├── FUNDING.yml ├── src ├── button.test.ts ├── execute.test.ts ├── input.test.ts ├── loader.test.ts ├── main.test.ts ├── worker.test.ts ├── get-domain.test.ts ├── worker-client.test.ts ├── fill-in-password.test.ts ├── fire-and-forget.test.ts ├── user-interface.test.ts ├── worker-protocol.test.ts ├── get-is-password-field-active.test.ts ├── get-domain.ts ├── worker-protocol.ts ├── fire-and-forget.ts ├── worker.ts ├── hashpass.ts ├── execute.ts ├── loader.tsx ├── get-is-password-field-active.ts ├── fill-in-password.ts ├── worker-client.ts ├── hashpass.test.ts ├── button.tsx ├── main.tsx ├── input.tsx └── user-interface.tsx ├── images ├── icon.png ├── screenshot1.png ├── screenshot2.png ├── screenshot3.png ├── check.svg ├── log-in.svg ├── refresh.svg ├── clipboard-copy.svg ├── eye.svg ├── eye-off.svg └── icon.svg ├── .prettierrc.js ├── .gitignore ├── .github ├── pull_request_template.md ├── ISSUE_TEMPLATE │ ├── feature_request.md │ └── bug_report.md └── workflows │ └── ci.yml ├── webpack.production.js ├── tsconfig.json ├── webpack.development.js ├── index.html ├── jest.config.js ├── CONTRIBUTING.md ├── webpack.common.js ├── manifest.json ├── LICENSE.md ├── HEROICONS-LICENSE.md ├── package.json ├── MAINTAINERS.md ├── CHANGELOG.md ├── README.md ├── CODE_OF_CONDUCT.md ├── toast.yml └── .eslintrc.js /FUNDING.yml: -------------------------------------------------------------------------------- 1 | github: stepchowfun 2 | -------------------------------------------------------------------------------- /src/button.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/execute.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/input.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/loader.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/main.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/worker.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/get-domain.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/worker-client.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/fill-in-password.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/fire-and-forget.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/user-interface.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/worker-protocol.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /src/get-is-password-field-active.test.ts: -------------------------------------------------------------------------------- 1 | test.todo('todo'); 2 | -------------------------------------------------------------------------------- /images/icon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stepchowfun/hashpass/HEAD/images/icon.png -------------------------------------------------------------------------------- /.prettierrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | proseWrap: 'always', 3 | singleQuote: true, 4 | }; 5 | -------------------------------------------------------------------------------- /images/screenshot1.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stepchowfun/hashpass/HEAD/images/screenshot1.png -------------------------------------------------------------------------------- /images/screenshot2.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stepchowfun/hashpass/HEAD/images/screenshot2.png -------------------------------------------------------------------------------- /images/screenshot3.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/stepchowfun/hashpass/HEAD/images/screenshot3.png -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | # Keep this in sync with [ref:excluded_input_paths]. 2 | /website/ 3 | /dist/ 4 | /hashpass.zip 5 | /node_modules/ 6 | -------------------------------------------------------------------------------- /.github/pull_request_template.md: -------------------------------------------------------------------------------- 1 | A clear description of the change. 2 | 3 | **Status:** Ready / In development 4 | 5 | **Fixes:** Link to issue (if applicable) 6 | -------------------------------------------------------------------------------- /src/get-domain.ts: -------------------------------------------------------------------------------- 1 | import execute from './execute'; 2 | 3 | export default async function getDomain(): Promise { 4 | return await execute((argument: null) => window.location.hostname, null); 5 | } 6 | -------------------------------------------------------------------------------- /webpack.production.js: -------------------------------------------------------------------------------- 1 | const { merge } = require('webpack-merge'); 2 | const common = require('./webpack.common.js'); 3 | 4 | module.exports = merge(common, { 5 | // Production mode 6 | mode: 'production', 7 | }); 8 | -------------------------------------------------------------------------------- /images/check.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /src/worker-protocol.ts: -------------------------------------------------------------------------------- 1 | export interface Request { 2 | messageId: number; 3 | domain: string; 4 | universalPassword: string; 5 | } 6 | 7 | export interface Response { 8 | messageId: number; 9 | generatedPassword: string; 10 | } 11 | -------------------------------------------------------------------------------- /tsconfig.json: -------------------------------------------------------------------------------- 1 | { 2 | "compilerOptions": { 3 | "jsx": "react", 4 | "module": "nodenext", 5 | "outDir": "dist", 6 | "sourceMap": true, 7 | "strict": true, 8 | "target": "es2021" 9 | }, 10 | "include": ["src/**/*.tsx"] 11 | } 12 | -------------------------------------------------------------------------------- /src/fire-and-forget.ts: -------------------------------------------------------------------------------- 1 | export default function fireAndForget(promise: Promise): void { 2 | // If the promise fails, just log the error and continue. 3 | promise.catch((e) => { 4 | window.requestAnimationFrame(() => { 5 | throw e; 6 | }); 7 | }); 8 | } 9 | -------------------------------------------------------------------------------- /webpack.development.js: -------------------------------------------------------------------------------- 1 | const { merge } = require('webpack-merge'); 2 | const common = require('./webpack.common.js'); 3 | 4 | module.exports = merge(common, { 5 | // Development mode 6 | mode: 'development', 7 | 8 | // Enable source maps. 9 | devtool: 'inline-source-map', 10 | }); 11 | -------------------------------------------------------------------------------- /images/log-in.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /images/refresh.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /index.html: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Hashpass 6 | 7 | 8 | 9 | 10 | 11 | 12 | 13 | -------------------------------------------------------------------------------- /images/clipboard-copy.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /jest.config.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | preset: 'ts-jest', 3 | roots: ['/src'], 4 | // See https://github.com/kulshekhar/ts-jest/issues/748 for why we've silenced the warning. 5 | transform: { 6 | '^.+\\.tsx?