diff --git a/README.md b/README.md index 154d48e..728346a 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,56 @@ # secure-random-string -a node module that generates a secure random string with a given length + +Node.js module that generates a cryptographically secure random string with a given length ## Usage -`require` it -``` +```javascript var srs = require('secure-random-string'); ``` +### Default behavior: Generate a random string 32 characters long. -generate a random string that is 32 chars long (the default) -``` +```javascript +// Sync +var result = srs(); + +// Async srs(function(sr) { console.log(sr); }); + ``` +### Options: length, urlsafe -generate a random string that is 256 chars long -``` -srs({length: 256}, function(sr) { +Optionally, you can specify a 'length' option to specify a length. + +The 'urlsafe' option replaces a potential `+` character with `-` and the `/` character +with `_`, created a valid [base64url](https://en.wikipedia.org/wiki/Base64) format string. + +```javascript +// sync +var result = srs({length: 256, urlsafe:true}); + +// async +srs({length: 256, urlsafe:true}, function(sr) { console.log(sr); }); ``` +## Error handling + +Will throw error if there is not enough accumulated entropy to generate cryptographically strong data. In other words, this without callback will not block even if all entropy sources are drained. + +## Author + + [Simon Santoro](https://github.com/S2-) + +## Contributors + + [Mark Stosberg](https://github.com/markstos) + +## License + +[MIT](https://github.com/aheckmann/node-ses/blob/master/LICENSE) -generate a random string that is 20 chars long and is url safe (can be used as a url token) -``` -srs({length: 20, urlsafe: true}, function(sr) { - console.log(sr); -}); -``` diff --git a/lib/secure-random-string.js b/lib/secure-random-string.js index 20810c7..c60b547 100644 --- a/lib/secure-random-string.js +++ b/lib/secure-random-string.js @@ -9,18 +9,28 @@ function srs(options, cb) { } var length = options['length'] || 32; - crypto.randomBytes(length, function(ex, buf) { - if (ex) throw ex; + // async path + if (cb) { + crypto.randomBytes(length, function(ex, buf) { + if (ex) throw ex; + return cb(_finish(buf)); + }); + } + // sync path + else { + return _finish(crypto.randomBytes(length)); + } + function _finish (buf) { var string = buf.toString('base64'); if (options.urlsafe) { string = string.replace(/\//g,'_').replace(/\+/g,'-'); } - - cb(string.substr(0, length)); - }); + return string.substr(0, length); + } }; + module.exports = srs; diff --git a/package.json b/package.json index 38c155d..4acafd6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "secure-random-string", - "version": "0.0.2", + "version": "0.1.0", "description": "Generates a secure random string with a given length", "main": "lib/secure-random-string.js", "scripts": { @@ -16,6 +16,7 @@ "string" ], "author": "Simon Santoro", + "contributors": ["Mark Stosberg "], "license": "MIT", "bugs": { "url": "https://github.com/S2-/securerandomstring/issues" diff --git a/tests.js b/tests.js index b6ce75f..c7780eb 100644 --- a/tests.js +++ b/tests.js @@ -28,7 +28,7 @@ var test = function(name, what, ref, c) { -//the actual tests +// async tests srs(function(sr) { test('generate a random string 32 chars long', sr.length, @@ -58,3 +58,8 @@ srs({length: 256, urlsafe: true}, function(sr) { }); +// sync tests +test('generate a random string 32 chars long (sync)', srs().length, 32); +test('generate a random string 1 chars long (sync)', srs({length:1}).length, 1); +test('generate a random string 256 chars long (sync)', srs({length:256}).length, 256); +test('generate a urlsafe random string 256 chars long (sync)', srs({length:256, urlsafe:true}).length, 256);