File: twitter-streaming/node_modules/ntwitter/node_modules/keygrip/package.json

Recommend this page to a friend!
  Classes of Igor Escobar   Terminal Crossword   twitter-streaming/node_modules/ntwitter/node_modules/keygrip/package.json   Download  
File: twitter-streaming/node_modules/ntwitter/node_modules/keygrip/package.json
Role: Example script
Content type: text/plain
Description: Example script
Class: Terminal Crossword
Generate a crosswords board on a text console
Author: By
Last change:
Date: 2 years ago
Size: 4,456 bytes
 

Contents

Class file image Download
{ "name": "keygrip", "version": "0.2.2", "description": "Key signing and verification for rotated credentials", "scripts": { "install": "node ./install.js" }, "repository": { "type": "git", "url": "git://github.com/jed/keygrip.git" }, "dependencies": {}, "devDependencies": {}, "engines": { "node": "*" }, "readme": "Keygrip\n=======\n\n[![Build Status](https://secure.travis-ci.org/jed/keygrip.png)](http://travis-ci.org/jed/keygrip)\n\nKeygrip is a [node.js](http://nodejs.org/) module for signing and verifying data (such as cookies or URLs) through a rotating credential system, in which new server keys can be added and old ones removed regularly, without invalidating client credentials.\n\n## Install\n\n $ npm install keygrip\n \n## API\n\n### keys = new Keygrip([ keylist ])\n\nThis creates a new Keygrip based on the provided keylist, an array of secret keys used for SHA1 HMAC digests. If no list is given, or the list is empty, Keygrip uses the default key created during `npm` installation, and will issue a warning to the console.\n\nNote that the `new` operator is also optional, so all of the following will work when `Keygrip = require( \"keygrip\" )`:\n\n```javascript\nkeys = new Keygrip\nkeys = new Keygrip([ \"SEKRIT2\", \"SEKRIT1\" ])\nkeys = Keygrip()\nkeys = Keygrip([ \"SEKRIT2\", \"SEKRIT1\" ])\nkeys = require( \"keygrip\" )()\n```\n \nThe keylist is an array of all valid keys for signing, in descending order of freshness; new keys should be `unshift`ed into the array and old keys should be `pop`ped.\n\nThe tradeoff here is that adding more keys to the keylist allows for more granular freshness for key validation, at the cost of a more expensive worst-case scenario for old or invalid hashes.\n\nKeygrip keeps a reference to this array to automatically reflect any changes. This reference is stored using a closure to prevent external access.\n\n### keys.sign( data )\n\nThis creates a SHA1 HMAC based on the _first_ key in the keylist, and outputs it as a 27-byte url-safe base64 digest (base64 without padding, replacing `+` with `-` and `/` with `_`).\n\n### keys.index( data, digest )\n\nThis loops through all of the keys currently in the keylist until the digest of the current key matches the given digest, at which point the current index is returned. If no key is matched, `-1` is returned.\n\nThe idea is that if the index returned is greater than `0`, the data should be re-signed to prevent premature credential invalidation, and enable better performance for subsequent challenges.\n\n### keys.verify( data, digest )\n\nThis uses `index` to return `true` if the digest matches any existing keys, and `false` otherwise.\n\n## Example\n\n```javascript\n// ./test.js\nvar assert = require( \"assert\" )\n , Keygrip = require( \"keygrip\" )\n , keylist, keys, hash, index\n\n// keygrip takes an array of keys, but if none exist,\n// it uses the defaults created during npm installation.\n// (but it'll will warn you)\nconsole.log( \"Ignore this message:\" )\nkeys = new Keygrip( /* empty list */ )\n\n// .sign returns the hash for the first key\n// all hashes are SHA1 HMACs in url-safe base64\nhash = keys.sign( \"bieberschnitzel\" )\nassert.ok( /^[\\w\\-]{27}$/.test( hash ) )\n\n// but we're going to use our list.\n// (note that the 'new' operator is optional)\nkeylist = [ \"SEKRIT3\", \"SEKRIT2\", \"SEKRIT1\" ]\nkeys = Keygrip( keylist )\nhash = keys.sign( \"bieberschnitzel\" )\n\n// .index returns the index of the first matching key\nindex = keys.index( \"bieberschnitzel\", hash )\nassert.equal( index, 0 )\n\n// .verify returns the a boolean indicating a matched key\nmatched = keys.verify( \"bieberschnitzel\", hash )\nassert.ok( matched )\n\nindex = keys.index( \"bieberschnitzel\", \"o_O\" )\nassert.equal( index, -1 )\n\n// rotate a new key in, and an old key out\nkeylist.unshift( \"SEKRIT4\" )\nkeylist.pop()\n\n// if index > 0, it's time to re-sign\nindex = keys.index( \"bieberschnitzel\", hash )\nassert.equal( index, 1 )\nhash = keys.sign( \"bieberschnitzel\" ) \n```\n\n## TODO\n\n* Write a library for URL signing\n\nCopyright\n---------\n\nCopyright (c) 2012 Jed Schmidt. See LICENSE.txt for details.\n\nSend any questions or comments [here](http://twitter.com/jedschmidt).", "readmeFilename": "README.md", "_id": "keygrip@0.2.2", "dist": { "shasum": "779d9ce10919fb2880f9713205a84819005d3caa" }, "_from": "keygrip@0.2.x" }