Create Deno module for crypto-random-string

Author: Piyush Bhatt

README.md

@@ -0,0 +1,93 @@
+# crypto-random-string
+
+> Generate a [cryptographically strong](https://en.wikipedia.org/wiki/Strong_cryptography) random string
+
+Deno module based on [crypto-random-string](https://github.com/sindresorhus/crypto-random-string). Useful for creating an identifier, slug, salt, PIN code, fixture, etc.
+
+## Import Module
+
+```typescript
+import { cryptoRandomString, cryptoRandomStringAsync } from "https://deno.land/x/crypto_random_string@1.0.0/mod.ts"
+// or
+import { cryptoRandomString, cryptoRandomStringAsync } from "https://github.com/piyush-bhatt/crypto-random-string/raw/main/mod.ts"
+```
+
+## Usage
+
+```typescript
+
+cryptoRandomString({length: 10});
+//=> '2cf05d94db'
+
+cryptoRandomString({length: 10, type: 'base64'});
+//=> 'YMiMbaQl6I'
+
+cryptoRandomString({length: 10, type: 'url-safe'});
+//=> 'YN-tqc8pOw'
+
+cryptoRandomString({length: 10, type: 'numeric'});
+//=> '8314659141'
+
+cryptoRandomString({length: 6, type: 'distinguishable'});
+//=> 'CDEHKM'
+
+cryptoRandomString({length: 10, type: 'ascii-printable'});
+//=> '`#Rt8$IK>B'
+
+cryptoRandomString({length: 10, type: 'alphanumeric'});
+//=> 'DMuKL8YtE7'
+
+cryptoRandomString({length: 10, characters: 'abc'});
+//=> 'abaaccabac'
+```
+
+## API
+
+### cryptoRandomString(options)
+
+Returns a randomized string. [Hex](https://en.wikipedia.org/wiki/Hexadecimal) by default.
+
+### cryptoRandomStringAsync(options)
+
+Returns a promise which resolves to a randomized string. [Hex](https://en.wikipedia.org/wiki/Hexadecimal) by default.
+
+#### options
+
+Type: `object`
+
+##### length
+
+*Required*\
+Type: `number`
+
+Length of the returned string.
+
+##### type
+
+Type: `string`\
+Default: `'hex'`\
+Values: `'hex' | 'base64' | 'url-safe' | 'numeric' | 'distinguishable' | 'ascii-printable' | 'alphanumeric'`
+
+Use only characters from a predefined set of allowed characters.
+
+Cannot be set at the same time as the `characters` option.
+
+The `distinguishable` set contains only uppercase characters that are not easily confused: `CDEHKMPRTUWXY012458`. It can be useful if you need to print out a short string that you'd like users to read and type back in with minimal errors. For example, reading a code off of a screen that needs to be typed into a phone to connect two devices.
+
+The `ascii-printable` set contains all [printable ASCII characters](https://en.wikipedia.org/wiki/ASCII#ASCII_printable_characters): ``!"#$%&\'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~`` Useful for generating passwords where all possible ASCII characters should be used.
+
+The `alphanumeric` set contains uppercase letters, lowercase letters, and digits: `ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789`. Useful for generating [nonce](https://developer.mozilla.org/en-US/docs/Web/API/HTMLOrForeignElement/nonce) values.
+
+##### characters
+
+Type: `string`\
+Minimum length: `1`\
+Maximum length: `65536`
+
+Use only characters from a custom set of allowed characters.
+
+Cannot be set at the same time as the `type` option.
+
+## Licensing
+
+[MIT](https://github.com/piyush-bhatt/crypto-random-string/blob/main/LICENSE) licensed 

constants.ts

@@ -0,0 +1,21 @@
+export const URL_SAFE_CHARACTERS =
+  "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-._~".split(
+    "",
+  );
+export const NUMERIC_CHARACTERS = "0123456789".split("");
+export const DISTINGUISHABLE_CHARACTERS = "CDEHKMPRTUWXY012458".split("");
+export const ASCII_PRINTABLE_CHARACTERS =
+  "!\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~"
+    .split("");
+export const ALPHANUMERIC_CHARACTERS =
+  "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789".split("");
+export const ALLOWED_TYPES = [
+  undefined,
+  "hex",
+  "base64",
+  "url-safe",
+  "numeric",
+  "distinguishable",
+  "ascii-printable",
+  "alphanumeric",
+];

