Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@textile/security
Advanced tools
@textile/security - npm Package Compare versions
Comparing version 0.4.1-alpha.1 to 0.5.0
@@ -6,3 +6,3 @@ # Change Log | ||
| ## [0.4.1-alpha.1](https://github.com/textileio/js-threads/compare/@textile/security@0.4.1-alpha.0...@textile/security@0.4.1-alpha.1) (2020-11-13) | ||
| # [0.5.0](https://github.com/textileio/js-threads/compare/@textile/security@0.4.0...@textile/security@0.5.0) (2020-11-25) | ||
@@ -12,16 +12,8 @@ | ||
| * **releases:** point to correct module file ([8546aba](https://github.com/textileio/js-threads/commit/8546aba1152bca503baa0de6443a02e47acbf3ca)) | ||
| * find & replace error ([5ac17bb](https://github.com/textileio/js-threads/commit/5ac17bbe053f55c48a6fd9457353f50900410247)) | ||
| ## [0.4.1-alpha.0](https://github.com/textileio/js-threads/compare/@textile/security@0.4.0...@textile/security@0.4.1-alpha.0) (2020-11-13) | ||
| ### Features | ||
| * **builds:** adds module path and build ([9d029ef](https://github.com/textileio/js-threads/commit/9d029ef44c39d3019773c772bf8d483bcdf3be1a)) | ||
| * **builds:** rm umd for now; update build scripts to all use bili ([4757daf](https://github.com/textileio/js-threads/commit/4757dafa316b4e2c84c8ea8d2ad35206ad7737d4)) | ||
| * **bundle:** try out bili for packaging ([5df79c4](https://github.com/textileio/js-threads/commit/5df79c4c0dbd1def9b3e5a4c84a21ac787a01663)) | ||
| * remove buffers + multiaddr optims ([3c57820](https://github.com/textileio/js-threads/commit/3c578203b8614aad0e892832b8efcc90d6e13fac)) | ||
@@ -28,0 +20,0 @@ |
@@ -0,0 +0,0 @@ /** |
@@ -1,2 +0,107 @@ | ||
| "use strict";Object.defineProperty(exports,"__esModule",{value:!0});var e=require("tslib"),t=require("fast-sha256"),r=require("multibase"),n=require("@consento/sync-randombytes");function i(e){return e&&"object"==typeof e&&"default"in e?e:{default:e}}var o=i(r),a=i(n);function u(e,t){for(var r=0;r<t.length;r++){var n=t[r];n.enumerable=n.enumerable||!1,n.configurable=!0,"value"in n&&(n.writable=!0),Object.defineProperty(e,n.key,n)}}var s=new Error("Invalid key"),f=function(e){return a.default(new Uint8Array(e))},d=function(){function e(t,r){!function(e,t){if(!(e instanceof t))throw new TypeError("Cannot call a class as a function")}(this,e),this.service=t,this.read=r}var t,r,n;return t=e,n=[{key:"fromRandom",value:function(){var t=!(arguments.length>0&&void 0!==arguments[0])||arguments[0];return new e(f(32),t?f(32):void 0)}},{key:"fromBytes",value:function(t){if(32!==t.byteLength&&64!==t.byteLength)throw s;var r,n=t.slice(0,32);return 64===t.byteLength&&(r=t.slice(32)),new e(n,r)}},{key:"fromString",value:function(e){var t=o.default.decode(e);return this.fromBytes(t)}}],(r=[{key:"isDefined",value:function(){return void 0!==this.service}},{key:"canRead",value:function(){return void 0!==this.read}},{key:"toBytes",value:function(){var e;if(void 0!==this.read){var t=new Uint8Array(this.service.byteLength+(null!==(e=this.read.byteLength)&&void 0!==e?e:0));return t.set(this.service),this.read&&t.set(this.read,this.service.byteLength),t}return this.service}},{key:"toString",value:function(){return o.default.encode("base32",this.toBytes()).toString()}}])&&u(t.prototype,r),n&&u(t,n),e}();function c(r){var n=arguments.length>1&&void 0!==arguments[1]?arguments[1]:new Date(Date.now()+18e5);return e.__awaiter(this,void 0,void 0,(function*(){var e=o.default.decode(r),i=n.toISOString(),a=new t.HMAC(e).update(Buffer.from(i)).digest();return{sig:o.default.encode("base32",Buffer.from(a)).toString(),msg:i}}))}var v=new Error("Auth expired. Consider calling withKeyInfo or withAPISig to refresh.");exports.ThreadKey=d,exports.createAPISig=c,exports.createUserAuth=function(t,r,n,i){return e.__awaiter(this,void 0,void 0,(function*(){var e=yield c(r,n);return Object.assign(Object.assign({},e),{key:t,token:i})}))},exports.expirationError=v,exports.invalidKeyError=s,exports.keyFromString=function(e){return o.default.decode(e)},exports.keyToString=function(e){return o.default.encode("base32",e).toString()},exports.randomBytes=f; | ||
| //# sourceMappingURL=index.js.map | ||
| "use strict"; | ||
| var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } }); | ||
