moved around files

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/caching_sha2_password.js

@@ -0,0 +1,108 @@
+'use strict';
+
+// https://mysqlserverteam.com/mysql-8-0-4-new-default-authentication-plugin-caching_sha2_password/
+
+const PLUGIN_NAME = 'caching_sha2_password';
+const crypto = require('crypto');
+const { xor, xorRotating } = require('../auth_41');
+
+const REQUEST_SERVER_KEY_PACKET = Buffer.from([2]);
+const FAST_AUTH_SUCCESS_PACKET = Buffer.from([3]);
+const PERFORM_FULL_AUTHENTICATION_PACKET = Buffer.from([4]);
+
+const STATE_INITIAL = 0;
+const STATE_TOKEN_SENT = 1;
+const STATE_WAIT_SERVER_KEY = 2;
+const STATE_FINAL = -1;
+
+function sha256(msg) {
+  const hash = crypto.createHash('sha256');
+  hash.update(msg);
+  return hash.digest();
+}
+
+function calculateToken(password, scramble) {
+  if (!password) {
+    return Buffer.alloc(0);
+  }
+  const stage1 = sha256(Buffer.from(password));
+  const stage2 = sha256(stage1);
+  const stage3 = sha256(Buffer.concat([stage2, scramble]));
+  return xor(stage1, stage3);
+}
+
+function encrypt(password, scramble, key) {
+  const stage1 = xorRotating(Buffer.from(`${password}\0`, 'utf8'), scramble);
+  return crypto.publicEncrypt(
+    {
+      key,
+      padding: crypto.constants.RSA_PKCS1_OAEP_PADDING,
+    },
+    stage1
+  );
+}
+
+module.exports =
+  (pluginOptions = {}) =>
+  ({ connection }) => {
+    let state = 0;
+    let scramble = null;
+
+    const password = connection.config.password;
+
+    const authWithKey = (serverKey) => {
+      const _password = encrypt(password, scramble, serverKey);
+      state = STATE_FINAL;
+      return _password;
+    };
+
+    return (data) => {
+      switch (state) {
+        case STATE_INITIAL:
+          scramble = data.slice(0, 20);
+          state = STATE_TOKEN_SENT;
+          return calculateToken(password, scramble);
+
+        case STATE_TOKEN_SENT:
+          if (FAST_AUTH_SUCCESS_PACKET.equals(data)) {
+            state = STATE_FINAL;
+            return null;
+          }
+
+          if (PERFORM_FULL_AUTHENTICATION_PACKET.equals(data)) {
+            const isSecureConnection =
+              typeof pluginOptions.overrideIsSecure === 'undefined'
+                ? connection.config.ssl || connection.config.socketPath
+                : pluginOptions.overrideIsSecure;
+            if (isSecureConnection) {
+              state = STATE_FINAL;
+              return Buffer.from(`${password}\0`, 'utf8');
+            }
+
+            // if client provides key we can save one extra roundrip on first connection
+            if (pluginOptions.serverPublicKey) {
+              return authWithKey(pluginOptions.serverPublicKey);
+            }
+
+            state = STATE_WAIT_SERVER_KEY;
+            return REQUEST_SERVER_KEY_PACKET;
+          }
+          throw new Error(
+            `Invalid AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_TOKEN_SENT state.`
+          );
+        case STATE_WAIT_SERVER_KEY:
+          if (pluginOptions.onServerPublicKey) {
+            pluginOptions.onServerPublicKey(data);
+          }
+          return authWithKey(data);
+        case STATE_FINAL:
+          throw new Error(
+            `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_FINAL state.`
+          );
+      }
+
+      throw new Error(
+        `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in state ${state}`
+      );
+    };
+  };

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/caching_sha2_password.md

@@ -0,0 +1,18 @@
+##
+
+https://dev.mysql.com/doc/refman/8.0/en/caching-sha2-pluggable-authentication.html
+
+```js
+const mysql = require('mysql');
+mysql.createConnection({
+  authPlugins: {
+    caching_sha2_password: mysql.authPlugins.caching_sha2_password({
+      onServerPublikKey: function (key) {
+        console.log(key);
+      },
+      serverPublicKey: 'xxxyyy',
+      overrideIsSecure: true, //
+    }),
+  },
+});
+```

