UNPKG

dphelper

Version:

dphelper devtools for developers

290 lines (215 loc) 9.07 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
# security Comprehensive security and cryptography utilities for encryption, hashing, identity generation, and browser fingerprinting. ## Functions ### UUID Generation | Function | Description | Example | |----------|-------------|---------| | `uuid.v4` | Generates a random UUID v4 | `dphelper.security.uuid.v4` | | `uuid.v5` | Generates a random UUID v5 | `dphelper.security.uuid.v5` | | `uuid.byVal` | Generates a deterministic UUID from a string | `dphelper.security.uuid.byVal('string')` | ### Encryption/Decryption | Function | Description | Example | |----------|-------------|---------| | `crypt` | Encrypts data using AES-256-GCM | `await dphelper.security.crypt(data, secret)` | | `deCrypt` | Decrypts AES-256-GCM encrypted data | `await dphelper.security.deCrypt(encrypted, secret)` | | `AES_KeyGen` | Generates a secure AES key | `await dphelper.security.AES_KeyGen(passKey)` | ### Hashing | Function | Description | Example | |----------|-------------|---------| | `hashPass` | Creates secure password hash with salt (SHA-256) | `await dphelper.security.hashPass(user, pass)` | | `SHA256_Hex` | Generates SHA-256 hash in hexadecimal | `await dphelper.security.SHA256_Hex(data)` | ### Identity Generation | Function | Description | Example | |----------|-------------|---------| | `ulid` | Generates Universally Unique Lexicographically Sortable Identifier | `dphelper.security.ulid()` | | `fingerprint` | Generates unique browser fingerprint | `await dphelper.security.fingerprint()` | ### Secure Storage | Function | Description | Example | |----------|-------------|---------| | `saveEncrypted` | Encrypts and saves data to localStorage with HMAC | `await dphelper.security.saveEncrypted(key, value, secret)` | | `getEncrypted` | Retrieves and decrypts data from localStorage | `await dphelper.security.getEncrypted(key, secret)` | ## Description Enterprise-grade security module providing: - **UUID Generation** - v4 (random), v5 (namespace-based), deterministic - **Encryption** - AES-256-GCM with PBKDF2 key derivation - **Hashing** - SHA-256 with secure salt generation - **Identity** - ULID for sortable unique IDs, browser fingerprinting - **Secure Storage** - Encrypted localStorage with HMAC integrity ## Usage Examples ### UUID Generation ```javascript // Random UUID v4 (most common use case) console.log(dphelper.security.uuid.v4); // "550e8400-e29b-41d4-a716-446655440000" // Random UUID v5 console.log(dphelper.security.uuid.v5); // "a3bb189e-8bf9-3888-9912-ace4e6543002" // Deterministic UUID from string (same input = same output) console.log(dphelper.security.uuid.byVal('hello')); // "2cfb4a2e-7b3c-4a8e-9d1c-5e4f6a7b8c9d" console.log(dphelper.security.uuid.byVal('hello')); // "2cfb4a2e-7b3c-4a8e-9d1c-5e4f6a7b8c9d" (same!) // Useful for generating consistent IDs from usernames const userId = dphelper.security.uuid.byVal('john@example.com'); ``` ### Encryption/Decryption ```javascript // Encrypt sensitive data const secret = 'my-secret-password'; const data = 'Hello, World!'; const encrypted = await dphelper.security.crypt(data, secret); console.log(encrypted); // "base64encodedstring..." (contains salt + iv + encrypted data) // Decrypt the data const decrypted = await dphelper.security.deCrypt(encrypted, secret); console.log(decrypted); // "Hello, World!" // Generate a secure key from password const key = await dphelper.security.AES_KeyGen('user-password'); console.log(key); // "salthadexstring...keybits..." ``` ### Password Hashing ```javascript // Hash a password (with automatic salt generation) const user = 'john@example.com'; const password = 'mySecurePassword!123'; const hash = await dphelper.security.hashPass(user, password); console.log(hash); // "salthere...hashhere..." (64 char hex string) // Verify password later const storedHash = '...'; // Previously stored hash const inputPassword = 'mySecurePassword!123'; const newHash = await dphelper.security.hashPass(user, inputPassword); if (newHash === storedHash) { console.log('Password correct!'); } else { console.log('Invalid password'); } // SHA-256 hash (raw) const sha256 = await dphelper.security.SHA256_Hex('hello world'); console.log(sha256); // "b94d27b9934d3e08a52e52d7da7dabfac484efe37a5380ee9088f7ace2efcde9" ``` ### ULID