Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

RSA Extension #1699

Open
wants to merge 3 commits into
base: master
Choose a base branch
from

Conversation

familycomicsstudios
Copy link

@familycomicsstudios familycomicsstudios commented Sep 24, 2024

An extension to use RSA in TurboWarp.

@GarboMuffin GarboMuffin added the pr: new extension Pull requests that add a new extension label Oct 14, 2024
@SharkPool-SP SharkPool-SP self-requested a review October 18, 2024 06:37
Comment on lines +10 to +13
// Load the JSEncrypt library from a CDN
const script = document.createElement('script');
script.src = 'https://cdn.jsdelivr.net/npm/jsencrypt/bin/jsencrypt.min.js';
document.head.appendChild(script);
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You shouldnt be fetching a file url like that as:

  • this forces people to need internet for this extension to work
  • url could go down at any point

You should use a data.uri instead.
Also add /* global [library name here] */ to fix the lint errors

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok being real here, jsdelivr isnt going down any time soon, and no they should find a way to import the library without using a script tag.

Copy link
Collaborator

@CST1229 CST1229 Nov 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

the desktop app still needs to work without internet (this is why the extension library there can only update when the app does, because it's stored offline).
for importing, i think using await import() and making the extension function async is a simple option (and probably also add /+esm to the jsdelivr url so that you can access the library from import()'s return value without adding stuff to the global scope), but you should still make the extension url a data url because of the offline part

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe yeah but that does bring the question is it allowed because stuff like a script tag isnt allowed and they do similar things

opcode: 'generateKeys',
blockType: Scratch.BlockType.REPORTER,
text: 'Generate RSA keys',
arguments: {}
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

unnecessary key

Copy link
Member

@yuri-kiss yuri-kiss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

mmm

@@ -0,0 +1,89 @@
// Name: RSA
// ID: themadpunter-rsa
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this id should be the same as the extension ID

class RSAExtension {
getInfo() {
return {
id: 'themadpunter_rsa',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

_'s should not be used in ids

getInfo() {
return {
id: 'themadpunter_rsa',
name: 'TurboRSA',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this name should be the same as the one listed on the gallery which you put as RSA

{
opcode: 'generateKeys',
blockType: Scratch.BlockType.REPORTER,
text: 'Generate RSA keys',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: please make the block titles lowercase so "generate RSA keys" as currently it does not follow scratch's conventions, also blocks are not sentence's so yeah

{
opcode: 'decrypt',
blockType: Scratch.BlockType.REPORTER,
text: 'Decrypt [TEXT] with private key [KEY]',
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same here as the other name comment

}

// Wait for the script to load before registering the extension
script.onload = () => {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

after doing what the other reviews suggests (removing the script tag) just remove this

}

generateKeys() {
const crypt = new JSEncrypt({ default_key_size: 1024 });
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nitpick: this could be customizable


encrypt(args) {
const crypt = new JSEncrypt();
crypt.setPublicKey(args.KEY);
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please cast your values

const crypt = new JSEncrypt();
crypt.setPublicKey(args.KEY);
const encrypted = crypt.encrypt(args.TEXT);
return encrypted ? encrypted : 'Encryption failed';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

instead of returning text which could be the same as the actual output value you should just return an empty string

const crypt = new JSEncrypt();
crypt.setPrivateKey(args.KEY);
const decrypted = crypt.decrypt(args.TEXT);
return decrypted ? decrypted : 'Decryption failed';
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

same goes here for the returning an empty string

@Thebloxers998

This comment was marked as spam.

@yuri-kiss

This comment was marked as spam.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
pr: new extension Pull requests that add a new extension
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants