0.0.2 • Published 6 years ago

secure-them-codes v0.0.2

Weekly downloads
3
License
MIT
Repository
github
Last release
6 years ago

Secure Them Codes!

This is a library / utility for securely downloading larger JS files in a totally distributed fashion. Provided everything you need for your app is in the JS file downloaded, you should never have to change your frontend. It integrates with Ethereum (or any similar network) and will retrive a reference to the latest version, securely download that file, then load that dynamically into the browser. It is not as fast as directly loading JS from a webserver, but it is more secure.

Overview

The idea is simple enough:

  • Have some network like Ethereum
  • Load a smart contract on it that allows you to serve an up to date reference to your latest code
  • Have a network like IPFS where you can reference content via hash (note: bittorrent could work here too)
  • Deploy your code by first ensuring it's available on IPFS, then record the hash in your smart contract

It's easy enough to add streams (like 'beta', 'nightly', etc) and automate this process.

From a user's perspective they load the minimum to

  • display some nice loading screen
  • securely fetch the code via Etheruem and IPFS (using multiple public nodes)

Usage

const stc = require('secure-them-codes');
stc(loadingHtml, loader);

What's a Loader Object?

Loader Objects conform to one of the following:

  • { loader: "ens-ipfs", ref: "code.secvote.eth", extra: "<STREAM>" } (TODO) Use ENS (Ethereum Name Service) and IPFS, starting with the provided ENS name and presuming it points to a StcReleases.sol contract. <STREAM> can be the name of a release stream, or a particular hash.
  • { loader: "ipfs", ref "<MULTIHASH>" } (TODO) Just load straight from the provided multihash (or CID).
  • { loader "ens-mango", ref: "code.secvote.eth", extra: "<BRANCH>" } (TODO) Use ENS and mango (git via ethereum / IPFS). <BRANCH> can be a branch name or release or even a particular hash.
  • { loader "custom", ref: <LOADER_OBJECT>, extra: <ANYTHING YOU LIKE> } (TODO)

Note: the extra param is always optional - each .

Loader Objects

Loader objects should look like:

{
    toString: () => String,
    runDefault: () => Uint8Array,
    runWExtra: (e: ExtraDataType) => Uint8Array
}

The binary produced by runDefault or runWExtra will be injected into the page.

Planned features:

  • Add your own data-source layers (e.g. replace Ethereum, or replace IPFS individually)
securebootstrapcodedeploymentdistribution
@infinitebrahmanuniverse/nolb-sec@everything-registry/sub-chunk-2726
0.0.2

6 years ago

0.0.1

6 years ago