secure-identifier

secure identifier for usernames

Generates a unique and secure identifier for usernames, login-IDs, public-IDs and accounts by:

1. Normalizing confusable chars from Unicode Security Mechanisms TR39
2. Perform case-folding according to 5.18 Case Mappings - Unicode 10.0
3. Check for allowed symbols in accordance with Unicode Security Mechanisms TR39
4. Check length of input - default is (min: 2 chars, max: 60 chars)
5. Check the sanitized string against a list of reserved words
6. Only if all checks pass, the secured identifier is returned

This secure identifier shall be stored alongside the username/ loginId to ensure uniqueness amongst the whole set.

Further reading...

For the complexity of a valid username I recommend Let’s talk about usernames which also inspired me for this project. To read about where to use such identifier check The Tripartite Identity Pattern.

Usage

const {secureIdentifier} = require('secure-identifier')

const username = '\u{1D5A2}\u{1D5C2}\u{1D5CB}\u{1D5BC}\u{1D5C5}\u{1D5BE}'
//> 𝖢𝗂𝗋𝖼𝗅𝖾 - looks like Circle but isn`t
const secure = secureIdentifier(username)
//> secure === 'circle'

API

Apart from the simple secureIdentifier you can use Identifier for mor advanced use-cases.

const {Identifier} = require('secure-identifier')

const username = ' Аᖯ𝗎𝗌е'
const opts = {minLength: 3, maxLength: 20}
const ident = new Identifier(username, opts)
  ident.confusables().trim()
    //> 'Abuse'
    .caseFolding()
    //> 'abuse'

  ident.status() // get list of offending chars
  //> []
  ident.isReserved() // 'abuse' is in the list of reserved names
  //> true
  ident.isValid()
  //> false
  ident.isMinLength() // check for minLength >= 3
  //> true
  ident.isMaxLength() // check for maxLength <= 20
  //> true
  ident.toString() // get current string
  //> 'abuse'
  ident.valid() // get valid string
  //> undefined

Please check out ./src/Identifier.js and ./src/IdentifierBase.js for further methods.

It is also possible to use your own list of reserved words. See ./test/Identifier.spec.js

License

MIT licensed

References

• Unicode Security Mechanisms TR39
• Let’s talk about usernames
• The Tripartite Identity Pattern
• JavaScript has a Unicode problem

Reserved-names-lists are from:

• https://ldpreload.com/blog/names-to-reserve
• https://zimbatm.github.io/hostnames-and-usernames-to-reserve/
• http://blog.postbit.com/reserved-username-list.html
• http://www.bannedwordlist.com/lists/swearWords.txt