[Pkg-javascript-commits] [node-keygrip] 05/68: npm now auto-creates default key during install
Andrew Kelley
andrewrk-guest at moszumanska.debian.org
Fri Jun 27 22:13:23 UTC 2014
This is an automated email from the git hooks/post-receive script.
andrewrk-guest pushed a commit to branch master
in repository node-keygrip.
commit c60811dc22662fdff93fba80af44afa2a8df2d79
Author: Jed Schmidt <tr at nslator.jp>
Date: Fri Feb 25 16:31:12 2011 +0900
npm now auto-creates default key during install
---
.gitignore | 1 +
README.md | 28 ++++++++++++++++++++--------
lib/keygrip.js | 5 +++--
package.json | 5 +++++
scripts/install.js | 7 +++++++
test.js | 25 +++++++++++++++++++------
6 files changed, 55 insertions(+), 16 deletions(-)
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a372d9c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+lib/defaultKeys.js
\ No newline at end of file
diff --git a/README.md b/README.md
index 6f98f59..8725997 100644
--- a/README.md
+++ b/README.md
@@ -11,18 +11,30 @@ keygrip is a [node.js](http://nodejs.org/) module for signing and verifying data
$ npm install keygrip
-## Usage
+## Example
- // from ./test.js
+ // ./test.js
var assert = require( "assert" )
- , secrets = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
- , keys = require( "./" )( secrets )
- , hash, index
+ , keygrip = require( "keygrip" )
+ , keylist = require( "keygrip/lib/defaultKeys" )
+ , keys, hash, index
+
+ // keygrip takes an array of keys, but if none exist,
+ // it uses the defaults created during npm installation.
+ // (but it'll will warn you)
+ console.log( "Ignore this message:" )
+ keys = keygrip( /* empty list */ )
// .sign returns the hash for the first key
// all hashes are SHA1 HMACs in url-safe base64
hash = keys.sign( "bieberschnitzel" )
- assert.equal( hash, "4O9Lm0qQPd7_pViJBPKA_8jYwb8" )
+ assert.ok( /^[\w\-]{27}$/.test( hash ) )
+
+ // but we're going to use our list.
+ // (note that the 'new' operator is optional)
+ keylist = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
+ keys = keygrip( keylist )
+ hash = keys.sign( "bieberschnitzel" )
// .verify returns the index of the first matching key
index = keys.verify( "bieberschnitzel", hash )
@@ -32,8 +44,8 @@ keygrip is a [node.js](http://nodejs.org/) module for signing and verifying data
assert.equal( index, -1 )
// rotate a new key in, and an old key out
- secrets.unshift( "SEKRIT4" )
- secrets.pop()
+ keylist.unshift( "SEKRIT4" )
+ keylist.pop()
// if index > 0, it's time to re-sign
index = keys.verify( "bieberschnitzel", hash )
diff --git a/lib/keygrip.js b/lib/keygrip.js
index c6ea0a6..eec5319 100644
--- a/lib/keygrip.js
+++ b/lib/keygrip.js
@@ -1,11 +1,12 @@
crypto = require( "crypto" )
+defaults = require( "./defaultKeys" )
function KeyGrip( keys ) {
if ( !( this instanceof KeyGrip ) ) return new KeyGrip( keys )
- if ( !keys || !keys.length ) {
+ if ( !keys || !( 0 in keys ) ) {
console.warn( "No keys specified, using defaults instead." )
- keys = [ "I'm stupid" ]
+ keys = defaults
}
function sign( data, key ) {
diff --git a/package.json b/package.json
index 5f6887b..96cf306 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,11 @@
{ "name" : "keygrip"
, "version" : "0.1.0"
, "description" : "Key signing and verification for rotated credentials"
+, "scripts": { "install" : "node scripts/install.js" }
+, "repository" :
+ { "type" : "git"
+ , "url" : "http://github.com/jed/keygrip.git"
+ }
, "main" : "./index"
, "engines": [ "node" ]
}
\ No newline at end of file
diff --git a/scripts/install.js b/scripts/install.js
new file mode 100644
index 0000000..7eaeaa7
--- /dev/null
+++ b/scripts/install.js
@@ -0,0 +1,7 @@
+require( "fs" ).writeFileSync( "./lib/defaultKeys.js",
+ "module.exports = " + JSON.stringify([
+ Array( 33 ).join( "x" ).replace( /x/g, function() {
+ return ( Math.random()*16|0 ).toString(16)
+ })
+ ])
+)
\ No newline at end of file
diff --git a/test.js b/test.js
index dfde803..f82b00f 100644
--- a/test.js
+++ b/test.js
@@ -1,12 +1,25 @@
+// ./test.js
var assert = require( "assert" )
- , secrets = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
- , keys = require( "./" )( secrets )
- , hash, index
+ , keygrip = require( "keygrip" )
+ , keylist = require( "keygrip/lib/defaultKeys" )
+ , keys, hash, index
+
+// keygrip takes an array of keys, but if none exist,
+// it uses the defaults created during npm installation.
+// (but it'll will warn you)
+console.log( "Ignore this message:" )
+keys = keygrip( /* empty list */ )
// .sign returns the hash for the first key
// all hashes are SHA1 HMACs in url-safe base64
hash = keys.sign( "bieberschnitzel" )
-assert.equal( hash, "4O9Lm0qQPd7_pViJBPKA_8jYwb8" )
+assert.ok( /^[\w\-]{27}$/.test( hash ) )
+
+// but we're going to use our list.
+// (note that the 'new' operator is optional)
+keylist = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
+keys = keygrip( keylist )
+hash = keys.sign( "bieberschnitzel" )
// .verify returns the index of the first matching key
index = keys.verify( "bieberschnitzel", hash )
@@ -16,8 +29,8 @@ index = keys.verify( "bieberschnitzel", "o_O" )
assert.equal( index, -1 )
// rotate a new key in, and an old key out
-secrets.unshift( "SEKRIT4" )
-secrets.pop()
+keylist.unshift( "SEKRIT4" )
+keylist.pop()
// if index > 0, it's time to re-sign
index = keys.verify( "bieberschnitzel", hash )
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-keygrip.git
More information about the Pkg-javascript-commits
mailing list