webcrypto implementation#933
Draft
rm-hull wants to merge 18 commits into
Draft
Conversation
This commit replaces the custom `useLocalStorage` implementation
with the `@rm-hull/use-local-storage` package.
This migration allows for better management of serialization logic
directly within the hook implementation.
Key changes:
* The `useGeneralSettings` hook now returns an object
`{ settings, updateSettings }` instead of an array.
* The `useOtpParameters` hook utilizes the library's `Serializer`
interface to handle password-based encryption and decryption
of stored OTP data.
* Components consuming these hooks have been updated to use
object destructuring instead of array destructuring.
Ensures that if `CryptoJS.AES.decrypt` fails (e.g., due to a bad password), we throw an explicit error message rather than relying on subsequent JSON parsing failure.
Exposes the `isLoading` status from `useLocalStorage` via `useOtpParameters` to allow consumer components to handle initial data hydration states properly. Also integrates the global `Toaster` component for displaying notifications across the application.
Extract `Encrypter` logic into `CryptoJsSerializer` to clean up the `useOtpParameters` hook. This commit also introduces the `WebCryptoSerializer` utility which provides functions to decrypt data originally encrypted by CryptoJS using the browser's native `window.crypto` methods (AES-CBC + EVP_BytesToKey derivation). This prepares the codebase for potentially migrating away from `crypto-js`.
…storage * 'main' of github.com:rm-hull/zaup2: refactor: Improve alert structure and data flow (#931)
Introduces robust error handling for data retrieval and decryption:
* Displays an error toast notification if the OTP data fails to load
in the UI (`Group.tsx`).
* Catches decryption/parsing failures in `CryptoJsSerializer` and
throws an error that includes the original exception as the cause,
improving debugging capabilities.
Refactors the `WebCryptoSerializer` to track password verification status. - Serialization is blocked if the password previously failed decryption checks. - Decryption failures now set the internal bad password state and throw a richer error. Also, removed local error handling (toasting) in `<Group />` component to ensure data loading errors are propagated via `throw error;` for centralized error boundary management.
Pull Request Test Coverage Report for Build 19556472648Details
💛 - Coveralls |
Replaces the usage of `CryptoJsSerializer` with the `WebCryptoSerializer` within `useOtpParameters`. This switches serialization logic to use the browser's native Web Crypto API instead of the external CryptoJS library.
* 'main' of github.com:rm-hull/zaup2: chore: update yarn
Refactors the `evpBytesToKey` function in the WebCrypto serializer to use synchronous MD5 hashing via CryptoJS internally. This ensures key and IV derivation is identical to the standard OpenSSL EVP_BytesToKey derivation used by CryptoJS, guaranteeing full compatibility between both serializer implementations. Adds comprehensive compatibility tests to verify bidirectional serialization and deserialization between the two serializers. The testing workflow is updated: * `test` now runs tests once (`vitest run`). * `test:watch` is introduced for watch mode (`vitest`).
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.