$': [ 7 | 'ts-jest', 8 | { 9 | diagnostics: { 10 | ignoreCodes: [151001], 11 | }, 12 | }, 13 | ], 14 | }, 15 | }; 16 | -------------------------------------------------------------------------------- /src/worker.ts: -------------------------------------------------------------------------------- 1 | import hashpass from './hashpass'; 2 | import type { Request, Response } from './worker-protocol'; 3 | 4 | self.onmessage = (event) => { 5 | let request: Request = event.data; 6 | 7 | let response: Response = { 8 | messageId: request.messageId, 9 | generatedPassword: hashpass(request.domain, request.universalPassword), 10 | }; 11 | 12 | self.postMessage(response); 13 | }; 14 | -------------------------------------------------------------------------------- /images/eye.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea for a new feature 4 | title: '' 5 | labels: enhancement 6 | assignees: '' 7 | --- 8 | 9 | **Description** A clear description of what you want to happen. 10 | 11 | **Alternatives considered** A clear description of any alternative solutions or 12 | features you've considered. 13 | 14 | **Additional context** Add any other context about the feature request here. 15 | -------------------------------------------------------------------------------- /images/eye-off.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | -------------------------------------------------------------------------------- /src/hashpass.ts: -------------------------------------------------------------------------------- 1 | import sha256, { Hash } from 'fast-sha256'; 2 | import { fromByteArray } from 'base64-js'; 3 | 4 | const rounds = Math.pow(2, 16); 5 | 6 | export default function hashpass( 7 | domain: string, 8 | universalPassword: string, 9 | ): string { 10 | let bytes = new TextEncoder().encode( 11 | `${domain.trim().toLowerCase()}/${universalPassword}`, 12 | ); 13 | 14 | for (let i = 0; i < rounds; i += 1) { 15 | bytes = sha256(bytes); 16 | } 17 | 18 | return fromByteArray(bytes).slice(0, 16); 19 | } 20 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug_report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Create a bug report to help us improve 4 | title: '' 5 | labels: bug 6 | assignees: '' 7 | --- 8 | 9 | **Description** A clear description of what the bug is. 10 | 11 | **Instructions to reproduce the bug** A clear explanation of how to reproduce 12 | the bug. 13 | 14 | **Environment information:** 15 | 16 | - Hashpass version: [e.g. 0.0.0] 17 | - Chrome version: [e.g. 97.0.4692.71 (Official Build) (x86_64)] 18 | - OS: [e.g. macOS Big Sur 11.4 (20F71)] 19 | 20 | **Additional context** Add any other context about the problem here. 21 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | Thank you for your interest in contributing! You can contribute by filing 4 | [issues](https://github.com/stepchowfun/hashpass/issues) and submitting 5 | [pull requests](https://github.com/stepchowfun/hashpass/pulls). Please observe 6 | our 7 | [code of conduct](https://github.com/stepchowfun/hashpass/blob/main/CODE_OF_CONDUCT.md). 8 | 9 | If you submit a pull request, please ensure your change passes the 10 | [GitHub Actions](https://github.com/stepchowfun/hashpass/actions) CI checks. 11 | This will be apparent from the required status check(s) in the pull request. 12 | -------------------------------------------------------------------------------- /webpack.common.js: -------------------------------------------------------------------------------- 1 | const path = require('path'); 2 | 3 | module.exports = { 4 | entry: { 5 | main: './src/main.tsx', 6 | worker: './src/worker.ts', 7 | }, 8 | resolve: { 9 | extensions: ['.js', '.ts', '.tsx'], 10 | }, 11 | module: { 12 | rules: [ 13 | { 14 | test: /\.(ts|tsx)$/, 15 | include: path.resolve(__dirname, 'src'), 16 | loader: 'ts-loader', 17 | options: { 18 | configFile: path.resolve(__dirname, 'tsconfig.json'), 19 | }, 20 | }, 21 | ], 22 | }, 23 | output: { 24 | filename: '[name].bundle.js', 25 | path: path.resolve(__dirname, 'dist'), 26 | }, 27 | }; 28 | -------------------------------------------------------------------------------- /src/execute.ts: -------------------------------------------------------------------------------- 1 | export default async function execute( 2 | func: (argument: T) => U, 3 | argument: T, 4 | ): Promise { 5 | let tab; 6 | 7 | try { 8 | [tab] = await chrome.tabs.query({ active: true, currentWindow: true }); 9 | } catch (e) { 10 | return null; 11 | } 12 | 13 | const tabId = tab.id; 14 | 15 | if (tabId === undefined) { 16 | return null; 17 | } 18 | 19 | let result; 20 | 21 | try { 22 | [{ result }] = await chrome.scripting.executeScript({ 23 | target: { tabId }, 24 | func, 25 | args: [argument], 26 | }); 27 | } catch (e) { 28 | return null; 29 | } 30 | 31 | return result as Promise; 32 | } 33 | -------------------------------------------------------------------------------- /manifest.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "Hashpass", 3 | "description": "A simple password manager with a twist.", 4 | "version": "2.1.7", 5 | "manifest_version": 3, 6 | "permissions": ["activeTab", "scripting"], 7 | "action": { 8 | "default_popup": "index.html", 9 | "default_icon": { 10 | "16": "images/icon.png", 11 | "32": "images/icon.png", 12 | "48": "images/icon.png", 13 | "128": "images/icon.png" 14 | } 15 | }, 16 | "icons": { 17 | "16": "images/icon.png", 18 | "32": "images/icon.png", 19 | "48": "images/icon.png", 20 | "128": "images/icon.png" 21 | }, 22 | "commands": { 23 | "_execute_action": { 24 | "suggested_key": { 25 | "default": "Ctrl+Shift+P" 26 | }, 27 | "description": "Opens Hashpass" 28 | } 29 | } 30 | } 31 | -------------------------------------------------------------------------------- /src/loader.tsx: -------------------------------------------------------------------------------- 1 | import * as React from 'react'; 2 | import { useEffect, useState } from 'react'; 3 | 4 | import UserInterface from './user-interface'; 5 | import fireAndForget from './fire-and-forget'; 6 | import getDomain from './get-domain'; 7 | import getIsPasswordFieldActive from './get-is-password-field-active'; 8 | 9 | const Loader = (): React.ReactElement | null => { 10 | const [domain, setDomain] = useState(null); 11 | const [isPasswordFieldActive, setIsPasswordFieldActive] = 12 | useState(false); 13 | 14 | useEffect(() => { 15 | fireAndForget( 16 | (async (): Promise => { 17 | setDomain((await getDomain()) ?? ''); 18 | setIsPasswordFieldActive((await getIsPasswordFieldActive()) ?? false); 19 | })(), 20 | ); 21 | }, []); 22 | 23 | return ( 24 | 28 | ); 29 | }; 30 | 31 | export default Loader; 32 | -------------------------------------------------------------------------------- /src/get-is-password-field-active.ts: -------------------------------------------------------------------------------- 1 | import execute from './execute'; 2 | 3 | export default async function getIsPasswordFieldActive(): Promise< 4 | boolean | null 5 | > { 6 | return await execute((argument: null) => { 7 | let element = document.activeElement; 8 | let iframeElementType = HTMLIFrameElement; 9 | let inputElementType = HTMLInputElement; 10 | 11 | while (element instanceof iframeElementType) { 12 | const contentDocument = element.contentDocument; 13 | const contentWindow = element.contentWindow; 14 | 15 | if (contentDocument !== null && contentWindow !