@abhiseck/zssh 0.0.1

package/src/commands/sync.ts

@@ -0,0 +1,138 @@
+import axios from "axios";
+import * as chalk from "chalk";
+import inquirer from "inquirer";
+import { ConfigManager } from "../lib/config";
+
+const GITHUB_API = "https://api.github.com";
+
+async function getGithubToken(configManager: ConfigManager): Promise<string> {
+  const config = configManager.getConfig();
+  if (config.githubToken) {
+    return config.githubToken;
+  }
+
+  const { token } = await inquirer.prompt([
+    {
+      type: "password", // or input? token is long.
+      name: "token",
+      message: "Enter GitHub Personal Access Token (with gist scope):",
+      mask: "*",
+    },
+  ]);
+
+  configManager.setGithubToken(token);
+  return token;
+}
+
+export async function saveCommand(configManager: ConfigManager) {
+  const token = await getGithubToken(configManager);
+  const config = configManager.getConfig();
+  const encryptedContent = configManager.getEncryptedContent(); // We need a way to get raw encrypted string
+
+  if (!encryptedContent) {
+    console.log(chalk.red("Error: Could not retrieve encrypted config."));
+    return;
+  }
+
+  const files = {
+    "sshc_config.lock": {
+      content: encryptedContent,
+    },
+  };
+
+  try {
+    if (config.gistId) {
+      // Update existing Gist
+      console.log(chalk.blue("Updating existing Gist..."));
+      await axios.patch(
+        `${GITHUB_API}/gists/${config.gistId}`,
+        { files },
+        {
+          headers: { Authorization: `token ${token}` },
+        },
+      );
+      console.log(chalk.green("Config saved to Gist successfully."));
+    } else {
+      // Create new Gist
+      console.log(chalk.blue("Creating new Gist..."));
+      const response = await axios.post(
+        `${GITHUB_API}/gists`,
+        {
+          description: "SSHC Encrypted Config",
+          public: false,
+          files,
+        },
+        {
+          headers: { Authorization: `token ${token}` },
+        },
+      );
+
+      const gistId = response.data.id;
+      configManager.setGistId(gistId);
+      console.log(chalk.green(`Gist created with ID: ${gistId}`));
+      console.log(chalk.green("Config saved to Gist successfully."));
+    }
+  } catch (error: any) {
+    console.error(
+      chalk.red("Failed to save to Gist:"),
+      error.response?.data?.message || error.message,
+    );
+  }
+}
+
+export async function syncCommand(configManager: ConfigManager) {
+  const token = await getGithubToken(configManager);
+  let { gistId } = configManager.getConfig();
+
+  if (!gistId) {
+    const answer = await inquirer.prompt([
+      {
+        type: "input",
+        name: "gistId",
+        message: "Enter Gist ID to sync with:",
+      },
+    ]);
+    gistId = answer.gistId as string;
+    configManager.setGistId(gistId);
+  }
+
+  try {
+    console.log(chalk.blue("Fetching Gist..."));
+    const response = await axios.get(`${GITHUB_API}/gists/${gistId}`, {
+      headers: { Authorization: `token ${token}` },
+    });
+
+    const file = response.data.files["sshc_config.lock"];
+    if (!file) {
+      console.log(chalk.red("Invalid Gist: sshc_config.lock not found."));
+      return;
+    }
+
+    const encryptedContent = file.content;
+
+    // Merge strategy:
+    // 1. Decrypt remote content
+    // 2. Merge connections (Remote adds to Local)
+    // 3. Save merged to Local
+    // 4. (Optional) Push back to Remote? No, `sync` in this context usually means "pull and apply".
+    // Use `save` to push.
+
+    const merged = configManager.mergeEncrypted(encryptedContent);
+    if (merged) {
+      console.log(
+        chalk.green("Sync completed. Remote changes merged into local config."),
+      );
+    } else {
+      console.log(
+        chalk.yellow(
+          "Sync completed but no changes were made or merge failed.",
+        ),
+      );
+    }
+  } catch (error: any) {
+    console.error(
+      chalk.red("Failed to sync with Gist:"),
+      error.response?.data?.message || error.message,
+    );
+  }
+}

