react-secure-storage
Advanced tools
Comparing version 1.2.0 to 1.2.1
@@ -8,2 +8,4 @@ "use strict"; | ||
var _envHelper = _interopRequireDefault(require("./envHelper")); | ||
var _fingerprint = _interopRequireDefault(require("./fingerprint.lib")); | ||
@@ -21,6 +23,3 @@ | ||
var getFingerprint = function getFingerprint() { | ||
var HASH_KEY_CUSTOM = HASH_KEY; // If Cypress is installed, then load env from cypress, adding support for cypress | ||
if (typeof Cypress != "undefined") HASH_KEY_CUSTOM = Cypress.env("SECURE_LOCAL_STORAGE_HASH_KEY") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY") || HASH_KEY; //Load the custom HASH KEY from process.env | ||
else HASH_KEY_CUSTOM = process.env.SECURE_LOCAL_STORAGE_HASH_KEY || process.env.REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY || HASH_KEY; | ||
var HASH_KEY_CUSTOM = _envHelper.default.getEnvValue("SECURE_LOCAL_STORAGE_HASH_KEY") || HASH_KEY; | ||
if (typeof window === "undefined") return HASH_KEY_CUSTOM; | ||
@@ -27,0 +26,0 @@ return _fingerprint.default.getFingerprint() + HASH_KEY_CUSTOM; |
@@ -8,2 +8,6 @@ "use strict"; | ||
var _envHelper = _interopRequireDefault(require("./envHelper")); | ||
function _interopRequireDefault(obj) { return obj && obj.__esModule ? obj : { default: obj }; } | ||
/** | ||
@@ -14,4 +18,3 @@ * Function which is used to get the secure prefix | ||
var getSecurePrefix = function getSecurePrefix() { | ||
var KEY_PREFIX = process.env.SECURE_LOCAL_STORAGE_PREFIX || process.env.REACT_APP_SECURE_LOCAL_STORAGE_PREFIX || "@secure."; | ||
if (typeof Cypress != "undefined") KEY_PREFIX = Cypress.env("SECURE_LOCAL_STORAGE_PREFIX") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_PREFIX") || KEY_PREFIX; | ||
var KEY_PREFIX = _envHelper.default.getEnvValue("SECURE_LOCAL_STORAGE_PREFIX") || "@secure."; | ||
if (!KEY_PREFIX.endsWith(".")) return KEY_PREFIX + "."; | ||
@@ -44,4 +47,3 @@ return KEY_PREFIX; | ||
var getDisabledKeys = function getDisabledKeys() { | ||
var DISABLED_KEYS = process.env.SECURE_LOCAL_STORAGE_DISABLED_KEYS || process.env.REACT_APP_SECURE_LOCAL_STORAGE_DISABLED_KEYS || ""; | ||
if (typeof Cypress != "undefined") DISABLED_KEYS = Cypress.env("SECURE_LOCAL_STORAGE_DISABLED_KEYS") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_DISABLED_KEYS") || DISABLED_KEYS; | ||
var DISABLED_KEYS = _envHelper.default.getEnvValue("SECURE_LOCAL_STORAGE_DISABLED_KEYS") || ""; | ||
if (DISABLED_KEYS === "") return []; | ||
@@ -48,0 +50,0 @@ var allOptions = [FINGERPRINT_KEYS.USERAGENT, FINGERPRINT_KEYS.SCREEN_PRINT, FINGERPRINT_KEYS.PLUGINS, FINGERPRINT_KEYS.FONTS, FINGERPRINT_KEYS.LOCAL_STORAGE, FINGERPRINT_KEYS.SESSION_STORAGE, FINGERPRINT_KEYS.TIMEZONE, FINGERPRINT_KEYS.LANGUAGE, FINGERPRINT_KEYS.SYSTEM_LANGUAGE, FINGERPRINT_KEYS.COOKIE, FINGERPRINT_KEYS.CANVAS, FINGERPRINT_KEYS.HOSTNAME]; |
{ | ||
"name": "react-secure-storage", | ||
"version": "1.2.0", | ||
"version": "1.2.1", | ||
"description": "This libraries is used to securely store data in local storage", | ||
@@ -5,0 +5,0 @@ "author": "Sushin Pv", |
@@ -11,3 +11,3 @@ [![npm](https://img.shields.io/npm/v/react-secure-storage.svg)](https://www.npmjs.com/package/react-secure-storage) [![downloads](https://img.shields.io/npm/dm/react-secure-storage.svg)](http://npm-stat.com/charts.html?package=react-secure-storage) | ||
