npm package discovery and stats viewer.

Discover Tips

  • General search

    [free text search, go nuts!]

  • Package details

    pkg:[package-name]

  • User packages

    @[username]

Sponsor

Optimize Toolset

I’ve always been into building performant and accessible sites, but lately I’ve been taking it extremely seriously. So much so that I’ve been building a tool to help me optimize and monitor the sites that I build to make sure that I’m making an attempt to offer the best experience to those who visit them. If you’re into performant, accessible and SEO friendly sites, you might like it too! You can check it out at Optimize Toolset.

About

Hi, 👋, I’m Ryan Hefner  and I built this site for me, and you! The goal of this site was to provide an easy way for me to check the stats on my npm packages, both for prioritizing issues and updates, and to give me a little kick in the pants to keep up on stuff.

As I was building it, I realized that I was actually using the tool to build the tool, and figured I might as well put this out there and hopefully others will find it to be a fast and useful way to search and browse npm packages as I have.

If you’re interested in other things I’m working on, follow me on Twitter or check out the open source projects I’ve been publishing on GitHub.

I am also working on a Twitter bot for this site to tweet the most popular, newest, random packages from npm. Please follow that account now and it will start sending out packages soon–ish.

Open Software & Tools

This site wouldn’t be possible without the immense generosity and tireless efforts from the people who make contributions to the world and share their work via open source initiatives. Thank you 🙏

© 2024 – Pkg Stats / Ryan Hefner

temporary-stamp

v0.0.2

Published

Encrypt JSON data into temporary tokens for untrusted environments.

Downloads

4

Readme

temporary-stamp

Inspired by the tiny and super useful python module "itsdangerous", used to encrypt and/or sign (JSON) data into temporary tokens for untrusted environments.

npm version Build Status David Dependancy Status

There are a symmetric encryption method and a HMAC data signing. As well as the "itsdangerous" python module, "temporary-stamp" can be really useful when sensitive data are sent thru untrusted environments before reaching the server again.

Use cases:

  • Encrypt an user ID for unsubscribing of newsletters into URLs. This way you don’t need to generate one-time tokens and store them in the database. Same thing with any kind of activation link for accounts and similar things.
  • Encrypted and/or signed objects can be stored in cookies or other untrusted sources which means you don’t need to have sessions stored on the server, which reduces the number of necessary database queries.
  • Signed information can safely do a roundtrip between server and client in general which makes them useful for passing server-side state to a client and then back.

Installation:

$ npm install @phtdacosta/temporary-stamp --save

Why use "temporary-stamp" over crypto plain simple cipher functions?

That's why there is "temporary" in the module name. The module aims to create tokens that expire over time. It's useful specially when the data can be changed within certain time, invalidating them, or the data have to be consumed in a hurry.

This module aims to work with JSON-formatted data!

Basic usage:

The simplest use example:

Default parameters under the hood are secure enough for most use cases.

const temporaryStamp = require('temporary-stamp');

// Initializes the temporary-stamp object
// Its preferred to use AES encryption implementations
// It supports all AES modes with IV described by the "crypto" module
// The key and hash values are set by default internally
// To set iv you should base on the advanced example
const stamp = new temporaryStamp();

// Set for how long the token should be valid as the first argument (in milliseconds)
// and then specify the JSON, with as many key-value pairs as you want
const token = stamp.setupToken(1000, {
    name: 'Reeve',
});
// output: 9de7c052fed0f0708c12ef30e40d7ff1eaf8d1ed82162c2af7a5a7ec6cc11973c369d95aeb595b7147eab5a976

// To solve the token all needed is (as the validation is automatic)
const solved = stamp.solveToken(token);
// output: { max_timestamp: 1506900062517,
//    name: 'Reeve' }

Advanced usage:

For advanced use, further information can be set:

Only use if you really know what you are doing, otherwise any mistake or misconception will create security holes over your application.

const temporaryStamp = require('temporary-stamp');

// Set a key for encryption/decryption
const key = crypto.randomBytes(32);
// Set the cipher
// It supports all cipher functions described by the "crypto" module
const cipher = 'aes-256-ctr';
// Set the hash
// It supports all hash functions described by the "crypto" module
const hash = 'sha512';
// Set a iv to support the selected cipher
// False value is assigned by default
const iv = crypto.randomBytes(16);

// Initializes the temporary-stamp object
const stamp = new temporaryStamp(key, cipher, hash, iv);

// Set for how long the token should be valid as the first argument (in milliseconds)
// and then specify the JSON, with as many key-value pairs as you want
const token = stamp.setupToken(1000, {
    name: 'Reeve',
    month: 'June',
    height: 188
});
// output: 9ede2b5472703f97e77d4af6232d6d973bef5e043375ad726583898b540401663ae3901e7f85d28b20b4ad4a71aa4db4223bc4e0e54418aeee3f6e171a99e93a90da263146537882a5

// To just verify if the token is valid
console.log(stamp.verifyToken(token));
// output: true || false

// To solve the token all needed is (as the validation is automatic)
const solve = stamp.solveToken(token);
// output: { max_timestamp: 1506900062517,
//    name: 'Reeve',
//    month: 'June',
//    height: 188 }

Caveats:

  • ~~For now, the encryption/decryption methods only use ciphers with initializing vectors (iv).~~
  • Only the symmetric encryption method supports time expiring data. ~~Extending the support to HMAC signing is planned for the future.~~ There are already usable HMAC signing functions, by the way their usability will be extended for the next updates.

Error handling:

const token = stamp.setupToken(2000, {
    'message': 'Turn the TV on and get mad!'
});

// When a token created to be used within 2 seconds is verified/solved after 3 seconds
setTimeout(function () {
    console.log(stamp.solveToken(token));
}, 3000);
// output: StampError: Payload date is not valid anymore

// When bad tokens are verified/solved
const random = 'ga5SXsg5AXwTYfI6dpfLNySnBHdGsHdZQYE7kkmA432';
stamp.verifyToken(random);
// output: TypeError: Bad input string || SyntaxError: Unexpected end of JSON input