$security
Updated on Aug 19, 2025 4 minutes to readThe Security Plugin provides methods for encoding, decoding, hashing, signing, verifying, and securely generating strings and tokens.
Methods
| Method | Description | 
|---|---|
| fromBase64 | Decodes a Base64-encoded string. | 
| fromBase64Url | Decodes a Base64 URL-encoded string. | 
| generatePassword | Generates a random password with optional length. | 
| generatePasswordHash | Generates a hash of the given password. | 
| generateRandomString | Generates a cryptographically secure random string. | 
| hashData | Hashes data using a secret key. | 
| hmacSHA256 | Generates HMAC-SHA256 hash of data. | 
| jwtDecodePayload | Decodes the payload of a JSON Web Token (JWT). | 
| jwtSign | Signs a JWT payload using HMAC SHA256. | 
| jwtVerify | Verifies a JWT using the given secret and options. | 
| maskToken | Masks a token for secure display. | 
| toBase64 | Encodes a string to Base64. | 
| toBase64Url | Encodes a string to Base64 URL format. | 
| unmaskToken | Unmasks a previously masked token. | 
| validateData | Validates data against a given key. | 
| validatePassword | Validates a password against a stored hash. | 
Methods Details
fromBase64()
• Type
(data: string) => string | false• Details
Expects a Base64 string.
Returns the decoded string or false if invalid.
fromBase64Url()
• Type
(data: string) => string | false• Details
Expects a Base64URL string.
Returns the decoded string or false if invalid.
generatePassword()
• Type
(length?: number) => string• Details
Expects an optional length (default: 10).
Returns a randomly generated password.
generateRandomString()
• Type
(length?: number) => string• Details
Expects an optional length between 1 and 1024 (default: 32).
Returns a cryptographically secure random string.
hashData()
• Type
(data: string, key: string) => string• Details
Expects a data string and a key.
Returns the hashed value.
hmacSHA256()
• Type
(data: string, key: string, asBinary?: boolean) => string• Details
Expects a data string, a key, and optional binary flag.
Returns the HMAC SHA256 hash.
jwtDecodePayload()
• Type
(token: string) => JwtPayload | null• Details
Expects a JWT string.
Returns the decoded JwtPayload object or null.
jwtSign()
• Type
(token: string) => JwtPayload | null• Details
Expects a JWT string.
Returns the decoded JwtPayload object or null.
jwtVerify()
• Type
(
    token: string,
    secret: string,
    options?: JwtVerificationOptions
) => boolean• Details
Expects a JWT string, a secret,
and optional JwtVerificationOptions (default: {}).
Returns true if the token is valid, false otherwise.
maskToken()
• Type
(token: string) => string• Details
Expects a token string.
Returns a masked version for safe logging or display.
toBase64()
• Type
(data: string) => string• Details
Expects a string.
Returns the Base64-encoded string.
toBase64Url()
• Type
(data: string) => string• Details
Expects a string.
Returns the Base64URL-encoded string.
unmaskToken()
• Type
(token: string) => string• Details
Expects a masked token.
Returns the original unmasked token.
validateData()
• Type
(data: string, key: string) => boolean• Details
Expects a data string and a key.
Returns true if the data is valid for the given key, otherwise false.
validatePassword()
• Type
(password: string, hash: string) => boolean• Details
Expects a password string and a hash string.
Returns true if the password matches the hash, otherwise false.