Implement matchRequestIntegrity

nodejs · Aug 10, 2022 · 1d66bc7 · 1d66bc7
1 parent 741edf7
commit 1d66bc7
Show file tree

Hide file tree

Showing 2 changed files with 27 additions and 3 deletions.
diff --git a/lib/fetch/index.js b/lib/fetch/index.js
@@ -721,7 +721,9 @@ async function mainFetch (fetchParams, recursive = false) {
     }
 
     // 3. Let processBody given bytes be these steps:
-    const processBody = (bytes) => {
+    const processBody = async (response) => {
+      const bytes = await readBodyToArrayBuffer(response)
+
       // 1. If bytes do not match request’s integrity metadata,
       // then run processBodyError and abort these steps. [SRI]
       if (!matchRequestIntegrity(request, bytes)) {
@@ -739,7 +741,7 @@ async function mainFetch (fetchParams, recursive = false) {
 
     // 4. Fully read response’s body given processBody and processBodyError.
     try {
-      processBody(await response.arrayBuffer())
+      processBody(response)
     } catch (err) {
       processBodyError(err)
     }
@@ -749,6 +751,26 @@ async function mainFetch (fetchParams, recursive = false) {
   }
 }
 
+async function readBodyToArrayBuffer (response) {
+  const size = parseInt(response.headersList.get('content-length'))
+  const bytes = new Uint8Array(size)
+
+  const reader = response.body.stream.getReader()
+  let offset = 0
+
+  while (true) {
+    const { done, value } = await reader.read()
+    if (done) {
+      break
+    } else {
+      bytes.set(value, offset)
+      offset += value.length
+    }
+  }
+
+  return bytes
+}
+
 // https://fetch.spec.whatwg.org/#concept-scheme-fetch
 // given a fetch params fetchParams
 async function schemeFetch (fetchParams) {

diff --git a/lib/fetch/util.js b/lib/fetch/util.js
@@ -4,6 +4,7 @@ const { redirectStatus } = require('./constants')
 const { performance } = require('perf_hooks')
 const { isBlobLike, toUSVString, ReadableStreamFrom } = require('../core/util')
 const assert = require('assert')
+const { createHash } = require('crypto')
 
 let File
 
@@ -340,7 +341,8 @@ function determineRequestsReferrer (request) {
 }
 
 function matchRequestIntegrity (request, bytes) {
-  return false
+  const [algo, expectedHashValue] = request.integrity.split('-', 2)
+  return createHash(algo).update(bytes).digest('hex') === expectedHashValue
 }
 
 // https://w3c.github.io/webappsec-upgrade-insecure-requests/#upgrade-request