UNPKG

crypto-pouch

Version:

encrypted pouchdb/couchdb database

github.com/calvinmetcalf/crypto-pouch

calvinmetcalf/crypto-pouch

193 lines (171 loc) 5.87 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
/* global describe it beforeEach afterEach emit */ const assert = require('assert').strict const memdown = require('memdown') const PouchDB = require('pouchdb') PouchDB.plugin(require('.')) const PASSWORD = 'hello world' const BAD_PASS = 'goodbye sol' const NAME = 'crypto-pouch-testing' const DOCS = [ { _id: 'a', hello: 'world' }, { _id: 'b', hello: 'sol' }, { _id: 'c', hello: 'galaxy' } ] const ATTACHMENTS = { 'att.txt': { content_type: 'text/plain', data: 'TGVnZW5kYXJ5IGhlYXJ0cywgdGVhciB1cyBhbGwgYXBhcnQKTWFrZSBvdXIgZW1vdGlvbnMgYmxlZWQsIGNyeWluZyBvdXQgaW4gbmVlZA==' } } describe('crypto-pouch', function () { beforeEach(async function () { this.db = new PouchDB(NAME, { db: memdown }) await this.db.crypto(PASSWORD) }) afterEach(async function () { await this.db.destroy() }) it('should encrypt documents', async function () { const doc = DOCS[0] await this.db.put(doc) const decrypted = await this.db.get(doc._id) assert.equal(decrypted.hello, doc.hello) // now let's ensure that doc is encrypted at rest this.db.removeCrypto() const encrypted = await this.db.get(doc._id) assert.notEqual(encrypted.hello, doc.hello) }) it('should not encrypt documents after crypto is removed', async function () { const [doc1, doc2] = DOCS.slice(0, 2) await this.db.put(doc1) this.db.removeCrypto() await this.db.put(doc2) const encrypted = await this.db.get(doc1._id) assert.notEqual(encrypted.hello, doc1.hello) const decrypted = await this.db.get(doc2._id) assert.equal(decrypted.hello, doc2.hello) }) it('should fail when using a bad password', async function () { await this.db.put({ _id: 'a', hello: 'world' }) this.db.removeCrypto() await this.db.crypto(BAD_PASS) try { await this.db.get('a') throw new Error('read succeeded but should have failed') } catch (error) { assert.equal(error.message, 'Could not decrypt!') } }) it('should preserve primary index sorting', async function () { for (const doc of DOCS) { await this.db.put(doc) } const result = await this.db.allDocs() for (let i = 0; i < result.rows.length - 1; i++) { const row = result.rows[i] const next = result.rows[i + 1] assert(row.key < next.key) } }) it('should preserve secondary index sorting', async function () { for (const doc of DOCS) { await this.db.put(doc) } await this.db.put({ _id: '_design/test', views: { test: { map: function (doc) { emit(doc.hello) }.toString() } } }) const result = await this.db.query('test') const EXPECTED = DOCS.map(({ hello }) => { return hello }) for (let i = 0; i < result.rows.length - 1; i++) { const row = result.rows[i] const next = result.rows[i + 1] assert(row.key < next.key) // ensure that keys are not encrypted assert(EXPECTED.includes(row.key)) assert(EXPECTED.includes(next.key)) } }) it('should error on attachments', async function () { const doc = { ...DOCS[0], _attachments: ATTACHMENTS } try { await this.db.put(doc) throw new Error('write should not have succeeded') } catch (error) { assert.equal(error.message, 'Attachments cannot be encrypted. Use {ignore: "_attachments"} option') } }) it('should ignore attachments when so instructed', async function () { this.db.removeCrypto() await this.db.crypto(PASSWORD, { ignore: '_attachments' }) const doc = { ...DOCS[0], _attachments: ATTACHMENTS } await this.db.put(doc) }) it('should handle _deleted:true ok', async function () { const doc = DOCS[0] const { rev } = await this.db.put(doc) const deleted = { _id: doc._id, _rev: rev, _deleted: true } await this.db.put(deleted) try { await this.db.get(doc._id) throw new Error('read should not have succeeded') } catch (error) { assert.equal(error.reason, 'deleted') } }) it('should accept crypto params as an object', async function () { this.db.removeCrypto() await this.db.crypto({ password: PASSWORD }) const doc = DOCS[0] await this.db.put(doc) const { hello } = await this.db.get(doc._id) assert.equal(hello, 'world') }) it('should fail to init with http adapter', async function () { const db = new PouchDB('http://localhost:5984') assert.rejects( async () => { await db.crypto(PASSWORD) }, new Error('crypto-pouch does not work with pouchdb\'s http adapter. Use a local adapter instead.') ) }) it('should preserve ignored fields on read', async function () { let doc = DOCS[0] assert(!('_rev' in doc)) await this.db.put(doc) doc = await this.db.get(doc._id) assert('_rev' in doc) }) describe('replication', async function () { beforeEach(async function () { this.db2 = new PouchDB(NAME + '2') }) afterEach(async function () { await this.db2.destroy() }) it('should replicate ok', async function () { await this.db.bulkDocs(DOCS) await this.db.replicate.to(this.db2) const result = await this.db2.allDocs() assert.equal(result.rows.length, DOCS.length) }) }) describe('concurrency', function () { beforeEach(async function () { this.db1 = new PouchDB(NAME) this.db2 = new PouchDB(NAME) }) afterEach(async function () { await this.db1.destroy() // also destroys db2 THANKS }) it('should handle concurrent crypt instances ok', async function () { this.timeout(10 * 1000) await Promise.all([ this.db1.crypto(PASSWORD), this.db2.crypto(PASSWORD) ]) await this.db1.put(DOCS[0]) const doc = await this.db2.get(DOCS[0]._id) assert.equal(DOCS[0].hello, doc.hello) }) }) })