In this case, if someone copies the data from local storage and past on a different browser, then load your website, Your website will authenticate the user, Why ? because your website knows how the decrypt the data! | ||
In this case, if someone copies the data from local storage and past on a different browser, then load your website, Your website will authenticate the user, Why ? because your website knows how to decrypt the data! | ||
@@ -38,19 +38,22 @@ This is the problem when you have a single secure key! **Then how do we solve this issue ?** | ||
SECURE_LOCAL_STORAGE_HASH_KEY=xxxxxxxxxxxxxxxx | ||
SECURE_LOCAL_STORAGE_HASH_KEY=xxxxxxxxx | ||
or | ||
REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY=xxxxxxxxx | ||
Secure local storage prefix can be configured using .env file as | ||
SECURE_LOCAL_STORAGE_PREFIX=xxxxxxx | ||
or | ||
REACT_APP_SECURE_LOCAL_STORAGE_PREFIX=xxxxxxx | ||
### Added Support for Cypress.env, The version >= 1.0.15, added support for Cypress | ||
### Here are the .env prefix lists for the supported languages that are built-in. | ||
| Language | Prefix | | ||
|----------|--------------| | ||
| React | REACT_APP_ | | ||
| Vite | VITE_ | | ||
| Next.Js | NEXT_PUBLIC_ | | ||
You can always use the environment variables without the prefix as well | ||
## How to use | ||
@@ -86,5 +89,23 @@ | ||
>`Here we strongly recommend you to not to disable any of the properties as more properties you have, more unique the browser fingerprint will be!` | ||
>Here we strongly recommend you to not to disable any of the properties as more properties you have, more unique the browser fingerprint will be! | ||
### How to use environment variables for the supported languages. | ||
| Language | Key | Usage | | ||
|----------|------------------------------------------------|----------------------------------------------------------------------------------| | ||
| Default | SECURE_LOCAL_STORAGE_HASH_KEY | Used to specify the user specific hash key | | ||
| Default | SECURE_LOCAL_STORAGE_PREFIX | Used to change the local storage prefix where the data will be finally saved | | ||
| Default | SECURE_LOCAL_STORAGE_DISABLED_KEYS | Used to disable individual property from encryption / fingerprint key generation | | ||
| React | REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY | Used to specify the user specific hash key | | ||
| React | REACT_APP_SECURE_LOCAL_STORAGE_PREFIX | Used to change the local storage prefix where the data will be finally saved | | ||
| React | REACT_APP_SECURE_LOCAL_STORAGE_DISABLED_KEYS | Used to disable individual property from encryption / fingerprint key generation | | ||
| Vite | VITE_SECURE_LOCAL_STORAGE_HASH_KEY | Used to specify the user specific hash key | | ||
| Vite | VITE_SECURE_LOCAL_STORAGE_PREFIX | Used to change the local storage prefix where the data will be finally saved | | ||
| Vite | VITE_SECURE_LOCAL_STORAGE_DISABLED_KEYS | Used to disable individual property from encryption / fingerprint key generation | | ||
| Next.Js | NEXT_PUBLIC_SECURE_LOCAL_STORAGE_HASH_KEY | Used to specify the user specific hash key | | ||
| Next.Js | NEXT_PUBLIC_SECURE_LOCAL_STORAGE_PREFIX | Used to change the local storage prefix where the data will be finally saved | | ||
