jssign 0.2.6 → 0.3.0

package/LICENSE

@@ -1,6 +1,6 @@
 MIT License
 
-Copyright (c) 2023 Sahil Aggawal, <aggarwalsahil2004@gmail.com>
+Copyright (c) 2024 Sahil Aggawal, <aggarwalsahil2004@gmail.com>
 
 Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:
 

package/README.md

@@ -43,7 +43,7 @@ console.log(data) // { foo: 'bar' }
 
 ### More secure Usage
 For a more secure (but slower) encryption and decryption of data using a secret, `jssign` exports the following functions that uses [sjcl](https://www.npmjs.com/package/sjcl) under the hood:
-- `encrypt(data, secret, options)`: return encrypted token
+- `encrypt(data, secret, options, sjclOptions)`: return encrypted token
 - `decrypt(token, secret)`: returns decrypted data
 ```javascript
 import { encrypt, decrypt } from 'jssign'
@@ -60,5 +60,7 @@ console.log(data) // { id: 'confidential_data' }
 
 `options`:
 - `expiresIn` can be a numeric value representing time in ms (no expiration by default).
+
+`sjclOptions` are the options taken by `sjcl.encrypt` method having type `SjclCipherEncryptParams`
 ## Author
 [Sahil Aggarwal](https://www.github.com/SahilAggarwal2004)

package/dist/cjs/index.js

@@ -5,7 +5,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.decrypt = exports.encrypt = exports.verify = exports.sign = void 0;
 const sjcl_1 = __importDefault(require("sjcl"));
-const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '`', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '-', '=', '[', ']', ';', ',', '.', '/', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '_', '+', '{', '}', ':', '<', '>', '?'];
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
@@ -69,16 +68,21 @@ function verify(token, secret) {
     }
 }
 exports.verify = verify;
-function encrypt(data, secret, { expiresIn = 0 } = {}) {
-    const { ct, iv, salt } = JSON.parse(sjcl_1.default.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn })));
-    return `${ct}.${iv}.${salt}`;
+function encrypt(data, secret, { expiresIn = 0 } = {}, sjclOptions) {
+    const encryptedObj = JSON.parse(sjcl_1.default.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), sjclOptions));
+    const encryptedArr = Object.entries(encryptedObj).map(([key, value]) => `${key}:${value}`);
+    return encryptedArr.join('.');
 }
 exports.encrypt = encrypt;
 function decrypt(token, secret) {
     try {
-        const [ct, iv, salt] = token.split('.');
-        token = JSON.stringify(Object.assign({ ct, iv, salt }, defaults));
-        const { data, iat, exp } = JSON.parse(sjcl_1.default.decrypt(secret, token));
+        const encryptedArr = token.split('.');
+        const encryptedObj = encryptedArr.reduce((obj, str) => {
+            const [key, value] = str.split(':');
+            obj[key] = +value || value;
+            return obj;
+        }, {});
+        const { data, iat, exp } = JSON.parse(sjcl_1.default.decrypt(secret, JSON.stringify(encryptedObj)));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();

package/dist/esm/index.d.ts

@@ -1,11 +1,12 @@
+import { SjclCipherEncryptParams } from 'sjcl';
 export type EncryptOptions = {
     expiresIn?: number;
 };
 export type SignOptions = EncryptOptions & {
     sl?: number;
 };
-declare function sign(data: any, secret: string, { expiresIn, sl }?: SignOptions): string;
-declare function verify(token: string, secret: string): any;
-declare function encrypt(data: any, secret: string, { expiresIn }?: EncryptOptions): string;
-declare function decrypt(token: string, secret: string): any;
-export { sign, verify, encrypt, decrypt };
+export type { SjclCipherEncryptParams };
+export declare function sign(data: any, secret: string, { expiresIn, sl }?: SignOptions): string;
+export declare function verify(token: string, secret: string): any;
+export declare function encrypt(data: any, secret: string, { expiresIn }?: EncryptOptions, sjclOptions?: SjclCipherEncryptParams): string;
+export declare function decrypt(token: string, secret: string): any;

package/dist/esm/index.js

@@ -1,5 +1,4 @@
 import sjcl from 'sjcl';
-const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '`', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '-', '=', '[', ']', ';', ',', '.', '/', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '_', '+', '{', '}', ':', '<', '>', '?'];
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
@@ -42,13 +41,13 @@ function decode(token, secret, type) {
         decodedBytes[i] = tokenBytes[i] ^ secretBytes[i % secretLength];
     return decoder.decode(decodedBytes);
 }
-function sign(data, secret, { expiresIn = 0, sl = 32 } = {}) {
+export function sign(data, secret, { expiresIn = 0, sl = 32 } = {}) {
     const salt = genSalt(sl);
     const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), salt, 1);
     const signature = encode(salt, secret, 0);
     return `${token}.${signature}`;
 }
-function verify(token, secret) {
+export function verify(token, secret) {
     try {
         const [dataStr, signature] = token.split('.');
         const salt = decode(signature, secret, 0);
@@ -61,15 +60,20 @@ function verify(token, secret) {
         throw new Error('Invalid token or secret!');
     }
 }
-function encrypt(data, secret, { expiresIn = 0 } = {}) {
-    const { ct, iv, salt } = JSON.parse(sjcl.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn })));
-    return `${ct}.${iv}.${salt}`;
+export function encrypt(data, secret, { expiresIn = 0 } = {}, sjclOptions) {
+    const encryptedObj = JSON.parse(sjcl.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), sjclOptions));
+    const encryptedArr = Object.entries(encryptedObj).map(([key, value]) => `${key}:${value}`);
+    return encryptedArr.join('.');
 }
-function decrypt(token, secret) {
+export function decrypt(token, secret) {
     try {
-        const [ct, iv, salt] = token.split('.');
-        token = JSON.stringify(Object.assign({ ct, iv, salt }, defaults));
-        const { data, iat, exp } = JSON.parse(sjcl.decrypt(secret, token));
+        const encryptedArr = token.split('.');
+        const encryptedObj = encryptedArr.reduce((obj, str) => {
+            const [key, value] = str.split(':');
+            obj[key] = +value || value;
+            return obj;
+        }, {});
+        const { data, iat, exp } = JSON.parse(sjcl.decrypt(secret, JSON.stringify(encryptedObj)));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();
@@ -78,4 +82,3 @@ function decrypt(token, secret) {
         throw new Error('Invalid token or secret!');
     }
 }
-export { sign, verify, encrypt, decrypt };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jssign",
-  "version": "0.2.6",
+  "version": "0.3.0",
   "description": "A token generator library to encode and decode data using a secret key",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -35,7 +35,7 @@
     "sjcl": "^1.0.8"
   },
   "devDependencies": {
-    "@types/sjcl": "^1.0.31"
+    "@types/sjcl": "^1.0.34"
   },
   "scripts": {
     "esm": "tsc",