node-laravel-encryptor
NodeJS version of Laravel's Encrypter Class, tested 5.4.30 to 6.X
Illuminate/Encryption/Encrypter.php
With this module you can create the encrypted payload for a cookie from Node Js
and be read by Laravel.
You can use it too as standalone module to encrypt and decrypt data with verified signature.
If you use this module as standalone, AKA without Laravel
backend involve in your scenarios you can use native node JSON lib
to serialize
the data before ciphering it.
changes in version 3.0.*
options.key_length
now is 128|256
.
Prerequisites
- NodeJs
>=v8.10.0 (npm v5.6.0)
Laravel Compatibility
Install
$> npm i node-laravel-encryptor
Use
Async mode
const {Encryptor} = require('node-laravel-encryptor');
let encryptor = new Encryptor({
key: 'Laravel APP_KEY without base64:',
});
encryptor
.encrypt({foo: 'bar'})
.then(enc => console.log(encryptor.decrypt(enc)));
Sync mode
const enc = encryptor.encryptSync({foo: 'bar'});
console.log(encryptor.decrypt(enc));
Decrypt is always in sync mode.
Serialize <php>
|<json>
|<custom>
Encryptor let you chose between php-serialize
npm package or JSON
node native implementation to serialize the data out of the box.
If you need to use other serialize library, like mspack
or any other custom lib, Encryptor let you inject, at the constructor or at runtime with
setSerializerDriver(your_lib)
, your custom Serializer Class.
If you use this module with the intend to be able to read and write ciphered data to/from Laravel you should instance Encryptor class without any serialize_mode
option, just the defaults.
If you use this module without any Laravel Backend involve you should use json mode, instance Encryptor class with serialize_mode:'json'
.
Encryptor will serialize only if data to cipher is an object.
You can force serialize if Encryptor class is using serialize_mode:'php'
to be able to serialize data to send back to Laravel if needed
Use php-serialize to serialize data (Laravel integration)
const encryptor = new Encryptor({key});
const encryptor1 = new Encryptor({key, serialize_mode: 'php'});
encryptor and encryptor1 just do the same, initialize Encryptor class with serialize mode to 'php'
Encryptor defaults serialize data with php-serialize
driver to be compliant with Laravel
Force serialize only when serialize_mode:'php'
If data needs to be serialized but it's not an object (because Laravel is serializing everything)
you can force Encryptor.encrypt()
to serialize data.
const encryptor = new Encryptor({key});
encryptor.encrypt('foo', true)
Use JSON to serialize data
const encryptor = new Encryptor({key, serialize_mode: 'json'});
Write your custom Serializer
Prerequisites
- adhere to Serializer Interface contract
Your custom Serializer must implement this two methods:
export interface Serialize_Interface {
serialize(data: any): string;
unSerialize(data: string): any;
}
Encryptor Class
Constructor
- arguments:
- options:
<object>
{key, key_length}
- key:
<string>
APP_KEY without base64:
- key_length:
<number>
[optional] [default] <256>
values 128|256 for aes-[128]-cbc aes-[256]-cbc - serialize_mode:
<string>
[optional] [default] <php>
values <php>
|<json>
- serialize driver:
class to serialize
[optional]
- throw EncryptorError
options.key_length
If you use aes-128-cbc value should be 128
If you use aes-256-cbc value should be 256 or you can omit, it's a default value.
Methods
encrypt(data, force_serialize)
Will encrypt data with MAC signature, and return a Promise with encrypted base64 string.
With force_serialize
(only apply with serialize_mode:'php'
) you can force Encryptor to serialize data
before cipher even if data is not an object.
force_serialize
, will not take any effect if Encryptor is using other serializer driver than php-serialize
module.
- arguments:
- data:
<string>
|<object>
|<number>
- force_serialize:
<boolean>
[optional]
- return Promise
<string>
base64 json encoded object {iv, value, mac}
- throw EncryptorError
decrypt(data)
Will decrypt data with MAC signature verification, and return original data.
- arguments:
- data:
<string>
|<object>
|<number>
- return
<string>
|<object>
- throw EncryptorError
encryptSync(data, force_serialize)
Will encrypt data with MAC signature, and return encrypted base64 string.
With force_serialize
(only apply with serialize_mode:'php'
) you can force Encryptor to serialize data
before cipher even if data is not an object.
force_serialize
, will not take any effect if Encryptor is using other serializer driver than php-serialize
module.
