secure-identifier
secure identifier for usernames
Generates a unique and secure identifier for usernames, login-IDs, public-IDs and accounts by:
- Normalizing confusable chars from Unicode Security Mechanisms TR39
- Perform case-folding according to 5.18 Case Mappings - Unicode 10.0
- Check for allowed symbols in accordance with Unicode Security Mechanisms TR39
- Check length of input - default is (min: 2 chars, max: 60 chars)
- Check the sanitized string against a list of reserved words
- Only if all checks pass, the secured identifier is returned
This secure identifier shall be stored alongside the username/ loginId to ensure uniqueness amongst the whole set.
Further reading...
For the complexity of a valid usernames I recommend Let’s talk about usernames which also inspired me for this project. To read about where to use such identifier check The Tripartite Identity Pattern.
Usage
For use in your project:
npm i -S secure-identifier
Then:
const {secureIdentifier} = require('secure-identifier')
const username = '\u{1D5A2}\u{1D5C2}\u{1D5CB}\u{1D5BC}\u{1D5C5}\u{1D5BE}'
//> 𝖢𝗂𝗋𝖼𝗅𝖾 - looks like Circle but isn`t
const secure = secureIdentifier(username)
//> secure === 'circle'
API
Apart from the simple secureIdentifier
you can use Identifier
for mor advanced use-cases.
const {Identifier} = require('secure-identifier')
const username = ' Аᖯ𝗎𝗌е'
const opts = {minLength: 3, maxLength: 20}
const ident = new Identifier(username, opts)
ident.confusables().trim()
//> 'Abuse'
.caseFolding()
//> 'abuse'
ident.status() // get list of offending chars
//> []
ident.isReserved() // 'abuse' is in the list of reserved names
//> true
ident.isValid()
//> false
ident.isMinLength() // check for minLength >= 3
//> true
ident.isMaxLength() // check for maxLength <= 20
//> true
ident.toString() // get current string
//> 'abuse'
ident.valid() // get valid string
//> undefined
Please check out ./src/Identifier.js
and ./src/IdentifierBase.js
for further methods.
It is also possible to use your own list of reserved words. See ./test/Identifier.spec.js
License
References
- Unicode Security Mechanisms TR39
- Let’s talk about usernames
- The Tripartite Identity Pattern
- JavaScript has a Unicode problem
Reserved-names-lists are from: