feat: add crypto-js and nanoid , add add crypto demo page #4835
Conversation
|
WalkthroughThe pull request introduces a new cryptographic module to the project, enhancing the build configuration and package exports. It adds a Changes
Possibly related PRs
Suggested labels
Suggested reviewers
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? 🪧 TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (Invoked using PR comments)
Other keywords and placeholders
CodeRabbit Configuration File (
|
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 11
🧹 Outside diff range and nitpick comments (9)
packages/utils/src/index.ts (1)
4-4: Consider documenting the newly exposed crypto functionality.Since this export exposes cryptographic capabilities throughout the application, it would be beneficial to add a comment explaining the available crypto features and their intended usage.
Add a descriptive comment above the export:
+// Re-export cryptographic utilities (encryption, decryption, hashing) from shared module export * from '@vben-core/shared/crypto';packages/@core/base/shared/build.config.ts (1)
13-13: Consider crypto implementation security guidelines.Since you're introducing cryptographic functionality, ensure the implementation follows these security best practices:
- Use strong encryption algorithms and appropriate key sizes
- Implement proper key management
- Handle encryption errors securely
- Avoid exposing sensitive data in error messages
- Consider adding security-focused tests
Would you like me to help create a security checklist or generate security-focused test cases for the crypto module?
packages/@core/base/shared/src/utils/__tests__/nanoid.test.ts (2)
6-12: Clean up test case and improve assertions
- Remove commented out code (lines 8-9)
- Use a more descriptive variable name than
_nanoid- Consider adding a more specific length assertion
it('create uuid', () => { - const _nanoid = nanoid(); - // console.log('uuid:', _nanoid); - // expect(!!_nanoid).toBe(true); - expect(typeof _nanoid).toBe('string'); - expect(_nanoid.length).toBeGreaterThan(0); + const generatedId = nanoid(); + expect(typeof generatedId).toBe('string'); + expect(generatedId.length).toBe(21); // nanoid default length });
13-21: Consider optimizing the uniqueness testThe test effectively verifies uniqueness, but consider these improvements:
- Make the test name more specific (e.g., "should generate 1000 unique ids without collisions")
- Consider reducing the iteration count to improve test performance
- Add a performance boundary using
performance.now()- it('should generate unique ids', () => { + it('should generate 1000 unique ids without collisions', () => { + const start = performance.now(); const ids = new Set(); for (let i = 0; i < 1000; i++) { const id = nanoid(); expect(ids.has(id)).toBe(false); ids.add(id); } + const end = performance.now(); + expect(end - start).toBeLessThan(100); // Should complete within 100ms });packages/@core/base/shared/src/crypto/index.ts (3)
1-3: Consider limiting the CryptoJS export scope.Re-exporting the entire CryptoJS library exposes unnecessary cryptographic primitives that might not be needed by consumers. Consider exporting only the specific components required for the implementation.
-import CryptoJS from 'crypto-js'; +import { AES, enc } from 'crypto-js'; -export { CryptoJS }; +export { AES, enc };
4-5: Add documentation for the security constant.The minimum secret length constant should include documentation explaining its security implications and requirements.
-const MIN_SECRET_LENGTH = 32; +/** Minimum length for encryption key to ensure adequate security strength for AES encryption */ +const MIN_SECRET_LENGTH = 32;
1-33: Consider architectural improvements for better security and maintainability.
- Separate Concerns:
- Split JSON serialization/deserialization into a separate layer
- Create distinct classes for different encryption algorithms
- Add Security Features:
- Implement key rotation mechanism
- Add versioning for encrypted data format
- Consider adding integrity checks (HMAC)
- Error Handling:
- Create custom error types for different failure scenarios
- Add logging for security events
Would you like me to provide a detailed implementation for any of these suggestions?
pnpm-workspace.yaml (1)
182-184: Dependencies look good but consider maintaining alphabetical order.The added dependencies are appropriate for the crypto features being implemented. However, to maintain consistency with the rest of the file, consider moving them to their alphabetically correct positions:
@types/crypto-jsshould go after@types/archivercrypto-jsshould go aftercross-envnanoidshould go afternaive-uiplayground/src/views/demos/features/crypto/index.vue (1)
47-66: Add error handling to decryption and optimize watch effect.The current implementation has two issues:
- Missing error handling in the decryption computed property
- Watch effect might trigger unnecessary re-encryptions
Consider these improvements:
const parseTextComputed = computed(() => { + if (!needDecryptTextRef.value) return ''; + + try { const value = encryModeRef.value === 'aes' ? aesDecryptFn(needDecryptTextRef.value, secretKeyRef.value) : desDecryptFn(needDecryptTextRef.value, secretKeyRef.value); return value; + } catch (error) { + showError(`Decryption failed: ${error.message}`); + return 'Decryption failed'; + } }); watch( [ () => targetInputTextRef.value, () => secretKeyRef.value, () => encryModeRef.value, ], () => { - doAesEncryptFn(); + // Debounce encryption to avoid unnecessary operations + if (debouncedEncrypt.value) { + clearTimeout(debouncedEncrypt.value); + } + debouncedEncrypt.value = setTimeout(() => { + performEncryption(); + }, 300); }, { immediate: true, }, );
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
⛔ Files ignored due to path filters (1)
pnpm-lock.yamlis excluded by!**/pnpm-lock.yaml
📒 Files selected for processing (11)
packages/@core/base/shared/build.config.ts(1 hunks)packages/@core/base/shared/package.json(3 hunks)packages/@core/base/shared/src/crypto/index.ts(1 hunks)packages/@core/base/shared/src/utils/__tests__/nanoid.test.ts(1 hunks)packages/@core/base/shared/src/utils/index.ts(1 hunks)packages/@core/base/shared/src/utils/nanoid.ts(1 hunks)packages/utils/src/index.ts(1 hunks)playground/src/router/routes/modules/demos.ts(1 hunks)playground/src/views/demos/features/crypto/index.vue(1 hunks)playground/src/views/demos/features/crypto/inner/CryptoHooks.ts(1 hunks)pnpm-workspace.yaml(1 hunks)
✅ Files skipped from review due to trivial changes (2)
- packages/@core/base/shared/src/utils/index.ts
- packages/@core/base/shared/src/utils/nanoid.ts
🔇 Additional comments (11)
packages/utils/src/index.ts (1)
4-4: LGTM! Verify the crypto module.