== null) { 16 | element = contentDocument.activeElement; 17 | iframeElementType = (contentWindow as any).HTMLIFrameElement; 18 | inputElementType = (contentWindow as any).HTMLInputElement; 19 | } 20 | } 21 | 22 | if (element instanceof inputElementType) { 23 | return element.type.trim().toLowerCase() === 'password'; 24 | } 25 | 26 | return false; 27 | }, null); 28 | } 29 | -------------------------------------------------------------------------------- /src/fill-in-password.ts: -------------------------------------------------------------------------------- 1 | import execute from './execute'; 2 | 3 | export default async function fillInPassword( 4 | generatedPassword: string, 5 | ): Promise { 6 | return await execute((generatedPassword: string) => { 7 | let element = document.activeElement; 8 | let iframeElementType = HTMLIFrameElement; 9 | let inputElementType = HTMLInputElement; 10 | 11 | while (element instanceof iframeElementType) { 12 | const contentDocument = element.contentDocument; 13 | const contentWindow = element.contentWindow; 14 | 15 | if (contentDocument !== null && contentWindow !== null) { 16 | element = contentDocument.activeElement; 17 | iframeElementType = (contentWindow as any).HTMLIFrameElement; 18 | inputElementType = (contentWindow as any).HTMLInputElement; 19 | } 20 | } 21 | 22 | if (element instanceof inputElementType) { 23 | element.value = generatedPassword; 24 | return undefined; 25 | } 26 | 27 | return null; 28 | }, generatedPassword); 29 | } 30 | -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | # License 2 | 3 | Copyright 2025 Stephan Boyer 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /HEROICONS-LICENSE.md: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) 2020 Refactoring UI Inc. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy of 6 | this software and associated documentation files (the "Software"), to deal in 7 | the Software without restriction, including without limitation the rights to 8 | use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of 9 | the Software, and to permit persons to whom the Software is furnished to do so, 10 | subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS 17 | FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR 18 | COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER 19 | IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN 20 | CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 21 | -------------------------------------------------------------------------------- /src/worker-client.ts: -------------------------------------------------------------------------------- 1 | import type { Request, Response } from './worker-protocol'; 2 | 3 | // Spawn a web worker for offloading password generation to a dedicated thread. 4 | const worker = new Worker('dist/worker.bundle.js'); 5 | 6 | // Each message has a unique auto-incrementing identifier. 7 | let nextMessageId = 0; 8 | 9 | // Keep track of all in-flight requests so we know what to do with the corresponding responses. 10 | let requests: Record void> = {}; 11 | 12 | // This is the handler for incoming responses. 13 | worker.onmessage = (event: MessageEvent) => { 14 | requests[event.data.messageId](event.data.generatedPassword); 15 | delete requests[event.data.messageId]; 16 | }; 17 | 18 | export default function hashpass( 19 | domain: string, 20 | universalPassword: string, 21 | ): Promise { 22 | return new Promise((resolve, reject) => { 23 | let request: Request = { 24 | messageId: nextMessageId, 25 | domain, 26 | universalPassword, 27 | }; 28 | 29 | requests[nextMessageId] = resolve; 30 | 31 | worker.postMessage(request); 32 | 33 | nextMessageId = (nextMessageId + 1) % Number.MAX_SAFE_INTEGER; 34 | }); 35 | } 36 | -------------------------------------------------------------------------------- /.github/workflows/ci.yml: -------------------------------------------------------------------------------- 1 | name: Continuous integration 2 | on: 3 | pull_request: 4 | push: 5 | branches: 6 | - main 7 | jobs: 8 | ci: 9 | name: Validate 10 | runs-on: ubuntu-latest 11 | steps: 12 | - uses: actions/checkout@v4 13 | - if: ${{ github.event_name == 'push' }} 14 | uses: docker/login-action@v3 15 | with: 16 | username: stephanmisc 17 | password: ${{ secrets.DOCKER_PASSWORD }} 18 | - uses: stepchowfun/toast/.github/actions/toast@main 19 | with: 20 | tasks: build check release 21 | docker_repo: stephanmisc/toast 22 | read_remote_cache: true 23 | write_remote_cache: ${{ github.event_name == 'push' }} 24 | - uses: actions/upload-pages-artifact@v3 25 | with: 26 | path: website/ 27 | deploy_github_pages: 28 | name: Deploy to GitHub pages 29 | if: ${{ github.event_name == 'push' }} 30 | needs: ci 31 | runs-on: ubuntu-latest 32 | environment: 33 | name: github-pages 34 | url: ${{steps.deployment.outputs.page_url}} 35 | permissions: 36 | pages: write 37 | id-token: write 38 | steps: 39 | - uses: actions/deploy-pages@v4 40 | -------------------------------------------------------------------------------- /images/icon.svg: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | 11 | 12 | -------------------------------------------------------------------------------- /src/hashpass.test.ts: -------------------------------------------------------------------------------- 1 | import hashpass from './hashpass'; 2 | 3 | test('returns the correct result for empty inputs', () => { 4 | expect(hashpass('', '')).toBe('QLVrEfcwJgNzLdCK'); 5 | }); 6 | 7 | test('returns the correct result for an example domain and password', () => { 8 | expect(hashpass('www.example.com', 'password')).toBe('iOHMvVHFSjclBQgu'); 9 | }); 10 | 11 | test('strips whitespace from the domain', () => { 12 | expect(hashpass('www.example.com', 'password')).toBe('iOHMvVHFSjclBQgu'); 13 | expect(hashpass(' www.example.com ', 'password')).toBe('iOHMvVHFSjclBQgu'); 14 | }); 15 | 16 | test('does not strip whitespace from the password', () => { 17 | expect(hashpass('www.example.com', 'password')).toBe('iOHMvVHFSjclBQgu'); 18 | expect(hashpass('www.example.com', ' password ')).not.toBe( 19 | 'iOHMvVHFSjclBQgu', 20 | ); 21 | }); 22 | 23 | test('is case-insensitive for domains', () => { 24 | expect(hashpass('www.example.com', 'password')).toBe('iOHMvVHFSjclBQgu'); 25 | expect(hashpass('Www.Example.Com', 'password')).toBe('iOHMvVHFSjclBQgu'); 26 | }); 27 | 28 | test('is case-sensitive for passwords', () => { 29 | expect(hashpass('www.example.com', 'password')).toBe('iOHMvVHFSjclBQgu'); 30 | expect(hashpass('www.example.com', 'Password')).not.toBe('iOHMvVHFSjclBQgu'); 31 | }); 32 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "hashpass", 3 | "version": "2.1.7", 4 | "scripts": { 5 | "build-production": "rm -rf dist && webpack --config webpack.production.js", 6 | "build-development": "rm -rf dist && webpack --config webpack.development.js", 7 | "check": "jest --config jest.config.js && eslint --config .eslintrc.js --ignore-path .gitignore --report-unused-disable-directives --max-warnings 0 'src/**/*.tsx' && prettier --config .prettierrc.js --ignore-path .gitignore --check .", 8 | "format": "prettier --config .prettierrc.js --ignore-path .gitignore --write ." 9 | }, 10 | "devDependencies": { 11 | "@types/chrome": "^0.0.254", 12 | "@types/debounce": "^1.2.4", 13 | "@types/jest": "^29.5.11", 14 | "@types/react": "^18.2.45", 15 | "@types/react-dom": "^18.2.17", 16 | "@typescript-eslint/eslint-plugin": "^6.14.0", 17 | "@typescript-eslint/parser": "^6.14.0", 18 | "eslint": "^8.55.0", 19 | "eslint-config-airbnb-base": "^15.0.0", 20 | "eslint-config-prettier": "^9.1.0", 21 | "eslint-import-resolver-webpack": "^0.13.8", 22 | "eslint-plugin-eslint-comments": "^3.2.0", 23 | "eslint-plugin-import": "^2.29.0", 24 | "eslint-plugin-jest": "^27.6.0", 25 | "eslint-plugin-react": "^7.33.2", 26 | "eslint-plugin-react-hooks": "^4.6.0", 27 | "jest": "^29.7.0", 28 | "prettier": "^3.1.1", 29 | "ts-jest": "^29.1.1", 30 | "ts-loader": "^9.5.1", 31 | "typescript": "^5.3.3", 32 | "webpack": "^5.94.0", 33 | "webpack-cli": "^5.1.4" 34 | }, 35 | "dependencies": { 36 | "base64-js": "^1.5.1", 37 | "debounce": "^2.0.0", 38 | "fast-sha256": "^1.3.0", 39 | "jss": "^10.10.0", 40 | "jss-preset-default": "^10.10.0", 41 | "react": "^18.2.0", 42 | "react-dom": "^18.2.0", 43 | "react-jss": "^10.10.0" 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /MAINTAINERS.md: -------------------------------------------------------------------------------- 1 | # Maintainers 2 | 3 | This document describes some instructions for maintainers. Other contributors 4 | and users need not be concerned with this material. 5 | 6 | ### GitHub instructions 7 | 8 | When setting up the repository on GitHub, configure the following settings: 9 | 10 | - Under `General` → `Pull Requests`, enable 11 | `Automatically delete head branches`. 12 | - Under `Secrets and variables`: 13 | - Under `Actions`, add a `DOCKER_PASSWORD` repository secret with an 14 | appropriate value. 15 | - Under `Dependabot`, add the `DOCKER_PASSWORD` repository secret from above. 16 | - Under `Branches`, click `Add a branch ruleset` and configure it as follows: 17 | - For the ruleset name, you can use the name of the branch: `main`. 18 | - Set `Enforcement status` to `Active` 19 | - Under `Targets` → `Target branches`, click `Add target` and select 20 | `Include default branch` from the dropdown menu. 21 | - Under `Rules` → `Branch rules`, check `Require status checks to pass` and 22 | configure it as follows before clicking the `Create` button: 23 | - Enable `Require branches to be up to date before merging` 24 | - Click the `Add checks` button and add the `Validate` status check (you may 25 | need to use the search box to find it). 26 | - Under `Pages`, change the `Source` to `GitHub Actions` and check 27 | `Enforce HTTPS`. 28 | 29 | ### Release instructions 30 | 31 | Follow these steps to release a new version: 32 | 33 | 1. Bump the version in `[file:manifest.json]` and `[file:package.json]`, run 34 | `npm install` to update `[file:package-lock.json]`, and update 35 | `[file:CHANGELOG.md]` with information about the new version. Ship those 36 | changes as a single commit. 37 | 2. Run `toast release` to build the extension. It will produce a file called 38 | `hashpass.zip`. 39 | 3. Upload the ZIP file to the 40 | [Chrome Developer Dashboard](https://chrome.google.com/webstore/devconsole/) 41 | and publish the new version. 42 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | # Changelog 2 | 3 | All notable changes to this project will be documented in this file. 4 | 5 | The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), 6 | and this project adheres to 7 | [Semantic Versioning](https://semver.org/spec/v2.0.0.html). 8 | 9 | ## [2.1.7] - 2024-01-06 10 | 11 | ### Changed 12 | 13 | - The website is a little more polished now. 14 | 15 | ## [2.1.6] - 2024-01-05 16 | 17 | Nothing changed in this version except internal refactoring needed to support 18 | the website. Before this version, Hashpass was only a Chrome extension and not a 19 | standalone website. 20 | 21 | ## [2.1.5] - 2022-02-09 22 | 23 | ### Changed 24 | 25 | - The icon has been updated. 26 | 27 | ## [2.1.4] - 2022-02-06 28 | 29 | ### Changed 30 | 31 | - The password fields now use a monospace font that makes it easier to 32 | distinguish between `O`/`0` and `I`/`l`/`1`. 33 | 34 | ## [2.1.3] - 2022-02-06 35 | 36 | ### Changed 37 | 38 | - The icon has been updated. 39 | 40 | ## [2.1.2] - 2022-01-27 41 | 42 | ### Changed 43 | 44 | - The button to reset the domain is now hidden when clicking the button would 45 | have no effect. 46 | - When using the button to copy the generated password to the clipboard, there 47 | is now a visual indication that the operation was successful. 48 | 49 | ## [2.1.1] - 2022-01-26 50 | 51 | ### Changed 52 | 53 | - Hashpass now works even if it does not have access to the current tab, even 54 | thouhg in that case some functionality is limited. In particular, it cannot 55 | automatically determine the domain or fill in the password field. 56 | 57 | ## [2.1.0] - 2022-01-25 58 | 59 | ### Fixed 60 | 61 | - A subtle race condition has been fixed. 62 | 63 | ## [2.0.2] - 2022-01-25 64 | 65 | ### Changed 66 | 67 | - Hashpass now has a subtle visual indication of when its recalculating the 68 | generated password. 69 | 70 | ## [2.0.1] - 2022-01-25 71 | 72 | ### Changed 73 | 74 | - Hashpass now generates passwords in a background thread to avoid locking up 75 | the main thread. 76 | 77 | ## [2.0.0] - 2022-01-23 78 | 79 | ### Changed 80 | 81 | - Hashpass can now be invoked with the keyboard shortcut Ctrl+Shift+P on 82 | non-macOS operating systems and Cmd+Shift+P on macOS. 83 | - Hashpass has been completely rewritten and modernized. 84 | 85 | ### Added 86 | 87 | - This changelog was added. 88 | -------------------------------------------------------------------------------- /src/button.tsx: -------------------------------------------------------------------------------- 1 | import * as React from 'react'; 2 | import { createUseStyles } from 'react-jss'; 3 | import { useCallback } from 'react'; 4 | 5 | export type ButtonType = 6 | | { type: 'noninteractive' } 7 | | { type: 'normal'; onClick: () => void } 8 | | { type: 'submit' }; 9 | 10 | interface ButtonStyleArgs { 11 | interactive: boolean; 12 | } 13 | 14 | const useStyles = createUseStyles({ 15 | button: { 16 | display: 'block', 17 | width: '24px', 18 | height: '24px', 19 | marginRight: '4px', 20 | border: '0px', 21 | padding: '0px', 22 | background: 'transparent', 23 | cursor: ({ interactive }: ButtonStyleArgs) => 24 | interactive ? 'pointer' : 'default', 25 | pointerEvents: 'auto', // Override [ref:button_container_pointer_events_none]. 26 | 27 | // The 0.25 value was calculated to match the border and label color. 28 | opacity: ({ interactive }: ButtonStyleArgs) => (interactive ? '0.25' : '1'), 29 | 30 | '&:focus, &:hover': { 31 | opacity: '1', 32 | outline: 'none', 33 | }, 34 | '&:active': { 35 | opacity: ({ interactive }: ButtonStyleArgs) => 36 | interactive ? '0.6' : '1', 37 | }, 38 | }, 39 | icon: { 40 | display: 'block', 41 | width: '24px', 42 | height: '24px', 43 | border: '0px', 44 | padding: '0px', 45 | }, 46 | }); 47 | 48 | export const Button = ({ 49 | buttonType, 50 | description, 51 | imageName, 52 | }: { 53 | readonly buttonType: ButtonType; 54 | readonly description: string; 55 | readonly imageName: string; 56 | }): React.ReactElement => { 57 | const classes = useStyles({ 58 | interactive: buttonType.type !