| Next.Js | NEXT_PUBLIC_SECURE_LOCAL_STORAGE_DISABLED_KEYS | Used to disable individual property from encryption / fingerprint key generation | | ||
## Sample Code | ||
@@ -120,8 +141,10 @@ | ||
## Whats new in 1.2.0? | ||
## Whats new in 1.2.1? | ||
Added support for Vite and Next.js environment variables | ||
## Whats new | Previous? | ||
Now you can disable individual fingerprint generation properties, This is discussed in the following enhancement https://github.com/sushinpv/react-secure-storage/issues/14 | ||
## Whats new in 1.1.0? | ||
Secure token returning null when the browser resizes problem was fixed. This was previously included as a security feature, but in the most recent update, it was removed. This was covered in the ensuing issue: https://github.com/sushinpv/react-secure-storage/issues/9 | ||
@@ -131,4 +154,2 @@ | ||
## Whats new | Previous? | ||
Added support for updating Local Storage prefix, Now this can be updated using .env | ||
@@ -135,0 +156,0 @@ |
/* eslint-disable no-undef */ | ||
import envHelper from "./envHelper"; | ||
import clientJS from "./fingerprint.lib"; | ||
@@ -11,9 +12,4 @@ | ||
const getFingerprint = () => { | ||
let HASH_KEY_CUSTOM = HASH_KEY; | ||
let HASH_KEY_CUSTOM = envHelper.getEnvValue("SECURE_LOCAL_STORAGE_HASH_KEY") || HASH_KEY; | ||
// If Cypress is installed, then load env from cypress, adding support for cypress | ||
if (typeof Cypress != "undefined") HASH_KEY_CUSTOM = Cypress.env("SECURE_LOCAL_STORAGE_HASH_KEY") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY") || HASH_KEY; | ||
//Load the custom HASH KEY from process.env | ||
else HASH_KEY_CUSTOM = process.env.SECURE_LOCAL_STORAGE_HASH_KEY || process.env.REACT_APP_SECURE_LOCAL_STORAGE_HASH_KEY || HASH_KEY; | ||
if (typeof window === "undefined") return HASH_KEY_CUSTOM; | ||
@@ -20,0 +16,0 @@ return clientJS.getFingerprint() + HASH_KEY_CUSTOM; |
@@ -0,1 +1,3 @@ | ||
import envHelper from "./envHelper"; | ||
/** | ||
@@ -6,4 +8,3 @@ * Function which is used to get the secure prefix | ||
export const getSecurePrefix = (): string => { | ||
let KEY_PREFIX = process.env.SECURE_LOCAL_STORAGE_PREFIX || process.env.REACT_APP_SECURE_LOCAL_STORAGE_PREFIX || "@secure."; | ||
if (typeof Cypress != "undefined") KEY_PREFIX = Cypress.env("SECURE_LOCAL_STORAGE_PREFIX") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_PREFIX") || KEY_PREFIX; | ||
let KEY_PREFIX = envHelper.getEnvValue("SECURE_LOCAL_STORAGE_PREFIX") || "@secure."; | ||
if (!KEY_PREFIX.endsWith(".")) return KEY_PREFIX + "."; | ||
@@ -33,4 +34,3 @@ return KEY_PREFIX; | ||
export const getDisabledKeys = (): string[] => { | ||
let DISABLED_KEYS = process.env.SECURE_LOCAL_STORAGE_DISABLED_KEYS || process.env.REACT_APP_SECURE_LOCAL_STORAGE_DISABLED_KEYS || ""; | ||
if (typeof Cypress != "undefined") DISABLED_KEYS = Cypress.env("SECURE_LOCAL_STORAGE_DISABLED_KEYS") || Cypress.env("REACT_APP_SECURE_LOCAL_STORAGE_DISABLED_KEYS") || DISABLED_KEYS; | ||
let DISABLED_KEYS = envHelper.getEnvValue("SECURE_LOCAL_STORAGE_DISABLED_KEYS") || ""; | ||
if (DISABLED_KEYS === "") return []; | ||
@@ -37,0 +37,0 @@ |
Sorry, the diff of this file is not supported yet
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
87165
38
1466
170
0