The export statement is correctly placed and follows the existing pattern.
Let's verify the existence and structure of the crypto module:
✅ Verification successful
Export statement is correctly importing an existing crypto module
The crypto module exists at packages/@core/base/shared/src/crypto/index.ts and exports:
- The
CryptoJSlibrary - A
Cryptoclass that provides encryption/decryption functionality with proper secret length validation
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Verify the crypto module exists and check its exports
# Expected: Find the crypto module and its exported members
# Check if the crypto module exists
fd -t f "index.ts" -p "@vben-core/shared/crypto"
# Check the exports from the crypto module
ast-grep --pattern 'export $$$' packages/@core/base/shared/src/crypto/index.ts
Length of output: 239
Script:
#!/bin/bash
# Let's try a different approach to locate the crypto module and its contents
# First, let's find any files with "crypto" in their path
fd crypto
# Then, let's search for any imports of the crypto module to verify its usage
rg -l "@vben-core/shared/crypto"
# Additionally, search for any crypto-related exports
rg "export.*crypto" -g "*.ts"
Length of output: 321
Script:
#!/bin/bash
# Let's check the contents of the crypto directory we found
cat packages/@core/base/shared/src/crypto/index.ts
# Also check if there are any other files in the crypto directory
ls -la packages/@core/base/shared/src/crypto/
Length of output: 1157
packages/@core/base/shared/build.config.ts (1)
13-13: LGTM! Verifying module structure.
The addition of the crypto module entry point follows the existing pattern in the build configuration.
Let's verify the module structure and exports:
✅ Verification successful
Module structure verified and follows project conventions ✅
The crypto module is properly structured and follows the project's conventions:
- Located at the correct path with
index.ts - Follows the same module organization as other modules (cache, color, constants, utils)
- Exports both
CryptoJSand aCryptoclass as expected
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Verify the crypto module structure and exports
# Check if the crypto module exists
echo "Checking crypto module existence..."
fd "index.ts" "src/crypto"
# Check exports pattern
echo "Checking export pattern..."
rg "export.*Crypto" "src/crypto"
# Check consistent naming with other modules
echo "Checking module structure consistency..."
fd "index.ts" "src" --max-depth 2
Length of output: 564
Script:
#!/bin/bash
# Let's verify from the repository root with correct paths
# Check if the crypto module exists
echo "Checking crypto module existence..."
fd "index.ts" "packages/@core/base/shared/src/crypto"
# Check exports pattern
echo "Checking export pattern..."
rg "export.*Crypto" "packages/@core/base/shared/src"
# Check consistent naming with other modules
echo "Checking module structure consistency..."
fd "index.ts" "packages/@core/base/shared/src" --max-depth 2
# Check if the directory exists
echo "Checking directory structure..."
ls -la packages/@core/base/shared/src/crypto 2>/dev/null || echo "Crypto directory not found"
Length of output: 1121
packages/@core/base/shared/src/utils/__tests__/nanoid.test.ts (2)
1-4: LGTM!
The import statements are clean and properly organized.
5-21: Consider adding more test coverage
The current test suite covers basic functionality, but consider adding these test cases:
- Custom configurations (if supported by the implementation):
- Custom alphabet
- Custom length
- Error handling scenarios
playground/src/views/demos/features/crypto/inner/CryptoHooks.ts (2)
1-14: LGTM! Well-structured type definitions for hash algorithms.
The HashAlgorithm type definition is comprehensive and follows TypeScript naming conventions.
1-61: Verify the security impact of this crypto implementation.
Let's verify how these crypto functions are being used in the application to assess the security impact.
✅ Verification successful
Let me gather more context about how these functions are actually used in the application.
Let me try one final search to find any usage of these crypto functions in the codebase.
Let me check the content of the demo component to understand the usage context.
No security concerns - Demo/Educational Implementation Only
Based on the verification, this crypto implementation is used exclusively in a demo/educational component (playground/src/views/demos/features/crypto/index.vue). The code is:
- Located in a
playground/demos/featuresdirectory - Used only for demonstrating crypto functions in a UI
- Not integrated with any authentication, password handling, or security-critical paths
- Contains sample implementations with hardcoded test values
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for usage of these crypto functions
echo "Searching for crypto function usage..."
rg -l "aesEncryptFn|aesDecryptFn|desEncryptFn|desDecryptFn|hashingFn" --type ts
# Check if used in any security-critical paths
echo "Checking for security-critical usage..."
rg -l "password|secret|token|credential|auth" --type ts | xargs rg "aesEncryptFn|aesDecryptFn|desEncryptFn|desDecryptFn|hashingFn" || true
Length of output: 1129
Script:
#!/bin/bash
# Check the demo/feature implementation to understand usage context
echo "Checking parent directory for implementation details..."
rg -A 10 "import.*CryptoHooks" --type ts
# Look for actual component usage
echo "Looking for component implementations..."
fd -e vue -e tsx "Crypto" | xargs cat
Length of output: 292
Script:
#!/bin/bash
# Search for imports of CryptoHooks.ts
echo "Searching for imports..."
rg "from.*crypto.*CryptoHooks" --type ts --type vue --type tsx
# Look for the demo component
echo "Looking for demo component..."
fd -t f -e ts -e vue -e tsx . playground/src/views/demos/features/crypto/
Length of output: 413
Script:
#!/bin/bash
# Check the content of the demo component
echo "Content of crypto demo component:"
cat playground/src/views/demos/features/crypto/index.vue
Length of output: 7079
packages/@core/base/shared/package.json (3)
51-55: LGTM: Export configuration follows established patterns
The new crypto module export configuration maintains consistency with existing export patterns, properly defining types, development, and production paths.
