@adobe/helix-onedrive-support 9.1.32 → 10.0.0

package/CHANGELOG.md

@@ -1,3 +1,15 @@
+# [10.0.0](https://github.com/adobe/helix-onedrive-support/compare/v9.1.32...v10.0.0) (2023-05-02)
+
+
+### Bug Fixes
+
+* use helix-shared-tokencache ([#373](https://github.com/adobe/helix-onedrive-support/issues/373)) ([d6d2ab0](https://github.com/adobe/helix-onedrive-support/commit/d6d2ab0bce1987ad4f46d3a5e84d986dff1c54b2))
+
+
+### BREAKING CHANGES
+
+* token cache moved to @adobe/helix-shared-tokencache
+
 ## [9.1.32](https://github.com/adobe/helix-onedrive-support/compare/v9.1.31...v9.1.32) (2023-04-29)
 
 

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@adobe/helix-onedrive-support",
-  "version": "9.1.32",
+  "version": "10.0.0",
   "description": "Helix OneDrive Support",
   "main": "src/index.js",
   "exports": {
@@ -28,6 +28,7 @@
   "homepage": "https://github.com/adobe/helix-onedrive-support#readme",
   "dependencies": {
     "@adobe/fetch": "4.0.10",
+    "@adobe/helix-shared-tokencache": "1.0.0",
     "@aws-sdk/client-s3": "3.321.1",
     "@azure/msal-node": "1.17.1",
     "jose": "4.14.3"

package/src/OneDriveAuth.js

@@ -13,8 +13,8 @@
 // eslint-disable-next-line max-classes-per-file
 import { keepAliveNoCache } from '@adobe/fetch';
 import { ConfidentialClientApplication, LogLevel, PublicClientApplication } from '@azure/msal-node';
+import { MemCachePlugin } from '@adobe/helix-shared-tokencache';
 import { decodeJwt } from 'jose';
-import { MemCachePlugin } from './cache/MemCachePlugin.js';
 
 const AZ_AUTHORITY_HOST_URL = 'https://login.windows.net';
 const AZ_COMMON_TENANT = 'common';

package/src/index.d.ts

@@ -18,9 +18,3 @@ export * from './excel/Worksheet';
 export * from './excel/NamedItem';
 export * from './excel/Table';
 export * from './excel/Range';
-
-export * from './cache/FSCacheManager';
-export * from './cache/FSCachePlugin';
-export * from './cache/MemCachePlugin';
-export * from './cache/S3CacheManager';
-export * from './cache/S3CachePlugin';

package/src/index.js

@@ -12,11 +12,6 @@
 export { OneDrive } from './OneDrive.js';
 export { OneDriveAuth, AcquireMethod } from './OneDriveAuth.js';
 
-export { FSCachePlugin } from './cache/FSCachePlugin.js';
-export { FSCacheManager } from './cache/FSCacheManager.js';
-export { MemCachePlugin } from './cache/MemCachePlugin.js';
-export { S3CachePlugin } from './cache/S3CachePlugin.js';
-export { S3CacheManager } from './cache/S3CacheManager.js';
 export { OneDriveMock } from './OneDriveMock.js';
 export { StatusCodeError } from './StatusCodeError.js';
 

package/src/cache/FSCacheManager.d.ts

@@ -1,28 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { FSCachePlugin } from "./FSCachePlugin";
-
-export declare interface FSCacheManagerOptions {
-  log: Console;
-  dirPath: string;
-  type: string;
-}
-
-export declare class FSCacheManager {
-  constructor(opts: FSCacheManagerOptions);
-
-  listCacheKeys():Promise<string[]>;
-
-  hasCache(key:string):Promise<boolean>;
-
-  getCache(key:string):Promise<FSCachePlugin>;
-}

