patternjavascriptMinor
Transparent encryption of HTML5 storage engine(s)
Viewed 0 times
engineencryptiontransparentstoragehtml5
Problem
I am looking for feedback and possible suggestions regarding a piece of JS code that performs transparent symmetric encryption/decryption of user specified data using the HTML5
The project can be viewed in its entirety at here.
```
/**
* secStore.js - Encryption enabled browser storage
*
* https://www.github.com/jas-/secStore.js
*
* Author: Jason Gerfen
* License: GPL (see LICENSE)
*/
(function(window, undefined) {
'use strict';
/**
* @function secStore
* @abstract Namespace for saving/retrieving encrypted HTML5 storage engine
* data
*/
var secStore = secStore || function() {
/**
* @var {Object} defaults
* @abstract Default set of options for plug-in
*
* @param {Boolean} encrypt Optionally encrypt stored data
* @param {Object} data Data to be setd (JSON objects)
* @param {String} passphrase Passphrase to use (optional)
* @param {String} storage Storage mechanism (local, session or cookies)
*/
var defaults = {
encrypt: false,
data: {},
key: 'secStore.js',
passphrase: '',
storage: 'local'
};
/**
* @method setup
* @scope private
* @abstract Initial setup routines
*/
var setup = setup || {
/**
* @function set
* @scope private
* @abstract Initialization
*
* @param {Object} opts Plug-in option object
*/
init: function(opts) {
opts.passphrase = (opts.encrypt && opts.passphrase) ?
opts.passphrase : (opts.encrypt && !opts.passphrase) ?
crypto.key(opts) : false;
}
};
/**
* @method storage
* @scope private
* @abstract Interface to handle storage options
*/
var storage = storage || {
/**
* @function quota
* @scope private
* @abstract Tests specified storage option for current amount of space available.
* - Cookies: 4K
localStorage, sessionStorage or depreciated cookie options.The project can be viewed in its entirety at here.
```
/**
* secStore.js - Encryption enabled browser storage
*
* https://www.github.com/jas-/secStore.js
*
* Author: Jason Gerfen
* License: GPL (see LICENSE)
*/
(function(window, undefined) {
'use strict';
/**
* @function secStore
* @abstract Namespace for saving/retrieving encrypted HTML5 storage engine
* data
*/
var secStore = secStore || function() {
/**
* @var {Object} defaults
* @abstract Default set of options for plug-in
*
* @param {Boolean} encrypt Optionally encrypt stored data
* @param {Object} data Data to be setd (JSON objects)
* @param {String} passphrase Passphrase to use (optional)
* @param {String} storage Storage mechanism (local, session or cookies)
*/
var defaults = {
encrypt: false,
data: {},
key: 'secStore.js',
passphrase: '',
storage: 'local'
};
/**
* @method setup
* @scope private
* @abstract Initial setup routines
*/
var setup = setup || {
/**
* @function set
* @scope private
* @abstract Initialization
*
* @param {Object} opts Plug-in option object
*/
init: function(opts) {
opts.passphrase = (opts.encrypt && opts.passphrase) ?
opts.passphrase : (opts.encrypt && !opts.passphrase) ?
crypto.key(opts) : false;
}
};
/**
* @method storage
* @scope private
* @abstract Interface to handle storage options
*/
var storage = storage || {
/**
* @function quota
* @scope private
* @abstract Tests specified storage option for current amount of space available.
* - Cookies: 4K
Solution
From a once over:
-
This is the most readable nested ternary I ever saw
You could consider this
-
Considering the craftyness of your other code I was surprised to find this:
consider
-
If your switch equals the exact function name like here:
You can just simply access the function dynamically
- Yay, GPL! I love GPL, note that by posting your code here anybody can use this now as not-GPL
-
This is the most readable nested ternary I ever saw
init: function(opts) {
opts.passphrase = (opts.encrypt && opts.passphrase) ?
opts.passphrase : (opts.encrypt && !opts.passphrase) ?
crypto.key(opts) : false;
}You could consider this
init: function(opts) {
opts.passphrase = opts.encrypt ? (opts.passphrase || crypto.key(opts)) : false;
}-
Considering the craftyness of your other code I was surprised to find this:
if (total <= 0) {
return false;
}
return true;consider
return !(total 0;-
If your switch equals the exact function name like here:
switch (opts.storage) {
case 'cookie':
ret = this.cookie.set(opts);
break;
case 'local':
ret = this.local.set(opts);
break;
case 'session':
ret = this.session.set(opts);
break;
default:
ret = this.local.set(opts);
break;
}You can just simply access the function dynamically
ret = this[opt.storage] ? this[opt.storage].set(opts) : this.local.set(opts);var i, x, y, z = document.cookie.split(";");
- To name a a machine identifier
uidis not ideal, usuallyuidis reserved for unique record id's
- I did not review any of the cryptographic code, but at least you depend on a third party library, that is 90% of the work
Code Snippets
init: function(opts) {
opts.passphrase = (opts.encrypt && opts.passphrase) ?
opts.passphrase : (opts.encrypt && !opts.passphrase) ?
crypto.key(opts) : false;
}init: function(opts) {
opts.passphrase = opts.encrypt ? (opts.passphrase || crypto.key(opts)) : false;
}if (total <= 0) {
return false;
}
return true;return !(total <= 0); //Or..
return total > 0;switch (opts.storage) {
case 'cookie':
ret = this.cookie.set(opts);
break;
case 'local':
ret = this.local.set(opts);
break;
case 'session':
ret = this.session.set(opts);
break;
default:
ret = this.local.set(opts);
break;
}Context
StackExchange Code Review Q#69850, answer score: 2
Revisions (0)
No revisions yet.