Merge pull request #220 from thedanchez/crypto

feat: remove cross-sha256 dependency from js sdk

Author: rvowles

examples/todo-frontend-react-sdk/tsconfig.json

@@ -4,9 +4,6 @@
   "compilerOptions": {
     "baseUrl": ".",
     "paths": {
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ],
       "featurehub-javascript-client-sdk": ["../../packages/js/src"],
       "featurehub-react-sdk": ["../../packages/react/src"]
     }

examples/todo-frontend-react-typescript-catch-and-release/tsconfig.json

@@ -5,9 +5,6 @@
     "baseUrl": ".",
     "outDir": "dist",
     "paths": {
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ],
       "featurehub-javascript-client-sdk": ["../../packages/js/src"]
     }
   },

examples/todo-frontend-react-typescript-feature-override/tsconfig.json

@@ -5,9 +5,6 @@
     "baseUrl": ".",
     "outDir": "dist",
     "paths": {
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ],
       "featurehub-javascript-client-sdk": ["../../packages/js/src"]
     }
   },

examples/todo-frontend-react-typescript/tsconfig.json

@@ -5,9 +5,6 @@
     "baseUrl": ".",
     "outDir": "dist",
     "paths": {
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ],
       "featurehub-javascript-client-sdk": ["../../packages/js/src"]
     }
   },

examples/todo-frontend-solid-sdk/tsconfig.json

@@ -6,9 +6,6 @@
     "outDir": "dist",
     "types": ["vite/client"],
     "paths": {
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ],
       "featurehub-javascript-client-sdk": ["../../packages/js/src"],
       "featurehub-solid-sdk": ["../../packages/solid/src"]
     }

examples/todo-server-tests/tsconfig.json

@@ -12,14 +12,7 @@
     "types": ["node"],
     "paths": {
       "featurehub-javascript-client-sdk": ["../../packages/js/src"],
-      "featurehub-javascript-node-sdk": ["../../packages/node/src"],
-      /*
-        This is a workaround to bypass Typescript checking of the cross-sha256 package.
-        The author of the package improperly exported the source .ts file alongside the js file
-      */
-      "cross-sha256": [
-        "../../node_modules/.pnpm/[email protected]/node_modules/cross-sha256/index.d.ts"
-      ]
+      "featurehub-javascript-node-sdk": ["../../packages/node/src"]
     }
   },
   "include": ["**/*.ts", "**/*.tsx"],

packages/js/package.json

@@ -4,7 +4,6 @@
   "description": "FeatureHub client/browser SDK",
   "author": "[email protected]",
   "type": "module",
-  "sideEffects": false,
   "main": "dist/index.js",
   "types": "dist/index.d.ts",
   "module": "lib/index.js",
@@ -53,12 +52,14 @@
   },
   "devDependencies": {
     "@fluffy-spoon/substitute": "^1.208.0",
+    "@types/jsdom": "^27.0.0",
     "@types/netmask": "^2.0.5",
     "@types/node": "catalog:node",
     "@types/semver-compare": "^1.0.3",
     "@types/sinon": "^10.0.13",
     "@vitest/coverage-istanbul": "catalog:vitest",
     "featurehub-tsconfig": "workspace:*",
+    "jsdom": "^27.1.0",
     "rimraf": "catalog:rimraf",
     "sinon": "^15.0.1",
     "tsup": "catalog:tsup",
@@ -67,8 +68,6 @@
     "vitest": "catalog:vitest"
   },
   "dependencies": {
-    "@juanelas/base64": "^1.1.5",
-    "cross-sha256": "^1.2.0",
     "murmurhash": "^2.0.1",
     "netmask": "^2.0.2",
     "semver-compare": "^1.0.0"