package/src/cache/FSCacheManager.js

@@ -1,77 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import fs from 'fs/promises';
-import path from 'path';
-import { FSCachePlugin } from './FSCachePlugin.js';
-
-/**
- * aliases
- * @typedef {import("@azure/msal-node").ICachePlugin} ICachePlugin
- * @typedef {import("@azure/msal-node").TokenCacheContext} TokenCacheContext
- */
-
-export class FSCacheManager {
-  constructor(opts) {
-    this.dirPath = opts.dirPath;
-    this.log = opts.log || console;
-    this.type = opts.type;
-  }
-
-  getCacheFilePath(key) {
-    return path.resolve(this.dirPath, `auth-${this.type}-${key}.json`);
-  }
-
-  async listCacheKeys() {
-    try {
-      const files = await fs.readdir(this.dirPath);
-      return files
-        .filter((name) => (name.startsWith('auth-') && name.endsWith('.json')))
-        .map((name) => name.replace(/auth-([a-z0-9]+)-([a-z0-9]+).json/i, '$2'));
-    } catch (e) {
-      if (e.code === 'ENOENT') {
-        return [];
-      }
-      throw e;
-    }
-  }
-
-  async hasCache(key) {
-    try {
-      await fs.lstat(this.getCacheFilePath(key));
-      return true;
-    } catch (e) {
-      if (e.code !== 'ENOENT') {
-        throw e;
-      }
-      return false;
-    }
-  }
-
-  /**
-   * @param key
-   * @returns {FSCachePlugin}
-   */
-  async getCache(key) {
-    try {
-      await fs.lstat(this.dirPath);
-    } catch (e) {
-      if (e.code !== 'ENOENT') {
-        throw e;
-      }
-      await fs.mkdir(this.dirPath);
-    }
-    return new FSCachePlugin({
-      log: this.log,
-      filePath: this.getCacheFilePath(key),
-    });
-  }
-}

package/src/cache/FSCachePlugin.d.ts

@@ -1,29 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { ICachePlugin, TokenCacheContext } from  '@azure/msal-node';
-
-import { Logger } from "../OneDrive";
-
-export declare interface FSCachePluginOptions {
-  log: Console;
-  filePath: string;
-}
-
-export declare class FSCachePlugin implements ICachePlugin {
-  constructor(opts: FSCachePluginOptions);
-
-  deleteCache(): Promise<void>;
-
-  afterCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-
-  beforeCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-}

package/src/cache/FSCachePlugin.js

@@ -1,73 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import fs from 'fs/promises';
-
-/**
- * aliases
- * @typedef {import("@azure/msal-node").ICachePlugin} ICachePlugin
- * @typedef {import("@azure/msal-node").TokenCacheContext} TokenCacheContext
- */
-
-/**
- * Cache plugin for MSAL
- * @param {FSCachePluginOptions} opts
- * @class FSCachePlugin
- * @implements ICachePlugin
- */
-export class FSCachePlugin {
-  constructor(opts) {
-    this.filePath = opts.filePath;
-    this.log = opts.log || console;
-  }
-
-  async deleteCache() {
-    try {
-      await fs.rm(this.filePath);
-    } catch (e) {
-      this.log.warn(`error deleting cache: ${e.message}`);
-      // ignore
-    }
-  }
-
-  /**
-   * @param {TokenCacheContext} cacheContext
-   * @returns {Promise<boolean>} if cache was updated
-   */
-  async beforeCacheAccess(cacheContext) {
-    const { log, filePath } = this;
-    try {
-      cacheContext.tokenCache.deserialize(await fs.readFile(filePath, 'utf-8'));
-      return true;
-    } catch (e) {
-      if (e.code !== 'ENOENT') {
-        // only log warnings if file exists, otherwise ignore
-        log.warn('FSCachePlugin: unable to deserialize', e);
-      }
-    }
-    return false;
-  }
-
-  /**
-   * @param {TokenCacheContext} cacheContext
-   * @returns {Promise<boolean>} if cache was updated
-   */
-  async afterCacheAccess(cacheContext) {
-    const { filePath } = this;
-    if (cacheContext.cacheHasChanged) {
-      // reparse and create a nice formatted JSON
-      const tokens = JSON.parse(cacheContext.tokenCache.serialize());
-      await fs.writeFile(filePath, JSON.stringify(tokens, null, 2), 'utf-8');
-      return true;
-    }
-    return false;
-  }
-}

package/src/cache/MemCachePlugin.d.ts

@@ -1,34 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { ICachePlugin, TokenCacheContext } from  '@azure/msal-node';
-
-import { Logger } from "../OneDrive";
-
-export declare interface MemCachePluginOptions {
-  log: Console;
-  /**
-   * memory cache key
-   */
-  key: string;
-  base: ICachePlugin;
-  caches?: Map<string, any>;
-}
-
-export declare class MemCachePlugin implements ICachePlugin {
-  constructor(opts: MemCachePluginOptions);
-
-  deleteCache(): Promise<void>;
-
-  afterCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-
-  beforeCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-}

