@safez/fetch-safez
TypeScript icon, indicating that this package has built-in type declarations

1.0.0 • Public • Published

Overview of Fetch-safez

Fetch-safez is a middleware for Fetch, designed to seamlessly encrypt and decrypt HTTP requests and responses, ensuring the security of data in transit by applying robust encryption algorithms. It acts as a vital layer of security for web applications, safeguarding sensitive data from unauthorized access.

By integrating with Fetch, it provides an easy-to-use solution for developers looking to enhance their application's security. The middleware automatically encrypts data before sending it from the client and decrypts received data, ensuring that sensitive information remains protected throughout the transmission process.

Fetch-safez is highly configurable, offering developers the flexibility to set up custom encryption settings based on their specific security requirements. This adaptability makes it suitable for a wide range of applications, from those requiring high levels of data protection to those needing basic encryption for general security enhancement.

  • Supports various encryption standards, ensuring that data is securely encrypted during transit.
  • Helps mitigate the risk of data breaches and cyberattacks by providing an additional layer of security.

Integrating Fetch-safez into web applications is straightforward, enhancing security measures without complicating the development process.

Installation

Integrate Fetch-safez into your project using the following command:


npm install @safez/fetch-safez or yarn add @safez/fetch-safez

Setup and Configuration

Configure Fetch-safez with your Fetch instance to encrypt and decrypt requests and responses:


import {interceptFetch} from '@safez/fetch-safez'

Usage

All Fetch requests and responses will automatically be encrypted and decrypted after configuring Fetch-safez.

Customizing Encryption per Request

Customize the encryption type for specific requests using the x-sz-token header:


interceptFetch({enableSafez:true,safezSaavi:'dummysecretkeyab', cryptoType: 'field'});

The optional values inside interceptFetch are crypto type, configurable values are 'full', 'field', 'none'. When safezEnable is true, default value is full. When configured the safez, all your payload will be encrypted

Customizing request to be encrypted as an object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-sz-token': JSON.stringify(config)
    }
    const response = await fetch('http://example.url/api/post', payload, {
       headers: headers
    });
    // payload will be {encryptedData: 'encrypted string'}

Customizing request not to be encrypted

    const config = {
        cryptoType: 'none',
        encryptErrorCodes: []
    }
    const headers = {
       'x-sz-token': JSON.stringify(config)
    }
   
    const response = await fetch('http://example.url/api/post', payload, {
       headers: headers
    });

Customizing request payload is not encrypted as whole object, but only values of the object

    const payload = {
        name: 'safez',
        product: 'security',
    }
    const config = {
        cryptoType: 'field',
        encryptErrorCodes: []
      }
      const headers = {
        'x-sz-token': JSON.stringify(config)
      }
   
      const response = await fetch('http://example.url/api/post', payload, {
          headers: headers
      });
      // payload will be {name: 'encrypted string', product: 'encrypted string'}

Handling Errors

When utilizing encrypted data communication, it's crucial to handle errors effectively, especially in scenarios involving encrypted error messages. Fetch-safez provides the tools necessary to intercept, decrypt, and process error messages securely, ensuring your application can respond to errors appropriately.

Best Practices for Secure Error Handling

  • Encryption Secret Management: It's vital to protect your encryption secret, ensuring it's never exposed in client-side code or to unauthorized individuals. Use secure storage solutions, like environment variables or secret management services, and restrict access to the encryption secret as much as possible.
  • Optimize Encryption Use: While encryption adds a layer of security, it also introduces complexity and potential performance implications. Use the x-sz-token header to selectively enable or disable encryption for specific requests, balancing security needs with application performance.

Troubleshooting Common Encryption Issues

  • Encryption/Decryption Failures: Ensure that the encryption keys or secrets used on the client and server are identical. Mismatches can prevent successful decryption, leading to errors. Regularly audit and synchronize encryption configurations across your infrastructure.
  • Fetch Interceptor Conflicts: Fetch-safez operates by intercepting requests and responses. If other interceptors are used within your Fetch configuration, ensure they do not conflict or override the functionality of Fetch-safez. Testing interceptor compatibility in development environments is recommended to identify and resolve potential conflicts.

By following these best practices and troubleshooting tips, you can ensure that your application securely handles encrypted error messages and maintains robust data security protocols.

Frequently Asked Questions (FAQ)

Below are answers to some of the most common questions about Fetch-safez, providing further insights into its functionality and integration.

  • Can Fetch-safez be used with any Fetch instance?

    Yes. Fetch-safez is designed to be compatible with any Fetch instance, making it a versatile tool for enhancing the security of HTTP requests and responses across various applications.

  • How can I exclude specific requests from encryption?

    To bypass encryption for particular requests, use the x-sz-token header with a value of 'none'. This tells Fetch-safez to skip encryption for those requests, offering flexibility in how encryption is applied.

Package Sidebar

Install

npm i @safez/fetch-safez

Weekly Downloads

1

Version

1.0.0

License

Apache-2.0

Unpacked Size

16.4 kB

Total Files

5

Last publish

Collaborators

  • judejoseph
  • arunkumarravindran
  • vigneshwaranpandi
  • ramyaselvam
  • aruns1012
  • safestream-admin