cryptoRandomString.ts

@@ -0,0 +1,173 @@
+import { randomBytes } from "./deps.ts";
+import { promisify } from "./deps.ts";
+import {
+  ALLOWED_TYPES,
+  ALPHANUMERIC_CHARACTERS,
+  ASCII_PRINTABLE_CHARACTERS,
+  DISTINGUISHABLE_CHARACTERS,
+  NUMERIC_CHARACTERS,
+  URL_SAFE_CHARACTERS,
+} from "./constants.ts";
+
+const randomBytesAsync = promisify(randomBytes);
+
+const generateForCustomCharacters = (length: number, characters: string[]) => {
+  // Generating entropy is faster than complex math operations, so we use the simplest way
+  const characterCount = characters.length;
+  const maxValidSelector =
+    (Math.floor(0x10000 / characterCount) * characterCount) - 1; // Using values above this will ruin distribution when using modular division
+  const entropyLength = 2 * Math.ceil(1.1 * length); // Generating a bit more than required so chances we need more than one pass will be really low
+  let string = "";
+  let stringLength = 0;
+
+  while (stringLength < length) { // In case we had many bad values, which may happen for character sets of size above 0x8000 but close to it
+    const entropy = randomBytes(entropyLength);
+    let entropyPosition = 0;
+
+    while (entropyPosition < entropyLength && stringLength < length) {
+      const entropyValue = entropy.readUInt16LE(entropyPosition);
+      entropyPosition += 2;
+      if (entropyValue > maxValidSelector) { // Skip values which will ruin distribution when using modular division
+        continue;
+      }
+
+      string += characters[entropyValue % characterCount];
+      stringLength++;
+    }
+  }
+
+  return string;
+};
+
+const generateForCustomCharactersAsync = async (
+  length: number,
+  characters: string[],
+) => {
+  // Generating entropy is faster than complex math operations, so we use the simplest way
+  const characterCount = characters.length;
+  const maxValidSelector =
+    (Math.floor(0x10000 / characterCount) * characterCount) - 1; // Using values above this will ruin distribution when using modular division
+  const entropyLength = 2 * Math.ceil(1.1 * length); // Generating a bit more than required so chances we need more than one pass will be really low
+  let string = "";
+  let stringLength = 0;
+
+  while (stringLength < length) { // In case we had many bad values, which may happen for character sets of size above 0x8000 but close to it
+    const entropy = await randomBytesAsync(entropyLength); // eslint-disable-line no-await-in-loop
+    let entropyPosition = 0;
+
+    while (entropyPosition < entropyLength && stringLength < length) {
+      const entropyValue = entropy.readUInt16LE(entropyPosition);
+      entropyPosition += 2;
+      if (entropyValue > maxValidSelector) { // Skip values which will ruin distribution when using modular division
+        continue;
+      }
+
+      string += characters[entropyValue % characterCount];
+      stringLength++;
+    }
+  }
+
+  return string;
+};
+
+const generateRandomBytes = (
+  byteLength: number,
+  type: string,
+  length: number,
+) => randomBytes(byteLength).toString(type).slice(0, length);
+
+const generateRandomBytesAsync = async (
+  byteLength: number,
+  type: string,
+  length: number,
+) => {
+  const buffer = await randomBytesAsync(byteLength);
+  return buffer.toString(type).slice(0, length);
+};
+
+const createGenerator = (
+  generateForCustomCharacters: Function,
+  generateRandomBytes: Function,
+) =>
+  (
+    { length, type, characters }: {
+      length: number;
+      type?: string;
+      characters?: string;
+    },
+  ) => {
+    if (!(length >= 0 && Number.isFinite(length))) {
+      throw new TypeError(
+        "Expected a `length` to be a non-negative finite number",
+      );
+    }
+
+    if (type !== undefined && characters !== undefined) {
+      throw new TypeError("Expected either `type` or `characters`");
+    }
+
+    if (characters !== undefined && typeof characters !== "string") {
+      throw new TypeError("Expected `characters` to be string");
+    }
+
+    if (!ALLOWED_TYPES.includes(type)) {
+      throw new TypeError(`Unknown type: ${type}`);
+    }
+
+    if (type === undefined && characters === undefined) {
+      type = "hex";
+    }
+
+    if (type === "hex") {
+      return generateRandomBytes(Math.ceil(length * 0.5), "hex", length); // Need 0.5 byte entropy per character
+    }
+
+    if (type === "base64") {
+      return generateRandomBytes(Math.ceil(length * 0.75), "base64", length); // Need 0.75 byte of entropy per character
+    }
+
+    if (type === "url-safe") {
+      return generateForCustomCharacters(length, URL_SAFE_CHARACTERS);
+    }
+
+    if (type === "numeric") {
+      return generateForCustomCharacters(length, NUMERIC_CHARACTERS);
+    }
+
+    if (type === "distinguishable") {
+      return generateForCustomCharacters(length, DISTINGUISHABLE_CHARACTERS);
+    }
+
+    if (type === "ascii-printable") {
+      return generateForCustomCharacters(length, ASCII_PRINTABLE_CHARACTERS);
+    }
+
+    if (type === "alphanumeric") {
+      return generateForCustomCharacters(length, ALPHANUMERIC_CHARACTERS);
+    }
+
+    if (characters !== undefined && characters.length === 0) {
+      throw new TypeError(
+        "Expected `characters` string length to be greater than or equal to 1",
+      );
+    }
+
+    if (characters !== undefined && characters.length > 0x10000) {
+      throw new TypeError(
+        "Expected `characters` string length to be less or equal to 65536",
+      );
+    }
+
+    return generateForCustomCharacters(length, characters!.split(""));
+  };
+
+const cryptoRandomString = createGenerator(
+  generateForCustomCharacters,
+  generateRandomBytes,
+);
+const cryptoRandomStringAsync = createGenerator(
+  generateForCustomCharactersAsync,
+  generateRandomBytesAsync,
+);
+
+export { cryptoRandomString, cryptoRandomStringAsync };