package/src/cache/MemCachePlugin.js

@@ -1,88 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-const caches = new Map();
-
-/**
- * aliases
- * @typedef {import("@azure/msal-node").ICachePlugin} ICachePlugin
- * @typedef {import("@azure/msal-node").TokenCacheContext} TokenCacheContext
- */
-
-/**
- * Cache plugin for MSAL
- * @class MemCachePlugin
- * @implements ICachePlugin
- */
-export class MemCachePlugin {
-  /**
-   * @param {MemCachePluginOptions} opts
-   */
-  constructor(opts = {}) {
-    this.log = opts.log || console;
-    this.key = opts.key;
-    this.base = opts.base;
-    this.caches = opts.caches || caches;
-  }
-
-  clear() {
-    this.caches.clear();
-  }
-
-  async deleteCache() {
-    this.log.debug('mem: delete token cache', this.key);
-    this.caches.delete(this.key);
-    if (this.base) {
-      await this.base.deleteCache();
-    }
-  }
-
-  /**
-   * @param {TokenCacheContext} cacheContext
-   */
-  async beforeCacheAccess(cacheContext) {
-    try {
-      this.log.debug('mem: read token cache', this.key);
-      const cache = this.caches.get(this.key);
-      if (cache) {
-        cacheContext.tokenCache.deserialize(cache);
-        return true;
-      } else if (this.base) {
-        this.log.debug('mem: read token cache failed. asking base');
-        const ret = await this.base.beforeCacheAccess(cacheContext);
-        if (ret) {
-          this.log.debug('mem: base updated. remember.');
-          this.caches.set(this.key, cacheContext.tokenCache.serialize());
-        }
-        return ret;
-      }
-    } catch (e) {
-      this.log.warn('mem: unable to deserialize token cache.', e);
-    }
-    return false;
-  }
-
-  /**
-   * @param {TokenCacheContext} cacheContext
-   */
-  async afterCacheAccess(cacheContext) {
-    if (cacheContext.cacheHasChanged) {
-      this.log.debug('mem: write token cache', this.key);
-      this.caches.set(this.key, cacheContext.tokenCache.serialize());
-      if (this.base) {
-        this.log.debug('mem: write token cache done. telling base', this.key);
-        return this.base.afterCacheAccess(cacheContext);
-      }
-      return true;
-    }
-    return false;
-  }
-}

package/src/cache/S3CacheManager.d.ts

@@ -1,40 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { S3CachePlugin } from "./FSCachePlugin";
-
-export declare interface S3CacheManagerOptions {
-  log: Console;
-  type: string;
-  bucket: string;
-  prefix: string;
-  secret: string;
-}
-
-export declare class S3CacheManager {
-  /**
-   * Find the first cache with the given opts, that exists, otherwise the plugin using the
-   * default options is returned.
-   * @param {string} key
-   * @param {object} defaultOpts
-   * @param {object} opts
-   * @returns {Promise<S3CachePlugin>}
-   */
-  static findCache(key:string, defaultOpts:S3CacheManagerOptions, ...opts:S3CacheManagerOptions[]):Promise<S3CachePlugin>;
-
-  constructor(opts: S3CacheManagerOptions);
-
-  listCacheKeys():Promise<string[]>;
-
-  hasCache(key:string):Promise<boolean>;
-
-  getCache(key:string):Promise<S3CachePlugin>;
-}