package/src/index.ts

@@ -0,0 +1,130 @@
+#!/usr/bin/env node
+import * as chalk from "chalk";
+import { Command } from "commander";
+import inquirer from "inquirer";
+import { ConfigManager } from "./lib/config";
+
+const program = new Command();
+const configManager = new ConfigManager();
+
+async function promptForMasterPassword(
+  isNew: boolean = false,
+): Promise<string> {
+  const { password } = await inquirer.prompt([
+    {
+      type: "password",
+      name: "password",
+      message: isNew
+        ? "Set a master password for your encrypted config:"
+        : "Enter master password:",
+      mask: "*",
+    },
+  ]);
+  return password;
+}
+
+async function initConfig() {
+  if (configManager.isConfigExists()) {
+    const password = await promptForMasterPassword();
+    configManager.setMasterKey(password);
+    try {
+      configManager.load();
+    } catch (e) {
+      console.error(chalk.red("Invalid password or corrupted config."));
+      process.exit(1);
+    }
+  } else {
+    console.log(chalk.yellow("No existing config found. Initializing..."));
+    const password = await promptForMasterPassword(true);
+    const { confirm } = await inquirer.prompt([
+      {
+        type: "password",
+        name: "confirm",
+        message: "Confirm master password:",
+        mask: "*",
+      },
+    ]);
+
+    if (password !== confirm) {
+      console.error(chalk.red("Passwords do not match."));
+      process.exit(1);
+    }
+
+    configManager.setMasterKey(password);
+    configManager.save(); // Create empty encrypted file
+    console.log(chalk.green("Config initialized!"));
+  }
+}
+
+program
+  .name("zssh")
+  .description("SSH Chain - Encrypted SSH Connection Manager")
+  .version("1.0.0")
+  .addHelpText(
+    "after",
+    `
+Example:
+  $ zssh add
+  $ zssh list
+  $ zssh connect my-server
+  $ zssh connect 5f3a1
+  $ zssh save
+  $ zssh sync
+`,
+  );
+
+program
+  .command("add")
+  .description("Add a new SSH connection")
+  .action(async () => {
+    await initConfig();
+    const { addCommand } = await import("./commands/add");
+    await addCommand(configManager);
+  });
+
+program
+  .command("list")
+  .description("List all saved connections")
+  .action(async () => {
+    await initConfig();
+    const { listCommand } = await import("./commands/list");
+    await listCommand(configManager);
+  });
+
+program
+  .command("connect <idOrAlias>")
+  .description("Connect to a server")
+  .action(async (idOrAlias) => {
+    await initConfig();
+    const { connectCommand } = await import("./commands/connect");
+    await connectCommand(configManager, idOrAlias);
+  });
+
+program
+  .command("remove <idOrAlias>")
+  .description("Remove a connection")
+  .action(async (idOrAlias) => {
+    await initConfig();
+    const { removeCommand } = await import("./commands/remove");
+    await removeCommand(configManager, idOrAlias);
+  });
+
+program
+  .command("save")
+  .description("Save config to GitHub Gist")
+  .action(async () => {
+    await initConfig();
+    const { saveCommand } = await import("./commands/sync");
+    await saveCommand(configManager);
+  });
+
+program
+  .command("sync")
+  .description("Sync config from GitHub Gist")
+  .action(async () => {
+    await initConfig();
+    const { syncCommand } = await import("./commands/sync");
+    await syncCommand(configManager);
+  });
+
+program.parse(process.argv);

package/src/lib/config.ts

@@ -0,0 +1,160 @@
+import * as fs from "fs";
+import * as os from "os";
+import * as path from "path";
+import { decrypt, encrypt } from "./crypto";
+import { Config, SSHConnection } from "./types";
+
+const CONFIG_PATH = path.join(os.homedir(), ".sshc.json");
+
+export class ConfigManager {
+  private config: Config;
+  private masterKey: string | null = null;
+
+  constructor() {
+    this.config = {
+      connections: [],
+    };
+  }
+
+  public setMasterKey(key: string) {
+    this.masterKey = key;
+  }
+
+  public load(): boolean {
+    if (!fs.existsSync(CONFIG_PATH)) {
+      return true; // New config
+    }
+
+    try {
+      const fileContent = fs.readFileSync(CONFIG_PATH, "utf-8");
+
+      // Try parsing as plain JSON first (migration or initial unencrypted)
+      try {
+        const plain = JSON.parse(fileContent);
+        if (plain.connections) {
+          this.config = plain;
+          return true;
+        }
+      } catch (e) {
+        // Not plain JSON, likely encrypted string or object
+      }
+
+      // If we are here, it's likely encrypted.
+      // We expect the file to contain just the encrypted string or { data: '...' }
+      // For simplicity let's assume the file content IS the encrypted string if not JSON
+      // Or we wrap it. Let's assume we wrap it to be safe.
+
+      let encryptedData = fileContent;
+      try {
+        const wrapped = JSON.parse(fileContent);
+        if (wrapped.encrypted) {
+          encryptedData = wrapped.encrypted;
+        }
+      } catch (e) {
+        // It's raw encrypted string
+      }
+
+      if (!this.masterKey) {
+        throw new Error("Master key required to decrypt config");
+      }
+
+      const decrypted = decrypt(encryptedData, this.masterKey);
+      this.config = JSON.parse(decrypted);
+      return true;
+    } catch (error) {
+      if (
+        error instanceof Error &&
+        error.message.includes("Master key required")
+      ) {
+        throw error;
+      }
+      // wrong password or corrupted
+      throw new Error(
+        "Failed to load config: " +
+          (error instanceof Error ? error.message : String(error)),
+      );
+    }
+  }
+
+  public getConfig(): Config {
+    return this.config;
+  }
+
+  public setGithubToken(token: string) {
+    this.config.githubToken = token;
+    this.save();
+  }
+
+  public setGistId(id: string) {
+    this.config.gistId = id;
+    this.save();
+  }
+
+  public getEncryptedContent(): string | null {
+    if (!this.masterKey) return null;
+    const json = JSON.stringify(this.config);
+    return encrypt(json, this.masterKey);
+  }
+
+  public mergeEncrypted(encryptedContent: string): boolean {
+    if (!this.masterKey) return false;
+    try {
+      const decrypted = decrypt(encryptedContent, this.masterKey);
+      const remoteConfig: Config = JSON.parse(decrypted);
+
+      let changed = false;
+      remoteConfig.connections.forEach((remoteConn) => {
+        if (!this.config.connections.find((c) => c.id === remoteConn.id)) {
+          this.config.connections.push(remoteConn);
+          changed = true;
+        }
+        // Could add logic to update existing ones if newer
+      });
+
+      if (changed) {
+        this.save();
+      }
+      return true;
+    } catch (e: any) {
+      console.error("Failed to decrypt and merge remote config:", e.message);
+      return false;
+    }
+  }
+
+  public save() {
+    if (!this.masterKey) {
+      throw new Error("Master key required to save config");
+    }
+
+    const json = JSON.stringify(this.config);
+    const encrypted = encrypt(json, this.masterKey);
+
+    fs.writeFileSync(CONFIG_PATH, JSON.stringify({ encrypted }), "utf-8");
+  }
+
+  public getConnections(): SSHConnection[] {
+    return this.config.connections;
+  }
+
+  public addConnection(connection: SSHConnection) {
+    this.config.connections.push(connection);
+    this.save();
+  }
+
+  public removeConnection(idOrAlias: string) {
+    this.config.connections = this.config.connections.filter(
+      (c) => c.id !== idOrAlias && c.alias !== idOrAlias,
+    );
+    this.save();
+  }
+
+  public getConnection(idOrAlias: string): SSHConnection | undefined {
+    return this.config.connections.find(
+      (c) => c.id === idOrAlias || c.alias === idOrAlias,
+    );
+  }
+
+  public isConfigExists(): boolean {
+    return fs.existsSync(CONFIG_PATH);
+  }
+}

