0.0.5 • Published 4 years ago

url-encrypt v0.0.5

Weekly downloads
8
License
ISC
Repository
github
Last release
4 years ago

url-encrypt

URL encrypting and verifying
Used to encrypt and verify URLs using OAuth signature encryption standards, for authentication purposes between services.

Install

$ npm install url-encrypt --save

Initialize

Creation of encryptor with secret Key

const urlEncrypt = require('url-encrypt');

const encryptor = urlEncrypt({ /* secretKey: .. .. another options */});

Encryption

const url = encryptor.encrypt('https://example.com/posts?postId=15');

// The above result will be something like this
// https://example.com/posts?postId=15&prfx_nonce=...
// &prfx_timestamp=15..&prfx_method=sha256&prfx_signature=...

As a result, security settings, such as an encrypted signature, will be added to the URL.

Verification

Then verifying an URL using the same configuration and the secret key

encryptor.verify('https://example.co....')
// returns true or false

Expiration

Each encryption has its own expiration date after an outflow of expiration date - URL verification will turn into failure. The default expired date is 15 minutes, but it's configurable.

// Setting up expired time 1 hour
urlEncrypt({secretKey: 'some-secret-key', expiredAfterSeconds: 3600 });

Config

There is a way to change the configuration after initialization:

const encryptor = require('url-encrypt')();

encryptor.config({secretKey: 'some-secret-key'});

Parameters

All encryption options are described below. 

encryptor.config({
    /*
     * default secret is empty string
     */
    secretKey: 'some-secret-key',

    /*
    * query parameters prefixes (default is "es1_")
    * This can be useful to avoid matching the given URL parameters 
    * with the package additional query parameters.
    */
    prefix: 'psx_',

    /*
     * Expiration date after given seconds 
     * default is 900 seconds = 15 minutes
     */
    expiredAfterSeconds: 900,

    /*
     * Signature encoding algorithm
     * default is sha256
     * more info about supported algorithms could be found here: 
     * https://nodejs.org/api/crypto.html
     */
    algorithm: 'sha256',

    /*
    * This parameter describes time control between separated systems, using different machines.
    * for example, the time of one server may be later than the time of another server 
    * In this case, you can adjust the differences by this parameter
    */
    oversight: 30
});
url-encryptsignatureurlencodeencryptoauthauthenticationverifyvalidate
@everything-registry/sub-chunk-3023@infinitebrahmanuniverse/nolb-url
0.0.5

4 years ago

0.0.4

4 years ago

0.0.3

4 years ago