package/src/cache/S3CacheManager.js

@@ -1,107 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { basename } from 'path';
-import { HeadObjectCommand, ListObjectsV2Command, S3Client } from '@aws-sdk/client-s3';
-import { S3CachePlugin } from './S3CachePlugin.js';
-
-/**
- * aliases
- * @typedef {import("@azure/msal-node").ICachePlugin} ICachePlugin
- * @typedef {import("@azure/msal-node").TokenCacheContext} TokenCacheContext
- */
-
-export class S3CacheManager {
-  /**
-   * Find the first cache with the given opts, that exists, otherwise the plugin using the
-   * default options is returned.
-   * @param {string} key
-   * @param {object} defaultOpts
-   * @param {object} opts
-   * @returns {Promise<S3CachePlugin>}
-   */
-  static async findCache(key, defaultOpts, ...opts) {
-    for (const opt of opts) {
-      const cacheManager = new S3CacheManager({
-        ...defaultOpts,
-        ...opt,
-      });
-      // eslint-disable-next-line no-await-in-loop
-      if (await cacheManager.hasCache(key)) {
-        return cacheManager.getCache(key);
-      }
-    }
-    return new S3CacheManager(defaultOpts).getCache(key);
-  }
-
-  constructor(opts) {
-    this.log = opts.log || console;
-    this.bucket = opts.bucket;
-    this.prefix = opts.prefix;
-    this.secret = opts.secret;
-    this.type = opts.type;
-    this.s3 = new S3Client();
-  }
-
-  getAuthObjectKey(key) {
-    return `${this.prefix}/auth-${this.type}-${key}.json`;
-  }
-
-  async listCacheKeys() {
-    const {
-      log, s3, bucket, prefix,
-    } = this;
-    log.debug('s3: list token cache', prefix);
-    try {
-      const res = await s3.send(new ListObjectsV2Command({
-        Bucket: bucket,
-        Prefix: `${prefix}/`,
-      }));
-      return (res.Contents || [])
-        .map((entry) => basename(entry.Key))
-        .filter((name) => (name.startsWith(`auth-${this.type}-`) && name.endsWith('.json')))
-        .map((name) => name.replace(/auth-([a-z0-9]+)-([a-z0-9]+).json/i, '$2'));
-    } catch (e) {
-      log.info('s3: unable to list token caches', e);
-      return [];
-    }
-  }
-
-  async hasCache(key) {
-    const { log, bucket } = this;
-    try {
-      await this.s3.send(new HeadObjectCommand({
-        Bucket: bucket,
-        Key: this.getAuthObjectKey(key),
-      }));
-      return true;
-    } catch (e) {
-      if (e.$metadata?.httpStatusCode !== 404) {
-        log.warn('s3: unable to check token cache', e);
-        throw e;
-      }
-      return false;
-    }
-  }
-
-  /**
-   * @param key
-   * @returns {S3CachePlugin}
-   */
-  async getCache(key) {
-    return new S3CachePlugin({
-      log: this.log,
-      key: this.getAuthObjectKey(key),
-      secret: this.secret,
-      bucket: this.bucket,
-    });
-  }
-}

package/src/cache/S3CachePlugin.d.ts

@@ -1,49 +0,0 @@
-/*
- * Copyright 2022 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import { ICachePlugin, TokenCacheContext } from  '@azure/msal-node';
-
-import { Logger } from "../OneDrive";
-
-export declare interface S3CachePluginOptions {
-  log: Console;
-  bucket: string;
-  key: string;
-  secret: string;
-}
-
-export declare class S3CachePlugin implements ICachePlugin {
-  /**
-   * Decrypts a AES-GCM encrypted digest.
-   * @param {string} key encryption key / password
-   * @param {Buffer} data the encrypted data
-   * @returns {Buffer} the plain text
-   * @throws an error if the given key cannot decrypt the digest.
-   */
-  static encrypt(key:string, data:Buffer):Buffer;
-
-  /**
-   * Decrypts a AES-GCM encrypted digest.
-   * @param {string} key encryption key / password
-   * @param {Buffer} data the encrypted data
-   * @returns {Buffer} the plain text
-   * @throws an error if the given key cannot decrypt the digest.
-   */
-  static decrypt(key: string, data: Buffer):Buffer;
-
-  constructor(opts: S3CachePluginOptions);
-
-  deleteCache(): Promise<void>;
-
-  afterCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-
-  beforeCacheAccess(tokenCacheContext: TokenCacheContext): Promise<boolean>;
-}

