HiveBrain v1.2.0
Get Started
← Back to all entries
patternjavascriptMinor

Transparent encryption of HTML5 storage engine(s)

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
engineencryptiontransparentstoragehtml5

Problem

I am looking for feedback and possible suggestions regarding a piece of JS code that performs transparent symmetric encryption/decryption of user specified data using the HTML5 localStorage, sessionStorage or depreciated cookie options.

The project can be viewed in its entirety at here.

```
/**
* secStore.js - Encryption enabled browser storage
*
* https://www.github.com/jas-/secStore.js
*
* Author: Jason Gerfen
* License: GPL (see LICENSE)
*/
(function(window, undefined) {

'use strict';

/**
* @function secStore
* @abstract Namespace for saving/retrieving encrypted HTML5 storage engine
* data
*/
var secStore = secStore || function() {

/**
* @var {Object} defaults
* @abstract Default set of options for plug-in
*
* @param {Boolean} encrypt Optionally encrypt stored data
* @param {Object} data Data to be setd (JSON objects)
* @param {String} passphrase Passphrase to use (optional)
* @param {String} storage Storage mechanism (local, session or cookies)
*/
var defaults = {
encrypt: false,
data: {},
key: 'secStore.js',
passphrase: '',
storage: 'local'
};

/**
* @method setup
* @scope private
* @abstract Initial setup routines
*/
var setup = setup || {

/**
* @function set
* @scope private
* @abstract Initialization
*
* @param {Object} opts Plug-in option object
*/
init: function(opts) {
opts.passphrase = (opts.encrypt && opts.passphrase) ?
opts.passphrase : (opts.encrypt && !opts.passphrase) ?
crypto.key(opts) : false;
}
};

/**
* @method storage
* @scope private
* @abstract Interface to handle storage options
*/
var storage = storage || {

/**
* @function quota
* @scope private
* @abstract Tests specified storage option for current amount of space available.
* - Cookies: 4K

Solution

From a once over:

  • Yay, GPL! I love GPL, note that by posting your code here anybody can use this now as not-GPL



-
This is the most readable nested ternary I ever saw

init: function(opts) {
  opts.passphrase = (opts.encrypt && opts.passphrase) ?
    opts.passphrase : (opts.encrypt && !opts.passphrase) ?
      crypto.key(opts) : false;
}


You could consider this

init: function(opts) {
  opts.passphrase = opts.encrypt ? (opts.passphrase || crypto.key(opts)) : false;
}


-
Considering the craftyness of your other code I was surprised to find this:

if (total <= 0) {
  return false;
}

return true;


consider

return !(total  0;


-
If your switch equals the exact function name like here:

switch (opts.storage) {
  case 'cookie':
    ret = this.cookie.set(opts);
    break;
  case 'local':
    ret = this.local.set(opts);
    break;
  case 'session':
    ret = this.session.set(opts);
    break;
  default:
    ret = this.local.set(opts);
    break;
}


You can just simply access the function dynamically

ret = this[opt.storage] ? this[opt.storage].set(opts) : this.local.set(opts);


  • var i, x, y, z = document.cookie.split(";");



  • To name a a machine identifier uid is not ideal, usually uid is reserved for unique record id's



  • I did not review any of the cryptographic code, but at least you depend on a third party library, that is 90% of the work

Code Snippets

init: function(opts) {
  opts.passphrase = (opts.encrypt && opts.passphrase) ?
    opts.passphrase : (opts.encrypt && !opts.passphrase) ?
      crypto.key(opts) : false;
}
init: function(opts) {
  opts.passphrase = opts.encrypt ? (opts.passphrase || crypto.key(opts)) : false;
}
if (total <= 0) {
  return false;
}

return true;
return !(total <= 0); //Or..
return total > 0;
switch (opts.storage) {
  case 'cookie':
    ret = this.cookie.set(opts);
    break;
  case 'local':
    ret = this.local.set(opts);
    break;
  case 'session':
    ret = this.session.set(opts);
    break;
  default:
    ret = this.local.set(opts);
    break;
}

Context

StackExchange Code Review Q#69850, answer score: 2

Revisions (0)

No revisions yet.