什么策略将非纯函数转换为JavaScript中的纯函数 [英] What strategy to turn non-pure functions into a pure functions in JavaScript
问题描述
我开始学习JavaScript的函数式编程.这可能是一个愚蠢的问题,但是我正在尝试解决以功能方式编写的非纯函数的问题.
I'm starting to learn functional programming in javascript. This might be a silly question but what I'm trying to solve a non-pure function written in a functional way.
我的问题是在功能编程范例中应采用什么策略来实现这一目标.
My question is what strategy should be used to accomplish this in a functional programming paradigm.
const crypto = require('crypto');
const encrypt = (data, publicKey) => {
if (publicKey === undefined ) throw 'Missing public key.';
const bufferToEncrypt = Buffer.from(data);
const encrypted = crypto.publicEncrypt({
key: publicKey
}, bufferToEncrypt);
return encrypted;
};
推荐答案
纯函数有两个条件.
在进行非对称加密时这是不可能的,因为会为每个操作生成一个随机的会话密钥.使用公共密钥对会话密钥进行加密,然后使用会话密钥对有效负载进行加密.返回的值通常只是两个值的编码版本:(1)用pubkey加密的会话密钥,以及(2)用session密钥加密的有效负载.
This is impossible when doing asymmetric encryption because a random session key is generated for each operation. The session key is encrypted with the public key, and then the session key is used to encrypt the payload. The returned value is usually just an encoded version of two values: (1) the pubkey-encrypted session key, and (2) the session key -encrypted payload.
每次调用函数时,这两个值都会有所不同,因为会话密钥每次都将有所不同.
Both of these values are going to be different each time you call the function because the session key is going to be different each time.
但是,尽管返回值的比较不相等,我还是认为它们在上是相等的-也就是说,如果您使用匹配的私钥解密每个值,则解密后的值将进行比较相等.
However, despite the return values not comparing as equal, I would argue that they are semantically equal -- that is, if you decrypt each value with the matching private key, the decrypted values will compare as equal.
加密实际上混淆了值相等,并且对于加密来说是一件好事.我们不希望在不同时间比较两个生成的加密消息而没有 em>具有解密密钥.那会带来安全风险.
The encryption is effectively obfuscating that the values are equal, and for encryption that's a good thing. We don't want two encrypted messages generated at different times to be compared without having the decryption key. That would be a security risk.
因此,我认为该函数在语义上符合该标准,但是没有公钥我们无法分辨.
Therefore, I argue that this function semantically meets this criterion but we can't tell without the public key.
这一点应该很明显:写入磁盘是一个副作用,写入全局变量是一个副作用,等等.在调用该函数之前和之后,我们应该无法区分状态的任何差异
This point should be fairly obvious: writing to a disk is a side-effect, writing to a global variable is a side-effect, etc. We should not be able to distinguish any differences in state before and after calling the function.
从技术上讲,将需要使用系统的安全随机数生成器来生成会话密钥.这将消耗一些熵.运行该功能后,将可以使用较少的熵,并且可以对其进行测量.
Technically, generation of the session key is going to require using the system's secure random number generator. This is going to consume some entropy. After running the function, less entropy will be available and this can be measured.
但是,我认为这种副作用可以忽略不计,因为任何需要安全随机数的东西都会遇到相同的问题,而这更多的是实现细节安全随机数生成器.
However, I would argue that this side-effect can be disregarded as anything that requires a secure random number is going to have the same problem, and this is more an implementation detail of the secure random number generator.
这就像声称一个需要大量CPU时间的函数具有副作用,因为运行该函数会增加该进程的CPU时间计数器.这是副作用吗?从技术上来说...也许?但是没有理性的人会认为这是副作用.
It would be like claiming that a function that requires a lot of CPU time has a side-effect because running it increases the CPU time counter for the process. Is it a side-effect? Technically... maybe? But no reasonable person would consider that to be a side effect.
我将此功能称为纯粹意义上的".如果您问我这是否是纯函数,并且只接受没有条件的是/否答案,我会告诉您是".
I would call this function "semantically pure." If you asked me if this was a pure function and only accepted a yes/no answer with no qualification, I'd tell you "yes."
这篇关于什么策略将非纯函数转换为JavaScript中的纯函数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
