Fix a bug where some browsers could not access subtleCrypto.digest when passed around directly

Author: winsmith

src/telemetrydeck.js

@@ -13,7 +13,7 @@ import { version } from './utils/version.js';
  * @property {string} [salt] A salt to use when hashing the clientUser ID
  * @property {boolean} [testMode] If "true", signals will be marked as test signals and only show up in Test Mode in the Dashbaord
  * @property {Store} [store] A store to use for queueing signals
- * @property {Function} [cryptoDigest] A function to use for calculating the SHA-256 hash of the clientUser ID. Null to use the browser's built-in crypto.subtle.digest function.
+ * @property {Function} [subtleCrypto] Used for providing an alternative implementation of SubtleCrypto where no browser is available. Expects a class providing a `.digest(method, value)` method.
  */
 
 export default class TelemetryDeck {
@@ -28,7 +28,7 @@ export default class TelemetryDeck {
    * @param {TelemetryDeckOptions} options
    */
   constructor(options = {}) {
-    const { target, appID, clientUser, sessionID, salt, testMode, store, cryptoDigest } = options;
+    const { target, appID, clientUser, sessionID, salt, testMode, store, subtleCrypto } = options;
 
     if (!appID) {
       throw new Error('appID is required');
@@ -41,7 +41,7 @@ export default class TelemetryDeck {
     this.sessionID = sessionID ?? randomString();
     this.salt = salt ?? this.salt;
     this.testMode = testMode ?? this.testMode;
-    this.cryptoDigest = cryptoDigest;
+    this.subtleCrypto = subtleCrypto;
   }
 
   /**
@@ -95,7 +95,7 @@ export default class TelemetryDeck {
 
   async _hashedClientUser(clientUser, salt) {
     if (clientUser + salt !== this._clientUserAndSalt) {
-      this._clientUserHashed = await sha256([clientUser, salt].join(''), this.cryptoDigest);
+      this._clientUserHashed = await sha256([clientUser, salt].join(''), this.subtleCrypto);
       this._clientUserAndSalt = clientUser + salt;
     }
 

src/utils/sha256.js

@@ -1,19 +1,23 @@
 /**
- * Calculate the SHA-256 hash of a string using a provided crypto digest function.
- * Defaults to globalThis.crypto.subtle.digest if available.
+ * Calculate the SHA-256 hash of a string using a provided instance of SubtleCrypto
+ * (e.g. window.crypto.subtle).
+ *
+ * Requires `.digest()` to be available on the SubtleCrypto instance.
+ *
+ * Defaults to globalThis.crypto.subtle if available.
  *
  * // https://stackoverflow.com/a/48161723/54547
  *
- * @param {Function} cryptoDigest
+ * @param {Function} subtleCrypto
  * @param {string} message
  * @returns {Promise<string>}
  */
-export async function sha256(message, cryptoDigest = globalThis?.crypto?.subtle?.digest) {
+export async function sha256(message, subtleCrypto = globalThis?.crypto?.subtle) {
   // encode as UTF-8
   const messageBuffer = new TextEncoder().encode(message);
 
   // hash the message
-  const hashBuffer = await cryptoDigest('SHA-256', messageBuffer);
+  const hashBuffer = await subtleCrypto.digest('SHA-256', messageBuffer);
 
   // convert ArrayBuffer to Array
   const hashArray = [...new Uint8Array(hashBuffer)];

tests/sdk.test.js

@@ -16,7 +16,9 @@ test.beforeEach((t) => {
   const random = sinon.fake.returns(0.4); // chosen by fair dice roll. guaranteed to be random.
   sinon.replace(Math, 'random', random);
 
-  t.context.cryptoDigest = sinon.fake((_, value) => Promise.resolve(Buffer.from(value)));
+  t.context.subtleCrypto = {
+    digest: sinon.fake((_, value) => Promise.resolve(Buffer.from(value))),
+  };
 });
 
 test.afterEach.always(() => {
@@ -49,12 +51,12 @@ test.serial('Can pass optional user, target and testMode flag', (t) => {
 });
 
 test.serial('Can send a signal', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   const response = await td.signal('test');
@@ -93,12 +95,12 @@ test.serial("Can't send a signal without a type", async (t) => {
 });
 
 test.serial('Can send additional payload attributes', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   const response = await td.signal('test', {
@@ -132,13 +134,13 @@ test.serial('Can send additional payload attributes', async (t) => {
 });
 
 test.serial('Can send a signal with salty user', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
     salt: 'salty',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   const response = await td.signal('test');
@@ -165,13 +167,13 @@ test.serial('Can send a signal with salty user', async (t) => {
 });
 
 test.serial('Can send a signal with sessionID', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
     sessionID: '1234567890',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   const response = await td.signal('test');
@@ -200,13 +202,13 @@ test.serial('Can queue signals and send them later', async (t) => {
     advanceTimeDelta: 10,
   });
   const now = new Date();
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
     sessionID: '1234567890',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   await td.queue('foo');
@@ -277,13 +279,13 @@ test.serial('Can queue signals and send them later', async (t) => {
 });
 
 test.serial('Can build signal payloads', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
     sessionID: '1234567890',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   const response = await td.signal('test', {
@@ -324,9 +326,7 @@ test.serial('Can build signal payloads', async (t) => {
 
 test.serial('Can find build-in crypto digest', async (t) => {
   globalThis.crypto = {
-    subtle: {
-      digest: t.context.cryptoDigest,
-    },
+    subtle: t.context.subtleCrypto,
   };
 
   const td = new TelemetryDeck({
@@ -335,19 +335,19 @@ test.serial('Can find build-in crypto digest', async (t) => {
   });
 
   await td.signal('test');
-  t.is(t.context.cryptoDigest.callCount, 1);
+  t.is(t.context.subtleCrypto.digest.callCount, 1);
 
   delete globalThis.crypto;
 });
 
 test.serial('Changing the salt also changes the hash', async (t) => {
-  const { fake, cryptoDigest } = t.context;
+  const { fake, subtleCrypto } = t.context;
 
   const td = new TelemetryDeck({
     appID: 'foo',
     clientUser: 'anonymous',
     sessionID: '1234567890',
-    cryptoDigest,
+    subtleCrypto,
   });
 
   await td.signal('test');