Also applies to: 83-86
106-106: LGTM: Type definitions properly added
The addition of @types/crypto-js as a dev dependency correctly complements the runtime crypto-js dependency.
96-96: Verify version pinning for security-critical dependencies
While crypto-js and nanoid are appropriate choices, using floating versions ("catalog:") for security-critical dependencies could pose risks. Consider pinning specific versions to prevent supply chain attacks.
Also applies to: 100-100
pnpm-workspace.yaml (1)
182-184: Verify security of cryptographic dependencies.
The versions chosen for the cryptographic libraries are recent:
crypto-js@4.2.0nanoid@5.0.8
Let's verify there are no known vulnerabilities.
✅ Verification successful
Dependencies are secure and properly implemented
The cryptographic dependencies have been verified:
- Both packages are actively maintained with recent updates (crypto-js@4.2.0 from Oct 2023, nanoid@5.0.8 from Oct 2024)
- The crypto-js implementation follows security best practices:
- Enforces minimum secret length of 32 characters
- Uses AES encryption with proper string encoding
- Handles errors gracefully
- Nanoid is used only for ID generation with proper implementation and testing
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Description: Check for known vulnerabilities in the added dependencies
# Note: Using npm audit as it has a comprehensive security database
echo "Checking crypto-js@4.2.0..."
npm view crypto-js@4.2.0 bugs
echo "Checking nanoid@5.0.8..."
npm view nanoid@5.0.8 bugs
Length of output: 491
Script:
#!/bin/bash
# Let's check for any security advisories using npm audit
echo "Checking for vulnerabilities in crypto-js@4.2.0..."
npm audit crypto-js@4.2.0
echo "Checking for vulnerabilities in nanoid@5.0.8..."
npm audit nanoid@5.0.8
# Let's also check the usage of these libraries in the codebase
echo "Checking crypto-js usage patterns..."
rg -A 3 "crypto-js" --type ts --type js
echo "Checking nanoid usage patterns..."
rg -A 3 "nanoid" --type ts --type js
Length of output: 3306
Script:
#!/bin/bash
# Let's check the actual implementation to verify secure usage patterns
echo "Checking crypto implementation..."
cat packages/@core/base/shared/src/crypto/index.ts
# Let's also check if there are any security advisories in the npm registry
echo "Checking npm registry for crypto-js security info..."
npm view crypto-js@4.2.0 time
echo "Checking npm registry for nanoid security info..."
npm view nanoid@5.0.8 time
Length of output: 6227
playground/src/views/demos/features/crypto/index.vue (1)
1-21: LGTM! Well-structured imports with good separation of concerns.
The component follows best practices by:
- Using TypeScript with Vue 3 Composition API
- Properly organizing and aliasing Ant Design Vue imports
- Separating crypto logic into a dedicated hooks file
| constructor(secret: string) { | ||
| if (typeof secret === 'string' && secret.length < MIN_SECRET_LENGTH) { | ||
| throw new Error( | ||
| `Secret must be at least ${MIN_SECRET_LENGTH} characters long`, | ||
| ); | ||
| } | ||
| this.secret = secret; | ||
| } |
There was a problem hiding this comment.
Enhance secret key validation and handling.
The current implementation only validates the length of the secret. Consider these security improvements:
- Validate secret entropy/composition
- Use a key derivation function (KDF) to strengthen the secret
constructor(secret: string) {
if (typeof secret === 'string' && secret.length < MIN_SECRET_LENGTH) {
throw new Error(
`Secret must be at least ${MIN_SECRET_LENGTH} characters long`,
);
}
+ if (!/^(?=.*[a-z])(?=.*[A-Z])(?=.*\d)(?=.*[@$!%*?&])[A-Za-z\d@$!%*?&]+$/.test(secret)) {
+ throw new Error('Secret must contain uppercase, lowercase, numbers, and special characters');
+ }
- this.secret = secret;
+ // Derive a strong key using PBKDF2
+ this.secret = CryptoJS.PBKDF2(secret, 'salt', { keySize: 256/32 }).toString();
}Committable suggestion skipped: line range outside the PR's diff.
| encrypt(data: T): string { | ||
| const dataString = JSON.stringify(data); | ||
| const encrypted = CryptoJS.AES.encrypt(dataString, this.secret); | ||
| return encrypted.toString(); | ||
| } |
There was a problem hiding this comment.
Enhance encrypt method security.
