Page MenuHomePhabricator

[web] Add a library for generating secure random strings
AbandonedPublic

Authored by inka on Jul 27 2022, 7:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Nov 5, 11:32 AM
Unknown Object (File)
Tue, Nov 5, 11:20 AM
Unknown Object (File)
Tue, Nov 5, 11:04 AM
Unknown Object (File)
Wed, Oct 16, 1:02 AM
Unknown Object (File)
Sep 27 2024, 1:29 AM
Unknown Object (File)
Sep 27 2024, 1:28 AM
Unknown Object (File)
Sep 27 2024, 1:20 AM
Unknown Object (File)
Aug 27 2024, 11:50 AM

Details

Reviewers
tomek
ashoat
Summary

Add a library for generating secure random strings on web, so we can use it for creating unique
device ID.
The library: https://www.npmjs.com/package/crypto-random-string / https://classic.yarnpkg.com/en/package/crypto-random-string
Linear issue: https://linear.app/comm/issue/ENG-1279/initialize-deviceid-on-clients

Test Plan

Check that everything still compiles.

Diff Detail

Repository
rCOMM Comm
Branch
inka/add_library
Lint
No Lint Coverage
Unit
No Test Coverage

Event Timeline

inka requested review of this revision.Jul 27 2022, 7:21 AM
ashoat requested changes to this revision.Jul 27 2022, 9:12 AM

Seems good!! Two quick questions:

  1. In the docs, crypto.randomBytes is mentioned, which is a function in the Node.js API that is not in the browser API. How does crypto-random-string get access to the crypto module on web? I'm wondering if it's being "polyfilled".
  2. Related to the above, what is the "bundle size" impact of crypto-random-string? You can run cd web && yarn prod before and after this change and see how much larger the resultant .cjs file is. The reason I ask is that I'm worried that if this library is "polyfilling" the whole crypto module from Node.js, it may have a large impact on the bundle size.
This revision now requires changes to proceed.Jul 27 2022, 9:12 AM