deps.ts

@@ -0,0 +1,2 @@
+export { randomBytes } from "https://deno.land/std@0.83.0/node/crypto.ts";
+export { promisify } from "https://deno.land/std@0.83.0/node/util.ts";

mod.ts

@@ -0,0 +1 @@
+export * from "./cryptoRandomString.ts";

mod_test.ts

@@ -0,0 +1,172 @@
+import { assertEquals, assertMatch, assertThrows } from "./test_deps.ts";
+import { cryptoRandomString, cryptoRandomStringAsync } from "./mod.ts";
+
+// Probabilistic, result is always less than or equal to actual set size, chance it is less is below 1e-256 for sizes up to 32656
+const generatedCharacterSetSize = (
+  options: { type?: string; characters?: string },
+  targetSize: number,
+) => {
+  const set = new Set();
+  const length = targetSize * 640;
+  const string = cryptoRandomString({ ...options, length });
+
+  for (let i = 0; i < length; i++) {
+    set.add(string[i]);
+  }
+
+  return set.size;
+};
+
+Deno.test("main", () => {
+  assertEquals(cryptoRandomString({ length: 0 }).length, 0);
+  assertEquals(cryptoRandomString({ length: 10 }).length, 10);
+  assertEquals(cryptoRandomString({ length: 100 }).length, 100);
+  assertMatch(cryptoRandomString({ length: 100 }), /^[a-f\d]*$/); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({}, 16), 16);
+});
+
+Deno.test("async", async () => {
+  assertEquals((await cryptoRandomStringAsync({ length: 0 })).length, 0);
+  assertEquals((await cryptoRandomStringAsync({ length: 10 })).length, 10);
+  assertEquals((await cryptoRandomStringAsync({ length: 100 })).length, 100);
+  assertMatch(await cryptoRandomStringAsync({ length: 100 }), /^[a-f\d]*$/);
+});
+
+Deno.test("hex", () => {
+  assertEquals(cryptoRandomString({ length: 0, type: "hex" }).length, 0);
+  assertEquals(cryptoRandomString({ length: 10, type: "hex" }).length, 10);
+  assertEquals(cryptoRandomString({ length: 100, type: "hex" }).length, 100);
+  assertMatch(cryptoRandomString({ length: 100, type: "hex" }), /^[a-f\d]*$/); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "hex" }, 16), 16);
+});
+
+Deno.test("base64", () => {
+  assertEquals(cryptoRandomString({ length: 0, type: "base64" }).length, 0);
+  assertEquals(cryptoRandomString({ length: 10, type: "base64" }).length, 10);
+  assertEquals(cryptoRandomString({ length: 100, type: "base64" }).length, 100);
+  assertMatch(
+    cryptoRandomString({ length: 100, type: "base64" }),
+    /^[a-zA-Z\d/+]*$/,
+  ); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "base64" }, 64), 64);
+});
+
+Deno.test("url-safe", () => {
+  assertEquals(cryptoRandomString({ length: 0, type: "url-safe" }).length, 0);
+  assertEquals(cryptoRandomString({ length: 10, type: "url-safe" }).length, 10);
+  assertEquals(
+    cryptoRandomString({ length: 100, type: "url-safe" }).length,
+    100,
+  );
+  assertMatch(
+    cryptoRandomString({ length: 100, type: "url-safe" }),
+    /^[a-zA-Z\d._~-]*$/,
+  ); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "url-safe" }, 66), 66);
+});
+
+Deno.test("numeric", () => {
+  assertEquals(cryptoRandomString({ length: 0, type: "numeric" }).length, 0);
+  assertEquals(cryptoRandomString({ length: 10, type: "numeric" }).length, 10);