== 'noninteractive', 59 | }); 60 | 61 | const onClick = useCallback( 62 | (event: React.MouseEvent): void => { 63 | event.currentTarget.blur(); 64 | 65 | if (buttonType.type === 'normal') { 66 | event.preventDefault(); 67 | event.stopPropagation(); 68 | buttonType.onClick(); 69 | } 70 | }, 71 | [buttonType], 72 | ); 73 | 74 | return ( 75 | 83 | ); 84 | }; 85 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Hashpass: a simple password manager with a twist 2 | 3 | [![Build status](https://github.com/stepchowfun/hashpass/actions/workflows/ci.yml/badge.svg?branch=main)](https://github.com/stepchowfun/hashpass/actions?query=branch%3Amain) 4 | 5 | [Hashpass](https://chrome.google.com/webstore/detail/hashpass/gkmegkoiplibopkmieofaaeloldidnko) 6 | is a password manager which doesn't store any passwords. Instead, it generates 7 | passwords on the fly using a 8 | [cryptographic hash function](https://en.wikipedia.org/wiki/Cryptographic_hash_function) 9 | of the domain of the website you're visiting and a single universal password 10 | that you memorize. This gives you: 11 | 12 | - the security of having a unique password for each website, 13 | - the convenience of only having to memorize one password, 14 | - the comfort of knowing that neither you nor any third party can lose or leak 15 | your passwords. 16 | 17 | ![Screenshot](https://github.com/stepchowfun/hashpass/blob/main/images/screenshot3.png) 18 | 19 | ## How it works 20 | 21 | First, you decide on a _universal password_. That's the only password you need 22 | to memorize, so make it a good one. 23 | 24 | Suppose your universal password is `correcthorsebatterystaple`, and you want to 25 | sign up for or log into `example.com`. Hashpass combines your universal password 26 | with the website domain as follows: `example.com/correcthorsebatterystaple`. It 27 | then computes the [SHA-256 hash](http://en.wikipedia.org/wiki/SHA-2) of that 28 | string. It hashes it again and again, `2^16` times in total. Finally, it outputs 29 | the first 96 bits of the result, encoded as 16 characters in 30 | [Base64](http://en.wikipedia.org/wiki/Base64). For this example, the final 31 | output is `CqYHklMMg9/GTL0g`. That's your password for `example.com`. 32 | 33 | For people who know how to read computer code, the following Python script 34 | implements the Hashpass algorithm: 35 | 36 | ```python 37 | import base64 38 | import getpass 39 | import hashlib 40 | 41 | domain = input('Domain: ').strip().lower() 42 | universal_password = getpass.getpass('Universal password: ') 43 | 44 | bits = (domain + '/' + universal_password).encode() 45 | for i in range(2 ** 16): 46 | bits = hashlib.sha256(bits).digest() 47 | generated_password = base64.b64encode(bits).decode()[:16] 48 | 49 | print('Domain-specific password: ' + generated_password) 50 | ``` 51 | 52 | ## Installation instructions 53 | 54 | You can install Hashpass from the Chrome Web Store 55 | [here](https://chrome.google.com/webstore/detail/hashpass/gkmegkoiplibopkmieofaaeloldidnko). 56 | Then you can find the Hashpass button next to your address bar or in the 57 | extensions dropdown. By default, you can also open Hashpass with `Ctrl+Shift+P` 58 | (`Cmd+Shift+P` on macOS). 59 | 60 | ## Website 61 | 62 | Hashpass is also available on the web at 63 | [stepchowfun.github.io/hashpass](https://stepchowfun.github.io/hashpass/), 64 | although the Chrome extension is generally more ergonomic to use since it can 65 | interact with the page you're logging into. 66 | -------------------------------------------------------------------------------- /src/main.tsx: -------------------------------------------------------------------------------- 1 | import * as React from 'react'; 2 | import jss from 'jss'; 3 | import preset from 'jss-preset-default'; 4 | import { createRoot } from 'react-dom/client'; 5 | import { createUseStyles } from 'react-jss'; 6 | 7 | import Loader from './loader'; 8 | 9 | const chromeExtensionProtocol = 'chrome-extension:'; 10 | const chromeExtensionUrl = 11 | 'https://chromewebstore.google.com/detail/hashpass/' + 12 | 'gkmegkoiplibopkmieofaaeloldidnko'; 13 | const githubUrl = 'https://github.com/stepchowfun/hashpass'; 14 | 15 | jss.setup(preset()); 16 | 17 | jss 18 | .createStyleSheet({ 19 | '@global': { 20 | '*, *::before, *::after': { 21 | boxSizing: 'border-box', 22 | margin: 0, 23 | }, 24 | body: { 25 | // Create a block formatting context to contain margins of descendants. 26 | display: 'flow-root', 27 | 28 | textRendering: 'optimizeLegibility', 29 | '-webkit-font-smoothing': 'antialiased', 30 | fontFamily: [ 31 | '-apple-system', 32 | 'BlinkMacSystemFont', 33 | '"Segoe UI"', 34 | 'Roboto', 35 | 'Oxygen-Sans', 36 | 'Ubuntu', 37 | 'Cantarell', 38 | '"Helvetica Neue"', 39 | 'sans-serif', 40 | ], 41 | }, 42 | 'input, button, textarea, select': { 43 | font: 'inherit', 44 | }, 45 | }, 46 | }) 47 | .attach(); 48 | 49 | const useStyles = createUseStyles({ 50 | extensionContainer: { 51 | margin: '16px', 52 | }, 53 | websiteContainer: { 54 | width: 'min-content', 55 | position: 'absolute', 56 | top: '50%', 57 | left: '50%', 58 | transform: 'translate(-50%, -50%)', 59 | }, 60 | h1: { 61 | fontSize: '32px', 62 | color: '#222222', 63 | }, 64 | icon: { 65 | position: 'relative', 66 | top: '8px', 67 | left: '-2px', 68 | width: '38px', 69 | height: '38px', 70 | border: '0px', 71 | padding: '0px', 72 | }, 73 | p: { 74 | marginTop: '16px', 75 | lineHeight: '16px', 76 | fontSize: '12px', 77 | color: '#666666', 78 | }, 79 | a: { 80 | color: '#0d82d8', 81 | fontWeight: '600', 82 | '&:hover': { 83 | color: '#d8690d', 84 | }, 85 | '&:active': { 86 | color: '#666666', 87 | }, 88 | }, 89 | }); 90 | 91 | const Main = (): React.ReactElement => { 92 | const classes = useStyles(); 93 | 94 | if (window.location.protocol === chromeExtensionProtocol) { 95 | return ( 96 |
97 | 98 |
99 | ); 100 | } 101 | 102 | return ( 103 |
104 |

105 | Hashpass 106 |

107 |
108 | 109 |
110 |

111 | Get the Chrome extension{' '} 112 | 113 | {' '} 114 | here 115 | 116 | . You can learn about Hashpass and browse its source code{' '} 117 | 118 | {' '} 119 | here 120 | 121 | . This website collects no user data and makes no RPC calls. 122 |

123 |
124 | ); 125 | }; 126 | 127 | createRoot(document.body.appendChild(document.createElement('div'))).render( 128 | 129 |
130 | , 131 | ); 132 | -------------------------------------------------------------------------------- /CODE_OF_CONDUCT.md: -------------------------------------------------------------------------------- 1 | # Contributor Covenant Code of Conduct 2 | 3 | ## Our pledge 4 | 5 | In the interest of fostering an open and welcoming environment, we as 6 | contributors and maintainers pledge to making participation in our project and 7 | our community a harassment-free experience for everyone, regardless of age, body 8 | size, disability, ethnicity, sex characteristics, gender identity and 9 | expression, level of experience, education, socio-economic status, nationality, 10 | personal appearance, race, religion, or sexual identity and orientation. 11 | 12 | ## Our standards 13 | 14 | Examples of behavior that contributes to creating a positive environment 15 | include: 16 | 17 | - Using welcoming and inclusive language 18 | - Being respectful of differing viewpoints and experiences 19 | - Gracefully accepting constructive criticism 20 | - Focusing on what is best for the community 21 | - Showing empathy towards other community members 22 | 23 | Examples of unacceptable behavior by participants include: 24 | 25 | - The use of sexualized language or imagery and unwelcome sexual attention or 26 | advances 27 | - Trolling, insulting/derogatory comments, and personal or political attacks 28 | - Public or private harassment 29 | - Publishing others' private information, such as a physical or electronic 30 | address, without explicit permission 31 | - Other conduct which could reasonably be considered inappropriate in a 32 | professional setting 33 | 34 | ## Our responsibilities 35 | 36 | Project maintainers are responsible for clarifying the standards of acceptable 37 | behavior and are expected to take appropriate and fair corrective action in 38 | response to any instances of unacceptable behavior. 