GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → shaps80 → Abracadabra

shaps80 / Abracadabra

Licence: MIT License
A truly plug 'n' play solution for securing your code.

Programming Languages

objective c
16641 projects - #2 most used programming language
shell
77523 projects

Labels

securityauthenticationcodetouchidpin

Projects that are alternatives of or similar to Abracadabra

SwiftyCodeView
Fully customizable UI Component for verification codes written in swift with RxSwift support!
Stars: ✭ 86 (+616.67%)
Mutual labels:  code, pin
react-native-awesome-pin
A highly interactive and customisable PIN code screen for React Native.
Stars: ✭ 28 (+133.33%)
Mutual labels:  code, pin
open-gsa-redesign
A fresh start for open.gsa.gov.
Stars: ✭ 27 (+125%)
Mutual labels:  code
instrumentation
Assorted pintools
Stars: ✭ 24 (+100%)
Mutual labels:  pin
gsql
GSQL is a structured query language code builder for golang.
Stars: ✭ 106 (+783.33%)
Mutual labels:  code
find-sec-bugs-demos
Repository to showcase various configuration recipes with various technologies
Stars: ✭ 33 (+175%)
Mutual labels:  code
Parsia-Code
Contains random code and some of my older projects
Stars: ✭ 20 (+66.67%)
Mutual labels:  code
opendev
OpenDev is a non-profit project that tries to collect as many resources (assets) of free use for the development of video games and applications.
Stars: ✭ 34 (+183.33%)
Mutual labels:  code
godot-engine.code-snapshot
A plugin for Godot Engine which will let you take beautified snapshots of your code within the Editor. Configure the frame as you like, with GDScript syntax already highlighted.
Stars: ✭ 32 (+166.67%)
Mutual labels:  code
XS-Labs-Style-Guide
XS-Labs Coding Style Guide for C, C++, Objective-C and x86 Assembly
Stars: ✭ 20 (+66.67%)
Mutual labels:  code
prettier-markdown
Parse code blocks in markdown files and run prettier on them
Stars: ✭ 37 (+208.33%)
Mutual labels:  code
cosy
阿里云智能编码插件(Alibaba Cloud AI Coding Assistant)是一款AI编程助手,它提供代码智能补全和IDE内的代码示例搜索能力,帮助你更快更高效地写出高质量代码。
Stars: ✭ 211 (+1658.33%)
Mutual labels:  code
code-examples
Short code snippets written by our open source community!
Stars: ✭ 60 (+400%)
Mutual labels:  code
ne-spectrum
A Unifying Perspective on Neighbor Embeddings along the Attraction-Repulsion Spectrum
Stars: ✭ 17 (+41.67%)
Mutual labels:  code
windows-nt-vscode-theme
A Windows NT/2000 theme for VS Code 🎉
Stars: ✭ 63 (+425%)
Mutual labels:  code
indent.js
Pure code indentation for jsx, tsx, ts, js, html, css, less, scss.
Stars: ✭ 55 (+358.33%)
Mutual labels:  code
VerificationCode
简单的滑动验证码JS插件 图片验证码
Stars: ✭ 15 (+25%)
Mutual labels:  code
Domainker
BugBounty Tool
Stars: ✭ 40 (+233.33%)
Mutual labels:  code
coding-untuk-semua
Coding untuk semua, kumpulan materi-materi untuk belajar coding/pemrograman.
Stars: ✭ 18 (+50%)
Mutual labels:  code
CatCode
猫猫码,一个可爱的通用特殊码,CQ码的精神延续。/ Cat code, the spirit of CQ code continues, a cute universal special code.
Stars: ✭ 23 (+91.67%)
Mutual labels:  code
View All Similar Projects ➔

Abracadabra

Version License Platform

Note: I'm sure you're no longer using this -- but in any case. I am unable to update the Pod for this since a lot has changed since this was released and its dependencies would also require updating. However the project does run so if you DO need this project still -- I now recommend dragging the files into your own project manually. I will NO LONGER be providing any support for this library. Thank you for using my code.

What is it?

Abracadabra was designed for a personal project of mine. An app called Drizzle. Drizzle is an application for managing server instances on Digital Ocean. As you can imagine this is the kind of app that requires tight control over user actions to avoid accidental shutdowns or worse. Not to mention foul play by a 3rd party.

