🔒 Perf: use xxHash instead of md5 to calculate the hash value of a pa…

…ssword

Update min hugo version to 0.129.0 for using xxHash function

README.md

@@ -8,7 +8,7 @@
 # FixIt
 
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/hugo-fixit/FixIt?style=flat)](https://github.com/hugo-fixit/FixIt/releases)
-[![Hugo](https://img.shields.io/badge/Hugo-%5E0.127.0-ff4088?style=flat&logo=hugo)](https://gohugo.io/)
+[![Hugo](https://img.shields.io/badge/Hugo-%5E0.129.0-ff4088?style=flat&logo=hugo)](https://gohugo.io/)
 [![License](https://img.shields.io/github/license/hugo-fixit/FixIt?style=flat)](/LICENSE)
 [![Open Source Love](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/hugo-fixit/FixIt)
 
@@ -219,6 +219,7 @@ Thanks to all the [contributors](https://github.com/hugo-fixit/FixIt/graphs/cont
 - [giscus](https://giscus.app/)
 - [crypto-js](https://github.com/brix/crypto-js)
 - [pace](https://github.com/CodeByZach/pace)
+- [xxhash-wasm](https://github.com/jungomi/xxhash-wasm)
 
 </details>
 

README.zh-cn.md

@@ -8,7 +8,7 @@
 # FixIt
 
 [![GitHub release (latest by date)](https://img.shields.io/github/v/release/hugo-fixit/FixIt?style=flat)](https://github.com/hugo-fixit/FixIt/releases)
-[![Hugo](https://img.shields.io/badge/Hugo-%5E0.127.0-ff4088?style=flat&logo=hugo)](https://gohugo.io/)
+[![Hugo](https://img.shields.io/badge/Hugo-%5E0.129.0-ff4088?style=flat&logo=hugo)](https://gohugo.io/)
 [![License](https://img.shields.io/github/license/hugo-fixit/FixIt?style=flat)](/LICENSE)
 [![Open Source Love](https://badges.frapsoft.com/os/v1/open-source.svg?v=103)](https://github.com/hugo-fixit/FixIt)
 
@@ -223,6 +223,7 @@ Gitee 镜像仓库：<https://gitee.com/lruihao/FixIt>
 - [giscus](https://giscus.app/zh-CN)
 - [crypto-js](https://github.com/brix/crypto-js)
 - [pace](https://github.com/CodeByZach/pace)
+- [xxhash-wasm](https://github.com/jungomi/xxhash-wasm)
 
 </details>
 

assets/data/cdn/jsdelivr.yml

@@ -27,7 +27,6 @@ libFiles:
   # [email protected] https://github.com/brix/crypto-js
   cryptoCoreJS: [email protected]/core.js
   cryptoEncBase64JS: [email protected]/enc-base64.js
-  cryptoMd5JS: [email protected]/md5.js
   cryptoSha256JS: [email protected]/sha256.js
   # [email protected] https://github.com/apache/echarts
   echartsJS: [email protected]/dist/echarts.min.js
@@ -76,4 +75,6 @@ libFiles:
   # [email protected] https://github.com/walinejs/waline
   walineCSS: '@waline/[email protected]/dist/waline.css'
   walineJS: '@waline/[email protected]/dist/waline.js'
+  # [email protected] https://github.com/jungomi/xxhash-wasm
+  xxhashWasmJS: [email protected]/umd/xxhash-wasm.js
 

assets/data/cdn/unpkg.yml

@@ -27,7 +27,6 @@ libFiles:
   # [email protected] https://github.com/brix/crypto-js
   cryptoCoreJS: [email protected]/core.js
   cryptoEncBase64JS: [email protected]/enc-base64.js
-  cryptoMd5JS: [email protected]/md5.js
   cryptoSha256JS: [email protected]/sha256.js
   # [email protected] https://github.com/apache/echarts
   echartsJS: [email protected]/dist/echarts.min.js
@@ -76,4 +75,5 @@ libFiles:
   # [email protected] https://github.com/walinejs/waline
   walineCSS: '@waline/[email protected]/dist/waline.css'
   walineJS: '@waline/[email protected]/dist/waline.js'
-
+  # [email protected] https://github.com/jungomi/xxhash-wasm
+  xxhashWasmJS: [email protected]/umd/xxhash-wasm.js

assets/js/fixit-decryptor.js

@@ -57,11 +57,12 @@ FixItDecryptor = function (options = {}) {
    * @param {Function} callback callback function after password validation
    * @returns 
    */
-  var _validatePassword = ($decryptor, $content, callback) => {
+  var _validatePassword = async ($decryptor, $content, callback) => {
     const password = $content.getAttribute('data-password');
     const inputEl = $decryptor.querySelector('.fixit-decryptor-input');
     const input = inputEl.value.trim();
-    const inputMd5 = CryptoJS.MD5(input).toString();
+    const { h64ToString } = await xxhash();
+    const inputHash = h64ToString(input);
     const inputSha256 = CryptoJS.SHA256(input).toString();
     const saltLen = input.length % 2 ? input.length : input.length + 1;
 
@@ -71,11 +72,11 @@ FixItDecryptor = function (options = {}) {
       alert('Please enter the correct password!');
       return console.warn('Please enter the correct password!');
     }
-    if (inputMd5 !== password) {
+    if (inputHash !== password) {
       alert(`Password error: ${input} not the correct password!`);
       return console.warn(`Password error: ${input} not the correct password!`);
     }
-    callback(inputMd5, inputSha256.slice(saltLen));
+    callback(inputHash, inputSha256.slice(saltLen));
   }
 
   /**
@@ -89,13 +90,13 @@ FixItDecryptor = function (options = {}) {
 
     const decryptorHandler = () => {
       const $content = document.querySelector('#content');
-      _validatePassword(this.$el, $content, (passwordMD5, salt) => {
+      _validatePassword(this.$el, $content, (passwordHash, salt) => {
         // cache decryption statistics
         window.localStorage?.setItem(
           `fixit-decryptor/#${location.pathname}`,
           JSON.stringify({
             expiration: Math.ceil(Date.now() / 1000) + this.options.duration,
-            password: passwordMD5,
+            password: passwordHash,
             salt,
           })
         );
@@ -147,7 +148,7 @@ FixItDecryptor = function (options = {}) {
       const decryptorHandler = () => {
         const $decryptor = $shortcode.querySelector('.fixit-decryptor-container');
         const $content = $shortcode.querySelector('[data-password][data-content]');
-        _validatePassword($decryptor, $content, (passwordMD5, salt) => {
+        _validatePassword($decryptor, $content, (passwordHash, salt) => {
           _decryptContent($content, salt, false);
         });
       };

assets/lib/VERSION

@@ -27,3 +27,4 @@ [email protected] https://github.com/imaegoo/twikoo
 [email protected] https://github.com/alexmacarthur/typeit
 [email protected] https://github.com/xCss/Valine
 [email protected] https://github.com/walinejs/waline
+[email protected] https://github.com/jungomi/xxhash-wasm