packages/js/src/__tests__/polling_sdk.test.ts

@@ -197,4 +197,91 @@ describe("basic polling sdk works as expected", () => {
       expect(counter).toBe(2);
     });
   });
+
+  describe("attributeHeader hashing", () => {
+    const TEST_HASH = "n4bQgYhMfWWaL-qgxVrQFaO_TxsrC4Is0V1sFbDwCgg";
+    const USER_ID_HASH = "F7827sASf1GewZfMvDzBlYpLnaFcKM0xchzNEElvh94";
+    const SESSION_HASH = "ZJ2mGsLI7CqpUgmQqueaBudcjnxW6SZ9uVuwMWASoe4";
+
+    it("should produce consistent hash results for context headers", async () => {
+      class TestPoller extends PollingBase {
+        constructor() {
+          super("", 0, () => {});
+        }
+
+        poll(): Promise<void> {
+          return Promise.resolve();
+        }
+
+        // Expose the protected _shaHeader for testing
+        get shaHeader(): string {
+          return this._shaHeader;
+        }
+      }
+
+      const testPoller = new TestPoller();
+
+      // Test known hash values to ensure consistency
+      await testPoller.attributeHeader("");
+      expect(testPoller.shaHeader).toBe("0");
+
+      await testPoller.attributeHeader("test");
+      expect(testPoller.shaHeader).toBe(TEST_HASH);
+
+      await testPoller.attributeHeader("user-id:12345");
+      expect(testPoller.shaHeader).toBe(USER_ID_HASH);
+
+      await testPoller.attributeHeader("user-id:12345,session:abcdef");
+      expect(testPoller.shaHeader).toBe(SESSION_HASH);
+    });
+
+    it("produces same hash results in browser environment as node environment", async () => {
+      // Create JSDOM environment to simulate browser
+      const { JSDOM } = await import("jsdom");
+      const dom = new JSDOM("", {
+        url: "https://localhost",
+        pretendToBeVisual: true,
+        resources: "usable",
+      });
+
+      // Store original window
+      const originalWindow = (globalThis as any).window;
+
+      try {
+        // Set up browser-like environment
+        (globalThis as any).window = dom.window;
+
+        Object.defineProperty(globalThis, "window", {
+          value: dom.window,
+          writable: true,
+          configurable: true,
+        });
+
+        const { webcrypto } = await import("crypto");
+        Object.defineProperty(globalThis.window, "crypto", {
+          value: {
+            ...webcrypto,
+            subtle: webcrypto.subtle,
+          },
+          writable: true,
+          configurable: true,
+        });
+
+        const { createBase64UrlSafeHash } = await import("../crypto/crypto-browser");
+
+        const testHash = await createBase64UrlSafeHash("sha256", "test");
+        expect(testHash).toBe(TEST_HASH);
+
+        const userIdHash = await createBase64UrlSafeHash("sha256", "user-id:12345");
+        expect(userIdHash).toBe(USER_ID_HASH);
+
+        const sessionHash = await createBase64UrlSafeHash("sha256", "user-id:12345,session:abcdef");
+        expect(sessionHash).toBe(SESSION_HASH);
+      } finally {
+        // Restore original window
+        (globalThis as any).window = originalWindow;
+        dom.window.close();
+      }
+    });
+  });
 });

packages/js/src/crypto/crypto-browser.ts

@@ -0,0 +1,37 @@
+/**
+ * Browser crypto utilities using Web Crypto API
+ * This module should only be imported in browser environments
+ */
+
+import type { HashAlgorithm } from "./types";
+
+const algorithmMap: Record<HashAlgorithm, string> = {
+  sha1: "SHA-1",
+  sha256: "SHA-256",
+  sha384: "SHA-384",
+  sha512: "SHA-512",
+};
+
+export const createBase64UrlSafeHash = async (algorithm: string, data: string): Promise<string> => {
+  const encoder = new TextEncoder();
+  const dataBuffer = encoder.encode(data);
+
+  const cryptoAlgorithm = algorithmMap[algorithm as HashAlgorithm];
+  if (!cryptoAlgorithm) {
+    throw new Error(`Unsupported hash algorithm: ${algorithm}`);
+  }
+
+  const hashBuffer = await window.crypto.subtle.digest(cryptoAlgorithm, dataBuffer);
+  const hashArray = new Uint8Array(hashBuffer);
+
+  // Convert to base64
+  let binary = "";
+  for (let i = 0; i < hashArray.byteLength; i++) {
+    binary += String.fromCharCode(hashArray[i]!);
+  }
+
+  const base64 = btoa(binary);
+
+  // Convert to base64 url encoding (no padding)
+  return base64.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+};

packages/js/src/crypto/crypto-node.ts

@@ -0,0 +1,17 @@
+/**
+ * Node.js/Bun/Deno crypto utilities
+ * This module should only be imported in server environments
+ */
+
+import type { HashAlgorithm } from "./types";
+
+export const createBase64UrlSafeHash = async (
+  algorithm: HashAlgorithm,
+  data: string,
+): Promise<string> => {
+  const crypto = await import("crypto");
+  const hash = crypto.createHash(algorithm).update(data).digest("base64");
+
+  // Convert to base64 url encoding (no padding)
+  return hash.replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
+};