@anvil-works/anvil-cli 0.7.0-canary.6 → 0.7.0-canary.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (4) hide show
  1. package/dist/cli.js +45 -3
  2. package/dist/index.js +45 -3
  3. package/dist/services/git-auth.d.ts.map +1 -1
  4. package/package.json +1 -1
package/dist/cli.js CHANGED
@@ -7389,6 +7389,7 @@ var __webpack_exports__ = {};
7389
7389
  const external_node_fs_namespaceObject = require("node:fs");
7390
7390
  const external_node_path_namespaceObject = require("node:path");
7391
7391
  const external_node_crypto_namespaceObject = require("node:crypto");
7392
+ var external_node_crypto_default = /*#__PURE__*/ __webpack_require__.n(external_node_crypto_namespaceObject);
7392
7393
  const external_node_assert_namespaceObject = require("node:assert");
7393
7394
  const isObject = (value)=>{
7394
7395
  const type = typeof value;
@@ -14246,6 +14247,47 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14246
14247
  function getAuthFilePath(gitDir) {
14247
14248
  return external_path_default().join(gitDir, "anvil-auth.json");
14248
14249
  }
14250
+ const KEY_ENV = "ANVIL_AUTH_FILE_ENCRYPTION_KEY";
14251
+ function getEncryptionKey() {
14252
+ const keyBase64 = process.env[KEY_ENV];
14253
+ if (!keyBase64) return null;
14254
+ const key = Buffer.from(keyBase64, "base64");
14255
+ if (32 !== key.length) throw new Error(`${KEY_ENV} must be a base64-encoded 32-byte key`);
14256
+ return key;
14257
+ }
14258
+ function maybeEncrypt(plainText) {
14259
+ const key = getEncryptionKey();
14260
+ if (!key) return plainText;
14261
+ const iv = external_node_crypto_default().randomBytes(12);
14262
+ const cipher = external_node_crypto_default().createCipheriv("aes-256-gcm", key, iv);
14263
+ const ciphertext = Buffer.concat([
14264
+ cipher.update(plainText, "utf8"),
14265
+ cipher.final()
14266
+ ]);
14267
+ const authTag = cipher.getAuthTag();
14268
+ return JSON.stringify({
14269
+ version: 1,
14270
+ algorithm: "aes-256-gcm",
14271
+ iv: iv.toString("base64"),
14272
+ authTag: authTag.toString("base64"),
14273
+ ciphertext: ciphertext.toString("base64")
14274
+ }, null, 2);
14275
+ }
14276
+ function maybeDecrypt(json) {
14277
+ const key = getEncryptionKey();
14278
+ if (!key) return json;
14279
+ const payload = JSON.parse(json);
14280
+ if (1 !== payload.version || "aes-256-gcm" !== payload.algorithm) throw new Error("Unsupported encrypted file format");
14281
+ const iv = Buffer.from(payload.iv, "base64");
14282
+ const authTag = Buffer.from(payload.authTag, "base64");
14283
+ const ciphertext = Buffer.from(payload.ciphertext, "base64");
14284
+ const decipher = external_node_crypto_default().createDecipheriv("aes-256-gcm", key, iv);
14285
+ decipher.setAuthTag(authTag);
14286
+ return Buffer.concat([
14287
+ decipher.update(ciphertext),
14288
+ decipher.final()
14289
+ ]).toString("utf8");
14290
+ }
14249
14291
  async function writeAuthToFile(repoPath, auth) {
14250
14292
  const git = esm_default(repoPath);
14251
14293
  const gitDir = await getRepositoryGitDir(repoPath, git);
@@ -14254,8 +14296,8 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14254
14296
  recursive: true
14255
14297
  });
14256
14298
  const authJson = JSON.stringify(auth, null, 2);
14257
- await external_fs_.promises.writeFile(authFilePath, authJson, {
14258
- mode: 448
14299
+ await external_fs_.promises.writeFile(authFilePath, maybeEncrypt(authJson), {
14300
+ mode: 384
14259
14301
  });
14260
14302
  await external_fs_.promises.chmod(authFilePath, 448);
14261
14303
  await git.raw([
@@ -14272,7 +14314,7 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14272
14314
  const authFilePath = getAuthFilePath(gitDir);
14273
14315
  if (!external_fs_default().existsSync(authFilePath)) return;
14274
14316
  const authJson = await external_fs_.promises.readFile(authFilePath, "utf8");
14275
- return JSON.parse(authJson);
14317
+ return JSON.parse(maybeDecrypt(authJson));
14276
14318
  };
14277
14319
  function getDefaultAnvilUrl() {
14278
14320
  return resolveAnvilUrl();
package/dist/index.js CHANGED
@@ -11617,6 +11617,7 @@ var __webpack_exports__ = {};
11617
11617
  const external_node_process_namespaceObject = require("node:process");
11618
11618
  const external_node_fs_namespaceObject = require("node:fs");
11619
11619
  const external_node_crypto_namespaceObject = require("node:crypto");
11620
+ var external_node_crypto_default = /*#__PURE__*/ __webpack_require__.n(external_node_crypto_namespaceObject);
11620
11621
  const external_node_assert_namespaceObject = require("node:assert");
11621
11622
  const isObject = (value)=>{
11622
11623
  const type = typeof value;