package/src/lib/crypto.ts

@@ -0,0 +1,59 @@
+import * as crypto from "crypto";
+
+const ALGORITHM = "aes-256-gcm";
+const IV_LENGTH = 16;
+const SALT_LENGTH = 64;
+const TAG_LENGTH = 16;
+const KEY_LENGTH = 32;
+const ITERATIONS = 100000;
+
+export function encrypt(text: string, masterKey: string): string {
+  const iv = crypto.randomBytes(IV_LENGTH);
+  const salt = crypto.randomBytes(SALT_LENGTH);
+
+  const key = crypto.pbkdf2Sync(
+    masterKey,
+    salt,
+    ITERATIONS,
+    KEY_LENGTH,
+    "sha512",
+  );
+
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+
+  let encrypted = cipher.update(text, "utf8", "hex");
+  encrypted += cipher.final("hex");
+
+  const tag = cipher.getAuthTag();
+
+  // Format: salt:iv:tag:encrypted
+  return `${salt.toString("hex")}:${iv.toString("hex")}:${tag.toString("hex")}:${encrypted}`;
+}
+
+export function decrypt(text: string, masterKey: string): string {
+  const parts = text.split(":");
+  if (parts.length !== 4) {
+    throw new Error("Invalid encrypted data format");
+  }
+
+  const salt = Buffer.from(parts[0], "hex");
+  const iv = Buffer.from(parts[1], "hex");
+  const tag = Buffer.from(parts[2], "hex");
+  const encryptedText = parts[3];
+
+  const key = crypto.pbkdf2Sync(
+    masterKey,
+    salt,
+    ITERATIONS,
+    KEY_LENGTH,
+    "sha512",
+  );
+
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+  decipher.setAuthTag(tag);
+
+  let decrypted = decipher.update(encryptedText, "hex", "utf8");
+  decrypted += decipher.final("utf8");
+
+  return decrypted;
+}

package/src/lib/types.ts

@@ -0,0 +1,17 @@
+export interface SSHConnection {
+  id: string;
+  alias: string;
+  host: string;
+  port: number;
+  username: string;
+  password?: string;
+  privateKeyPath?: string;
+  description?: string;
+  createdAt: string;
+}
+
+export interface Config {
+  connections: SSHConnection[];
+  gistId?: string;
+  githubToken?: string;
+}

package/tsconfig.json

@@ -0,0 +1,15 @@
+{
+  "compilerOptions": {
+    "target": "es2020",
+    "module": "commonjs",
+    "outDir": "./dist",
+    "rootDir": "./src",
+    "strict": true,
+    "esModuleInterop": true,
+    "skipLibCheck": true,
+    "forceConsistentCasingInFileNames": true,
+    "resolveJsonModule": true
+  },
+  "include": ["src/**/*"],
+  "exclude": ["node_modules", "**/*.test.ts"]
+}