+  assertEquals(
+    cryptoRandomString({ length: 100, type: "numeric" }).length,
+    100,
+  );
+  assertMatch(cryptoRandomString({ length: 100, type: "numeric" }), /^[\d]*$/); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "numeric" }, 10), 10);
+});
+
+Deno.test("distinguishable", () => {
+  assertEquals(
+    cryptoRandomString({ length: 0, type: "distinguishable" }).length,
+    0,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 10, type: "distinguishable" }).length,
+    10,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 100, type: "distinguishable" }).length,
+    100,
+  );
+  assertMatch(
+    cryptoRandomString({ length: 100, type: "distinguishable" }),
+    /^[CDEHKMPRTUWXY012458]*$/,
+  ); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "distinguishable" }, 19), 19);
+});
+
+Deno.test("ascii-printable", () => {
+  assertEquals(
+    cryptoRandomString({ length: 0, type: "ascii-printable" }).length,
+    0,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 10, type: "ascii-printable" }).length,
+    10,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 100, type: "ascii-printable" }).length,
+    100,
+  );
+  assertMatch(
+    cryptoRandomString({ length: 100, type: "ascii-printable" }),
+    /^[!"#$%&'()*+,-./\d:;<=>?@A-Z[\\\]^_`a-z{|}~]*$/,
+  ); // Sanity check, probabilistic
+});
+
+Deno.test("alphanumeric", () => {
+  assertEquals(
+    cryptoRandomString({ length: 0, type: "alphanumeric" }).length,
+    0,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 10, type: "alphanumeric" }).length,
+    10,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 100, type: "alphanumeric" }).length,
+    100,
+  );
+  assertMatch(
+    cryptoRandomString({ length: 100, type: "alphanumeric" }),
+    /^[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789]*$/,
+  ); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ type: "alphanumeric" }, 19), 62);
+});
+
+Deno.test("characters", () => {
+  assertEquals(cryptoRandomString({ length: 0, characters: "1234" }).length, 0);
+  assertEquals(
+    cryptoRandomString({ length: 10, characters: "1234" }).length,
+    10,
+  );
+  assertEquals(
+    cryptoRandomString({ length: 100, characters: "1234" }).length,
+    100,
+  );
+  assertMatch(
+    cryptoRandomString({ length: 100, characters: "1234" }),
+    /^[1-4]*$/,
+  ); // Sanity check, probabilistic
+  assertEquals(generatedCharacterSetSize({ characters: "1234" }, 4), 4);
+  assertEquals(generatedCharacterSetSize({ characters: "0123456789" }, 10), 10);
+});
+
+Deno.test("argument errors", () => {
+  assertThrows(() => {
+    cryptoRandomString({ length: Infinity });
+  });
+
+  assertThrows(() => {
+    cryptoRandomString({ length: -1 });
+  });
+
+  assertThrows(() => {
+    cryptoRandomString({ length: 0, type: "hex", characters: "1234" });
+  });
+
+  assertThrows(() => {
+    cryptoRandomString({ length: 0, type: "unknown" });
+  });
+});

test_deps.ts

@@ -0,0 +1,5 @@
+export {
+  assertEquals,
+  assertMatch,
+  assertThrows,
+} from "https://deno.land/std@0.83.0/testing/asserts.ts";