https://github.com/commenthol/secure-identifier
secure identifier for usernames
https://github.com/commenthol/secure-identifier
identifier mechanism rfc-2142 secure security tr39 unicode username
Last synced: about 1 month ago
JSON representation
secure identifier for usernames
- Host: GitHub
- URL: https://github.com/commenthol/secure-identifier
- Owner: commenthol
- License: mit
- Created: 2018-02-17T13:25:40.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2021-01-15T14:59:20.000Z (over 5 years ago)
- Last Synced: 2026-03-27T19:11:54.510Z (3 months ago)
- Topics: identifier, mechanism, rfc-2142, secure, security, tr39, unicode, username
- Language: JavaScript
- Homepage:
- Size: 64.5 KB
- Stars: 1
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
Awesome Lists containing this project
README
# secure-identifier
> secure identifier for usernames
[](https://www.npmjs.com/package/secure-identifier/)
[](https://travis-ci.org/commenthol/secure-identifier)
Generates a unique and secure identifier for usernames, login-IDs, public-IDs and accounts by:
1. Normalizing confusable chars from [Unicode Security Mechanisms TR39][]
2. Perform case-folding according to [5.18 Case Mappings - Unicode 10.0](http://www.unicode.org/versions/Unicode10.0.0/ch05.pdf)
3. Check for allowed symbols in accordance with [Unicode Security Mechanisms TR39][]
4. Check length of input - default is (min: 2 chars, max: 60 chars)
5. Check the sanitized string against a list of reserved words
6. Only if all checks pass, the secured identifier is returned
This secure identifier shall be stored alongside the username/ loginId to ensure uniqueness amongst the whole set.
## Further reading...
For the complexity of a valid usernames I recommend [Letβs talk about usernames][] which also inspired me for this project.
To read about where to use such identifier check [The Tripartite Identity Pattern][].
## Usage
For use in your project:
```
npm i -S secure-identifier
```
Then:
```js
const {secureIdentifier} = require('secure-identifier')
const username = '\u{1D5A2}\u{1D5C2}\u{1D5CB}\u{1D5BC}\u{1D5C5}\u{1D5BE}'
//> π’πππΌπ
πΎ - looks like Circle but isn`t
const secure = secureIdentifier(username)
//> secure === 'circle'
```
## API
Apart from the simple `secureIdentifier` you can use `Identifier` for mor advanced use-cases.
```js
const {Identifier} = require('secure-identifier')
const username = ' Πα―ππΠ΅'
const opts = {minLength: 3, maxLength: 20}
const ident = new Identifier(username, opts)
ident.confusables().trim()
//> 'Abuse'
.caseFolding()
//> 'abuse'
ident.status() // get list of offending chars
//> []
ident.isReserved() // 'abuse' is in the list of reserved names
//> true
ident.isValid()
//> false
ident.isMinLength() // check for minLength >= 3
//> true
ident.isMaxLength() // check for maxLength <= 20
//> true
ident.toString() // get current string
//> 'abuse'
ident.valid() // get valid string
//> undefined
```
Please check out `./src/Identifier.js` and `./src/IdentifierBase.js` for further methods.
It is also possible to use your own list of reserved words. See `./test/Identifier.spec.js`
## License
[MIT licensed](./LICENSE.md)
## References
- [Unicode Security Mechanisms TR39][]
- [Letβs talk about usernames][]
- [The Tripartite Identity Pattern][]
- [JavaScript has a Unicode problem][]
Reserved-names-lists are from:
- https://ldpreload.com/blog/names-to-reserve
- https://zimbatm.github.io/hostnames-and-usernames-to-reserve/ (CC0)
- http://blog.postbit.com/reserved-username-list.html
- http://www.bannedwordlist.com/lists/swearWords.txt (Free)
[Unicode Security Mechanisms TR39]: https://www.unicode.org/reports/tr39/
[Letβs talk about usernames]: https://www.b-list.org/weblog/2018/feb/11/usernames/
[The Tripartite Identity Pattern]: http://habitatchronicles.com/2008/10/the-tripartite-identity-pattern/
[JavaScript has a Unicode problem]: https://mathiasbynens.be/notes/javascript-unicode