npm - @vlasky/shacrypt - Versions diffs - 0.2.0 → 0.3.0 - Mend

@vlasky/shacrypt 0.2.0 → 0.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/CLAUDE.md ADDED Viewed

@@ -0,0 +1,56 @@
+# CLAUDE.md
+This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
+## Project Overview
+shacrypt is a Node.js native addon that provides cross-platform support for SHA-256 crypt and SHA-512 crypt password hashing. It wraps around Ulrich Drepper's C implementation for high performance cryptographic operations.
+## Architecture
+- **Native C++ addon**: Built using node-gyp and NAN (Native Abstractions for Node.js)
+- **Core C implementations**: `sha256crypt.c` and `sha512crypt.c` contain the actual cryptographic algorithms
+- **Node.js wrapper**: `shacrypt.cc` provides the V8/Node.js bindings with both sync and async interfaces
+- **JavaScript API**: `shacrypt.js` provides the public API with input validation and parameter handling
+- **Dual execution modes**: Synchronous calls block the event loop, asynchronous calls use libuv thread pool
+## Key Files
+- `src/shacrypt.cc` - Main C++ addon code with NAN bindings
+- `src/sha256crypt.c` and `src/sha512crypt.c` - Core cryptographic implementations
+- `shacrypt.js` - JavaScript API wrapper with validation logic
+- `binding.gyp` - Build configuration for the native addon
+- `test/tests.js` - Comprehensive test vectors for both SHA-256 and SHA-512
+## Development Commands
+### Build the native addon
+```bash
+npm install
+# or
+make
+```
+### Run tests
+```bash
+make test
+# or
+npm test
+```
+The tests use Mocha with test vectors that validate against known good SHA crypt implementations.
+### Clean build artifacts
+```bash
+make clean
+```
+## API Design
+Both `sha256crypt()` and `sha512crypt()` support:
+- Synchronous and asynchronous execution (callback as last parameter)
+- Automatic salt generation if not provided
+- Custom round counts (defaults to 5000, minimum 1000)
+- Salt string validation and formatting
+The JavaScript wrapper handles parameter validation and salt formatting before calling the native C++ functions.

package/Makefile CHANGED Viewed

@@ -9,7 +9,7 @@ shacrypt: node_modules src/*
 # Tests
 #
 test: shacrypt
-	@mocha
+	@./node_modules/.bin/mocha
 #

package/package.json CHANGED Viewed

@@ -1,7 +1,7 @@
 {
   "name": "@vlasky/shacrypt",
   "description": "Wrapper over sha256-crypt and sha512-crypt functions originally created by Ulrich Drepper https://www.akkadia.org/drepper/SHA-crypt.txt",
-  "version": "0.2.0",
+  "version": "0.3.0",
   "homepage": "https://github.com/vlasky/shacrypt",
   "author": "Vlad Lasky <github@vladlasky.com> (https://github.com/vlasky/)",
   "contributors": [
@@ -9,17 +9,18 @@
   ],
   "main": "shacrypt",
   "scripts": {
+    "install": "node-gyp rebuild",
     "test": "make test"
   },
   "dependencies": {
-    "nan": "^2.14.0"
+    "nan": "^2.22.2"
   },
   "devDependencies": {
-      "mocha": "~=2.3.4",
-      "chai": "~=3.4.1"
+      "mocha": "^10.8.2",
+      "chai": "^4.5.0"
   },
   "engines": {
-    "node": ">= 0.8.0"
+    "node": ">= 16.0.0"
   },
   "bugs": {
     "url": "https://github.com/vlasky/shacrypt/issues"

package/src/sha256crypt.c CHANGED Viewed

@@ -449,7 +449,7 @@ sha256_crypt_r (const char *key, const char *salt, char *buffer, int buflen)
   sha256_init_ctx (&alt_ctx);
   /* For every character in the password add the entire password.  */
-  for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+  for (cnt = 0; cnt < (size_t)(16 + alt_result[0]); ++cnt)
     sha256_process_bytes (salt, salt_len, &alt_ctx);
   /* Finish the digest.  */

package/src/sha512crypt.c CHANGED Viewed

@@ -479,7 +479,7 @@ sha512_crypt_r (const char *key, const char *salt, char *buffer, int buflen)
   sha512_init_ctx (&alt_ctx);
   /* For every character in the password add the entire password.  */
-  for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+  for (cnt = 0; cnt < (size_t)(16 + alt_result[0]); ++cnt)
     sha512_process_bytes (salt, salt_len, &alt_ctx);
   /* Finish the digest.  */