- arguments:
- data:
<string>
|<object>
|<number>
- force_serialize:
<boolean>
[optional]
- return
<string>
base64 json encoded object {iv, value, mac}
- throw EncryptorError
Encrypt and Decrypt methods will serialize or unserialize data if needed.
setSerializerDriver(custom_Serializer_lib)
Will inject custom serializer driver to Encryptor Class
- arguments:
- custom_Serializer_lib:
object class serialize module
- return
<void>
- throw EncryptorError
Static generateRandomKey()
Will generate valid App_key a la Laravel
- arguments:
- length:
<number>
[optional], default 256, if you use aes-128-cbc use 128
- return
<string>
base64 - throw EncryptorError
Static static_decipher(key, data)
will decipher data
- arguments:
- key:
<string>
base64 encoded key - data:
<string>
|<object>
|<number>
- return
<string>
base64 - throw EncryptorError
Static static_cipher(key, data, [cb])
will cipher data
- arguments:
- key:
<string>
base64 encoded key - data:
<string>
|<object>
|<number>
- cb:
<function>
optional callback
- return
<string>
base64 - throw EncryptorError
Binary node_modules/.bin/encryptor
➜ encryptor
Usage
encryptor --gen [128, 256]
encryptor --enc --key <key> --value <value> [--serialize_mode json|php]
encryptor --dec --key <key> --value <value> [--serialize_mode json|php]
Generate cipher key
➜ encryptor --gen 256
qS+rK37YXXCYHXUhYaQtFGE+RMRQHiolxTilCre4/xQ=
➜ encryptor --gen 128
qc5plfoS13rfJeQ9LcqNtg==
Cipher
➜ encryptor --enc --key '5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=' \
--value '{"foo": 1}' --serialize_mode json
[OPTIONS]
[key] => 5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=
[value] => {"foo": 1}
[serialize_mode] => json
[OUTPUT]
[ciphered] => eyJpdiI6Ill6UTJOakV5WWpOa1lXUTNNRFkyTnc9PSIsInZhbHVlIjoiYjVtTE9GeDZ2QWhIRkRrUjIwWGhlQT09IiwibWFjIjoiNjUzNDQzNzRmYzUwZmY4NTdjNGY4MDdiZjcwZmFjMzU1YzlmYzU4MTQ1NmQ2MmYxY2I3ZDdiYWIwYTFmZWExMiJ9
without serialize_mode (default php)
➜ encryptor --enc --key '5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=' \
--value '{"foo": 1}'
[OPTIONS]
[key] => 5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=
[value] => {"foo": 1}
[serialize_mode] => php
[OUTPUT]
[ciphered] => eyJpdiI6Ik5EWmlaR0ZpTjJabFpEZGxOVFJrTmc9PSIsInZhbHVlIjoiYmo3RXJPMnNOamljamJITDMxZTVzcWxlUnpzN0RJdnZ4RUVpNTVvWlVKWT0iLCJtYWMiOiI2YjY4OGRiYjc0ZTg4NzlhMWYxMzI1MmZiOGY3Y2Q4YzM1MGEzMWUyZWE3ZWM3NjRmZTkyZTAwNGZkZGUyMmY0In0=
Decipher
➜ encryptor --dec --key '5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=' \
--value 'eyJpdiI6Ik1HWTFZbVkwWmpneE1EZGlZVEkyT1E9PSIsInZhbHVlIjoiTXNvZWQ3WXE2SlVuVkpkNTM5SHdiQT09IiwibWFjIjoiMTA5OTllYTQ3YjcwYTIxYWU1MmVkZDAyNzIwODg1ZGE0YWJhZWIwOWMyNjVmYmY1ZDI0NTJjMDRhYjE0ODg3YiJ9' \
--serialize_mode json
[OPTIONS]
[key] => 5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=
[encrypted] => eyJpdiI6Ik1HWTFZbVkwWmpneE1EZGlZVEkyT1E9PSIsInZhbHVlIjoiTXNvZWQ3WXE2SlVuVkpkNTM5SHdiQT09IiwibWFjIjoiMTA5OTllYTQ3YjcwYTIxYWU1MmVkZDAyNzIwODg1ZGE0YWJhZWIwOWMyNjVmYmY1ZDI0NTJjMDRhYjE0ODg3YiJ9
[serialize_mode] => json
[OUTPUT]
[deciphered] => {"foo":1}
[RAW deciphered] => j:{"foo":1}
