[Pkg-javascript-commits] [node-keygrip] 05/68: npm now auto-creates default key during install

Andrew Kelley andrewrk-guest at moszumanska.debian.org
Fri Jun 27 22:13:23 UTC 2014 

This is an automated email from the git hooks/post-receive script.

andrewrk-guest pushed a commit to branch master
in repository node-keygrip.

commit c60811dc22662fdff93fba80af44afa2a8df2d79
Author: Jed Schmidt <tr at nslator.jp>
Date:   Fri Feb 25 16:31:12 2011 +0900

    npm now auto-creates default key during install
---
 .gitignore         |  1 +
 README.md          | 28 ++++++++++++++++++++--------
 lib/keygrip.js     |  5 +++--
 package.json       |  5 +++++
 scripts/install.js |  7 +++++++
 test.js            | 25 +++++++++++++++++++------
 6 files changed, 55 insertions(+), 16 deletions(-)

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..a372d9c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+lib/defaultKeys.js
\ No newline at end of file
diff --git a/README.md b/README.md
index 6f98f59..8725997 100644
--- a/README.md
+++ b/README.md
@@ -11,18 +11,30 @@ keygrip is a [node.js](http://nodejs.org/) module for signing and verifying data
 
     $ npm install keygrip
     
-## Usage
+## Example
 
-    // from ./test.js
+    // ./test.js
     var assert = require( "assert" )
-      , secrets = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
-      , keys = require( "./" )( secrets )
-      , hash, index
+      , keygrip = require( "keygrip" )
+      , keylist = require( "keygrip/lib/defaultKeys" )
+      , keys, hash, index
+    
+    // keygrip takes an array of keys, but if none exist,
+    // it uses the defaults created during npm installation.
+    // (but it'll will warn you)
+    console.log( "Ignore this message:" )
+    keys = keygrip( /* empty list */ )
     
     // .sign returns the hash for the first key
     // all hashes are SHA1 HMACs in url-safe base64
     hash = keys.sign( "bieberschnitzel" )
-    assert.equal( hash, "4O9Lm0qQPd7_pViJBPKA_8jYwb8" )
+    assert.ok( /^[\w\-]{27}$/.test( hash ) )
+    
+    // but we're going to use our list.
+    // (note that the 'new' operator is optional)
+    keylist = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
+    keys = keygrip( keylist )
+    hash = keys.sign( "bieberschnitzel" )
     
     // .verify returns the index of the first matching key
     index = keys.verify( "bieberschnitzel", hash )
@@ -32,8 +44,8 @@ keygrip is a [node.js](http://nodejs.org/) module for signing and verifying data
     assert.equal( index, -1 )
     
     // rotate a new key in, and an old key out
-    secrets.unshift( "SEKRIT4" )
-    secrets.pop()
+    keylist.unshift( "SEKRIT4" )
+    keylist.pop()
     
     // if index > 0, it's time to re-sign
     index = keys.verify( "bieberschnitzel", hash )
diff --git a/lib/keygrip.js b/lib/keygrip.js
index c6ea0a6..eec5319 100644
--- a/lib/keygrip.js
+++ b/lib/keygrip.js
@@ -1,11 +1,12 @@
 crypto = require( "crypto" )
+defaults = require( "./defaultKeys" )
 
 function KeyGrip( keys ) {
   if ( !( this instanceof KeyGrip ) ) return new KeyGrip( keys )
   
-  if ( !keys || !keys.length ) {
+  if ( !keys || !( 0 in keys ) ) {
     console.warn( "No keys specified, using defaults instead." )
-    keys = [ "I'm stupid" ]
+    keys = defaults
   }
   
   function sign( data, key ) {
diff --git a/package.json b/package.json
index 5f6887b..96cf306 100644
--- a/package.json
+++ b/package.json
@@ -1,6 +1,11 @@
 { "name" : "keygrip"
 , "version" : "0.1.0"
 , "description" : "Key signing and verification for rotated credentials"
+, "scripts": { "install" : "node scripts/install.js" }
+, "repository" :
+  { "type" : "git"
+  , "url" : "http://github.com/jed/keygrip.git"
+  }
 , "main" : "./index"
 , "engines": [ "node" ]
 }
\ No newline at end of file
diff --git a/scripts/install.js b/scripts/install.js
new file mode 100644
index 0000000..7eaeaa7
--- /dev/null
+++ b/scripts/install.js
@@ -0,0 +1,7 @@
+require( "fs" ).writeFileSync( "./lib/defaultKeys.js",
+  "module.exports = " + JSON.stringify([
+    Array( 33 ).join( "x" ).replace( /x/g, function() {
+      return ( Math.random()*16|0 ).toString(16)
+    })
+  ])
+)
\ No newline at end of file
diff --git a/test.js b/test.js
index dfde803..f82b00f 100644
--- a/test.js
+++ b/test.js
@@ -1,12 +1,25 @@
+// ./test.js
 var assert = require( "assert" )
-  , secrets = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
-  , keys = require( "./" )( secrets )
-  , hash, index
+  , keygrip = require( "keygrip" )
+  , keylist = require( "keygrip/lib/defaultKeys" )
+  , keys, hash, index
+
+// keygrip takes an array of keys, but if none exist,
+// it uses the defaults created during npm installation.
+// (but it'll will warn you)
+console.log( "Ignore this message:" )
+keys = keygrip( /* empty list */ )
 
 // .sign returns the hash for the first key
 // all hashes are SHA1 HMACs in url-safe base64
 hash = keys.sign( "bieberschnitzel" )
-assert.equal( hash, "4O9Lm0qQPd7_pViJBPKA_8jYwb8" )
+assert.ok( /^[\w\-]{27}$/.test( hash ) )
+
+// but we're going to use our list.
+// (note that the 'new' operator is optional)
+keylist = [ "SEKRIT3", "SEKRIT2", "SEKRIT1" ]
+keys = keygrip( keylist )
+hash = keys.sign( "bieberschnitzel" )
 
 // .verify returns the index of the first matching key
 index = keys.verify( "bieberschnitzel", hash )
@@ -16,8 +29,8 @@ index = keys.verify( "bieberschnitzel", "o_O" )
 assert.equal( index, -1 )
 
 // rotate a new key in, and an old key out
-secrets.unshift( "SEKRIT4" )
-secrets.pop()
+keylist.unshift( "SEKRIT4" )
+keylist.pop()
 
 // if index > 0, it's time to re-sign
 index = keys.verify( "bieberschnitzel", hash )

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-javascript/node-keygrip.git

More information about the Pkg-javascript-commits mailing list