is covered only if its contents constitute a work based on the
Program (independent of having been made by running the Program).
Whether that is true depends on what the Program does.
1. You may copy and distribute verbatim copies of the Program's
source code as you receive it, in any medium, provided that you
conspicuously and appropriately publish on each copy an appropriate
copyright notice and disclaimer of warranty; keep intact all the
notices that refer to this License and to the absence of any warranty;
and give any other recipients of the Program a copy of this License
along with the Program.
You may charge a fee for the physical act of transferring a copy, and
you may at your option offer warranty protection in exchange for a fee.
2. You may modify your copy or copies of the Program or any portion
of it, thus forming a work based on the Program, and copy and
distribute such modifications or work under the terms of Section 1
above, provided that you also meet all of these conditions:
a) You must cause the modified files to carry prominent notices
stating that you changed the files and the date of any change.
b) You must cause any work that you distribute or publish, that in
whole or in part contains or is derived from the Program or any
part thereof, to be licensed as a whole at no charge to all third
parties under the terms of this License.
c) If the modified program normally reads commands interactively
when run, you must cause it, when started running for such
interactive use in the most ordinary way, to print or display an
announcement including an appropriate copyright notice and a
notice that there is no warranty (or else, saying that you provide
a warranty) and that users may redistribute the program under
these conditions, and telling the user how to view a copy of this
License. (Exception: if the Program itself is interactive but
does not normally print such an announcement, your work based on
the Program is not required to print an announcement.)
These requirements apply to the modified work as a whole. If
identifiable sections of that work are not derived from the Program,
and can be reasonably considered independent and separate works in
themselves, then this License, and its terms, do not apply to those
sections when you distribute them as separate works. But when you
distribute the same sections as part of a whole which is a work based
on the Program, the distribution of the whole must be on the terms of
this License, whose permissions for other licensees extend to the
entire whole, and thus to each and every part regardless of who wrote it.
Thus, it is not the intent of this section to claim rights or contest
your rights to work written entirely by you; rather, the intent is to
exercise the right to control the distribution of derivative or
collective works based on the Program.
In addition, mere aggregation of another work not based on the Program
with the Program (or with a work based on the Program) on a volume of
a storage or distribution medium does not bring the other work under
the scope of this License.
3. You may copy and distribute the Program (or a work based on it,
under Section 2) in object code or executable form under the terms of
Sections 1 and 2 above provided that you also do one of the following:
a) Accompany it with the complete corresponding machine-readable
source code, which must be distributed under the terms of Sections
1 and 2 above on a medium customarily used for software interchange; or,
b) Accompany it with a written offer, valid for at least three
years, to give any third party, for a charge no more than your
cost of physically performing source distribution, a complete
machine-readable copy of the corresponding source code, to be
distributed under the terms of Sections 1 and 2 above on a medium
customarily used for software interchange; or,
c) Accompany it with the information you received as to the offer
to distribute corresponding source code. (This alternative is
allowed only for noncommercial distribution and only if you
received the program in object code or executable form with such
an offer, in accord with Subsection b above.)
The source code for a work means the preferred form of the work for
making modifications to it. For an executable work, complete source
code means all the source code for all modules it contains, plus any
associated interface definition files, plus the scripts used to
control compilation and installation of the executable. However, as a
special exception, the source code distributed need not include
anything that is normally distributed (in either source or binary
form) with the major components (compiler, kernel, and so on) of the
operating system on which the executable runs, unless that component
itself accompanies the executable.
If distribution of executable or object code is made by offering
access to copy from a designated place, then offering equivalent
access to copy the source code from the same place counts as
distribution of the source code, even though third parties are not
compelled to copy the source along with the object code.
4. You may not copy, modify, sublicense, or distribute the Program
except as expressly provided under this License. Any attempt
otherwise to copy, modify, sublicense or distribute the Program is
void, and will automatically terminate your rights under this License.
However, parties who have received copies, or rights, from you under
this License will not have their licenses terminated so long as such
parties remain in full compliance.
5. You are not required to accept this License, since you have not
signed it. However, nothing else grants you permission to modify or
distribute the Program or its derivative works. These actions are
prohibited by law if you do not accept this License. Therefore, by
modifying or distributing the Program (or any work based on the
Program), you indicate your acceptance of this License to do so, and
all its terms and conditions for copying, distributing or modifying
the Program or works based on it.
6. Each time you redistribute the Program (or any work based on the
Program), the recipient automatically receives a license from the
original licensor to copy, distribute or modify the Program subject to
these terms and conditions. You may not impose any further
restrictions on the recipients' exercise of the rights granted herein.
You are not responsible for enforcing compliance by third parties to
this License.
7. If, as a consequence of a court judgment or allegation of patent
infringement or for any other reason (not limited to patent issues),
conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot
distribute so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you
may not distribute the Program at all. For example, if a patent
license would not permit royalty-free redistribution of the Program by
all those who receive copies directly or indirectly through you, then
the only way you could satisfy both it and this License would be to
refrain entirely from distribution of the Program.
If any portion of this section is held invalid or unenforceable under
any particular circumstance, the balance of the section is intended to
apply and the section as a whole is intended to apply in other
circumstances.
It is not the purpose of this section to induce you to infringe any
patents or other property right claims or to contest validity of any
such claims; this section has the sole purpose of protecting the
integrity of the free software distribution system, which is
implemented by public license practices. Many people have made
generous contributions to the wide range of software distributed
through that system in reliance on consistent application of that
system; it is up to the author/donor to decide if he or she is willing
to distribute software through any other system and a licensee cannot
impose that choice.
This section is intended to make thoroughly clear what is believed to
be a consequence of the rest of this License.
8. If the distribution and/or use of the Program is restricted in
certain countries either by patents or by copyrighted interfaces, the
original copyright holder who places the Program under this License
may add an explicit geographical distribution limitation excluding
those countries, so that distribution is permitted only in or among
countries not thus excluded. In such case, this License incorporates
the limitation as if written in the body of this License.
9. The Free Software Foundation may publish revised and/or new versions
of the General Public License from time to time. Such new versions will
be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the Program
specifies a version number of this License which applies to it and "any
later version", you have the option of following the terms and conditions
either of that version or of any later version published by the Free
Software Foundation. If the Program does not specify a version number of
this License, you may choose any version ever published by the Free Software
Foundation.
10. If you wish to incorporate parts of the Program into other free
programs whose distribution conditions are different, write to the author
to ask for permission. For software which is copyrighted by the Free
Software Foundation, write to the Free Software Foundation; we sometimes
make exceptions for this. Our decision will be guided by the two goals
of preserving the free status of all derivatives of our free software and
of promoting the sharing and reuse of software generally.
NO WARRANTY
11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY
FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN
OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES
PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED
OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE
PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING,
REPAIR OR CORRECTION.
12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR
REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES,
INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING
OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED
TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY
YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER
PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGES.