The encryption implementation should be strengthened with:
- Input validation
- Proper IV handling
- Error handling
-encrypt(data: T): string {
+encrypt(data: T): string {
+ if (!data || typeof data !== 'object') {
+ throw new Error('Invalid data for encryption');
+ }
+
const dataString = JSON.stringify(data);
- const encrypted = CryptoJS.AES.encrypt(dataString, this.secret);
+ // Generate a random IV for each encryption
+ const iv = CryptoJS.lib.WordArray.random(16);
+ const encrypted = CryptoJS.AES.encrypt(dataString, this.secret, {
+ iv,
+ mode: CryptoJS.mode.CBC,
+ padding: CryptoJS.pad.Pkcs7
+ });
+
+ // Include IV in the output for decryption
+ return JSON.stringify({
+ iv: iv.toString(),
+ content: encrypted.toString()
+ });
- return encrypted.toString();
}Note: The decrypt method will need to be updated to handle the new encrypted data format that includes the IV.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| encrypt(data: T): string { | |
| const dataString = JSON.stringify(data); | |
| const encrypted = CryptoJS.AES.encrypt(dataString, this.secret); | |
| return encrypted.toString(); | |
| } | |
| encrypt(data: T): string { | |
| if (!data || typeof data !== 'object') { | |
| throw new Error('Invalid data for encryption'); | |
| } | |
| const dataString = JSON.stringify(data); | |
| // Generate a random IV for each encryption | |
| const iv = CryptoJS.lib.WordArray.random(16); | |
| const encrypted = CryptoJS.AES.encrypt(dataString, this.secret, { | |
| iv, | |
| mode: CryptoJS.mode.CBC, | |
| padding: CryptoJS.pad.Pkcs7 | |
| }); | |
| // Include IV in the output for decryption | |
| return JSON.stringify({ | |
| iv: iv.toString(), | |
| content: encrypted.toString() | |
| }); | |
| } |
| decrypt(encrypted: string) { | ||
| const decrypted = CryptoJS.AES.decrypt(encrypted, this.secret); | ||
| const dataString = decrypted.toString(CryptoJS.enc.Utf8); | ||
| try { | ||
| return JSON.parse(dataString) as T; | ||
| } catch { | ||
| // avoid parse error | ||
| return null; | ||
| } | ||
| } |
There was a problem hiding this comment.
Improve decrypt method security and error handling.
The current implementation has several security considerations:
- Missing input validation
- Silent failure could hide security issues
- No IV/salt handling for AES
-decrypt(encrypted: string) {
+decrypt(encrypted: string): T | null {
+ if (!encrypted || typeof encrypted !== 'string') {
+ throw new Error('Invalid encrypted data');
+ }
+
const decrypted = CryptoJS.AES.decrypt(encrypted, this.secret);
+ if (!decrypted) {
+ throw new Error('Decryption failed');
+ }
+
const dataString = decrypted.toString(CryptoJS.enc.Utf8);
try {
return JSON.parse(dataString) as T;
} catch {
- // avoid parse error
+ console.warn('Failed to parse decrypted data');
return null;
}
}📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| decrypt(encrypted: string) { | |
| const decrypted = CryptoJS.AES.decrypt(encrypted, this.secret); | |
| const dataString = decrypted.toString(CryptoJS.enc.Utf8); | |
| try { | |
| return JSON.parse(dataString) as T; | |
| } catch { | |
| // avoid parse error | |
| return null; | |
| } | |
| } | |
| decrypt(encrypted: string): T | null { | |
| if (!encrypted || typeof encrypted !== 'string') { | |
| throw new Error('Invalid encrypted data'); | |
| } | |
| const decrypted = CryptoJS.AES.decrypt(encrypted, this.secret); | |
| if (!decrypted) { | |
| throw new Error('Decryption failed'); | |
| } | |
| const dataString = decrypted.toString(CryptoJS.enc.Utf8); | |
| try { | |
| return JSON.parse(dataString) as T; | |
| } catch { | |
| console.warn('Failed to parse decrypted data'); | |
| return null; | |
| } | |
| } |
| export function desEncryptFn(inputMessage: string, secret: string) { | ||
| const encrypted = CryptoJS.DES.encrypt(inputMessage, secret).toString(); | ||
| return encrypted; | ||
| } | ||
| export function desDecryptFn(inputMessage: string, secret: string) { | ||
| const decrypted = CryptoJS.DES.decrypt(inputMessage, secret).toString( | ||
| CryptoJS.enc.Utf8, | ||
| ); | ||
| return decrypted; | ||
| } |
There was a problem hiding this comment.
Critical: Remove DES encryption as it's cryptographically broken.
DES is considered cryptographically broken and should not be used in modern applications. Remove these functions and use AES instead.
-export function desEncryptFn(inputMessage: string, secret: string) {
- const encrypted = CryptoJS.DES.encrypt(inputMessage, secret).toString();
- return encrypted;
-}
-export function desDecryptFn(inputMessage: string, secret: string) {
- const decrypted = CryptoJS.DES.decrypt(inputMessage, secret).toString(
- CryptoJS.enc.Utf8,
- );
- return decrypted;
-}Consider adding a more secure alternative like AES-256-GCM if authenticated encryption is needed.
📝 Committable suggestion
‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.
| export function desEncryptFn(inputMessage: string, secret: string) { | |
| const encrypted = CryptoJS.DES.encrypt(inputMessage, secret).toString(); | |
| return encrypted; | |
| } | |
| export function desDecryptFn(inputMessage: string, secret: string) { | |
| const decrypted = CryptoJS.DES.decrypt(inputMessage, secret).toString( | |
| CryptoJS.enc.Utf8, | |
| ); | |
| return decrypted; | |
| } |
| export function hashingFn(inputMessage: string, type: HashAlgorithm): string { | ||
| if (!inputMessage) { | ||
| throw new Error('Input message cannot be empty'); | ||
| } | ||
|
|
||
| const sha3Variants = { | ||
| SHA3224: 224, | ||
| SHA3256: 256, | ||
| SHA3384: 384, | ||
| SHA3512: 512, | ||
| }; | ||
|
|
||
| if (type.startsWith('SHA3')) { | ||
| return CryptoJS.SHA3(inputMessage, { | ||
| outputLength: sha3Variants[type as keyof typeof sha3Variants], | ||
| }).toString(); | ||
| } | ||
|
|
||
| const hashFunction = CryptoJS[type]; | ||
| if (!hashFunction) { | ||
| throw new Error(`Unsupported hash algorithm: ${type}`); | ||
| } | ||
|
|
||
| return hashFunction(inputMessage).toString(); | ||
| } |
There was a problem hiding this comment.
Security: Address cryptographic vulnerabilities and add input validation.
