secure-them-codes
v0.0.2
Published
Framework for loading code securely in a browser. Authenticated via Ethereum smart contract.
Downloads
4
Maintainers
Readme
Secure Them Codes!
This is a library / utility for securely downloading larger JS files in a totally distributed fashion. Provided everything you need for your app is in the JS file downloaded, you should never have to change your frontend. It integrates with Ethereum (or any similar network) and will retrive a reference to the latest version, securely download that file, then load that dynamically into the browser. It is not as fast as directly loading JS from a webserver, but it is more secure.
Overview
The idea is simple enough:
- Have some network like Ethereum
- Load a smart contract on it that allows you to serve an up to date reference to your latest code
- Have a network like IPFS where you can reference content via hash (note: bittorrent could work here too)
- Deploy your code by first ensuring it's available on IPFS, then record the hash in your smart contract
It's easy enough to add streams (like 'beta', 'nightly', etc) and automate this process.
From a user's perspective they load the minimum to
- display some nice loading screen
- securely fetch the code via Etheruem and IPFS (using multiple public nodes)
Usage
const stc = require('secure-them-codes');
stc(loadingHtml, loader);
What's a Loader Object?
Loader Objects conform to one of the following:
{ loader: "ens-ipfs", ref: "code.secvote.eth", extra: "<STREAM>" }
(TODO) Use ENS (Ethereum Name Service) and IPFS, starting with the provided ENS name and presuming it points to aStcReleases.sol
contract.<STREAM>
can be the name of a release stream, or a particular hash.{ loader: "ipfs", ref "<MULTIHASH>" }
(TODO) Just load straight from the provided multihash (or CID).{ loader "ens-mango", ref: "code.secvote.eth", extra: "<BRANCH>" }
(TODO) Use ENS and mango (git via ethereum / IPFS).<BRANCH>
can be a branch name or release or even a particular hash.{ loader "custom", ref: <LOADER_OBJECT>, extra: <ANYTHING YOU LIKE> }
(TODO)
Note: the extra
param is always optional - each .
Loader Objects
Loader objects should look like:
{
toString: () => String,
runDefault: () => Uint8Array,
runWExtra: (e: ExtraDataType) => Uint8Array
}
The binary produced by runDefault
or runWExtra
will be injected into the page.
Planned features:
- Add your own data-source layers (e.g. replace Ethereum, or replace IPFS individually)