2071
receipeServer/frontend_old/node_modules/node-forge/README.md generated vendored Normal file
View File

File diff suppressed because it is too large Load Diff

48
receipeServer/frontend_old/node_modules/node-forge/flash/README.md generated vendored Normal file
View File

@@ -0,0 +1,48 @@
Forge Flash Support
===================
SocketPool.swf
--------------
Some special networking features can optionally use a Flash component.
Building the output SWF file requires the [Flex SDK][]. A pre-built component
is included: `swf/SocketPool.swf`.
Building the output SWF requires the `mxmlc` tool from the [Flex SDK][]. If
that tools is already installed then look in the `package.json` file for the
commands to rebuild it. If you need the SDK installed, there is a npm module that installs it:
npm install
To build a regular component:
npm run build
Additional debug support can be built in with the following:
npm run build-debug
Policy Server
-------------
Flash support requires the use of a Policy Server.
### Apache Flash Socket Policy Module
[mod_fsp](./mod_fsp) provides an [Apache][] module that can serve up a Flash
Socket Policy. See `mod_fsp/README` for more details. This module makes it easy
to modify an [Apache][] server to allow cross domain requests to be made to it.
### Simple Python Policy Server
`policyserver.py` provides a very simple test policy server.
### Simple Node.js Policy Server
`policyserver.js` provides a very simple test policy server. If a server is
needed for production environments, please use another option such as perhaps
[nodejs_socket_policy_server][].
[Apache]: http://httpd.apache.org/
[Flex SDK]: https://flex.apache.org/
[nodejs_socket_policy_server]: https://github.com/bichinger/nodejs_socket_policy_server

28
receipeServer/frontend_old/node_modules/node-forge/flash/package.json generated vendored Normal file
View File

@@ -0,0 +1,28 @@
{
"name": "node-forge-flash",
"version": "0.0.0",
"private": true,
"description": "Flash build support for Forge.",
"homepage": "https://github.com/digitalbazaar/forge",
"author": {
"name": "Digital Bazaar, Inc.",
"email": "support@digitalbazaar.com",
"url": "http://digitalbazaar.com/"
},
"devDependencies": {
"flex-sdk": ""
},
"repository": {
"type": "git",
"url": "https://github.com/digitalbazaar/forge"
},
"bugs": {
"url": "https://github.com/digitalbazaar/forge/issues",
"email": "support@digitalbazaar.com"
},
"license": "(BSD-3-Clause OR GPL-2.0)",
"scripts": {
"build": "mxmlc -debug=false -define=CONFIG::debugging,false -define=CONFIG::release,true -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as",
"build-debug": "mxmlc -debug=true -define=CONFIG::debugging,true -define=CONFIG::release,false -compiler.source-path=. -static-link-runtime-shared-libraries -output=swf/SocketPool.swf SocketPool.as"
}
}

BIN
receipeServer/frontend_old/node_modules/node-forge/flash/swf/SocketPool.swf generated vendored Normal file
View File

Binary file not shown.