Generation ```javascript // Generate ULID (unique, lexicographically sortable, time-based) const id1 = dphelper.security.ulid(); const id2 = dphelper.security.ulid(); console.log(id1); // "01ARYZ6S41TVGZFM0X5SZW0JYP" console.log(id2); // "01ARYZ6S41TVHZ0WS0QJZWMY5A" // ULIDs are time-sortable console.log(id1 < id2); // true (if id1 was created first) // Great for database primary keys const orderId = dphelper.security.ulid(); // Sortable by creation time ``` ### Browser Fingerprinting ```javascript // Generate unique browser fingerprint const fingerprint = await dphelper.security.fingerprint(); console.log(fingerprint); // "a1b2c3d4e5f6..." (SHA-256 hash) // Use for analytics, fraud detection, or session management async function identifyUser() { const fp = await dphelper.security.fingerprint(); // Send to your server await fetch('/api/identify', { method: 'POST', body: JSON.stringify({ fingerprint: fp }) }); } ``` ### Secure LocalStorage ```javascript // Save encrypted data to localStorage await dphelper.security.saveEncrypted('user_token', 'abc123xyz', 'my-secret'); await dphelper.security.saveEncrypted('user_data', JSON.stringify({ name: 'John', email: 'john@example.com' }), 'my-secret'); // Retrieve and decrypt data const token = await dphelper.security.getEncrypted('user_token', 'my-secret'); console.log(token); // "abc123xyz" const userData = await dphelper.security.getEncrypted('user_data', 'my-secret'); console.log(JSON.parse(userData)); // { name: 'John', email: 'john@example.com' } // Tamper detection - returns null if data was modified localStorage.setItem('user_token', 'modified_by_hacker'); const tampered = await dphelper.security.getEncrypted('user_token', 'my-secret'); console.log(tampered); // null (detected tampering!) ``` ## Security Features ### AES-256-GCM Encryption - Uses PBKDF2 with **310,000 iterations** (OWASP 2023 compliant) for key derivation - Random 16-byte salt for each encryption - Random 12-byte IV (Initialization Vector) - Authenticated encryption (confidentiality + integrity) ### Secure Password Hashing - **SHA-256 only** (CNSA compliant, SHA-1 deprecated) - Random 16-byte salt per hash - Salt + hash stored together for verification - Time-safe comparison ### HMAC-Protected Storage - AES encryption for confidentiality - HMAC-SHA256 for integrity verification - Tamper detection on retrieval - Version support for future updates ### Network Functions Security > [!IMPORTANT] > Network primitives (`fetch`, `sse`, `socket`) are **by design** for modern web development. Callers must: > - Validate and sanitize all URLs before passing to these functions > - Use `dphelper.sanitize.url()` for URL validation > - Never pass untrusted user input directly to network functions ```javascript // Correct usage const safeUrl = dphelper.sanitize.url(userInput); await dphelper.fetch.get(safeUrl); ``` ## Advanced Usage ### Complete Authentication Flow ```javascript class AuthManager { constructor(secret) { this.secret = secret; } async register(username, password) { // Hash password for storage const hash = await dphelper.security.hashPass(username, password); // Generate user ID const userId = dphelper.security.uuid.byVal(username); // Save user data securely await dphelper.security.saveEncrypted(`user_${userId}`, JSON.stringify({ hash, created: Date.now() }), this.secret ); return userId; } async login(username, password) { const userId = dphelper.security.uuid.byVal(username); const stored = await dphelper.security.getEncrypted(`user_${userId}`, this.secret); if (!stored) return null; const userData = JSON.parse(stored); const inputHash = await dphelper.security.hashPass(username, password); return inputHash === userData.hash ? userId : null; } } ``` ### Secure Message Passing ```javascript async function sendSecureMessage(recipient, message) { // Generate encryption key const key = await dphelper.security.AES_KeyGen(recipient); // Encrypt message const encrypted = await dphelper.security.crypt(message, key); // Create message ID const messageId = dphelper.security.ulid(); return { id: messageId, encrypted, key }; } ``` ## Details - **Author:** Dario Passariello & Jo - **Version:** 0.0.2 - **Creation Date:** 20210101 - **Last Modified:** 20260220 - **Environment:** Works in both client and server environments --- *Automatically generated document*