use native crypto functions instead of js-sha256 (electricitymaps#4586)

* use native crypto functions instead of js-sha256 Closes electricitymaps#4535 * empty commit Co-authored-by: tonypls <[email protected]>
VIKTORVAV99 · Sep 21, 2022 · acdf100 · acdf100
1 parent 0d3d92b
commit acdf100
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 9 deletions.
diff --git a/web/package.json b/web/package.json
@@ -33,7 +33,6 @@
     "i18next-browser-languagedetector": "^6.1.3",
     "i18next-http-backend": "^1.3.2",
     "js-cookie": "^2.2.0",
-    "js-sha256": "^0.9.0",
     "lint-staged": "^12.4.1",
     "lodash.mapvalues": "^4.6.0",
     "lodash.sortedindex": "^4.1.0",

diff --git a/web/src/helpers/api.js b/web/src/helpers/api.js
@@ -1,5 +1,4 @@
 import * as request from 'd3-request';
-import { sha256 } from 'js-sha256';
 import Cookies from 'js-cookie';
 
 import { isLocalhost } from './environment';
@@ -23,21 +22,29 @@ function isUsingLocalEndpoint() {
   return isLocalhost() && !isRemoteParam() && document.domain !== '';
 }
 
+async function sha256(message) {
+  const hashBuffer = await crypto.subtle.digest('SHA-256', new TextEncoder().encode(message));
+  return Array.from(new Uint8Array(hashBuffer))
+    .map((b) => b.toString(16).padStart(2, '0'))
+    .join('');
+}
+
 export function getEndpoint() {
   return isUsingLocalEndpoint() ? 'http://localhost:8001' : 'https://app-backend.electricitymap.org';
 }
 
-export function protectedJsonRequest(path) {
+export async function protectedJsonRequest(path) {
   const url = getEndpoint() + path;
   const token = isUsingLocalEndpoint() ? 'development' : getToken();
   const timestamp = new Date().getTime();
+  const signature = await sha256(token + path + timestamp);
 
   return new Promise((resolve, reject) => {
     request
       .json(url)
       .header('electricitymap-token', Cookies.get('electricitymap-token'))
       .header('x-request-timestamp', timestamp)
-      .header('x-signature', sha256(token + path + timestamp))
+      .header('x-signature', signature)
       .get(null, (err, res) => {
         if (err) {
           reject(err);

diff --git a/web/yarn.lock b/web/yarn.lock
@@ -7859,11 +7859,6 @@ js-cookie@^2.2.0:
   resolved "https://registry.yarnpkg.com/js-cookie/-/js-cookie-2.2.1.tgz#69e106dc5d5806894562902aa5baec3744e9b2b8"
   integrity sha512-HvdH2LzI/EAZcUwA8+0nKNtWHqS+ZmijLA30RwZA0bo7ToCckjK5MkGhjED9KoRcXO6BaGI3I9UIzSA1FKFPOQ==
 
-js-sha256@^0.9.0:
-  version "0.9.0"
-  resolved "https://registry.yarnpkg.com/js-sha256/-/js-sha256-0.9.0.tgz#0b89ac166583e91ef9123644bd3c5334ce9d0966"
-  integrity sha512-sga3MHh9sgQN2+pJ9VYZ+1LPwXOxuBJBA5nrR5/ofPfuiJBE2hnjsaN8se8JznOmGLN2p49Pe5U/ttafcs/apA==
-
 "js-tokens@^3.0.0 || ^4.0.0", js-tokens@^4.0.0:
   version "4.0.0"
   resolved "https://registry.yarnpkg.com/js-tokens/-/js-tokens-4.0.0.tgz#19203fb59991df98e3a287050d4647cdeaf32499"