From 350fd45086a0406359da028652a2bbfb0ba67e8a Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Thu, 6 Aug 2015 11:36:19 -0400 Subject: [PATCH 1/3] Refactor: encapsulate code that will be shared with the sync version. --- lib/secure-random-string.js | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/secure-random-string.js b/lib/secure-random-string.js index 20810c7..6813a6a 100644 --- a/lib/secure-random-string.js +++ b/lib/secure-random-string.js @@ -12,15 +12,19 @@ function srs(options, cb) { crypto.randomBytes(length, function(ex, buf) { if (ex) throw ex; + cb(_finish(buf)); + }); + + function _finish (buf) { var string = buf.toString('base64'); if (options.urlsafe) { string = string.replace(/\//g,'_').replace(/\+/g,'-'); } - - cb(string.substr(0, length)); - }); + return string.substr(0, length); + } }; + module.exports = srs; From a1cab505488642b97e569d63a212a872c70c173f Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Thu, 6 Aug 2015 12:06:40 -0400 Subject: [PATCH 2/3] Add support for 'sync' API. Updates code, tests and docs. --- README.md | 47 ++++++++++++++++++++++++++----------- lib/secure-random-string.js | 16 +++++++++---- package.json | 3 ++- tests.js | 7 +++++- 4 files changed, 52 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 154d48e..a35a3c7 100644 --- a/README.md +++ b/README.md @@ -1,33 +1,52 @@ # secure-random-string -a node module that generates a secure random string with a given length + +Node.js module that generates a cryptographically secure random string with a given length ## Usage -`require` it -``` +```javascript var srs = require('secure-random-string'); ``` +### Default behavior: Generate a random string 32 characters long. -generate a random string that is 32 chars long (the default) -``` +```javascript +// Sync +var result = srs(); + +// Async srs(function(sr) { console.log(sr); }); + ``` +### Options: length, urlsafe -generate a random string that is 256 chars long -``` -srs({length: 256}, function(sr) { +Optionally, you can specify a 'length' option to specify a length. + +The 'urlsafe' option replaces a potential `+` character with `-` and the `/` character +with `_`, created a valid [base64url](https://en.wikipedia.org/wiki/Base64) format string. + +```javascript +// sync +var result = srs({length: 256, urlsafe:true}); + +// async +srs({length: 256, urlsafe:true}, function(sr) { console.log(sr); }); ``` +## Author + + [Simon Santoro](https://github.com/S2-) + +## Contributors + + [Mark Stosberg](https://github.com/markstos) + +## License + +[MIT](https://github.com/aheckmann/node-ses/blob/master/LICENSE) -generate a random string that is 20 chars long and is url safe (can be used as a url token) -``` -srs({length: 20, urlsafe: true}, function(sr) { - console.log(sr); -}); -``` diff --git a/lib/secure-random-string.js b/lib/secure-random-string.js index 6813a6a..c60b547 100644 --- a/lib/secure-random-string.js +++ b/lib/secure-random-string.js @@ -9,11 +9,17 @@ function srs(options, cb) { } var length = options['length'] || 32; - crypto.randomBytes(length, function(ex, buf) { - if (ex) throw ex; - - cb(_finish(buf)); - }); + // async path + if (cb) { + crypto.randomBytes(length, function(ex, buf) { + if (ex) throw ex; + return cb(_finish(buf)); + }); + } + // sync path + else { + return _finish(crypto.randomBytes(length)); + } function _finish (buf) { var string = buf.toString('base64'); diff --git a/package.json b/package.json index 38c155d..4acafd6 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "secure-random-string", - "version": "0.0.2", + "version": "0.1.0", "description": "Generates a secure random string with a given length", "main": "lib/secure-random-string.js", "scripts": { @@ -16,6 +16,7 @@ "string" ], "author": "Simon Santoro", + "contributors": ["Mark Stosberg "], "license": "MIT", "bugs": { "url": "https://github.com/S2-/securerandomstring/issues" diff --git a/tests.js b/tests.js index b6ce75f..c7780eb 100644 --- a/tests.js +++ b/tests.js @@ -28,7 +28,7 @@ var test = function(name, what, ref, c) { -//the actual tests +// async tests srs(function(sr) { test('generate a random string 32 chars long', sr.length, @@ -58,3 +58,8 @@ srs({length: 256, urlsafe: true}, function(sr) { }); +// sync tests +test('generate a random string 32 chars long (sync)', srs().length, 32); +test('generate a random string 1 chars long (sync)', srs({length:1}).length, 1); +test('generate a random string 256 chars long (sync)', srs({length:256}).length, 256); +test('generate a urlsafe random string 256 chars long (sync)', srs({length:256, urlsafe:true}).length, 256); From 29d802200567b639a9b8b4aaa6e8fde8eeac6d5d Mon Sep 17 00:00:00 2001 From: Mark Stosberg Date: Thu, 6 Aug 2015 12:12:13 -0400 Subject: [PATCH 3/3] Add section on error handling to README. --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index a35a3c7..728346a 100644 --- a/README.md +++ b/README.md @@ -38,6 +38,10 @@ srs({length: 256, urlsafe:true}, function(sr) { }); ``` +## Error handling + +Will throw error if there is not enough accumulated entropy to generate cryptographically strong data. In other words, this without callback will not block even if all entropy sources are drained. + ## Author [Simon Santoro](https://github.com/S2-)