package/src/shacrypt.cc CHANGED Viewed

@@ -19,17 +19,49 @@ using Nan::Null;
 using Nan::To;
 NAN_METHOD(sha256crypt) {
+  if (info.Length() < 2) {
+    Nan::ThrowError("Wrong number of arguments");
+    return;
+  }
+  if (!info[0]->IsString() || !info[1]->IsString()) {
+    Nan::ThrowTypeError("Arguments must be strings");
+    return;
+  }
   Nan::Utf8String key(info[0]);
   Nan::Utf8String salt(info[1]);
-  info.GetReturnValue().Set(Nan::New(sha256_crypt(*key, *salt)).ToLocalChecked());
+  const char* result = sha256_crypt(*key, *salt);
+  if (!result) {
+    Nan::ThrowError("sha256_crypt failed");
+    return;
+  }
+  info.GetReturnValue().Set(Nan::New(result).ToLocalChecked());
 }
 NAN_METHOD(sha512crypt) {
+  if (info.Length() < 2) {
+    Nan::ThrowError("Wrong number of arguments");
+    return;
+  }
+  if (!info[0]->IsString() || !info[1]->IsString()) {
+    Nan::ThrowTypeError("Arguments must be strings");
+    return;
+  }
   Nan::Utf8String key(info[0]);
   Nan::Utf8String salt(info[1]);
-  info.GetReturnValue().Set(Nan::New(sha512_crypt(*key, *salt)).ToLocalChecked());
+  const char* result = sha512_crypt(*key, *salt);
+  if (!result) {
+    Nan::ThrowError("sha512_crypt failed");
+    return;
+  }
+  info.GetReturnValue().Set(Nan::New(result).ToLocalChecked());
 }
@@ -40,7 +72,12 @@ class SHA256CryptWorker : public AsyncWorker {
     }
     void Execute() {
-      result = sha256_crypt(key.c_str(), salt.c_str());
+      const char* crypt_result = sha256_crypt(key.c_str(), salt.c_str());
+      if (!crypt_result) {
+        SetErrorMessage("sha256_crypt failed");
+        return;
+      }
+      result = crypt_result;
     }
     void HandleOKCallback() {
@@ -61,7 +98,12 @@ class SHA512CryptWorker : public AsyncWorker {
     }
     void Execute() {
-      result = sha512_crypt(key.c_str(), salt.c_str());
+      const char* crypt_result = sha512_crypt(key.c_str(), salt.c_str());
+      if (!crypt_result) {
+        SetErrorMessage("sha512_crypt failed");
+        return;
+      }
+      result = crypt_result;
     }
     void HandleOKCallback() {
@@ -76,6 +118,21 @@ class SHA512CryptWorker : public AsyncWorker {
 };
 NAN_METHOD(sha256cryptasync) {
+  if (info.Length() < 3) {
+    Nan::ThrowError("Wrong number of arguments");
+    return;
+  }
+  if (!info[0]->IsString() || !info[1]->IsString()) {
+    Nan::ThrowTypeError("First two arguments must be strings");
+    return;
+  }
+  if (!info[2]->IsFunction()) {
+    Nan::ThrowTypeError("Third argument must be a function");
+    return;
+  }
   Nan::Utf8String key(info[0]);
   Nan::Utf8String salt(info[1]);
@@ -84,6 +141,21 @@ NAN_METHOD(sha256cryptasync) {
 }
 NAN_METHOD(sha512cryptasync) {
+  if (info.Length() < 3) {
+    Nan::ThrowError("Wrong number of arguments");
+    return;
+  }
+  if (!info[0]->IsString() || !info[1]->IsString()) {
+    Nan::ThrowTypeError("First two arguments must be strings");
+    return;
+  }
+  if (!info[2]->IsFunction()) {
+    Nan::ThrowTypeError("Third argument must be a function");
+    return;
+  }
   Nan::Utf8String key(info[0]);
   Nan::Utf8String salt(info[1]);
@@ -104,5 +176,6 @@ NAN_MODULE_INIT(init) {
     Nan::GetFunction(Nan::New<FunctionTemplate>(sha512cryptasync)).ToLocalChecked());
 }
 NODE_MODULE(shacrypt, init);

package/test/tests.js CHANGED Viewed

@@ -97,3 +97,52 @@ tests512.forEach(function(test) {
         });
     });
 });
+describe('Input validation', function() {
+    it('should throw error for non-string password in sha256crypt', function() {
+        expect(function() {
+            shacrypt.sha256crypt(123, 'salt');
+        }).to.throw('password must be a String');
+    });
+    it('should throw error for non-string password in sha512crypt', function() {
+        expect(function() {
+            shacrypt.sha512crypt(null, 'salt');
+        }).to.throw('password must be a String');
+    });
+    it('should handle missing password gracefully', function() {
+        expect(function() {
+            shacrypt.sha256crypt();
+        }).to.throw('password must be a String');
+    });
+    it('should generate salt when not provided', function() {
+        var result = shacrypt.sha256crypt('password');
+        result.should.match(/^\$5\$/);
+    });
+    it('should handle async callback errors for invalid password', function(done) {
+        try {
+            shacrypt.sha256crypt(123, 'salt', function(err, result) {
+                // This callback should not be called
+                done(new Error('Expected synchronous error'));
+            });
+        } catch (e) {
+            e.message.should.equal('password must be a String');
+            done();
+        }
+    });
+    it('should handle async callback errors for invalid password in sha512', function(done) {
+        try {
+            shacrypt.sha512crypt(undefined, 'salt', function(err, result) {
+                // This callback should not be called
+                done(new Error('Expected synchronous error'));
+            });
+        } catch (e) {
+            e.message.should.equal('password must be a String');
+            done();
+        }
+    });
+});