split b64u functions into separate package

[squeep-mystery-box] / lib / mystery-box.js

diff --git a/lib/mystery-box.js b/lib/mystery-box.js
index be12245538fd966172e88b5f7266dd0a4d949a45..2343c5e164f79f9d04629a97c366a1fbd0f58595 100644 (file)
--- a/lib/mystery-box.js
+++ b/lib/mystery-box.js
@@ -3,6 +3,7 @@
 const crypto = require('crypto');
 const zlib = require('zlib');
 const { promisify } = require('util');
+const { base64ToBase64URL, base64URLToBase64 } = require('@squeep/base64url');
 const common = require('./common');
 const allVersions = require('./version-parameters');
 const { performance } = require('perf_hooks');
@@ -183,7 +184,7 @@ class MysteryBox {
     const tag = cipher.getAuthTag();
 
     const merged = Buffer.concat([versionBuffer, flagsBuffer, iv, salt, tag, encrypted, final]).toString('base64');
-    const result = common.base64ToBase64URL(merged);
+    const result = base64ToBase64URL(merged);
     timingsMs.end = timingsMs.postCrypt = performance.now();
 
     this.logger.debug(_scope, 'statistics', { version, flags: this._prettyFlags(flags), serialized: contents.length, compressed: payload.length, encoded: result.length, ...MysteryBox._timingsLog(timingsMs) });
@@ -208,7 +209,11 @@ class MysteryBox {
       end: 0,
     };
 
-    const raw = Buffer.from(common.base64URLToBase64(box), 'base64');
+    if (!box) {
+      throw new RangeError('nothing to unpack');
+    }
+
+    const raw = Buffer.from(base64URLToBase64(box), 'base64');
     let offset = 0;
 
     const version = raw.slice(offset, 1).readUInt8(0);
@@ -219,6 +224,11 @@ class MysteryBox {
     const v = this.versionParameters[version];
     offset += v.versionBytes;
 
+    const minBytes = v.versionBytes + v.flagsBytes + v.ivBytes + v.saltBytes + v.tagBytes;
+    if (raw.length < minBytes) {
+      throw new RangeError('not enough to unpack');
+    }
+
     const flags = raw.slice(offset, offset + v.flagsBytes).readUInt8(0);
     offset += v.flagsBytes;