39 | 40 | Project maintainers have the right and responsibility to remove, edit, or reject 41 | comments, commits, code, wiki edits, issues, and other contributions that are 42 | not aligned to this Code of Conduct, or to ban temporarily or permanently any 43 | contributor for other behaviors that they deem inappropriate, threatening, 44 | offensive, or harmful. 45 | 46 | ## Scope 47 | 48 | This Code of Conduct applies both within project spaces and in public spaces 49 | when an individual is representing the project or its community. Examples of 50 | representing a project or community include using an official project e-mail 51 | address, posting via an official social media account, or acting as an appointed 52 | representative at an online or offline event. Representation of a project may be 53 | further defined and clarified by project maintainers. 54 | 55 | ## Enforcement 56 | 57 | Instances of abusive, harassing, or otherwise unacceptable behavior may be 58 | reported by contacting the project team at 59 | [stephan@stephanboyer.com](mailto:stephan@stephanboyer.com). All complaints will 60 | be reviewed and investigated and will result in a response that is deemed 61 | necessary and appropriate to the circumstances. The project team is obligated to 62 | maintain confidentiality with regard to the reporter of an incident. Further 63 | details of specific enforcement policies may be posted separately. 64 | 65 | Project maintainers who do not follow or enforce the Code of Conduct in good 66 | faith may face temporary or permanent repercussions as determined by other 67 | members of the project's leadership. 68 | 69 | ## Attribution 70 | 71 | This Code of Conduct is adapted from the 72 | [Contributor Covenant](https://www.contributor-covenant.org), version 1.4, 73 | available at 74 | [https://www.contributor-covenant.org/version/1/4/code-of-conduct.html](https://www.contributor-covenant.org/version/1/4/code-of-conduct.html). 75 | 76 | For answers to common questions about this code of conduct, see 77 | [https://www.contributor-covenant.org/faq](https://www.contributor-covenant.org/faq). 78 | -------------------------------------------------------------------------------- /src/input.tsx: -------------------------------------------------------------------------------- 1 | import * as React from 'react'; 2 | import { createUseStyles } from 'react-jss'; 3 | import { useMemo } from 'react'; 4 | 5 | const labelHeight = '20px'; 6 | const inputHeight = '28px'; 7 | 8 | interface InputStyleArgs { 9 | disabled: boolean; 10 | monospace: boolean; 11 | updating: boolean; 12 | } 13 | 14 | const useStyles = createUseStyles({ 15 | container: { 16 | display: 'flow-root', // Create a block formatting context to contain margins of descendants. 17 | position: 'relative', // Used for positioning `buttonContainer` (below). 18 | width: '320px', 19 | height: '64px', 20 | marginTop: '16px', 21 | border: '2px solid #cccccc', 22 | borderRadius: '8px', 23 | cursor: 'text', 24 | '&:focus-within': { 25 | border: ({ disabled }: InputStyleArgs) => 26 | disabled ? '2px solid #cccccc' : '2px solid #56b8ff', 27 | }, 28 | background: ({ updating }: InputStyleArgs) => 29 | updating ? '#fafafa' : 'transparent', 30 | }, 31 | label: { 32 | width: '200px', 33 | height: labelHeight, 34 | margin: '6px 16px 0px 16px', 35 | lineHeight: labelHeight, 36 | fontSize: '12px', 37 | fontWeight: '600', 38 | color: '#999999', 39 | overflow: 'hidden', 40 | whiteSpace: 'nowrap', 41 | textOverflow: 'ellipsis', 42 | cursor: ({ disabled }: InputStyleArgs) => (disabled ? 'default' : 'text'), 43 | userSelect: 'none', 44 | }, 45 | input: { 46 | display: 'block', 47 | width: '288px', 48 | height: inputHeight, 49 | margin: '0px 16px 6px 16px', 50 | border: '0px', 51 | padding: '0px', 52 | outline: '0px', 53 | background: 'transparent', 54 | lineHeight: inputHeight, 55 | fontSize: '16px', 56 | fontFamily: ({ monospace }: InputStyleArgs) => 57 | monospace 58 | ? [ 59 | 'ui-monospace', 60 | 'SFMono-Regular', 61 | 'SF Mono', 62 | 'Menlo', 63 | 'Consolas', 64 | '"Liberation Mono"', 65 | 'monospace', 66 | ] 67 | : 'inherit', 68 | color: '#222222', 69 | }, 70 | buttonContainer: { 71 | display: 'flex', 72 | position: 'absolute', // Overlay on top of `container` (above). 73 | top: '20px', 74 | left: '0px', 75 | width: '316px', 76 | height: '24px', 77 | justifyContent: 'flex-end', 78 | paddingRight: '6px', 79 | 80 | // Don't steal clicks from `container` (above) [tag:button_container_pointer_events_none]. 81 | pointerEvents: 'none', 82 | }, 83 | }); 84 | 85 | const Input = React.forwardRef( 86 | ( 87 | { 88 | buttons, 89 | disabled, 90 | hideValue, 91 | label, 92 | monospace, 93 | onChange, 94 | placeholder, 95 | updating, 96 | value, 97 | }: { 98 | readonly buttons: React.ReactChild[]; 99 | readonly disabled: boolean; 100 | readonly hideValue: boolean; 101 | readonly label: React.ReactChild; 102 | readonly monospace: boolean; 103 | readonly onChange: ((value: string) => void) | null; 104 | readonly placeholder: string; 105 | readonly updating: boolean; 106 | readonly value: string; 107 | }, 108 | ref: React.ForwardedRef, 109 | ): React.ReactElement => { 110 | const classes = useStyles({ disabled, monospace, updating }); 111 | const newOnChange = useMemo( 112 | () => 113 | (event: React.FormEvent): void => { 114 | if (onChange !== null) { 115 | onChange(event.currentTarget.value); 116 | } 117 | }, 118 | [onChange], 119 | ); 120 | 121 | return ( 122 | 135 | ); 136 | }, 137 | ); 138 | 139 | Input.displayName = 'Input'; 140 | 141 | export default Input; 142 | -------------------------------------------------------------------------------- /toast.yml: -------------------------------------------------------------------------------- 1 | image: ubuntu:24.04 2 | default: check 3 | user: user 4 | command_prefix: | 5 | # Make not silently ignore errors. 6 | set -euo pipefail 7 | 8 | # Load the NVM startup file, if it exists. 9 | if [ -f "$HOME/.nvm/nvm.sh" ]; then 10 | export NVM_DIR="$HOME/.nvm" 11 | . "$HOME/.nvm/nvm.sh" 12 | fi 13 | 14 | # Make Bash log commands. 15 | set -x 16 | tasks: 17 | install_packages: 18 | description: Install system packages. 19 | user: root 20 | command: | 21 | # Install the following packages: 22 | # 23 | # - ca-certificates - Used for installing Node.js 24 | # - curl - Used for installing Node.js and Tagref 25 | # - gnupg - Used for installing Node.js 26 | # - ripgrep - Used for various linting tasks 27 | # - zip - Used for producing the production release 28 | apt-get update 29 | apt-get install --yes ca-certificates curl gnupg ripgrep zip 30 | 31 | install_tagref: 32 | description: Install Tagref, a reference checking tool. 33 | dependencies: 34 | - install_packages 35 | user: root 36 | command: | 37 | # Install Tagref using the official installer script. 38 | curl https://raw.githubusercontent.com/stepchowfun/tagref/main/install.sh -LSfs | sh 39 | 40 | create_user: 41 | description: Create a user who doesn't have root privileges. 