Several security concerns need to be addressed:
- MD5 and SHA1 are cryptographically broken and should not be used for security purposes.
- Missing input length validation could lead to DoS attacks.
- Error messages might leak implementation details.
Consider these improvements:
- Remove MD5 and SHA1 from the supported algorithms
- Add input length validation
- Use generic error messages
type HashAlgorithm =
- | 'MD5'
| 'RIPEMD160'
- | 'SHA1'
| 'SHA224'
// ... other secure algorithms
export function hashingFn(inputMessage: string, type: HashAlgorithm): string {
if (!inputMessage) {
- throw new Error('Input message cannot be empty');
+ throw new Error('Invalid input');
+ }
+
+ // Add input length validation
+ if (inputMessage.length > 1048576) { // 1MB limit
+ throw new Error('Invalid input');
}
// ... rest of the function
if (!hashFunction) {
- throw new Error(`Unsupported hash algorithm: ${type}`);
+ throw new Error('Invalid algorithm');
}Committable suggestion skipped: line range outside the PR's diff.
| <span :style="{ paddingRight: '10px' }">SHA256:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ hashingFn(targetInputTextRef, 'SHA256') }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">SHA512:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ hashingFn(targetInputTextRef, 'SHA512') }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </ACard> | ||
| </ACol> | ||
| <ACol :lg="12" :md="24" :sm="24" :xl="12" :xs="24"> | ||
| <ACard title="Ciphers"> | ||
| <div | ||
| class="px-10px box-border flex w-full flex-col overflow-x-hidden" | ||
| > | ||
| <div | ||
| class="box-border flex flex-row items-center justify-between pb-2" | ||
| > | ||
| <div class="flex-none">加密方式:</div> | ||
| <div class="flex-1 text-center"> | ||
| <ARadioGroup | ||
| v-model:value="encryModeRef" | ||
| button-style="solid" | ||
| size="small" | ||
| > | ||
| <ARadioButton value="aes">AES</ARadioButton> | ||
| <ARadioButton value="des">DES</ARadioButton> | ||
| </ARadioGroup> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div v-if="encryModeRef === 'aes'"> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">加密:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ aseEncryptTextRef }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div> | ||
| <div>解密:</div> | ||
| <div>要解密的文本</div> | ||
| <ATextarea | ||
| v-model:value="needDecryptTextRef" | ||
| placeholder="请输入要操作的字符串" | ||
| /> | ||
| <div>解密后的原文</div> | ||
| <ATextarea :value="parseTextComputed" readonly /> | ||
| </div> | ||
| </div> | ||
| <div v-else-if="encryModeRef === 'des'"> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">加密:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ aseEncryptTextRef }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div> | ||
| <div>解密:</div> | ||
| <div>要解密的文本</div> | ||
| <ATextarea | ||
| v-model:value="needDecryptTextRef" | ||
| placeholder="请输入要操作的字符串" | ||
| /> | ||
| <div>解密后的原文</div> | ||
| <ATextarea :value="parseTextComputed" readonly /> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </ACard> | ||
| </ACol> | ||
| </ARow> | ||
| </div> | ||
| </template> |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Reduce code duplication and add internationalization.
Issues to address:
- Duplicate code between AES and DES sections (lines 158-182 and 183-207)
- Hardcoded Chinese text should be internationalized
Extract the common cipher section into a reusable component:
<!-- CipherSection.vue -->
<template>
<div>
<div class="flex h-auto w-full flex-row justify-between overflow-hidden">
<div class="flex-none">
<span :style="{ paddingRight: '10px' }">{{ t('encryption') }}:</span>
</div>
<div class="h-auto flex-1 overflow-x-hidden">
<div class="w-full text-wrap break-words text-right">
{{ encryptedText }}
</div>
</div>
</div>
<ADivider />
<div>
<div>{{ t('decryption') }}:</div>
<div>{{ t('textToDecrypt') }}</div>
<ATextarea
v-model:value="decryptText"
:placeholder="t('enterText')"
/>
<div>{{ t('decryptedText') }}</div>
<ATextarea :value="decryptedText" readonly />
</div>
</div>
</template>Then use it in the main component:
-<div v-if="encryModeRef === 'aes'">
- <!-- AES section -->
-</div>
-<div v-else-if="encryModeRef === 'des'">
- <!-- DES section -->
-</div>
+<CipherSection
+ :encrypted-text="aseEncryptTextRef"
+ v-model:decrypt-text="needDecryptTextRef"
+ :decrypted-text="parseTextComputed"
+/>Add translations:
// i18n/en.json
{
"encryption": "Encryption",
"decryption": "Decryption",
"textToDecrypt": "Text to decrypt",
"enterText": "Please enter the text",
"decryptedText": "Decrypted text"
}
// i18n/zh.json
{
"encryption": "加密",
"decryption": "解密",
"textToDecrypt": "要解密的文本",
"enterText": "请输入要操作的字符串",
"decryptedText": "解密后的原文"
}| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ hashingFn(targetInputTextRef, 'SHA256') }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">SHA512:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ hashingFn(targetInputTextRef, 'SHA512') }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </ACard> | ||
| </ACol> | ||
| <ACol :lg="12" :md="24" :sm="24" :xl="12" :xs="24"> | ||
| <ACard title="Ciphers"> | ||
| <div | ||
| class="px-10px box-border flex w-full flex-col overflow-x-hidden" | ||
| > | ||
| <div | ||
| class="box-border flex flex-row items-center justify-between pb-2" | ||
| > | ||
| <div class="flex-none">加密方式:</div> | ||
| <div class="flex-1 text-center"> | ||
| <ARadioGroup | ||
| v-model:value="encryModeRef" | ||
| button-style="solid" | ||
| size="small" | ||
| > | ||
| <ARadioButton value="aes">AES</ARadioButton> | ||
| <ARadioButton value="des">DES</ARadioButton> | ||
