jssign 0.2.7 → 0.3.1

package/README.md

@@ -38,12 +38,12 @@ console.log(data) // { foo: 'bar' }
 `secret` can be a string
 
 `options`:
-- `expiresIn` can be a numeric value representing time in ms (no expiration by default).
+- `expiresIn` can be a numeric value representing time in ms (default value is `0` which represents no expiration).
 - `sl` can be a numberic value representing salt length (default value is `32`). Salt is a random string which is added on top of data to keep the token different everytime even for the same data.
 
 ### More secure Usage
 For a more secure (but slower) encryption and decryption of data using a secret, `jssign` exports the following functions that uses [sjcl](https://www.npmjs.com/package/sjcl) under the hood:
-- `encrypt(data, secret, options)`: return encrypted token
+- `encrypt(data, secret, options, sjclOptions)`: return encrypted token
 - `decrypt(token, secret)`: returns decrypted data
 ```javascript
 import { encrypt, decrypt } from 'jssign'
@@ -59,6 +59,8 @@ console.log(data) // { id: 'confidential_data' }
 `secret` can be a string
 
 `options`:
-- `expiresIn` can be a numeric value representing time in ms (no expiration by default).
+- `expiresIn` can be a numeric value representing time in ms (default value is `0` which represents no expiration).
+
+`sjclOptions` are the options taken by `sjcl.encrypt` method having type `SjclCipherEncryptParams`
 ## Author
 [Sahil Aggarwal](https://www.github.com/SahilAggarwal2004)

package/dist/cjs/index.js

@@ -5,7 +5,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.decrypt = exports.encrypt = exports.verify = exports.sign = void 0;
 const sjcl_1 = __importDefault(require("sjcl"));
-const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '`', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '-', '=', '[', ']', ';', ',', '.', '/', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '_', '+', '{', '}', ':', '<', '>', '?'];
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
@@ -69,16 +68,21 @@ function verify(token, secret) {
     }
 }
 exports.verify = verify;
-function encrypt(data, secret, { expiresIn = 0 } = {}) {
-    const { ct, iv, salt } = JSON.parse(sjcl_1.default.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn })));
-    return `${ct}.${iv}.${salt}`;
+function encrypt(data, secret, { expiresIn = 0 } = {}, sjclOptions) {
+    const encryptedObj = JSON.parse(sjcl_1.default.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), sjclOptions));
+    const encryptedArr = Object.entries(encryptedObj).map(([key, value]) => `${key}:${value}`);
+    return encryptedArr.join('.');
 }
 exports.encrypt = encrypt;
 function decrypt(token, secret) {
     try {
-        const [ct, iv, salt] = token.split('.');
-        token = JSON.stringify(Object.assign({ ct, iv, salt }, defaults));
-        const { data, iat, exp } = JSON.parse(sjcl_1.default.decrypt(secret, token));
+        const encryptedArr = token.split('.');
+        const encryptedObj = encryptedArr.reduce((obj, str) => {
+            const [key, value] = str.split(':');
+            obj[key] = +value || value;
+            return obj;
+        }, {});
+        const { data, iat, exp } = JSON.parse(sjcl_1.default.decrypt(secret, JSON.stringify(encryptedObj)));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();

package/dist/esm/index.d.ts

@@ -1,11 +1,12 @@
+import { SjclCipherEncryptParams } from 'sjcl';
 export type EncryptOptions = {
     expiresIn?: number;
 };
 export type SignOptions = EncryptOptions & {
     sl?: number;
 };
-declare function sign(data: any, secret: string, { expiresIn, sl }?: SignOptions): string;
-declare function verify(token: string, secret: string): any;
-declare function encrypt(data: any, secret: string, { expiresIn }?: EncryptOptions): string;
-declare function decrypt(token: string, secret: string): any;
-export { sign, verify, encrypt, decrypt };
+export type { SjclCipherEncryptParams };
+export declare function sign(data: any, secret: string, { expiresIn, sl }?: SignOptions): string;
+export declare function verify(token: string, secret: string): any;
+export declare function encrypt(data: any, secret: string, { expiresIn }?: EncryptOptions, sjclOptions?: SjclCipherEncryptParams): string;
+export declare function decrypt(token: string, secret: string): any;

package/dist/esm/index.js

@@ -1,5 +1,4 @@
 import sjcl from 'sjcl';
-const defaults = { v: 1, iter: 10000, ks: 128, ts: 64, mode: "ccm", adata: "", cipher: "aes" };
 const characters = ['a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o', 'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '`', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', '-', '=', '[', ']', ';', ',', '.', '/', '~', '!', '@', '#', '$', '%', '^', '&', '*', '(', ')', '_', '+', '{', '}', ':', '<', '>', '?'];
 const encoder = new TextEncoder();
 const decoder = new TextDecoder();
@@ -42,13 +41,13 @@ function decode(token, secret, type) {
         decodedBytes[i] = tokenBytes[i] ^ secretBytes[i % secretLength];
     return decoder.decode(decodedBytes);
 }
-function sign(data, secret, { expiresIn = 0, sl = 32 } = {}) {
+export function sign(data, secret, { expiresIn = 0, sl = 32 } = {}) {
     const salt = genSalt(sl);
     const token = encode(JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), salt, 1);
     const signature = encode(salt, secret, 0);
     return `${token}.${signature}`;
 }
-function verify(token, secret) {
+export function verify(token, secret) {
     try {
         const [dataStr, signature] = token.split('.');
         const salt = decode(signature, secret, 0);
@@ -61,15 +60,20 @@ function verify(token, secret) {
         throw new Error('Invalid token or secret!');
     }
 }
-function encrypt(data, secret, { expiresIn = 0 } = {}) {
-    const { ct, iv, salt } = JSON.parse(sjcl.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn })));
-    return `${ct}.${iv}.${salt}`;
+export function encrypt(data, secret, { expiresIn = 0 } = {}, sjclOptions) {
+    const encryptedObj = JSON.parse(sjcl.encrypt(secret, JSON.stringify({ data, iat: Date.now(), exp: expiresIn }), sjclOptions));
+    const encryptedArr = Object.entries(encryptedObj).map(([key, value]) => `${key}:${value}`);
+    return encryptedArr.join('.');
 }
-function decrypt(token, secret) {
+export function decrypt(token, secret) {
     try {
-        const [ct, iv, salt] = token.split('.');
-        token = JSON.stringify(Object.assign({ ct, iv, salt }, defaults));
-        const { data, iat, exp } = JSON.parse(sjcl.decrypt(secret, token));
+        const encryptedArr = token.split('.');
+        const encryptedObj = encryptedArr.reduce((obj, str) => {
+            const [key, value] = str.split(':');
+            obj[key] = +value || value;
+            return obj;
+        }, {});
+        const { data, iat, exp } = JSON.parse(sjcl.decrypt(secret, JSON.stringify(encryptedObj)));
         if (!exp || Date.now() < iat + exp)
             return data;
         throw new Error();
@@ -78,4 +82,3 @@ function decrypt(token, secret) {
         throw new Error('Invalid token or secret!');
     }
 }
-export { sign, verify, encrypt, decrypt };

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "jssign",
-  "version": "0.2.7",
+  "version": "0.3.1",
   "description": "A token generator library to encode and decode data using a secret key",
   "main": "dist/cjs/index.js",
   "module": "dist/esm/index.js",
@@ -35,7 +35,7 @@
     "sjcl": "^1.0.8"
   },
   "devDependencies": {
-    "@types/sjcl": "^1.0.31"
+    "@types/sjcl": "^1.0.34"
   },
   "scripts": {
     "esm": "tsc",