42 | user: root 43 | command: | 44 | # Create a user named `user` with a home directory and with Bash as the login shell. 45 | useradd user --create-home --shell /bin/bash 46 | 47 | install_node: 48 | description: Install Node.js, a JavaScript runtime environment. 49 | dependencies: 50 | - install_packages 51 | - create_user 52 | command: | 53 | # Install Node.js. 54 | curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.7/install.sh | bash 55 | export NVM_DIR="$HOME/.nvm" 56 | . "$NVM_DIR/nvm.sh" 57 | nvm install 18.17.0 58 | 59 | install_tools: 60 | description: Install the tools needed to build and validate the extension. 61 | dependencies: 62 | - create_user 63 | - install_node 64 | - install_tagref 65 | 66 | repository: 67 | description: Import the repository. 68 | dependencies: 69 | - install_tools 70 | input_paths: 71 | - . 72 | excluded_input_paths: 73 | - .git 74 | 75 | # [tag:excluded_input_paths] Keep this in sync with [file:.gitignore]. 76 | - website/ 77 | - dist/ 78 | - hashpass.zip 79 | - node_modules/ 80 | 81 | build: 82 | description: Build the extension. 83 | dependencies: 84 | - repository 85 | input_paths: 86 | - src 87 | command: | 88 | # Build the extension. 89 | npm ci 90 | npm run build-production # [tag:build_production] 91 | 92 | check: 93 | description: Run the tests and linters. 94 | dependencies: 95 | - build 96 | command: | 97 | # Validate the source code. 98 | npm run check 99 | 100 | # Check references with Tagref. 101 | tagref 102 | 103 | # Enforce that lines span no more than 100 columns. 104 | if rg --line-number --type ts '.{101}' src; then 105 | echo 'There are lines spanning more than 100 columns.' >&2 106 | exit 1 107 | fi 108 | 109 | release: 110 | description: Build the production release. 111 | dependencies: 112 | - check # [ref:build_production] 113 | input_paths: 114 | - images 115 | - index.html 116 | - manifest.json 117 | output_paths: 118 | - website 119 | - hashpass.zip 120 | command: | 121 | # Create a directory containing the relevant files for the website. 122 | mkdir website 123 | cp -R \ 124 | HEROICONS-LICENSE.md \ 125 | LICENSE.md \ 126 | dist \ 127 | images \ 128 | index.html \ 129 | website 130 | 131 | # Create a ZIP file containing the relevant files for the Chrome extension. 132 | zip -r hashpass.zip \ 133 | HEROICONS-LICENSE.md \ 134 | LICENSE.md \ 135 | dist \ 136 | images \ 137 | index.html \ 138 | manifest.json \ 139 | src 140 | 141 | # Inform the user of where the artifact is. 142 | echo 'Generated `website` and `hashpass.zip`.' 143 | 144 | format: 145 | description: Format the source code. 146 | dependencies: 147 | - build 148 | output_paths: 149 | - . 150 | command: | 151 | # Format the source code. 152 | npm run format 153 | -------------------------------------------------------------------------------- /.eslintrc.js: -------------------------------------------------------------------------------- 1 | module.exports = { 2 | root: true, 3 | env: { 4 | browser: true, 5 | es2021: true, 6 | 7 | // We could also use the built-in 'jest' environment, but this one is guaranteed to come from 8 | // the specific version of Jest that we're using. 9 | 'jest/globals': true, 10 | }, 11 | extends: [ 12 | 'eslint:all', 13 | 'airbnb-base', 14 | 15 | // We don't need to extend `plugin:@typescript-eslint/recommended-requiring-type-checking` as 16 | // well, since this configuration (unlike the `recommended` one) already includes it. 17 | 'plugin:@typescript-eslint/all', 18 | 19 | 'plugin:eslint-comments/recommended', 20 | 'plugin:import/recommended', 21 | 'plugin:import/typescript', 22 | 'plugin:react/all', 23 | 'plugin:react-hooks/recommended', 24 | 'plugin:jest/all', 25 | 'prettier', 26 | ], 27 | parserOptions: { 28 | // The TypeScript plugin requires this instead of assuming it by default. 29 | project: 'tsconfig.json', 30 | }, 31 | rules: { 32 | // Modify this rule to accommodate the fact that React component names are PascalCase. 33 | '@typescript-eslint/naming-convention': [ 34 | 'error', 35 | { 36 | selector: 'default', 37 | format: ['camelCase'], 38 | leadingUnderscore: 'allow', 39 | trailingUnderscore: 'allow', 40 | }, 41 | { 42 | selector: 'import', 43 | format: ['camelCase', 'PascalCase'], 44 | }, 45 | { 46 | selector: 'variable', 47 | format: ['camelCase', 'UPPER_CASE', 'PascalCase'], // We've added 'PascalCase' here. 48 | leadingUnderscore: 'allow', 49 | trailingUnderscore: 'allow', 50 | }, 51 | { 52 | selector: 'typeLike', 53 | format: ['PascalCase'], 54 | }, 55 | { 56 | selector: 'objectLiteralProperty', 57 | modifiers: ['requiresQuotes'], 58 | format: null, // To support properties like '&:hover' for JSS 59 | }, 60 | ], 61 | 62 | // This rule is annoying and sometimes difficult to satisfy. The `ReadonlyDeep` type from 63 | // `type-fest` sometimes causes this rule to overflow the call stack during linting. See: 64 | // https://github.com/typescript-eslint/typescript-eslint/issues/4476 65 | '@typescript-eslint/prefer-readonly-parameter-types': 'off', 66 | 67 | // This allows us to define algebraic data types. 68 | '@typescript-eslint/no-type-alias': 'off', 69 | 70 | // These built-in rules need to be disabled since they have TypeScript-aware versions in 71 | // `plugin:@typescript-eslint/all`. The set of rules was obtained by searching the 72 | // `https://github.com/typescript-eslint/typescript-eslint` repository for the string 73 | // "note you must disable the base rule as it can report incorrect errors". 74 | 'brace-style': 'off', 75 | 'comma-dangle': 'off', 76 | 'comma-spacing': 'off', 77 | 'default-param-last': 'off', 78 | 'dot-notation': 'off', 79 | 'func-call-spacing': 'off', 80 | indent: 'off', 81 | 'init-declarations': 'off', 82 | 'keyword-spacing': 'off', 83 | 'lines-between-class-members': 'off', 84 | 'no-array-constructor': 'off', 85 | 'no-dupe-class-members': 'off', 86 | 'no-duplicate-imports': 'off', 87 | 'no-empty-function': 'off', 88 | 'no-empty-function': 'off', 89 | 'no-extra-parens': 'off', 90 | 'no-extra-semi': 'off', 91 | 'no-implied-eval': 'off', 92 | 'no-invalid-this': 'off', 93 | 'no-loop-func': 'off', 94 | 'no-loss-of-precision': 'off', 95 | 'no-magic-numbers': 'off', 96 | 'no-redeclare': 'off', 97 | 'no-restricted-imports': 'off', 98 | 'no-shadow': 'off', 99 | 'no-throw-literal': 'off', 100 | 'no-unused-expressions': 'off', 101 | 'no-unused-vars': 'off', 102 | 'no-use-before-define': 'off', 103 | 'no-useless-constructor': 'off', 104 | 'object-curly-spacing': 'off', 105 | 'padding-line-between-statements': 'off', 106 | 'padding-line-between-statements': 'off', 107 | quotes: 'off', 108 | 'require-await': 'off', 109 | 'return-await': 'off', 110 | semi: 'off', 111 | 'space-before-function-paren': 'off', 112 | 113 | // Report unnecessary `eslint-disable` directives. 114 | 'eslint-comments/no-unused-disable': 'error', 115 | 116 | // Require uses of escape hatches to be justified with an explanation. 117 | 'eslint-comments/require-description': 'error', 118 | 119 | // Forbid file extensions in imports. 120 | 'import/extensions': ['error', 'never'], 121 | 122 | // Use arrow functions rather than function declarations for function components. 123 | 'react/function-component-definition': [ 124 | 'error', 125 | { 126 | namedComponents: 'arrow-function', 127 | unnamedComponents: 'arrow-function', 128 | }, 129 | ], 130 | 131 | // The default list of allowed extensions is `['.jsx']`, but we use JSX with TypeScript. 