| </ARadioGroup> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div v-if="encryModeRef === 'aes'"> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">加密:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ aseEncryptTextRef }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div> | ||
| <div>解密:</div> | ||
| <div>要解密的文本</div> | ||
| <ATextarea | ||
| v-model:value="needDecryptTextRef" | ||
| placeholder="请输入要操作的字符串" | ||
| /> | ||
| <div>解密后的原文</div> | ||
| <ATextarea :value="parseTextComputed" readonly /> | ||
| </div> | ||
| </div> | ||
| <div v-else-if="encryModeRef === 'des'"> | ||
| <div | ||
| class="flex h-auto w-full flex-row justify-between overflow-hidden" | ||
| > | ||
| <div class="flex-none"> | ||
| <span :style="{ paddingRight: '10px' }">加密:</span> | ||
| </div> | ||
| <div class="h-auto flex-1 overflow-x-hidden"> | ||
| <div class="w-full text-wrap break-words text-right"> | ||
| {{ aseEncryptTextRef }} | ||
| </div> | ||
| </div> | ||
| </div> | ||
| <ADivider /> | ||
| <div> | ||
| <div>解密:</div> | ||
| <div>要解密的文本</div> | ||
| <ATextarea | ||
| v-model:value="needDecryptTextRef" | ||
| placeholder="请输入要操作的字符串" | ||
| /> | ||
| <div>解密后的原文</div> | ||
| <ATextarea :value="parseTextComputed" readonly /> | ||
| </div> | ||
| </div> | ||
| </div> | ||
| </ACard> | ||
| </ACol> | ||
| </ARow> | ||
| </div> | ||
| </template> | ||
|
|
||
| <style lang="scss" scoped></style> |
There was a problem hiding this comment.
💡 Codebase verification
Security concerns identified in cryptographic implementation
The implementation has several security issues:
- AES and DES encryption are used with default modes (ECB) and no explicit IV (Initialization Vector)
- DES encryption is used which is considered cryptographically weak
- No salt is used with the secret key
- No proper error handling for failed decryption operations
Key locations:
playground/src/views/demos/features/crypto/inner/CryptoHooks.ts: Uses insecure default crypto configurationspackages/@core/base/shared/src/crypto/index.ts: Similar issues in core crypto implementation
🔗 Analysis chain
Verify secure implementation of cryptographic operations.
Please ensure:
- The crypto implementation uses secure modes and padding
- The implementation is resistant to timing attacks
Let's verify the crypto implementation:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check crypto implementation details
# Look for crypto configuration
rg -A 5 "CryptoJS\.(AES|DES)\."
# Check for timing-safe comparison functions
rg -A 5 "compare|equals|timingSafeEqual"
Length of output: 11518
| const targetInputTextRef = ref('testtest'); | ||
| const secretKeyRef = ref('3mbzyxbpg6613ql'); | ||
| const encryModeRef = ref('aes'); | ||
|
|
||
| const aseEncryptTextRef = ref(''); | ||
| const needDecryptTextRef = ref(''); |
There was a problem hiding this comment.
Security: Remove hardcoded sensitive values.
The following security issues need to be addressed:
- Hardcoded test values should be removed from production code
- Secret keys should never be exposed in the source code
Apply this diff to remove hardcoded values:
-const targetInputTextRef = ref('testtest');
-const secretKeyRef = ref('3mbzyxbpg6613ql');
+const targetInputTextRef = ref('');
+const secretKeyRef = ref('');Consider:
- Using environment variables for any necessary default values
- Adding input validation for minimum key strength
- Adding a warning about secure key management
Committable suggestion skipped: line range outside the PR's diff.
| const doAesEncryptFn = () => { | ||
| if (!targetInputTextRef.value?.trim() || !secretKeyRef.value?.trim()) { | ||
| return; | ||
| } | ||
| try { | ||
| const text = | ||
| encryModeRef.value === 'aes' | ||
| ? aesEncryptFn(targetInputTextRef.value, secretKeyRef.value) | ||
| : desEncryptFn(targetInputTextRef.value, secretKeyRef.value); | ||
| aseEncryptTextRef.value = text; | ||
| needDecryptTextRef.value = text; | ||
| } catch (error) { | ||
| console.error('Encryption failed:', error); | ||
| // Consider using a notification system to show errors | ||
| } | ||
| }; |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Improve error handling and function naming.
The encryption function has several areas for improvement:
- Function name
doAesEncryptFnis misleading as it handles both AES and DES - Error handling only logs to console without user feedback
- Missing validation for key strength and format
Consider this improved implementation:
-const doAesEncryptFn = () => {
+const performEncryption = () => {
if (!targetInputTextRef.value?.trim() || !secretKeyRef.value?.trim()) {
+ // Use your app's notification system (e.g., message.error)
+ showError('Please provide both input text and secret key');
return;
}
+
+ // Validate key strength
+ if (secretKeyRef.value.length < 16) {
+ showError('Secret key must be at least 16 characters long');
+ return;
+ }
try {
const text =
encryModeRef.value === 'aes'
? aesEncryptFn(targetInputTextRef.value, secretKeyRef.value)
: desEncryptFn(targetInputTextRef.value, secretKeyRef.value);
aseEncryptTextRef.value = text;
needDecryptTextRef.value = text;
} catch (error) {
- console.error('Encryption failed:', error);
- // Consider using a notification system to show errors
+ showError(`Encryption failed: ${error.message}`);
}
};Committable suggestion skipped: line range outside the PR's diff.
| { | ||
| name: 'CryptoDemo', | ||
| path: '/demos/features/crypto', | ||
| component: () => import('#/views/demos/features/crypto/index.vue'), | ||
| meta: { | ||
| icon: 'lucide:message-square-lock', | ||
| title: 'Crypto Demo', | ||
| }, | ||
| }, |
There was a problem hiding this comment.
