-
-
Notifications
You must be signed in to change notification settings - Fork 251
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RSA Extension #1699
base: master
Are you sure you want to change the base?
RSA Extension #1699
Conversation
// Load the JSEncrypt library from a CDN | ||
const script = document.createElement('script'); | ||
script.src = 'https://cdn.jsdelivr.net/npm/jsencrypt/bin/jsencrypt.min.js'; | ||
document.head.appendChild(script); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You shouldnt be fetching a file url like that as:
- this forces people to need internet for this extension to work
- url could go down at any point
You should use a data.uri instead.
Also add /* global [library name here] */
to fix the lint errors
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok being real here, jsdelivr isnt going down any time soon, and no they should find a way to import the library without using a script tag.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
the desktop app still needs to work without internet (this is why the extension library there can only update when the app does, because it's stored offline).
for importing, i think using await import()
and making the extension function async is a simple option (and probably also add /+esm
to the jsdelivr url so that you can access the library from import()'s return value without adding stuff to the global scope), but you should still make the extension url a data url because of the offline part
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
maybe yeah but that does bring the question is it allowed because stuff like a script tag isnt allowed and they do similar things
opcode: 'generateKeys', | ||
blockType: Scratch.BlockType.REPORTER, | ||
text: 'Generate RSA keys', | ||
arguments: {} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unnecessary key
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
mmm
@@ -0,0 +1,89 @@ | |||
// Name: RSA | |||
// ID: themadpunter-rsa |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this id should be the same as the extension ID
class RSAExtension { | ||
getInfo() { | ||
return { | ||
id: 'themadpunter_rsa', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
_
's should not be used in ids
getInfo() { | ||
return { | ||
id: 'themadpunter_rsa', | ||
name: 'TurboRSA', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this name should be the same as the one listed on the gallery which you put as RSA
{ | ||
opcode: 'generateKeys', | ||
blockType: Scratch.BlockType.REPORTER, | ||
text: 'Generate RSA keys', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: please make the block titles lowercase so "generate RSA keys" as currently it does not follow scratch's conventions, also blocks are not sentence's so yeah
{ | ||
opcode: 'decrypt', | ||
blockType: Scratch.BlockType.REPORTER, | ||
text: 'Decrypt [TEXT] with private key [KEY]', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here as the other name comment
} | ||
|
||
// Wait for the script to load before registering the extension | ||
script.onload = () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
after doing what the other reviews suggests (removing the script tag) just remove this
} | ||
|
||
generateKeys() { | ||
const crypt = new JSEncrypt({ default_key_size: 1024 }); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nitpick: this could be customizable
|
||
encrypt(args) { | ||
const crypt = new JSEncrypt(); | ||
crypt.setPublicKey(args.KEY); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
please cast your values
const crypt = new JSEncrypt(); | ||
crypt.setPublicKey(args.KEY); | ||
const encrypted = crypt.encrypt(args.TEXT); | ||
return encrypted ? encrypted : 'Encryption failed'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
instead of returning text which could be the same as the actual output value you should just return an empty string
const crypt = new JSEncrypt(); | ||
crypt.setPrivateKey(args.KEY); | ||
const decrypted = crypt.decrypt(args.TEXT); | ||
return decrypted ? decrypted : 'Decryption failed'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same goes here for the returning an empty string
An extension to use RSA in TurboWarp.