jssign 0.1.0 → 0.2.0

package/README.md

@@ -1,10 +1,10 @@
-# JSSign
+# jssign
 A better, faster, lighter and more secure alternative to [jsonwebtoken](https://www.npmjs.com/package/jsonwebtoken)
 ## Features
 - Encrypt data using a secret
 - Decrypt a token with secret to retrive data back
 ## Installation
-To install JSSign
+To install jssign
 ```bash
   # with npm:
   npm install jssign --save
@@ -13,9 +13,9 @@ To install JSSign
   yarn add jssign
 ```
 ## Usage
-`JSSign` exports different functions for data encryption for different use cases:
+`jssign` exports different functions for data encryption for different use cases:
 ### Faster Usage
-For a faster (but less secure) encoding and decoding of data using a secret, `JSSign` exports the following functions:
+For a faster (but less secure) encoding and decoding of data using a secret, `jssign` exports the following functions:
 - `sign(data, secret, options)`: returns encoded token
 - `verify(token, secret)`: returns decoded data
 ```javascript
@@ -36,7 +36,7 @@ console.log(data) // { foo: 'bar' }
 - `sl` can be a numberic value representing salt length (default value is `8`). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.
 
 ### More secure Usage
-For a more secure (but slower) encryption and decryption of data using a secret, `JSSign` exports the following functions that uses [sjcl](https://www.npmjs.com/package/sjcl) under the hood:
+For a more secure (but slower) encryption and decryption of data using a secret, `jssign` exports the following functions that uses [sjcl](https://www.npmjs.com/package/sjcl) under the hood:
 - `encrypt(data, secret, options)`: return encrypted token
 - `decrypt(token, secret)`: returns decrypted data
 ```javascript

package/build/cjs/index.js

@@ -7,7 +7,9 @@ exports.decrypt = exports.encrypt = exports.verify = exports.sign = void 0;
 const sjcl_1 = __importDefault(require("sjcl"));
 const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '-', '/', '*', '~', '!', '@', '#', '$', '%', '^', '&'];
-const randomNumber = (min = 0, max = Number.MAX_SAFE_INTEGER) => min + Math.floor(Math.random() * (max - min + 1));
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+const randomNumber = (min, max) => min + Math.floor(Math.random() * (max - min + 1));
 const randomElement = (array) => array[randomNumber(0, array.length - 1)];
 const textToChars = (text) => text.split('').map(c => c.charCodeAt(0));
 const byteHex = (n) => ("0" + Number(n).toString(16)).slice(-2);
@@ -18,26 +20,46 @@ function genSalt(length) {
         salt += randomElement(characters);
     return salt;
 }
-function encode(data, secret) {
-    const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
-    return data.toString().split('').map(textToChars).map(applySecret).map(byteHex).join('');
+function encode(data, secret, type) {
+    if (type === 0) {
+        const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
+        return data.toString().split('').map(textToChars).map(applySecret).map(byteHex).join('');
+    }
+    const dataBytes = encoder.encode(data);
+    const secretBytes = encoder.encode(secret);
+    const dataLength = dataBytes.length;
+    const secretLength = secretBytes.length;
+    const tokenBytes = new Uint8Array(dataLength);
+    for (let i = 0; i < dataLength; i++)
+        tokenBytes[i] = dataBytes[i] ^ secretBytes[i % secretLength];
+    return Array.from(tokenBytes).map(byte => byte.toString(16).padStart(2, '0')).join('');
 }
-function decode(token, secret) {
-    const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
-    return token.match(/.{1,2}/g).map((hex) => parseInt(hex, 16)).map(applySecret).map(stringFromCode).join('');
+function decode(token, secret, type) {
+    if (type === 0) {
+        const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
+        return token.match(/.{1,2}/g).map((hex) => parseInt(hex, 16)).map(applySecret).map(stringFromCode).join('');
+    }
+    const tokenBytes = new Uint8Array(token.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
+    const secretBytes = encoder.encode(secret);
+    const tokenLength = tokenBytes.length;
+    const secretLength = secretBytes.length;
+    const decodedBytes = new Uint8Array(tokenLength);
+    for (let i = 0; i < tokenLength; i++)
+        decodedBytes[i] = tokenBytes[i] ^ secretBytes[i % secretLength];
+    return decoder.decode(decodedBytes);
 }
 function sign(data, secret, { expiresIn = 0, sl = 8 } = { expiresIn: 0, sl: 8 }) {
     const salt = genSalt(sl);
-    const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), secret + salt);
-    const signature = encode(salt, secret);
+    const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), salt, 1);
+    const signature = encode(salt, secret, 0);
     return `${token}.${signature}`;
 }
 exports.sign = sign;
 function verify(token, secret) {
     try {
         const [dataStr, signature] = token.split('.');
-        const salt = decode(signature, secret);
-        const { data, iat, exp } = JSON.parse(decode(dataStr, secret + salt));
+        const salt = decode(signature, secret, 0);
+        const { data, iat, exp } = JSON.parse(decode(dataStr, salt, 1));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();