123
receipeServer/frontend_old/node_modules/node-forge/package.json generated vendored Normal file
View File

@@ -0,0 +1,123 @@
{
"name": "node-forge",
"version": "1.3.1",
"description": "JavaScript implementations of network transports, cryptography, ciphers, PKI, message digests, and various utilities.",
"homepage": "https://github.com/digitalbazaar/forge",
"author": {
"name": "Digital Bazaar, Inc.",
"email": "support@digitalbazaar.com",
"url": "http://digitalbazaar.com/"
},
"contributors": [
"Dave Longley <dlongley@digitalbazaar.com>",
"David I. Lehn <dlehn@digitalbazaar.com>",
"Stefan Siegl <stesie@brokenpipe.de>",
"Christoph Dorn <christoph@christophdorn.com>"
],
"devDependencies": {
"browserify": "^16.5.2",
"commander": "^2.20.0",
"cross-env": "^5.2.1",
"eslint": "^7.27.0",
"eslint-config-digitalbazaar": "^2.8.0",
"express": "^4.16.2",
"karma": "^4.4.1",
"karma-browserify": "^7.0.0",
"karma-chrome-launcher": "^3.1.0",
"karma-edge-launcher": "^0.4.2",
"karma-firefox-launcher": "^1.3.0",
"karma-ie-launcher": "^1.0.0",
"karma-mocha": "^1.3.0",
"karma-mocha-reporter": "^2.2.5",
"karma-safari-launcher": "^1.0.0",
"karma-sauce-launcher": "^2.0.2",
"karma-sourcemap-loader": "^0.3.8",
"karma-tap-reporter": "0.0.6",
"karma-webpack": "^4.0.2",
"mocha": "^5.2.0",
"mocha-lcov-reporter": "^1.2.0",
"nodejs-websocket": "^1.7.1",
"nyc": "^15.1.0",
"opts": "^1.2.7",
"webpack": "^4.44.1",
"webpack-cli": "^3.3.12",
"worker-loader": "^2.0.0"
},
"repository": {
"type": "git",
"url": "https://github.com/digitalbazaar/forge"
},
"bugs": {
"url": "https://github.com/digitalbazaar/forge/issues",
"email": "support@digitalbazaar.com"
},
"license": "(BSD-3-Clause OR GPL-2.0)",
"main": "lib/index.js",
"files": [
"lib/*.js",
"flash/swf/*.swf",
"dist/*.min.js",
"dist/*.min.js.map"
],
"engines": {
"node": ">= 6.13.0"
},
"keywords": [
"aes",
"asn",
"asn.1",
"cbc",
"crypto",
"cryptography",
"csr",
"des",
"gcm",
"hmac",
"http",
"https",
"md5",
"network",
"pkcs",
"pki",
"prng",
"rc2",
"rsa",
"sha1",
"sha256",
"sha384",
"sha512",
"ssh",
"tls",
"x.509",
"x509"
],
"scripts": {
"prepublish": "npm run build",
"build": "webpack",
"test-build": "webpack --config webpack-tests.config.js",
"test": "npm run test-node",
"test-node": "cross-env NODE_ENV=test mocha -t 30000 -R ${REPORTER:-spec} tests/unit/index.js",
"test-karma": "karma start",
"test-karma-sauce": "karma start karma-sauce.conf",
"test-server": "node tests/server.js",
"test-server-ws": "node tests/websockets/server-ws.js",
"test-server-webid": "node tests/websockets/server-webid.js",
"coverage": "rm -rf coverage && nyc --reporter=lcov --reporter=text-summary npm test",
"coverage-ci": "rm -rf coverage && nyc --reporter=lcovonly npm test",
"coverage-report": "nyc report",
"lint": "eslint *.js lib/*.js tests/*.js tests/**/*.js examples/*.js flash/*.js"
},
"nyc": {
"exclude": [
"tests"
]
},
"jspm": {
"format": "amd"
},
"browser": {
"buffer": false,
"crypto": false,
"process": false
}
}