package/src/cache/S3CachePlugin.js

@@ -1,116 +0,0 @@
-/*
- * Copyright 2021 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import {
-  DeleteObjectCommand,
-  GetObjectCommand,
-  PutObjectCommand,
-  S3Client,
-} from '@aws-sdk/client-s3';
-import { Response } from '@adobe/fetch';
-import { decrypt, encrypt } from './encrypt.js';
-
-/**
- * aliases
- * @typedef {import("@azure/msal-node").ICachePlugin} ICachePlugin
- * @typedef {import("@azure/msal-node").TokenCacheContext} TokenCacheContext
- */
-
-/**
- * Cache plugin for MSAL
- * @class MemCachePlugin
- * @implements ICachePlugin
- */
-export class S3CachePlugin {
-  /**
-   * @param {S3CachePluginOptions} opts
-   */
-  constructor(opts) {
-    this.log = opts.log || console;
-    this.bucket = opts.bucket;
-    this.key = opts.key;
-    this.secret = opts.secret;
-    this.s3 = new S3Client();
-  }
-
-  async deleteCache() {
-    const { log, key, bucket } = this;
-    try {
-      log.debug('s3: read token cache', key);
-      await this.s3.send(new DeleteObjectCommand({
-        Bucket: bucket,
-        Key: key,
-      }));
-    } catch (e) {
-      if (e.$metadata?.httpStatusCode === 404) {
-        log.info('s3: unable to deserialize token cache: not found');
-      } else {
-        log.warn('s3: unable to deserialize token cache', e);
-      }
-    }
-  }
-
-  async beforeCacheAccess(cacheContext) {
-    const {
-      log, secret, key, bucket,
-    } = this;
-    try {
-      log.debug('s3: read token cache', key);
-      const res = await this.s3.send(new GetObjectCommand({
-        Bucket: bucket,
-        Key: key,
-      }));
-      let data = await new Response(res.Body, {}).buffer();
-      if (secret) {
-        data = decrypt(secret, data).toString('utf-8');
-      } else {
-        data = data.toString('utf-8');
-      }
-      cacheContext.tokenCache.deserialize(data);
-      return true;
-    } catch (e) {
-      if (e.$metadata?.httpStatusCode === 404) {
-        log.info('s3: unable to deserialize token cache: not found');
-      } else {
-        log.warn('s3: unable to deserialize token cache', e);
-      }
-    }
-    return false;
-  }
-
-  async afterCacheAccess(cacheContext) {
-    if (cacheContext.cacheHasChanged) {
-      const {
-        log, secret, key, bucket,
-      } = this;
-      try {
-        log.debug('s3: write token cache', key);
-        let data = cacheContext.tokenCache.serialize();
-        if (secret) {
-          data = encrypt(secret, Buffer.from(data, 'utf-8'));
-        }
-        await this.s3.send(new PutObjectCommand({
-          Bucket: bucket,
-          Key: key,
-          Body: data,
-          ContentType: secret ? 'application/octet-stream' : 'text/plain',
-        }));
-        return true;
-      } catch (e) {
-        log.warn('s3: unable to serialize token cache', e);
-      }
-    }
-    return false;
-  }
-}
-
-S3CachePlugin.encrypt = encrypt;
-S3CachePlugin.decrypt = decrypt;

package/src/cache/encrypt.js

@@ -1,70 +0,0 @@
-/*
- * Copyright 2021 Adobe. All rights reserved.
- * This file is licensed to you under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License. You may obtain a copy
- * of the License at http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software distributed under
- * the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR REPRESENTATIONS
- * OF ANY KIND, either express or implied. See the License for the specific language
- * governing permissions and limitations under the License.
- */
-import crypto from 'crypto';
-
-const ALGO = 'aes-256-gcm';
-const SALT_SIZE = 8;
-const IV_SIZE = 12;
-const AUTH_TAG_SIZE = 16;
-
-function deriveKey(key, salt) {
-  return crypto.pbkdf2Sync(key, salt, 10000, 32, 'sha512');
-}
-
-/**
- * Provides an AES-GCM symmetric encryption using a key derivation from a generic password.
- * The resulting string is a base64 encoded buffer of the salt, iv, auth and encrypted text.
- * Using GCM has the advantage over plain AES, that the validity of the key can be verified.
- * (similar to a AES + HMAC approach).
- *
- * result = base64( salt | iv | auth | enc )
- *
- * @param {string} key encryption key / password
- * @param {Buffer} plain Plain text to encrypt
- * @return {Buffer} digest.
- */
-export function encrypt(key, plain) {
-  const salt = crypto.randomBytes(SALT_SIZE);
-  const iv = crypto.randomBytes(IV_SIZE);
-  const derivedKey = deriveKey(key, salt);
-  const cipher = crypto.createCipheriv(ALGO, derivedKey, iv);
-
-  const data = [salt, iv, null];
-  data.push(cipher.update(plain));
-  data.push(cipher.final());
-  data[2] = cipher.getAuthTag();
-  return Buffer.concat(data);
-}
-
-/**
- * Decrypts a AES-GCM encrypted digest.
- * @param {string} key encryption key / password
- * @param {Buffer} data the encrypted data
- * @returns {Buffer} the plain text
- * @throws an error if the given key cannot decrypt the digest.
- */
-export function decrypt(key, data) {
-  const salt = data.slice(0, SALT_SIZE);
-  const iv = data.slice(SALT_SIZE, SALT_SIZE + IV_SIZE);
-  const authTag = data.slice(SALT_SIZE + IV_SIZE, SALT_SIZE + IV_SIZE + AUTH_TAG_SIZE);
-  const enc = data.slice(SALT_SIZE + IV_SIZE + AUTH_TAG_SIZE);
-
-  const derivedKey = deriveKey(key, salt);
-  const decipher = crypto.createDecipheriv(ALGO, derivedKey, iv);
-  decipher.setAuthTag(authTag);
-
-  const ret = [
-    decipher.update(enc),
-    decipher.final(),
-  ];
-  return Buffer.concat(ret);
-}