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/index.js

@@ -0,0 +1,8 @@
+'use strict';
+
+module.exports = {
+  caching_sha2_password: require('./caching_sha2_password'),
+  mysql_clear_password: require('./mysql_clear_password'),
+  mysql_native_password: require('./mysql_native_password'),
+  sha256_password: require('./sha256_password'),
+};

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/mysql_clear_password.js

@@ -0,0 +1,17 @@
+'use strict';
+
+function bufferFromStr(str) {
+  return Buffer.from(`${str}\0`);
+}
+
+const create_mysql_clear_password_plugin = (pluginOptions) =>
+  function mysql_clear_password_plugin({ connection, command }) {
+    const password =
+      command.password || pluginOptions.password || connection.config.password;
+
+    return function (/* pluginData */) {
+      return bufferFromStr(password);
+    };
+  };
+
+module.exports = create_mysql_clear_password_plugin;

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/mysql_native_password.js

@@ -0,0 +1,34 @@
+'use strict';
+
+//const PLUGIN_NAME = 'mysql_native_password';
+const auth41 = require('../auth_41.js');
+
+module.exports =
+  (pluginOptions) =>
+  ({ connection, command }) => {
+    const password =
+      command.password || pluginOptions.password || connection.config.password;
+    const passwordSha1 =
+      command.passwordSha1 ||
+      pluginOptions.passwordSha1 ||
+      connection.config.passwordSha1;
+    return (data) => {
+      const authPluginData1 = data.slice(0, 8);
+      const authPluginData2 = data.slice(8, 20);
+      let authToken;
+      if (passwordSha1) {
+        authToken = auth41.calculateTokenFromPasswordSha(
+          passwordSha1,
+          authPluginData1,
+          authPluginData2
+        );
+      } else {
+        authToken = auth41.calculateToken(
+          password,
+          authPluginData1,
+          authPluginData2
+        );
+      }
+      return authToken;
+    };
+  };

panel-mgmt_backend/node_modules/mysql2/lib/auth_plugins/sha256_password.js

@@ -0,0 +1,59 @@
+'use strict';
+
+const PLUGIN_NAME = 'sha256_password';
+const crypto = require('crypto');
+const { xorRotating } = require('../auth_41');
+
+const REQUEST_SERVER_KEY_PACKET = Buffer.from([1]);
+
+const STATE_INITIAL = 0;
+const STATE_WAIT_SERVER_KEY = 1;
+const STATE_FINAL = -1;
+
+function encrypt(password, scramble, key) {
+  const stage1 = xorRotating(Buffer.from(`${password}\0`, 'utf8'), scramble);
+  return crypto.publicEncrypt(key, stage1);
+}
+
+module.exports =
+  (pluginOptions = {}) =>
+  ({ connection }) => {
+    let state = 0;
+    let scramble = null;
+
+    const password = connection.config.password;
+
+    const authWithKey = (serverKey) => {
+      const _password = encrypt(password, scramble, serverKey);
+      state = STATE_FINAL;
+      return _password;
+    };
+
+    return (data) => {
+      switch (state) {
+        case STATE_INITIAL:
+          scramble = data.slice(0, 20);
+          // if client provides key we can save one extra roundrip on first connection
+          if (pluginOptions.serverPublicKey) {
+            return authWithKey(pluginOptions.serverPublicKey);
+          }
+
+          state = STATE_WAIT_SERVER_KEY;
+          return REQUEST_SERVER_KEY_PACKET;
+
+        case STATE_WAIT_SERVER_KEY:
+          if (pluginOptions.onServerPublicKey) {
+            pluginOptions.onServerPublicKey(data);
+          }
+          return authWithKey(data);
+        case STATE_FINAL:
+          throw new Error(
+            `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in STATE_FINAL state.`
+          );
+      }
+
+      throw new Error(
+        `Unexpected data in AuthMoreData packet received by ${PLUGIN_NAME} plugin in state ${state}`
+      );
+    };
+  };