💡 Codebase verification
Fix title formatting and use translation key pattern
The route configuration needs to be updated to follow the established patterns in the codebase:
- Almost all routes in the file use
$t()for translations, with features following the patterndemos.features.<name> - The title has a double space: "Crypto Demo"
- Most feature demos have
keepAlive: trueconfigured
{
name: 'CryptoDemo',
path: '/demos/features/crypto',
component: () => import('#/views/demos/features/crypto/index.vue'),
meta: {
icon: 'lucide:message-square-lock',
- title: 'Crypto Demo',
+ title: $t('demos.features.crypto'),
+ keepAlive: true,
},
},🔗 Analysis chain
Fix title formatting and consider adding translations and keepAlive.
While the route configuration is well-structured and appropriately placed, there are a few improvements to consider:
- The title contains a double space: "Crypto Demo"
- Consider using translation keys like other routes (e.g.,
$t('demos.features.crypto')) - Consider adding
keepAlive: trueif the demo page contains forms or state that should be preserved
{
name: 'CryptoDemo',
path: '/demos/features/crypto',
component: () => import('#/views/demos/features/crypto/index.vue'),
meta: {
icon: 'lucide:message-square-lock',
- title: 'Crypto Demo',
+ title: $t('demos.features.crypto'),
+ keepAlive: true,
},
},Let's verify if the translation key exists:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Check if the translation key for crypto demo exists
rg -g '*.{ts,js,json}' "demos\.features\.crypto"
Length of output: 50
Script:
#!/bin/bash
# Let's check the localization files and patterns used in the codebase
# First, find translation files
fd -e json -e yaml locales
# Then check other route titles to understand the translation pattern
rg -g '*.{ts,js}' 'title: \$t\(' routes/
Length of output: 119
Script:
#!/bin/bash
# Let's check the route file itself to understand the pattern used for titles
rg -g '*.ts' 'title:' playground/src/router/routes/modules/demos.ts
# Also check for keepAlive usage in the same file
rg -g '*.ts' 'keepAlive:' playground/src/router/routes/modules/demos.ts
Length of output: 2981
There was a problem hiding this comment.
Actionable comments posted: 3
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
📒 Files selected for processing (2)
playground/src/views/demos/features/crypto/index.vue(1 hunks)playground/src/views/demos/features/crypto/inner/crypto-hooks.ts(1 hunks)
🚧 Files skipped from review as they are similar to previous changes (1)
- playground/src/views/demos/features/crypto/index.vue
| export function hashingFn(inputMessage: string, type: string) { | ||
| const algorithms = type; | ||
|
|
||
| let hashingOutput; | ||
| switch (algorithms) { | ||
| case 'MD5': { | ||
| hashingOutput = CryptoJS.MD5(inputMessage); | ||
| break; | ||
| } | ||
| case 'RIPEMD160': { | ||
| hashingOutput = CryptoJS.RIPEMD160(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA1': { | ||
| hashingOutput = CryptoJS.SHA1(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA224': { | ||
| hashingOutput = CryptoJS.SHA224(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA256': { | ||
| hashingOutput = CryptoJS.SHA256(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA384': { | ||
| hashingOutput = CryptoJS.SHA384(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA512': { | ||
| hashingOutput = CryptoJS.SHA512(inputMessage); | ||
| break; | ||
| } | ||
| case 'SHA3224': { | ||
| hashingOutput = CryptoJS.SHA3(inputMessage, { outputLength: 224 }); | ||
| break; | ||
| } | ||
| case 'SHA3256': { | ||
| hashingOutput = CryptoJS.SHA3(inputMessage, { outputLength: 256 }); | ||
| break; | ||
| } | ||
| case 'SHA3384': { | ||
| hashingOutput = CryptoJS.SHA3(inputMessage, { outputLength: 384 }); | ||
| break; | ||
| } | ||
| case 'SHA3512': { | ||
| hashingOutput = CryptoJS.SHA3(inputMessage, { outputLength: 512 }); | ||
| break; | ||
| } | ||
| default: { | ||
| hashingOutput = ''; | ||
| } | ||
| } | ||
| return hashingOutput.toString(); | ||
| } |
There was a problem hiding this comment.
🛠️ Refactor suggestion
Improve type safety and error handling in the hashing function.
The function needs several improvements for better reliability and type safety:
Consider applying these changes:
-export function hashingFn(inputMessage: string, type: string) {
- const algorithms = type;
+type HashAlgorithm =
+ | 'MD5'
+ | 'RIPEMD160'
+ | 'SHA1'
+ | 'SHA224'
+ | 'SHA256'
+ | 'SHA384'
+ | 'SHA512'
+ | 'SHA3224'
+ | 'SHA3256'
+ | 'SHA3384'
+ | 'SHA3512';
+
+export function hashingFn(inputMessage: string, type: HashAlgorithm): string {
+ if (!inputMessage) {
+ throw new Error('Input message cannot be empty');
+ }
let hashingOutput;
- switch (algorithms) {
+ try {
+ switch (type) {
// ... existing cases ...
default: {
- hashingOutput = '';
+ throw new Error(`Unsupported hashing algorithm: ${type}`);
}
}
- return hashingOutput.toString();
+ } catch (error) {
+ throw new Error(`Hashing operation failed: ${error.message}`);
+ }
+ return hashingOutput.toString();
}Consider adding a warning about MD5 and SHA1 being cryptographically broken for security-sensitive use cases. Add JSDoc comments to document this:
/**
* Computes the hash of an input message using the specified algorithm.
* @warning MD5 and SHA1 are cryptographically broken and should not be used for security-sensitive applications.