| }) : (function(o, m, k, k2) { | ||
| if (k2 === undefined) k2 = k; | ||
| o[k2] = m[k]; | ||
| })); | ||
| var __exportStar = (this && this.__exportStar) || function(m, exports) { | ||
| for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p); | ||
| }; | ||
| var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) { | ||
| function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); } | ||
| return new (P || (P = Promise))(function (resolve, reject) { | ||
| function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } } | ||
| function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } } | ||
| function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); } | ||
| step((generator = generator.apply(thisArg, _arguments || [])).next()); | ||
| }); | ||
| }; | ||
| var __importDefault = (this && this.__importDefault) || function (mod) { | ||
| return (mod && mod.__esModule) ? mod : { "default": mod }; | ||
| }; | ||
| Object.defineProperty(exports, "__esModule", { value: true }); | ||
| exports.expirationError = exports.createUserAuth = exports.createAPISig = void 0; | ||
| /** | ||
| * Common types/methods for Textile security including authentication and authorization. | ||
| * | ||
| * All methods here should be imported directly from the @textile/hub library. | ||
| * | ||
| * @packageDocumentation | ||
| */ | ||
| const fast_sha256_1 = require("fast-sha256"); | ||
| const multibase_1 = __importDefault(require("multibase")); | ||
| const encoder = new TextEncoder(); | ||
| /** | ||
| * createAPISig generates an authorization signature and message only. | ||
| * | ||
| * This function should NOT be used client-side, as it requires a key secret. | ||
| * @public | ||
| * @example | ||
| * Basic usage | ||
| * ```typescript | ||
| * import {createAPISig, APISig} from '@textile/threads' | ||
| * | ||
| * async function sign (key: string) { | ||
| * const sig: APISig = await createAPISig(key) | ||
| * return sig | ||
| * } | ||
| * ``` | ||
| * @param {string} secret - The key secret to generate the signature. See KeyInfo for details. | ||
| * @param {Date} date - An optional future Date to use as signature message. Once `date` has passed, this | ||
| * authorization signature and message will expire. Defaults to one minute from `Date.now`. | ||
| */ | ||
| function createAPISig(secret, date = new Date(Date.now() + 1000 * 60 * 30) // Default to 30 minutes | ||
| ) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| const sec = multibase_1.default.decode(secret); | ||
| const msg = date.toISOString(); | ||
| const hash = new fast_sha256_1.HMAC(sec); | ||
| const mac = hash.update(encoder.encode(msg)).digest(); | ||
| const sig = multibase_1.default.encode("base32", mac).toString(); | ||
| return { sig, msg }; | ||
| }); | ||
| } | ||
| exports.createAPISig = createAPISig; | ||
| /** | ||
| * Generate a UserAuth containing API key, signature, and message. | ||
| * | ||
| * The gRPC APIs will throw (or return an authorization error) if the message date has passed. | ||
| * This function should NOT be used client-side, as it requires a key secret. The result does | ||
| * not contain the secret and therefor CAN be used client side. | ||
| * @public | ||
| * @example | ||
| * Create a new UserAuth | ||
| * ```typescript | ||
| * import {createUserAuth, KeyInfo, UserAuth} from '@textile/threads'; | ||
| * | ||
| * async function auth (keyInfo: KeyInfo) { | ||
| * // Create an expiration and create a signature. 60s or less is recommended. | ||
| * const expiration = new Date(Date.now() + 60 * 1000) | ||
| * // Generate a new UserAuth | ||
| * const userAuth: UserAuth = await createUserAuth(keyInfo.key, keyInfo.secret ?? '', expiration) | ||
| * return userAuth | ||
| * } | ||
| * ``` | ||
| * | ||
| * @param {string} key - The API key secret to generate the signature. See KeyInfo for details. | ||
| * @param {string} secret - The API key secret to generate the signature. See KeyInfo for details. | ||
| * @param {Date} date - An optional future Date to use as signature message. Default 1 minute from now. | ||
| * @param {string} token - An optional user API token. | ||
| */ | ||
| function createUserAuth(key, secret, date, token) { | ||