package/build/esm/index.js

@@ -1,7 +1,9 @@
 import sjcl from 'sjcl';
 const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '+', '-', '/', '*', '~', '!', '@', '#', '$', '%', '^', '&'];
-const randomNumber = (min = 0, max = Number.MAX_SAFE_INTEGER) => min + Math.floor(Math.random() * (max - min + 1));
+const encoder = new TextEncoder();
+const decoder = new TextDecoder();
+const randomNumber = (min, max) => min + Math.floor(Math.random() * (max - min + 1));
 const randomElement = (array) => array[randomNumber(0, array.length - 1)];
 const textToChars = (text) => text.split('').map(c => c.charCodeAt(0));
 const byteHex = (n) => ("0" + Number(n).toString(16)).slice(-2);
@@ -12,25 +14,45 @@ function genSalt(length) {
         salt += randomElement(characters);
     return salt;
 }
-function encode(data, secret) {
-    const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
-    return data.toString().split('').map(textToChars).map(applySecret).map(byteHex).join('');
+function encode(data, secret, type) {
+    if (type === 0) {
+        const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
+        return data.toString().split('').map(textToChars).map(applySecret).map(byteHex).join('');
+    }
+    const dataBytes = encoder.encode(data);
+    const secretBytes = encoder.encode(secret);
+    const dataLength = dataBytes.length;
+    const secretLength = secretBytes.length;
+    const tokenBytes = new Uint8Array(dataLength);
+    for (let i = 0; i < dataLength; i++)
+        tokenBytes[i] = dataBytes[i] ^ secretBytes[i % secretLength];
+    return Array.from(tokenBytes).map(byte => byte.toString(16).padStart(2, '0')).join('');
 }
-function decode(token, secret) {
-    const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
-    return token.match(/.{1,2}/g).map((hex) => parseInt(hex, 16)).map(applySecret).map(stringFromCode).join('');
+function decode(token, secret, type) {
+    if (type === 0) {
+        const applySecret = (code) => textToChars(secret).reduce((a, b) => a ^ b, code);
+        return token.match(/.{1,2}/g).map((hex) => parseInt(hex, 16)).map(applySecret).map(stringFromCode).join('');
+    }
+    const tokenBytes = new Uint8Array(token.match(/.{1,2}/g).map(byte => parseInt(byte, 16)));
+    const secretBytes = encoder.encode(secret);
+    const tokenLength = tokenBytes.length;
+    const secretLength = secretBytes.length;
+    const decodedBytes = new Uint8Array(tokenLength);
+    for (let i = 0; i < tokenLength; i++)
+        decodedBytes[i] = tokenBytes[i] ^ secretBytes[i % secretLength];
+    return decoder.decode(decodedBytes);
 }
 function sign(data, secret, { expiresIn = 0, sl = 8 } = { expiresIn: 0, sl: 8 }) {
     const salt = genSalt(sl);
-    const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), secret + salt);
-    const signature = encode(salt, secret);
+    const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), salt, 1);
+    const signature = encode(salt, secret, 0);
     return `${token}.${signature}`;
 }
 function verify(token, secret) {
     try {
         const [dataStr, signature] = token.split('.');
-        const salt = decode(signature, secret);
-        const { data, iat, exp } = JSON.parse(decode(dataStr, secret + salt));
+        const salt = decode(signature, secret, 0);
+        const { data, iat, exp } = JSON.parse(decode(dataStr, salt, 1));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jssign",
-  "version": "0.1.0",
+  "version": "0.2.0",
   "description": "A token generator library to encode and decode data using a secret key",
   "main": "./build/cjs/index.js",
   "module": "./build/esm/index.js",
@@ -13,7 +13,18 @@
     "type": "git",
     "url": "git+https://github.com/SahilAggarwal2004/jssign.git"
   },
-  "keywords": ["jssign", "jss", "javascript", "sign", "javascriptsign", "token", "encryption", "decryption", "jsonwebtoken", "sjcl"],
+  "keywords": [
+    "jssign",
+    "jss",
+    "javascript",
+    "sign",
+    "javascriptsign",
+    "token",
+    "encryption",
+    "decryption",
+    "jsonwebtoken",
+    "sjcl"
+  ],
   "author": "Sahil Aggarwal",
   "license": "MIT",
   "bugs": {