This was an existing project, so I didn't want to modify lots of existing code possibly introducing further issues and less stability.

So I set out to design a truly plug 'n' play solution that made it super easy to wrap my code and gain all the benefits of passcode security.

This is not just a PIN entry User Interface. In fact that part of the library is completely optional and for your convenience. Abracadabra handles all of your security needs.

  • Easily secure your code using a single convenience macro (with multiple options)
  • Easily find all the Abracadabra references in your code and show them at runtime for user configuration
  • Layout support for both iPhone and iPad, including rotation

Plus if you're including the entire library in your project, you even get the optional UI elements. In fact you don't even have to write any code to get started. Just include the POD and it will be used by default ;)

Introducing Abracadabra!

The name refers to the magical nature of its implementation as well as the fact a passcode (or magical phrase) is required ;)

Full Feature List

Core

The following features are available in the Core and are completely configurable.

  • Simple code wrapping via convenience macro's
  • Passcode managment & configuration
    • Maximum passcode retry
    • Default timeout interval for time-based sessions
    • Automatic fallback to alert confirmation when no view controller has been registered or a passcode hasn't yet been defined
    • Automatic locking when maximum retry count has been reached
    • Use alert vs action sheet on iPhone -- iPad always uses alert
  • Full iPhone, iPad and orientation support
  • Touch ID support
  • Ability to register your own view controllers for passcode, events and settings (if you include the user interface sub-spec these controllers will be provided by default)
  • Support for multiple vaults -- useful if you want to assign a vault to a user account
  • Abracadabra automatically finds all your macro definitions -- where you've wrapped your code -- so you can access a list at any time for runtime configuration
  • Vault delegate and notifications for listening for authentication failures and vault locking -- useful for logging out users, etc...
  • Session management -- including one-off & timed sessions
  • Secure hashing (SHA2) of all credential/passcode's including entry and storage in the keychain
  • Persistent policy updates for events -- including across launches

User Interface

All of the below are per-vault.

  • Secure events view controller that you can present to your user for configuring policies at runtime
  • Settings view controller for configuring your vault
  • Device vibration on failed authentication
  • Custom field and buttons for prompting for passcode, TouchID and confirmations
  • Presenting view controller blurring with light effects

See the example project for full demo's on how to use all of these features.

Usage

To run the example project, clone the repo, and run pod install from the Example directory first.

To use Abracadabra in your own projects, add #import "Abracadabra.h" to your file & simply wrap your code with a secure block.

Lets say you have some code like this:

NSURLSession *session = [NSURLSession sharedSession];
NSURL *URL = [NSURL URLWithString:@"http://api.server.com/server?id=23213&action=restart"];
NSURLRequest *request = [NSURLRequest requestWithURL:URL];
NSURLSessionDataTask *task = [session dataTaskWithRequest:request];
[task resume];

We can easily secure that code now by wrapping it with Abracadabra. Magic!

Abracadabra(SPXSecurePolicyAlwaysWithPIN, {
  NSURLSession *session = [NSURLSession sharedSession];
  NSURL *URL = [NSURL URLWithString:@"http://api.server.com/server?id=23213&action=restart"];
  NSURLRequest *request = [NSURLRequest requestWithURL:URL];
  NSURLSessionDataTask *task = [session dataTaskWithRequest:request];
  [task resume];
})

If you're happy with the default view controllers and behaviour, that's literally it ;) You don't even have to configure options, provide views, nothing! Just sit back, relax and let the magic happen.

Its recommended that you always provide a group and name even if you don't plan to implement the viewController in-app because this is also used for providing better textual feedback for confirmation dialogs, etc...

You may also notice semi-colons and curly-braces are entirely optional with single line entries (in both success and failure blocks). Abracadabra takes care of this for you, keeping your code clutter-free ;)

You're welcome ;)

Runtime Configuration

Sometimes however, you want to provide a nice little UI to your users to allow them to control the security policy applied to individual actions right?

Well that's easy too, just add a group and event name to your secure code blocks and Abracadabra will handle the rest for you!

