staticrypt icon indicating copy to clipboard operation
staticrypt copied to clipboard
verified publisher icon robinmoisson

[Feature]: Add JS API for leveraging staticrypt in code

Open bmcminn opened this issue 1 year ago • 2 comments

I have a plugin based static site generator that I would like to be able to staticrypt with.

It currently uses top-down render pipeline via a series of callbacks similar to Grunt.js, and it would be excellent if there was a JS API I could leverage in my codebase to generate the encrypted artifact.

I have a workaround in mind where I can write a plugin to write the contents to the output path and then encrypt the resulting output document on disk.

Having briefly looked at the codebase, I'm not sure where to start with a PR on this functionality, but I am curious if this is something y'all have considered or roadmapped?

bmcminn avatar Mar 14 '24 21:03 bmcminn

Interesting! So basically the idea would be to be able to have a

import passwordProtect from 'staticrypt';

const passwordProtectedHtml = passwordProtect(plainTextHtml);

// write on disk, do whatever

Something like that?

A couple of places that can be used for inspiration are the index_template.html, which shows how to encrypt a file in-browser, or you can check-out how the encodeWithHashedPassword function from the codec.js file is used (with the await cryptoEngine.hashPassword(password, salt)).

As I'm writing this I'm realizing it might just be a matter of doing something like

const hashedPassword = await cryptoEngine.hashPassword(password, salt);
const passwordProtectedHtml = await codec.init(cryptoEngine).encodeWithHashedPassword(plainTextHtml, hashedPassword);

I guess there could be a wrapper with a simpler API if needed.

One footgun here is on the salt - the remember-me feature (or auto-decrypt link) is dependent on the salt staying constant if you encrypt the file multiple times. That's why staticrypt generates a .staticrypt.json config file with just the salt by default (see more here).

robinmoisson avatar Apr 17 '24 16:04 robinmoisson

That points me in the right direction at least :)

I think this project needs more documented samples like this where the functionality I'm looking for technically exists, but it isn't surfaced very well in the existing documentation, and the gotchas (like the salt in .staticrypt.json) are noted but no remedies or boilerplate are suggested.

I would def be inclined to tinker with your suggestions and formulate some cookbook style snippets to accomplish my goals and submit them back to the project README.md :)

bmcminn avatar Apr 17 '24 17:04 bmcminn