without serialize_mode (default php)
➜ encryptor --dec --key '5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=' \
--value 'eyJpdiI6Ik5EWmlaR0ZpTjJabFpEZGxOVFJrTmc9PSIsInZhbHVlIjoiYmo3RXJPMnNOamljamJITDMxZTVzcWxlUnpzN0RJdnZ4RUVpNTVvWlVKWT0iLCJtYWMiOiI2YjY4OGRiYjc0ZTg4NzlhMWYxMzI1MmZiOGY3Y2Q4YzM1MGEzMWUyZWE3ZWM3NjRmZTkyZTAwNGZkZGUyMmY0In0='
[OPTIONS]
[key] => 5mimovgZ4oxbEoktPRKpVlu8LUL6JZRJb1+Y5JzJkIc=
[encrypted] => eyJpdiI6Ik5EWmlaR0ZpTjJabFpEZGxOVFJrTmc9PSIsInZhbHVlIjoiYmo3RXJPMnNOamljamJITDMxZTVzcWxlUnpzN0RJdnZ4RUVpNTVvWlVKWT0iLCJtYWMiOiI2YjY4OGRiYjc0ZTg4NzlhMWYxMzI1MmZiOGY3Y2Q4YzM1MGEzMWUyZWE3ZWM3NjRmZTkyZTAwNGZkZGUyMmY0In0=
[serialize_mode] => php
[OUTPUT]
[deciphered] => {"foo":1}
[RAW deciphered] => a:1:{s:3:"foo";i:1;}
Tests
To be able to run PHP test
you should install:
- PHP
>= 7.1.3
- OpenSSL PHP Extension
- Mbstring PHP Extension
- Tokenizer PHP Extension
- Ctype PHP Extension
- JSON PHP Extension
- BCMath PHP Extension
$> npm run test
Artillery test
In order to run Artillery integration test and stress test with aSync|Sync mode we have
to install artillery and artillery expect plugin.
$> npm install -g artillery artillery-plugin-expect
Run Artillery expect test
start server running in async mode
$> npm run artillery_server_async
$> npm run artillery_expect
All virtual users finished
Summary report @ 11:28:45(+0200) 2019-09-21
Scenarios launched: 110
Scenarios completed: 110
Requests completed: 1100
RPS sent: 105.77
Request latency:
min: 0.8
max: 14.4
median: 1.2
p95: 2
p99: 3.5
Scenario counts:
Integration Test, parallel request: 110 (100%)
Codes:
200: 1100
start server running in sync mode
$> npm run artillery_server_sync
$> npm run artillery_expect
All virtual users finished
Summary report @ 11:31:09(+0200) 2019-09-21
Scenarios launched: 110
Scenarios completed: 110
Requests completed: 1100
RPS sent: 105.87
Request latency:
min: 1
max: 27.3
median: 1.4
p95: 2.2
p99: 3.9
Scenario counts:
Integration Test, parallel request: 110 (100%)
Codes:
200: 1100
Run Artillery stress test
start server running in async mode
$> npm run artillery_server_async
start server running in sync mode
$> npm run artillery_server_sync
run test
$> npm run artillery
Async Mode
All virtual users finished
Summary report @ 11:20:34(+0200) 2019-09-21
Scenarios launched: 4220
Scenarios completed: 4220
Requests completed: 4220
RPS sent: 17.52
Request latency:
min: 1.1
max: 30.3
median: 1.9
p95: 3
p99: 4.8
Scenario counts:
stress test: 4220 (100%)
Codes:
200: 4220
Sync Mode
All virtual users finished
Summary report @ 11:15:31(+0200) 2019-09-21
Scenarios launched: 4220
Scenarios completed: 4220
Requests completed: 4220
RPS sent: 17.52
Request latency:
min: 1.1
max: 30.6
median: 1.9
p95: 2.9
p99: 4.7
Scenario counts:
stress test: 4220 (100%)
Codes:
200: 4220
Laravel Encrypter format:
Laravel only allows AES-128-CBC
AES-256-CBC
.
If no algorithm is defined default is AES-256-CBC
{
"iv": "iv in base64",
"value": "encrypted data",
"mac": "Hash HMAC signature"
}
Dependencies
Contributing
Pull requests are welcome.
License
MIT