From dba931ee48a3d1854b2b21676d69103ac77a6216 Mon Sep 17 00:00:00 2001 From: Timo Hocker Date: Fri, 6 Mar 2020 12:06:10 +0100 Subject: [PATCH] copy from hc --- README.md | 113 +++++++++++++++++++++++++++++++++++++++++++++++++ mock_server.js | 60 ++++++++++++++++++++++++++ 2 files changed, 173 insertions(+) create mode 100644 README.md create mode 100644 mock_server.js diff --git a/README.md b/README.md new file mode 100644 index 0000000..1161189 --- /dev/null +++ b/README.md @@ -0,0 +1,113 @@ +# Helper Colletion + +A bunch of useful functions and constants + +## Usage + +```js +const {auth,crypto,util,encoding,http_consts} = require('@scode/helper-collection'); + +// auth is a express middleware that uses a knex database conenction to authorize users +const authentication = auth(knex); + +// add cookieParser to allow session management via cookies +app.use(cookieParser()); +app.use(authentication.handler); + +``` + +to create the necessary users table, add the following to your migrations + +```js +function up(knex) { + await knex.schema.createTable ('users', (table) => { + table.increments ('id'); + table.string ('name'); + table.string ('email'); + table.string ('password'); + table.string ('salt'); + table.boolean ('deleted') + .default (false); + }); +} +``` + +```js + +// additionally it offers functions like create_user +const salt = crypto.create_salt(); +const hash = crypto.hash_sha512('1234', salt); +authentication.create_user('test', 'test@example.com', hash, salt); + +// helper functions include a bunch of different quick functions + +// util +const json = util.try_parse_json('}!!invalid json') // returns null instead of throwing an error +const n = util.truncate_decimal(23.45678, 2); // n = 23.45 + +// crypto +const rand_hex = crypto.random_hex(16); // outputs 16 byte random hex +const rand_salt = crypto.create_salt(); // same as random_hex, but with fixed length of 32 bytes +const random_string = crypto.random_string(16) // output 16 character long random string +const hash = crypto.hash_sha512(random_string, random_hex); // returns sha 512 hex +const check = crypto.checksum('foo'); // returns a sha 256 hex +const argon = crypto.argon_hash(random_string); // returns an argon hash +const is_argon_valid = crypto.argon_verify(argon, random_hex); // returns false because a different input was used + +// encoding +const hex = encoding.to_hex('abc'); // convert any encoding to hex, default is utf-8 +const b64 = encoding.to_b64(hex, 'hex'); // convert any encoding to base64, default is utf-8 +const utf8 = encoding.to_utf8(hex, 'hex'); // convert any encoding to utf-8, no default + +// jwt like object signing +const signed = crypto.sign_object({foo: 'bar'}, 'secret'); +const dec = crypto.decode_signed(signed); // decode a signed object without verifying the signature +const ver = crypto.verify_signature(signed, 'secret', 10000); // verifies the signature and returns the contents. the timeout is in milliseconds and optional, timing will be ignored if omitted. + +// http consts contain useful constants like response codes + +http_consts.status_ok // easier to understand than '200' +``` + +## Breaking Changes + +### v2.0 + +- functions.random_string is now synchronous +- functions.random_hex + - is now synchronous + - uses length for the actual string length instead of the contained bytes +- functions.create_salt is now synchronous + +### v3.0 + +- functions.hash has been removed + - replaced by hash_sha512 (different hash algorithm) +- all functions are now only accessible via their module +- new module structure: + - crypto: + - checksum + - create_salt + - decode_signed + - get_signature_info + - hash_sha512 + - random_hex + - random_string + - sign_object + - verify_signature + - util + - try_parse_json + - truncate_decimal + - encoding + - to_b64 + - to_hex + - to_utf8 + - auth {...} + - http_consts {...} + +## Deprecations + +### v2.4 + +- functions.hash has been deprecated since it was using pbkdf2 + - replaced by hash_sha512 diff --git a/mock_server.js b/mock_server.js new file mode 100644 index 0000000..eefb914 --- /dev/null +++ b/mock_server.js @@ -0,0 +1,60 @@ +/* eslint-disable no-magic-numbers */ +// @ts-nocheck +'use strict'; + +const express = require ('express'); +const cookie_parser = require ('cookie-parser'); +const auth = require ('./index'); +const knex = require ('knex'); +const path = require ('path'); +const fs = require ('fs-extra'); + + +/** + * start the server + */ +async function start_server () { + const db_path = path.join (__dirname, 'db.sqlite'); + + if (await fs.exists (db_path)) + await fs.unlink (db_path); + + const db = knex ({ + client: 'sqlite', + connection: { filename: db_path }, + useNullAsDefault: true + }); + + await db.schema.createTable ('users', (table) => { + table.increments ('id'); + table.string ('name'); + table.string ('email'); + table.string ('password'); + table.string ('salt'); + table.boolean ('deleted') + .default (false); + }); + + const app = express (); + + const authentication = auth (db); + + const salt = crypto.create_salt (); + const hash = crypto.hash_sha512 ('foo', salt); + + await authentication.create_user ('test', 'asd@example.com', hash, salt); + + app.use (cookie_parser ()); + app.use (authentication.handler); + + app.get ('/', (req, res) => { + res.status (http_consts.status_ok) + .end ('foo'); + }); + + app.listen (3000); + + return app; +} + +module.exports = { start_server };