132 | 'react/jsx-filename-extension': ['error', { extensions: ['.tsx'] }], 133 | 134 | // This rule is not useful to us. 135 | 'react/jsx-no-literals': 'off', 136 | }, 137 | overrides: [ 138 | // This rule only makes sense for test files. Disable it for all other files. 139 | { 140 | files: ['src/**/*.ts', 'src/**/*.tsx'], 141 | excludedFiles: ['src/**/*.test.ts'], 142 | rules: { 143 | 'jest/require-hook': 'off', 144 | }, 145 | }, 146 | ], 147 | settings: { 148 | // Tell `eslint-plugin-import` to lint TypeScript files instead of JavaScript files. 149 | 'import/extensions': ['.ts', '.tsx'], 150 | 151 | // Tell `eslint-plugin-import` to use the same rules Webpack does for resolving imports. 152 | 'import/resolver': { 153 | webpack: { 154 | config: 'webpack.production.js', 155 | }, 156 | }, 157 | 158 | // The README for 'https://github.com/yannickcr/eslint-plugin-react' says this configuration 159 | // will become the default in a future version. When that happens, we can remove this. 160 | react: { 161 | version: 'detect', 162 | }, 163 | }, 164 | }; 165 | -------------------------------------------------------------------------------- /src/user-interface.tsx: -------------------------------------------------------------------------------- 1 | import * as React from 'react'; 2 | import debounce from 'debounce'; 3 | import { createUseStyles } from 'react-jss'; 4 | import { useEffect, useCallback, useRef, useState } from 'react'; 5 | 6 | import Input from './input'; 7 | import fillInPassword from './fill-in-password'; 8 | import fireAndForget from './fire-and-forget'; 9 | import hashpass from './worker-client'; 10 | import { Button } from './button'; 11 | 12 | const debounceMilliseconds = 200; 13 | const copyToClipboardSuccessIndicatorMilliseconds = 1000; 14 | 15 | const useStyles = createUseStyles({ 16 | domain: { 17 | color: '#666666', 18 | }, 19 | }); 20 | 21 | const UserInterface = ({ 22 | initialDomain, 23 | isPasswordFieldActive, 24 | }: { 25 | readonly initialDomain: string | null; 26 | readonly isPasswordFieldActive: boolean; 27 | }): React.ReactElement => { 28 | const classes = useStyles(); 29 | const [domain, setDomain] = useState(initialDomain); 30 | const [universalPassword, setUniversalPassword] = useState(''); 31 | const [isUniversalPasswordHidden, setIsUniversalPasswordHidden] = 32 | useState(true); 33 | const [generatedPassword, setGeneratedPassword] = useState(''); 34 | const [isGeneratedPasswordHidden, setIsGeneratedPasswordHidden] = 35 | useState(true); 36 | // eslint-disable-next-line @typescript-eslint/no-magic-numbers -- Start with 0 tasks in progress. 37 | const [updatesInProgress, setUpdatesInProgress] = useState(0); 38 | const [pendingCopyToClipboard, setPendingCopyToClipboard] = useState(false); 39 | const [copyToClipboardTimeoutId, setCopyToClipboardTimeoutId] = 40 | useState | null>(null); 41 | const [pendingFillInPassword, setPendingFillInPassword] = useState(false); 42 | const domainRef = useRef(null); 43 | const universalPasswordRef = useRef(null); 44 | 45 | // eslint-disable-next-line react-hooks/exhaustive-deps -- We need to debounce this function. 46 | const updateGeneratedPassword = useCallback( 47 | debounce((newDomain: string, newUniversalPassword: string) => { 48 | setUpdatesInProgress( 49 | // eslint-disable-next-line @typescript-eslint/no-magic-numbers -- Increment = +1. 50 | (previousTasksInProgress) => previousTasksInProgress + 1, 51 | ); 52 | fireAndForget( 53 | (async (): Promise => { 54 | setGeneratedPassword(await hashpass(newDomain, newUniversalPassword)); 55 | setUpdatesInProgress( 56 | // eslint-disable-next-line @typescript-eslint/no-magic-numbers -- Decrement = -1. 57 | (previousTasksInProgress) => previousTasksInProgress - 1, 58 | ); 59 | })(), 60 | ); 61 | }, debounceMilliseconds), 62 | [], 63 | ); 64 | 65 | useEffect(() => { 66 | const domainElement = domainRef.current; 67 | const universalPasswordElement = universalPasswordRef.current; 68 | 69 | // Set the domain and focus the appropriate input if necessary. 70 | if (initialDomain !== null && domain === null) { 71 | setDomain(initialDomain); 72 | 73 | if (document.activeElement === document.body) { 74 | if (initialDomain === '') { 75 | if (domainElement !== null) { 76 | domainElement.focus(); 77 | } 78 | } else if (universalPasswordElement !== null) { 79 | universalPasswordElement.focus(); 80 | } 81 | } 82 | } 83 | }, [domain, initialDomain]); 84 | 85 | useEffect(() => { 86 | updateGeneratedPassword(domain ?? '', universalPassword); 87 | }, [updateGeneratedPassword, domain, universalPassword]); 88 | 89 | const onResetDomain = useCallback((): void => { 90 | setDomain(initialDomain ?? ''); 91 | 92 | const universalPasswordElement = universalPasswordRef.current; 93 | 94 | if (universalPasswordElement !== null) { 95 | universalPasswordElement.focus(); 96 | } 97 | }, [initialDomain]); 98 | 99 | const onToggleUniversalPasswordHidden = useCallback((): void => { 100 | setIsUniversalPasswordHidden(!isUniversalPasswordHidden); 101 | 102 | const universalPasswordElement = universalPasswordRef.current; 103 | 104 | if (universalPasswordElement !== null) { 105 | universalPasswordElement.focus(); 106 | } 107 | }, [isUniversalPasswordHidden]); 108 | 109 | const onCopyGeneratedPasswordToClipboard = useCallback((): void => { 110 | updateGeneratedPassword.flush(); 111 | setPendingCopyToClipboard(true); 112 | }, [updateGeneratedPassword]); 113 | 114 | const onToggleGeneratedPasswordHidden = useCallback((): void => { 115 | setIsGeneratedPasswordHidden(!isGeneratedPasswordHidden); 116 | }, [isGeneratedPasswordHidden]); 117 | 118 | const onFormSubmit = useCallback( 119 | (event: React.FormEvent): void => { 120 | event.preventDefault(); 121 | event.stopPropagation(); 122 | 123 | updateGeneratedPassword.flush(); 124 | setPendingFillInPassword(true); 125 | }, 126 | [updateGeneratedPassword], 127 | ); 128 | 129 | // eslint-disable-next-line @typescript-eslint/no-magic-numbers -- No tasks in progress? 130 | if (updatesInProgress === 0) { 131 | if (pendingCopyToClipboard) { 132 | setPendingCopyToClipboard(false); 133 | 134 | fireAndForget( 135 | (async (): Promise => { 136 | await navigator.clipboard.writeText(generatedPassword); 137 | 138 | setCopyToClipboardTimeoutId((oldTimeoutId) => { 139 | if (oldTimeoutId !== null) { 140 | clearTimeout(oldTimeoutId); 141 | } 142 | 143 | return setTimeout(() => { 144 | setCopyToClipboardTimeoutId(null); 145 | }, copyToClipboardSuccessIndicatorMilliseconds); 146 | }); 147 | })(), 148 | ); 149 | } 150 | 151 | if (pendingFillInPassword) { 152 | setPendingFillInPassword(false); 153 | 154 | fireAndForget( 155 | (async (): Promise => { 156 | await fillInPassword(generatedPassword); 157 | window.close(); 158 | })(), 159 | ); 160 | } 161 | } 162 | 163 | return ( 164 |
165 | , 176 | ] 177 | } 178 | disabled={false} 179 | hideValue={false} 180 | label="Domain" 181 | monospace={false} 182 | onChange={setDomain} 183 | placeholder="example.com" 184 | ref={domainRef} 185 | updating={false} 186 | value={domain ?? ''} 187 | /> 188 | , 203 | ]} 204 | disabled={false} 205 | hideValue={isUniversalPasswordHidden} 206 | label="Universal password" 207 | monospace 208 | onChange={setUniversalPassword} 209 | placeholder="" 210 | ref={universalPasswordRef} 211 | updating={false} 212 | value={universalPassword} 213 | /> 214 | , 224 | ] 225 | : []), 226 |