Merge pull request #251 from mixpanel/uuidv4

use Crypto API for UUID when available, otherwise still generate UUIDv4

Author: jakewski

src/utils.js

@@ -839,71 +839,27 @@ _.utf8Encode = function(string) {
     return utftext;
 };
 
-_.UUID = (function() {
-
-    // Time-based entropy
-    var T = function() {
-        var time = 1 * new Date(); // cross-browser version of Date.now()
-        var ticks;
-        if (window.performance && window.performance.now) {
-            ticks = window.performance.now();
-        } else {
-            // fall back to busy loop
-            ticks = 0;
-
-            // this while loop figures how many browser ticks go by
-            // before 1*new Date() returns a new number, ie the amount
-            // of ticks that go by per millisecond
-            while (time == 1 * new Date()) {
-                ticks++;
-            }
-        }
-        return time.toString(16) + Math.floor(ticks).toString(16);
-    };
-
-    // Math.Random entropy
-    var R = function() {
-        return Math.random().toString(16).replace('.', '');
-    };
-
-    // User agent entropy
-    // This function takes the user agent string, and then xors
-    // together each sequence of 8 bytes.  This produces a final
-    // sequence of 8 bytes which it returns as hex.
-    var UA = function() {
-        var ua = userAgent,
-            i, ch, buffer = [],
-            ret = 0;
-
-        function xor(result, byte_array) {
-            var j, tmp = 0;
-            for (j = 0; j < byte_array.length; j++) {
-                tmp |= (buffer[j] << j * 8);
-            }
-            return result ^ tmp;
-        }
-
-        for (i = 0; i < ua.length; i++) {
-            ch = ua.charCodeAt(i);
-            buffer.unshift(ch & 0xFF);
-            if (buffer.length >= 4) {
-                ret = xor(ret, buffer);
-                buffer = [];
-            }
-        }
-
-        if (buffer.length > 0) {
-            ret = xor(ret, buffer);
+_.UUID = function() {
+    try {
+        // use native Crypto API when available
+        return window['crypto']['randomUUID']();
+    } catch (err) {
+        // fall back to generating our own UUID
+        // based on https://gist.github.com/scwood/3bff42cc005cc20ab7ec98f0d8e1d59d
+        var uuid = new Array(36);
+        for (var i = 0; i < 36; i++) {
+            uuid[i] = Math.floor(Math.random() * 16);
         }
-
-        return ret.toString(16);
-    };
-
-    return function() {
-        var se = (screen.height * screen.width).toString(16);
-        return (T() + '-' + R() + '-' + UA() + '-' + se + '-' + T());
-    };
-})();
+        uuid[14] = 4; // set bits 12-15 of time-high-and-version to 0100
+        uuid[19] = uuid[19] &= ~(1 << 2); // set bit 6 of clock-seq-and-reserved to zero
+        uuid[19] = uuid[19] |= (1 << 3); // set bit 7 of clock-seq-and-reserved to one
+        uuid[8] = uuid[13] = uuid[18] = uuid[23] = '-';
+
+        return _.map(uuid, function(x) {
+            return x.toString(16);
+        }).join('');
+    }
+};
 
 // _.isBlockedUA()
 // This is to block various web spiders from executing our JS and

src/window.js

@@ -5,6 +5,7 @@ if (typeof(window) === 'undefined') {
         hostname: ''
     };
     win = {
+        crypto: {randomUUID: function() {throw Error('unsupported');}},
         navigator: { userAgent: '', onLine: true },
         document: {
             createElement: function() { return {}; },

tests/unit/utils.js

@@ -242,7 +242,6 @@ describe('_.isBlockedUA', function() {
   });
 });
 
-
 describe('batchedThrottle', function () {
   let clock = null;
 
@@ -335,3 +334,31 @@ describe('batchedThrottle', function () {
     expect(returnVal).to.equal(`rejected 1,2,3`);
   });
 });
+
+describe(`_.UUID`, function() {
+  context(`when the environment supports the crypto API`, function() {
+    beforeEach(function() {
+      sinon.stub(window.crypto, `randomUUID`).returns(`fake-uuid`);
+    });
+
+    afterEach(function() {
+      sinon.restore();
+    });
+
+    it(`uses the native randomUUID function`, function() {
+      expect(_.UUID()).to.equal(`fake-uuid`);
+    });
+  });
+
+  context(`when the environment does not support the crypto API`, function() {
+    it(`generates a unique 36-char UUID`, function() {
+      const generatedIds = new Set();
+      for (let i = 0; i < 100; i++) {
+        const uuid = _.UUID();
+        expect(uuid).to.match(/^[a-f0-9\-]{36}$/);
+        generatedIds.add(uuid);
+      }
+      expect(generatedIds.size).to.equal(100);
+    });
+  });
+});