* For security-sensitive applications, use SHA256 or higher.
*/| export function aesEncryptFn(inputMessage: string, secret: string) { | ||
| const encrypted = CryptoJS.AES.encrypt(inputMessage, secret).toString(); | ||
| return encrypted; | ||
| } | ||
| export function aesDecryptFn(inputMessage: string, secret: string) { | ||
| const decrypted = CryptoJS.AES.decrypt(inputMessage, secret).toString( | ||
| CryptoJS.enc.Utf8, | ||
| ); | ||
| return decrypted; | ||
| } |
There was a problem hiding this comment.
Critical security improvements needed for AES encryption/decryption.
The current implementation has several security concerns that need to be addressed:
- Add proper input validation and error handling
- Use a secure mode of operation (CBC) with a random IV
- Implement proper key derivation (PBKDF2)
Apply these security improvements:
+interface EncryptedData {
+ ciphertext: string;
+ iv: string;
+ salt: string;
+}
+
-export function aesEncryptFn(inputMessage: string, secret: string) {
+export function aesEncryptFn(inputMessage: string, secret: string): EncryptedData {
+ if (!inputMessage || !secret) {
+ throw new Error('Input message and secret key are required');
+ }
+
+ try {
+ const salt = CryptoJS.lib.WordArray.random(128/8);
+ const key = CryptoJS.PBKDF2(secret, salt, {
+ keySize: 256/32,
+ iterations: 1000
+ });
+ const iv = CryptoJS.lib.WordArray.random(128/8);
+
+ const encrypted = CryptoJS.AES.encrypt(inputMessage, key, {
+ iv: iv,
+ mode: CryptoJS.mode.CBC,
+ padding: CryptoJS.pad.Pkcs7
+ });
+
+ return {
+ ciphertext: encrypted.toString(),
+ iv: iv.toString(),
+ salt: salt.toString()
+ };
+ } catch (error) {
+ throw new Error(`Encryption failed: ${error.message}`);
+ }
}
-export function aesDecryptFn(inputMessage: string, secret: string) {
+export function aesDecryptFn(encryptedData: EncryptedData, secret: string): string {
+ if (!encryptedData?.ciphertext || !secret) {
+ throw new Error('Encrypted data and secret key are required');
+ }
+
+ try {
+ const key = CryptoJS.PBKDF2(secret, CryptoJS.enc.Hex.parse(encryptedData.salt), {
+ keySize: 256/32,
+ iterations: 1000
+ });
+
+ const decrypted = CryptoJS.AES.decrypt(
+ encryptedData.ciphertext,
+ key,
+ {
+ iv: CryptoJS.enc.Hex.parse(encryptedData.iv),
+ mode: CryptoJS.mode.CBC,
+ padding: CryptoJS.pad.Pkcs7
+ }
+ );
+
+ return decrypted.toString(CryptoJS.enc.Utf8);
+ } catch (error) {
+ throw new Error(`Decryption failed: ${error.message}`);
+ }
}Consider adding JSDoc comments to document the security requirements:
/**
* Encrypts data using AES-256-CBC with PBKDF2 key derivation.
* @security Requires a strong password of at least 12 characters.
* @security The returned IV and salt should be stored securely with the ciphertext.
*/| export function desEncryptFn(inputMessage: string, secret: string) { | ||
| const encrypted = CryptoJS.DES.encrypt(inputMessage, secret).toString(); | ||
| return encrypted; | ||
| } | ||
| export function desDecryptFn(inputMessage: string, secret: string) { | ||
| const decrypted = CryptoJS.DES.decrypt(inputMessage, secret).toString( | ||
| CryptoJS.enc.Utf8, | ||
| ); | ||
| return decrypted; | ||
| } |
There was a problem hiding this comment.
💡 Codebase verification
Critical: Remove DES encryption functions and their usages
The DES encryption functions are actively used in playground/src/views/demos/features/crypto/index.vue. Both functions need to be removed along with their usages due to critical security concerns. Replace with AES encryption:
- Remove
desEncryptFnanddesDecryptFnfromcrypto-hooks.ts - Update imports in
index.vue - Replace usage in
index.vuewith AES encryption functions
🔗 Analysis chain
Remove DES encryption functions - Critical Security Risk.
DES (Data Encryption Standard) is cryptographically broken and should not be used in any new code. It can be broken in less than a day using modern hardware.
Remove the DES functions entirely and use only AES:
-export function desEncryptFn(inputMessage: string, secret: string) {
- const encrypted = CryptoJS.DES.encrypt(inputMessage, secret).toString();
- return encrypted;
-}
-
-export function desDecryptFn(inputMessage: string, secret: string) {
- const decrypted = CryptoJS.DES.decrypt(inputMessage, secret).toString(
- CryptoJS.enc.Utf8,
- );
- return decrypted;
-}Let's check if DES is used elsewhere in the codebase:
Let me verify if these DES functions are actually being used in the codebase:
🏁 Scripts executed
The following scripts were executed for the analysis:
Script:
#!/bin/bash
# Search for any DES encryption usage
rg -i "DES.encrypt|DES.decrypt" --type ts --type js
Length of output: 331
Script:
#!/bin/bash
# Search for usage of desEncryptFn or desDecryptFn
rg "desEncryptFn|desDecryptFn" --type ts --type js -A 2
Length of output: 1625
|
ai有问题有点多。也有点冲突 |
Description
Type of change
Please delete options that are not relevant.
pnpm-lock.yamlunless you introduce a new test example.Checklist
pnpm run docs:devcommand.pnpm test.feat:,fix:,perf:,docs:, orchore:.Summary by CodeRabbit
Release Notes
New Features
Cryptoclass for encryption and decryption.Bug Fixes
Documentation
Tests
nanoidfunction to ensure unique ID generation.Chores
crypto-jsandnanoid.