object-encode - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

index.js

 const juri = require("juri")();
 const codec = require('string-codec');
+var ss = require('seededshuffle');
 
@@ -11,43 +12,45 @@ const codec_algorithms = [ "hex", "base64", "ascii85","base91","rot5", "rot13", "rot18", "rot47", "rev", "url" ,"punycode" ];
 
-function encode(str, algorithm, runs){
-  runs = Number(runs) || 1;
+function encode(str, algorithm, salt, remove_padding){
+  //ensure remove_padding values set
+  remove_padding = remove_padding===undefined ? true : remove_padding;
+  //set right algorithm
   algorithm = set_algorithm(algorithm);
+  //ensure salt is string
+  salt = String(salt) || 'changeme';
+  //reject if string not entered
+  if(typeof str !== 'string'){ throw new Error("String Value required."); }
 
-  if(typeof str !== 'string'){
-    throw new Error("String Value required.");
-  }
+  //encode string with given algorithm
+  str = codec.encoder( str, algorithm );
+  //remove padding for base64 encoding
+  if(remove_padding && algorithm=='base64'){ str = str.replace(/=+$/,''); }
+  //shuffle string chars using salt
+  str = ss.shuffle(str.split(''),salt,true).join('');
 
-  for(var i=0; i<runs; i++){
-    str = codec.encoder( str, algorithm );
-  }
-
   return  str;
 }
 
-function decode(str, algorithm, runs){
-
-  runs = Number(runs) || 1;
+function decode(str, algorithm, salt){
+  //set right algorithm
   algorithm = set_algorithm(algorithm);
+  //ensure salt is string
+  salt = String(salt) || 'changeme';
+  //reject if string not entered
+  if(typeof str !== 'string'){ throw new Error("String Value required."); }
 
-  if(typeof str !== 'string'){
-    throw new Error("String Value required.");
-  }
-
+  //unshuffle string using salt
+  str = ss.unshuffle(str.split(''),salt,true).join('');
   //decode string by given algorithm
-  for(var i=0; i<runs; i++){
-    str = codec.decoder( str, algorithm );
-  }
+  str = codec.decoder( str, algorithm );
 
   return str;
-
 }
 
-function encode_object(object, algorithm, runs){
-  if(typeof object !== 'object'){
-    throw new Error("You can only encode objects using this method");
-  }
+function encode_object(object, algorithm, salt, remove_padding){
 
+  if(typeof object !== 'object'){ throw new Error("You can only encode objects using this method"); }
+
   var str = juri.encode(object);
   // console.log(str, str.length)
-  str = encode(str, algorithm, runs);
+  str = encode(str, algorithm, salt, remove_padding);
   // console.log(str);
@@ -57,7 +60,5 @@ return str;
 
-function decode_object(string, algorithm, runs){
-  if(typeof string !== 'string'){
-    throw new Error("String Value required.");
-  }
+function decode_object(string, algorithm, salt, remove_padding){
 
+  if(typeof string !== 'string'){ throw new Error("String Value required."); }
 
@@ -67,3 +68,3 @@ var object = {};
   try{
-    string = decode(string, algorithm, runs);
+    string = decode(string, algorithm, salt, remove_padding);
     object = juri.decode(string);
@@ -70,0 +71,0 @@ }

package.json

 {
   "name": "object-encode",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Encode your objects into simple string hashes that you can then pass around. Then decode them back with ease.",
@@ -19,2 +19,3 @@ "main": "index.js",
     "juri": "^1.0.3",
+    "seededshuffle": "^0.1.1",
     "string-codec": "^0.1.0"
@@ -21,0 +22,0 @@ },

README.md

@@ -35,10 +35,14 @@ # Object Encode
 
+var salt = ')*myNewAWESOME-salt254@%^&%';
+
 //encode object using specified algorithm
-var encodedString = objCodec.encode_object( object);
-console.log(encodedString);
+var encodedString = objCodec.encode_object( object, 'base64', salt );
 
 //decode string back to the object
-var decodedObject = objCodec.decode_object(encodedString);   
+var decodedObject = objCodec.decode_object(encodedString, 'base64', salt );
+
+console.log(encodedString);
 console.log(decodedObject);
 
+
 ```
@@ -49,11 +53,18 @@
 
-## ```.encode_object(object, [algorithm, runs])```
+## ```.encode_object(object [,algorithm, salt])```
 
-Takes an object and encodes it using the algorithm given into a string. Default algorithm is ***base64***.
+Takes an object and encodes it using the **algorithm** given into a string, and then shuffles the string using the given **salt** value.
 
-*If you so desire, you can increase runs to re-encode the encoded string; This is often of not much use unless you are trying to further obscure your data/string.*
+**NOTE:**
+* Default algorithm is ***base64***.
 
-## ```.decode_object(string, [algorithm, runs])```
-Takes an string and decodescodes it using the algorithm given back to an object. Default algorithm is ***base64***.
+* **Salt** allows you to mangle your encoded string so that it may not be easily decoded back into the object without one knowing that value.
 
+* Default algorithm is ***changeme***.
+
+## ```.decode_object(string [,algorithm, salt])```
+Takes an string, unshuffles it using provided **salt** and then decodes it using the **algorithm** given back to an object.
+
+**NOTE:** (AS ABOVE)
+
 ## If all you need is string encoding & decoding...
@@ -72,1 +83,6 @@ I have also exposed two other methods:
 Install ```dev dependecies``` and run test.js to see how they compare.
+
+# A Note on Security
+The default *salt* value is **'changeme'** so please use your own. Like passwords, choose a strong salt value.
+
+Please do not encode sensitive data like passwords within your objects. This library is not built with security in mind. The ultimate goal was to simply encode objects into strings so be wise & keep your sensitive data safe!

test.js

@@ -20,19 +20,22 @@ var objCodec = require('.');
 
+// var object = {p:'twitter', d:'2016-09'};
 
-
 //Available Algorithms
 var algs = [ "hex", "base64", "ascii85", "base91", "rot5", "rot13", "rot18", "rot47", "rev", "url" ,"punycode" ];
 
+var salt = 'getAGoodEnoughSalts';
+
 //test each algorithm
 algs.forEach(function(alg){
 
-  var encodedString = objCodec.encode_object( object, alg );
-  var decodedObject = objCodec.decode_object( encodedString, alg );
+  var encodedString = objCodec.encode_object( object, alg, salt );
+  var decodedObject = objCodec.decode_object( encodedString, alg, salt );
   var urlSafe = (encodedString == encodeURI(encodedString));
 
-  console.log('\nALG:'+alg, '| LEN:' + encodedString.length, '| URLSAFE: ' +  (urlSafe ? logSymbols.success : logSymbols.error) );
+  console.log('\nALG:'+alg, '| LEN:' + encodedString.length,'| OBJ-LEN:' + JSON.stringify(object).length, '| URLSAFE: ' +  (urlSafe ? logSymbols.success : logSymbols.error) );
   console.log(encodedString);
+  // console.log(decodedObject)
 
-  assert.deepEqual(object, decodedObject, '[' + alg + '] - Decoded object deffers from the original object');
+  assert.deepEqual(object, decodedObject, '[' + alg + '] - Decoded object differs from the original object');
 
 });

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

7824

increased by22.17%

Lines of code

99

increased by7.61%

Number of lines in readme file

86

increased by22.86%

Worsened metrics

Dependency count

3

increased by50%

Dependency changes

• + Addedseededshuffle@^0.1.1

• + Addedseededshuffle@0.1.1(transitive)