@poppinss/utils
Advanced tools
Comparing version 2.2.2 to 2.2.3
@@ -11,1 +11,2 @@ export { base64 } from './src/base64'; | ||
export { randomString } from './src/randomString'; | ||
export { MessageBuilder } from './src/MessageBuilder'; |
@@ -37,1 +37,3 @@ "use strict"; | ||
exports.randomString = randomString_1.randomString; | ||
var MessageBuilder_1 = require("./src/MessageBuilder"); | ||
exports.MessageBuilder = MessageBuilder_1.MessageBuilder; |
{ | ||
"name": "@poppinss/utils", | ||
"version": "2.2.2", | ||
"version": "2.2.3", | ||
"description": "Handy utilities for repetitive work", | ||
@@ -5,0 +5,0 @@ "main": "build/index.js", |
@@ -28,2 +28,3 @@ # Utils | ||
- [Safe equal](#safe-equal) | ||
- [Message Builder](#message-builder) | ||
@@ -229,2 +230,28 @@ <!-- END doctoc generated TOC please keep comment here to allow auto update --> | ||
## Message Builder | ||
Message builder provides a sane API for stringifying objects similar to `JSON.stringify` but has a few advantages. | ||
- It is safe from JSON poisoning vulnerability. | ||
- You can define expiry and purpose for the encoding. The `verify` method will respect these values. | ||
The message builder alone may seem useless, since anyone can decode the object and change its expiry or purpose. However, you can generate an hash of the stringified object and verify for tampering by validating the hash. This is what AdonisJS does for cookies. | ||
```ts | ||
import { MessageBuilder } from '@poppinss/utils' | ||
const builder = new MessageBuilder() | ||
const encoded = builder.build( | ||
{ username: 'virk' }, | ||
'1 hour', | ||
'login', | ||
) | ||
``` | ||
Now verify it | ||
```ts | ||
builder.verify(encoded) // returns null, no purpose defined | ||
builder.verify(encoded, 'register') // returns null, purpose mismatch. | ||
builder.verify(encoded, 'login') // return { username: 'virk' } | ||
``` | ||
[circleci-image]: https://img.shields.io/circleci/project/github/poppinss/utils/master.svg?style=for-the-badge&logo=circleci | ||
@@ -231,0 +258,0 @@ [circleci-url]: https://circleci.com/gh/poppinss/utils "circleci" |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
54881
266
28
707