Comparing version 4.0.0 to 4.1.0
@@ -5,2 +5,12 @@ # Change Log | ||
<a name="4.1.0"></a> | ||
# [4.1.0](https://github.com/zkat/ssri/compare/v4.0.0...v4.1.0) (2017-04-07) | ||
### Features | ||
* adding ssri.create for a crypto style interface (#2) ([96f52ad](https://github.com/zkat/ssri/commit/96f52ad)) | ||
<a name="4.0.0"></a> | ||
@@ -7,0 +17,0 @@ # [4.0.0](https://github.com/zkat/ssri/compare/v3.0.2...v4.0.0) (2017-04-03) |
41
index.js
@@ -36,2 +36,5 @@ 'use strict' | ||
} | ||
toJSON () { | ||
return this.toString() | ||
} | ||
toString (opts) { | ||
@@ -67,2 +70,5 @@ if (opts && opts.strict) { | ||
get isIntegrity () { return true } | ||
toJSON () { | ||
return this.toString() | ||
} | ||
toString (opts) { | ||
@@ -280,2 +286,37 @@ opts = opts || {} | ||
module.exports.create = createIntegrity | ||
function createIntegrity (opts) { | ||
opts = opts || {} | ||
const algorithms = opts.algorithms || ['sha512'] | ||
const optString = opts.options && opts.options.length | ||
? `?${opts.options.join('?')}` | ||
: '' | ||
const hashes = algorithms.map(crypto.createHash) | ||
return { | ||
update: function (chunk, enc) { | ||
hashes.forEach(h => h.update(chunk, enc)) | ||
return this | ||
}, | ||
digest: function (enc) { | ||
const integrity = algorithms.reduce((acc, algo) => { | ||
const digest = hashes.shift().digest('base64') | ||
const hash = new Hash( | ||
`${algo}-${digest}${optString}`, | ||
opts | ||
) | ||
if (hash.algorithm && hash.digest) { | ||
const algo = hash.algorithm | ||
if (!acc[algo]) { acc[algo] = [] } | ||
acc[algo].push(hash) | ||
} | ||
return acc | ||
}, new Integrity()) | ||
return integrity | ||
} | ||
} | ||
} | ||
// This is a Best Effort™ at a reasonable priority for hash algos | ||
@@ -282,0 +323,0 @@ const DEFAULT_PRIORITY = [ |
{ | ||
"name": "ssri", | ||
"version": "4.0.0", | ||
"version": "4.1.0", | ||
"description": "Standard Subresource Integrity library -- parses, serializes, generates, and verifies integrity metadata according to the SRI spec.", | ||
@@ -5,0 +5,0 @@ "main": "index.js", |
@@ -23,2 +23,3 @@ # ssri [![npm version](https://img.shields.io/npm/v/ssri.svg)](https://npm.im/ssri) [![license](https://img.shields.io/npm/l/ssri.svg)](https://npm.im/ssri) [![Travis](https://img.shields.io/travis/zkat/ssri.svg)](https://travis-ci.org/zkat/ssri) [![AppVeyor](https://ci.appveyor.com/api/projects/status/github/zkat/ssri?svg=true)](https://ci.appveyor.com/project/zkat/ssri) [![Coverage Status](https://coveralls.io/repos/github/zkat/ssri/badge.svg?branch=latest)](https://coveralls.io/github/zkat/ssri?branch=latest) | ||
* [`Integrity#toString`](#integrity-to-string) | ||
* [`Integrity#toJSON`](#integrity-to-json) | ||
* [`Integrity#pickAlgorithm`](#integrity-pick-algorithm) | ||
@@ -30,2 +31,3 @@ * [`Integrity#hexDigest`](#integrity-hex-digest) | ||
* [`fromStream`](#from-stream) | ||
* [`create`](#create) | ||
* Integrity Verification | ||
@@ -205,2 +207,18 @@ * [`checkData`](#check-data) | ||
#### <a name="integrity-to-json"></a> `> Integrity#toJSON() -> String` | ||
Returns the string representation of an `Integrity` object. All hash entries | ||
will be concatenated in the string by `' '`. | ||
This is a convenience method so you can pass an `Integrity` object directly to `JSON.stringify`. | ||
For more info check out [toJSON() behavior on mdn](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/JSON/stringify#toJSON%28%29_behavior). | ||
##### Example | ||
```javascript | ||
const integrity = '"sha512-9KhgCRIx/AmzC8xqYJTZRrnO8OW2Pxyl2DIMZSBOr0oDvtEFyht3xpp71j/r/pAe1DM+JI/A+line3jUBgzQ7A==?foo"' | ||
JSON.stringify(ssri.parse(integrity)) === integrity | ||
``` | ||
#### <a name="integrity-pick-algorithm"></a> `> Integrity#pickAlgorithm([opts]) -> String` | ||
@@ -318,2 +336,26 @@ | ||
#### <a name="create"></a> `> ssri.create([opts]) -> <Hash>` | ||
Returns a Hash object with `update(<Buffer or string>[,enc])` and `digest()` methods. | ||
The Hash object provides the same methods as [crypto class Hash](https://nodejs.org/dist/latest-v6.x/docs/api/crypto.html#crypto_class_hash). | ||
`digest()` accepts no arguments and returns an Integrity object calculated by reading data from | ||
calls to update. | ||
It accepts both `opts.algorithms` and `opts.options`, which are documented as | ||
part of [`ssri.fromData`](#from-data). | ||
If `opts.strict` is true, the integrity object will be created using strict | ||
parsing rules. See [`ssri.parse`](#parse). | ||
##### Example | ||
```javascript | ||
const integrity = ssri.create().update('foobarbaz').digest() | ||
integrity.toString() | ||
// -> | ||
// sha512-yzd8ELD1piyANiWnmdnpCL5F52f10UfUdEkHywVZeqTt0ymgrxR63Qz0GB7TKPoeeZQmWCaz7T1+9vBnypkYWg== | ||
``` | ||
#### <a name="check-data"></a> `> ssri.checkData(data, sri, [opts]) -> Hash|false` | ||
@@ -320,0 +362,0 @@ |
34003
310
5
463