UNPKG

hash-token

Version:

A secure token manager with HMAC and salt management

github.com/dnettoRaw/hashToken

dnettoRaw/hashToken

131 lines (80 loc) 3.5 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
# Advanced Token Manager --- ## Links - [Portuguese Version](./README_pt.md) - [French version](./README_fr.md) ## Overview **AdvancedTokenManager** is a TypeScript library to generate and validate secure tokens with advanced obfuscation. Ideal for applications requiring data security, such as authentication, information signing, or secure storage. --- ## Features ### Performance Performance tests show that token generation and validation are extremely fast (average result of 1,000 iterations performed 10 times). These tests were conducted on an Apple M1 processor. - Average memory usage during token generation: **0.9766 MB**. - Average memory usage during token validation: **0.9842 MB**. - Average time for `generateToken` is **0.002953 ms**. - Average time for `validateToken` is **0.002344 ms**. ### Security - Uses HMAC with a private secret to ensure token integrity. - Adds a random salt to each token, making decryption difficult. ### Flexibility - Supports various hash algorithms (`sha256` by default, `sha512`). - Customizable `secret` and `salts` configuration. ### Easy Integration - Automatic generation of `secret` and `salts` if needed. - Supports extracting original data from valid tokens. --- ## Installation ```bash npm i hash-token ``` --- ## Examples ### Manual Configuration ```typescript import AdvancedTokenManager from 'hash-token'; const secretKey = process.env.SECRET_KEY || "secure-key"; const salts = process.env.SALTS?.split(',') || ["salt1", "salt2", "salt3"]; const tokenManager = new AdvancedTokenManager(secretKey, salts); const token = tokenManager.generateToken("sensitive-data"); console.log("Generated Token:", token); const validatedData = tokenManager.validateToken(token); console.log(validatedData ? "Valid Token:" : "Invalid Token"); ``` ### Automatic Generation (Use with Caution) ```typescript import AdvancedTokenManager from 'hash-token'; const tokenManager = new AdvancedTokenManager(); const config = tokenManager.getConfig(); console.warn("⚠️ Save these values securely:"); console.log("SECRET:", config.secret); console.log("SALTS:", config.salts.join(',')); const token = tokenManager.generateToken("auto-generated-data"); console.log("Generated Token:", token); const validatedData = tokenManager.validateToken(token); console.log(validatedData ? "Valid Token:" : "Invalid Token"); ``` **Important:** Save the `secret` and `salts` generated automatically to ensure consistent behavior. ### Forced Salt Index Usage You can force the use of a specific salt index when generating tokens for added control and predictability. ```typescript import AdvancedTokenManager from 'hash-token'; const tokenManager = new AdvancedTokenManager('secure-key', ['salt1', 'salt2', 'salt3']); const token = tokenManager.generateToken('sensitive-data', 1); console.log('Generated Token:', token); const validatedData = tokenManager.validateToken(token); console.log(validatedData ? 'Valid Token:' : 'Invalid Token'); ``` **Note:** Ensure that the forced salt index exists, or an error will be thrown. --- ## Tests Use Jest to test functionality under various scenarios, such as altered tokens or invalid salts. ```bash npm install --save-dev jest @types/jest ts-jest npm test ``` --- ## License This project is licensed under the [MIT License](https://opensource.org/licenses/MIT). --- ## Contact For questions or suggestions, please open an issue on [GitHub](https://github.com/dnettoRaw/hashToken/issues).