| return __awaiter(this, void 0, void 0, function* () { | ||
| const partial = yield createAPISig(secret, date); | ||
| return Object.assign(Object.assign({}, partial), { key, | ||
| token }); | ||
| }); | ||
| } | ||
| exports.createUserAuth = createUserAuth; | ||
| /** | ||
| * expirationError is an error your app will receive anytime your credentials have expired. | ||
| * @public | ||
| */ | ||
| exports.expirationError = new Error("Auth expired. Consider calling withKeyInfo or withAPISig to refresh."); | ||
| __exportStar(require("./key"), exports); | ||
| //# sourceMappingURL=index.js.map |
@@ -1,2 +0,1 @@ | ||
| /// <reference types="node" /> | ||
| export declare const invalidKeyError: Error; | ||
@@ -8,6 +7,6 @@ export declare const randomBytes: (byteLength: number) => Uint8Array; | ||
| */ | ||
| export declare const keyFromString: (k: string) => Buffer; | ||
| export declare const keyFromString: (k: string) => Uint8Array; | ||
| /** | ||
| * String returns the base32-encoded string representation of raw key bytes. | ||
| * @param k Input key buffer. | ||
| * @param k Input key bytes. | ||
| */ | ||
@@ -14,0 +13,0 @@ export declare const keyToString: (k: Uint8Array) => string; |
| { | ||
| "name": "@textile/security", | ||
| "version": "0.4.1-alpha.1", | ||
| "version": "0.5.0", | ||
| "description": "Common types/interfaces for Textile security including authentication and authorization.", | ||
| "main": "dist/index.js", | ||
| "types": "dist/index.d.ts", | ||
| "module": "dist/index.esm.js", | ||
| "main": "dist/index", | ||
| "types": "dist/index", | ||
| "files": [ | ||
@@ -17,6 +16,6 @@ "dist/**/!(*.spec).js?(.map)", | ||
| "scripts": { | ||
| "build": "bili --config ../../bili.config.js", | ||
| "prepublishOnly": "npm run build", | ||
| "prepare": "npm run build", | ||
| "prebuild": "npm run clean", | ||
| "build": "npx tsc -b tsconfig.json", | ||
| "clean": "npx rimraf ./dist ./tsconfig.tsbuildinfo" | ||
@@ -30,7 +29,6 @@ }, | ||
| "@consento/sync-randombytes": "^1.0.5", | ||
| "@types/multibase": "^0.6.0", | ||
| "fast-sha256": "^1.3.0", | ||
| "multibase": "^1.0.0" | ||
| "multibase": "^3.1.0" | ||
| }, | ||
| "gitHead": "4082f562a628a2012965b1d6629b7613a697c64a" | ||
| "gitHead": "e6d84bffbba928d804accc562f1766838479982d" | ||
| } |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Minified code
QualityThis package contains minified code. This may be harmless in some cases where minified code is included in packaged libraries, however packages on npm should not minify code.
Found 1 instance in 1 package
Improved metrics
- Dependency count
- decreased by-25%
3
- Lines of code
- increased by101.1%
364
- Number of low quality alerts
- decreased by-33.33%
2
Worsened metrics
- Total package byte prevSize
- decreased by-14.61%
31320
Dependency changes
+ Added@multiformats/base-x@4.0.1(transitive)
+ Added@zxing/text-encoding@0.9.0(transitive)
+ Addedavailable-typed-arrays@1.0.7(transitive)
+ Addedcall-bind@1.0.7(transitive)
+ Addeddefine-data-property@1.1.4(transitive)
+ Addedes-define-property@1.0.0(transitive)
+ Addedes-errors@1.3.0(transitive)
+ Addedfor-each@0.3.3(transitive)
+ Addedfunction-bind@1.1.2(transitive)
+ Addedget-intrinsic@1.2.4(transitive)
+ Addedgopd@1.1.0(transitive)
+ Addedhas-property-descriptors@1.0.2(transitive)
+ Addedhas-proto@1.1.0(transitive)
+ Addedhas-symbols@1.0.3(transitive)
+ Addedhas-tostringtag@1.0.2(transitive)
+ Addedhasown@2.0.2(transitive)
+ Addedinherits@2.0.4(transitive)
+ Addedis-arguments@1.1.1(transitive)
+ Addedis-callable@1.2.7(transitive)
+ Addedis-generator-function@1.0.10(transitive)
+ Addedis-typed-array@1.1.13(transitive)
+ Addedmultibase@3.1.2(transitive)
+ Addedpossible-typed-array-names@1.0.0(transitive)
+ Addedset-function-length@1.2.2(transitive)
+ Addedutil@0.12.5(transitive)
+ Addedweb-encoding@1.1.5(transitive)
+ Addedwhich-typed-array@1.1.16(transitive)
- Removed@types/multibase@^0.6.0
- Removed@types/multibase@0.6.0(transitive)
- Removed@types/node@22.10.1(transitive)
- Removedbase-x@3.0.10(transitive)
- Removedmultibase@1.0.1(transitive)
- Removedsafe-buffer@5.2.1(transitive)
- Removedundici-types@6.20.0(transitive)
Updatedmultibase@^3.1.0