oto-storage 0.3.2 → 0.4.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +40 -0
- package/package.json +2 -2
package/README.md
CHANGED
|
@@ -53,6 +53,8 @@ Oto storage uses the JavaScript Proxy API to let you interact with browser stora
|
|
|
53
53
|
|
|
54
54
|
- **TTL / Expiration**: Set automatic expiration for stored values.
|
|
55
55
|
|
|
56
|
+
- **Custom Encryption Hooks**: Encrypt/decrypt stored values with your own sync crypto callbacks.
|
|
57
|
+
|
|
56
58
|
### 🚀 Quick Start
|
|
57
59
|
|
|
58
60
|
**_1. Define your Schema_**
|
|
@@ -308,6 +310,44 @@ storage.user = { id: "1", name: "Alice" };
|
|
|
308
310
|
storage.user.name = "Bob"; // Updates are also TTL-protected
|
|
309
311
|
```
|
|
310
312
|
|
|
313
|
+
**Encryption**
|
|
314
|
+
|
|
315
|
+
Use custom synchronous `encrypt`/`decrypt` hooks to protect stored payloads at rest.
|
|
316
|
+
Security warning: `btoa`/`atob` is encoding, not cryptographic encryption. Use `encryption.encrypt`/`encryption.decrypt` with a real cipher (for example Web Crypto AES-GCM) in production.
|
|
317
|
+
|
|
318
|
+
```typescript
|
|
319
|
+
interface SecureStorage {
|
|
320
|
+
token: string;
|
|
321
|
+
profile: { id: string; name: string };
|
|
322
|
+
}
|
|
323
|
+
|
|
324
|
+
const keyPrefix = "my-secret-key:";
|
|
325
|
+
const secure = oto<SecureStorage>({
|
|
326
|
+
prefix: "secure-",
|
|
327
|
+
encryption: {
|
|
328
|
+
encrypt: (plainText) => btoa(`${keyPrefix}${plainText}`),
|
|
329
|
+
decrypt: (cipherText) => {
|
|
330
|
+
const decoded = atob(cipherText);
|
|
331
|
+
if (!decoded.startsWith(keyPrefix)) {
|
|
332
|
+
throw new Error("Invalid encryption key");
|
|
333
|
+
}
|
|
334
|
+
return decoded.slice(keyPrefix.length);
|
|
335
|
+
},
|
|
336
|
+
migrate: true, // Optional: auto-wrap existing plain JSON entries on read
|
|
337
|
+
},
|
|
338
|
+
});
|
|
339
|
+
|
|
340
|
+
secure.token = "abc123";
|
|
341
|
+
console.log(secure.token); // "abc123"
|
|
342
|
+
```
|
|
343
|
+
|
|
344
|
+
`encryption.migrate` helps adopt encryption without a one-time migration script by upgrading plain JSON entries as they are read.
|
|
345
|
+
Reserved keys note: `__oto_encrypted` and `__oto_payload` are used by the encryption envelope. If your stored object uses both keys with the same shape, it will be treated as encrypted data by `readStoredValue`/`isEncryptedWrapper`.
|
|
346
|
+
|
|
347
|
+
Encryption + TTL work together automatically. Expired encrypted entries are deleted on access, just like non-encrypted TTL values.
|
|
348
|
+
|
|
349
|
+
Security note: this feature protects data at rest in storage, but it does not protect against active XSS (malicious runtime code can access your encryption callbacks and decrypted values).
|
|
350
|
+
|
|
311
351
|
**Combining Defaults and TTL**
|
|
312
352
|
|
|
313
353
|
Use both features together for powerful patterns like session management:
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "oto-storage",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.4.0",
|
|
4
4
|
"description": "A lightweight, type-safe wrapper for localStorage and sessionStorage using the Proxy API.",
|
|
5
5
|
"main": "./dist/index.js",
|
|
6
6
|
"module": "./dist/index.mjs",
|
|
@@ -37,7 +37,7 @@
|
|
|
37
37
|
"license": "MIT",
|
|
38
38
|
"repository": {
|
|
39
39
|
"type": "git",
|
|
40
|
-
"url": "https://github.com/diomari/oto-storage"
|
|
40
|
+
"url": "git+https://github.com/diomari/oto-storage.git"
|
|
41
41
|
},
|
|
42
42
|
"devDependencies": {
|
|
43
43
|
"typescript": "^5.3.3",
|