Abracadabra(@"Servers", @"Restart Server", SPXSecurePolicyAlwaysWithPIN, {
  NSURLSession *session = [NSURLSession sharedSession];
  NSURL *URL = [NSURL URLWithString:@"http://api.server.com/server?id=23213&action=restart"];
  NSURLRequest *request = [NSURLRequest requestWithURL:URL];
  NSURLSessionDataTask *task = [session dataTaskWithRequest:request];
  [task resume];
})

In fact any of the variations below are valid statements:

  Abracadabra(SPXSecurePolicyNone, {
     /* this code will execute if access is allowed */
  });

  Abracadabra(@"", @"", SPXSecurePolicyNone, {
     /* this code will execute if access is allowed */
  });

  Abracadabra(SPXSecurityPolicyNone, {
	  /* this code will execute if access is allowed */
  }, { \
	  /* this code will execute if access is disallowed */ \
  });

  Abracadabra(@"", @"", SPXSecurePolicyNone, {
     /* this code will execute if access is allowed */ \
  }, { \
	  /* this code will execute if access is disallowed */ \
  });

Notice those second blocks? This allows you to control flow based on success or failure. In this case, -performSecureCode will be executed only if the policy is authenticated. Otherwise the return statement will be executed and the log statement will never be shown.

  Abracadabra(SPXSecurePolicyAlwaysWithPIN, {
	  [self performSecureCode]; \
  }, return)

  NSLog(@"Authentication Failed.");

By using optional parenthese around the return, we can now move the log statement inside the failure block too.

  Abracadabra(SPXSecurePolicyAlwaysWithPIN, {
	  [self performSecureCode]; \
  }, {
      NSLog(@"Authentication Failed.");
      return; // in this case no more code exists at this scope, so this is no longer required
  })

Under the Hood

Under the hood, the library is responsible for saving your passcode to the keychain, comparing entries, tracking retries, presenting passcode entry, and much, much more...

One of the key features however, exists in how Abracadabra can discover all of the secure events in your code and present a nice view of this, allowing the user to modify the policy applied to each event at runtime. In fact, Abracadabra even persists this information automatically across launches ;)

So how does this work?

This part of the code is actually based on an idea I got from FBTweaks. Facebook demonstrated a great implementation whereby you can store some data in the binary at compile time.

Abracadabra uses the Mach-O Runtime to find this data and automatically construct a store of events. The view controllers can then simply query this store to present some user interface for configuring their policies.

Policies for each event are then stored in NSUserDefaults, which allows us to persist changes across launches of the application.

When you create a secure event, you must specify the default policy to apply to that piece of code. You can also reset an event (or all events) back to their defaults at any time, since this value is stored at compile time and is readonly at runtime.

All views and controllers can be replaced with your own implementations if you prefer.

Internally, Abracadabra is asynchronous so that we don't block the main thread, however all code you wrap is guaranteed to execute on the calling thread. So your expectations won't change. However since its asynchronous, you will need to be careful with execution order. Its recommended that you wrap everything in the current scope.

Why should I use Abracadabra?

Many applications or even 3rd party libraries exists with some form of Passcode based integration. However most of these are using baked-in -- and often incomplete -- implementations.

Providing a passcode in your application isn't just about showing PIN entry form inside your view. This just gives your users a false sense of security around their actions and/or data.

Also, many open source implementations rely on the implementer to perform unneccary checks, this includes Apples high level solution regarding TouchID.

Abracadabra was designed to remove almost all 'security' code from your project. This allows you to focus on your features and build application logic, leaving security as an after thought.

Note I'm not advocating the idea of NOT considering security! However if you're not going to, at least use Abracadabra to make your life easier and your code more secure.

The design choices I've made exist to make it easier for you to implement in your code, increasing the chance that you'll spend time securing your applications.

One of the best reasons to use Abracadabra, is because my solution is so elegant and lightweight, making it really, really simple to improve the security library itself, without having to update your app code at all!

Installation

Abracadabra is available through CocoaPods. To install it, simply add the following line to your Podfile:

To include all components: pod 'Abracadabra'

To include only the core (no UI elements) pod 'Abracadabra/Core'

Author

Shaps Mohsenin, @shaps

License

Abracadabra is available under the MIT license. See the LICENSE file for more info.

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].