@@ -14217,6 +14218,47 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14217
14218
  function getAuthFilePath(gitDir) {
14218
14219
  return external_path_default().join(gitDir, "anvil-auth.json");
14219
14220
  }
14221
+ const KEY_ENV = "ANVIL_AUTH_FILE_ENCRYPTION_KEY";
14222
+ function getEncryptionKey() {
14223
+ const keyBase64 = process.env[KEY_ENV];
14224
+ if (!keyBase64) return null;
14225
+ const key = Buffer.from(keyBase64, "base64");
14226
+ if (32 !== key.length) throw new Error(`${KEY_ENV} must be a base64-encoded 32-byte key`);
14227
+ return key;
14228
+ }
14229
+ function maybeEncrypt(plainText) {
14230
+ const key = getEncryptionKey();
14231
+ if (!key) return plainText;
14232
+ const iv = external_node_crypto_default().randomBytes(12);
14233
+ const cipher = external_node_crypto_default().createCipheriv("aes-256-gcm", key, iv);
14234
+ const ciphertext = Buffer.concat([
14235
+ cipher.update(plainText, "utf8"),
14236
+ cipher.final()
14237
+ ]);
14238
+ const authTag = cipher.getAuthTag();
14239
+ return JSON.stringify({
14240
+ version: 1,
14241
+ algorithm: "aes-256-gcm",
14242
+ iv: iv.toString("base64"),
14243
+ authTag: authTag.toString("base64"),
14244
+ ciphertext: ciphertext.toString("base64")
14245
+ }, null, 2);
14246
+ }
14247
+ function maybeDecrypt(json) {
14248
+ const key = getEncryptionKey();
14249
+ if (!key) return json;
14250
+ const payload = JSON.parse(json);
14251
+ if (1 !== payload.version || "aes-256-gcm" !== payload.algorithm) throw new Error("Unsupported encrypted file format");
14252
+ const iv = Buffer.from(payload.iv, "base64");
14253
+ const authTag = Buffer.from(payload.authTag, "base64");
14254
+ const ciphertext = Buffer.from(payload.ciphertext, "base64");
14255
+ const decipher = external_node_crypto_default().createDecipheriv("aes-256-gcm", key, iv);
14256
+ decipher.setAuthTag(authTag);
14257
+ return Buffer.concat([
14258
+ decipher.update(ciphertext),
14259
+ decipher.final()
14260
+ ]).toString("utf8");
14261
+ }
14220
14262
  async function writeAuthToFile(repoPath, auth) {
14221
14263
  const git = esm_default(repoPath);
14222
14264
  const gitDir = await getRepositoryGitDir(repoPath, git);
@@ -14225,8 +14267,8 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14225
14267
  recursive: true
14226
14268
  });
14227
14269
  const authJson = JSON.stringify(auth, null, 2);
14228
- await external_fs_.promises.writeFile(authFilePath, authJson, {
14229
- mode: 448
14270
+ await external_fs_.promises.writeFile(authFilePath, maybeEncrypt(authJson), {
14271
+ mode: 384
14230
14272
  });
14231
14273
  await external_fs_.promises.chmod(authFilePath, 448);
14232
14274
  await git.raw([
@@ -14243,7 +14285,7 @@ Promise.resolve(executeGitCredentialOperation(process.argv[2] || "get", {
14243
14285
  const authFilePath = getAuthFilePath(gitDir);
14244
14286
  if (!external_fs_default().existsSync(authFilePath)) return;
14245
14287
  const authJson = await external_fs_.promises.readFile(authFilePath, "utf8");
14246
- return JSON.parse(authJson);
14288
+ return JSON.parse(maybeDecrypt(authJson));
14247
14289
  };
14248
14290
  function getDefaultAnvilUrl() {
14249
14291
  return resolveAnvilUrl();
package/dist/services/git-auth.d.ts.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"git-auth.d.ts","sourceRoot":"","sources":["../../src/services/git-auth.ts"],"names":[],"mappings":"AAKA,OAAO,KAAK,EAAE,QAAQ,EAAE,MAAM,QAAQ,CAAC;AAIvC,MAAM,WAAW,cAAc;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAkBD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC;CAC9B,GAAG,MAAM,CAcT;AAWD,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAUhG;AAED,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAQ/G;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAI5E;AAED,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CA2BpE;AAiCD,wBAAgB,6BAA6B,CAAC,OAAO,CAAC,EAAE;IACpD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACtC,GAAG,MAAM,CAWT;AA0BD,wBAAsB,+BAA+B,CACjD,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IACN,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC;CAC9B,GACF,OAAO,CAAC,IAAI,CAAC,CA2Cf;AAED,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBtC;AAED,wBAAgB,qBAAqB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAK5E;AAOD,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,mBAgBrE;AAED,eAAO,MAAM,gBAAgB,GAAU,UAAU,MAAM,KAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAarF,CAAC"}
1
+ {"version":3,"file":"git-auth.d.ts","sourceRoot":"","sources":["../../src/services/git-auth.ts"],"names":[],"mappings":"AAMA,OAAO,KAAK,EAAC,QAAQ,EAAC,MAAM,QAAQ,CAAC;AAIrC,MAAM,WAAW,cAAc;IAC3B,GAAG,CAAC,EAAE,MAAM,CAAC;IACb,QAAQ,CAAC,EAAE,MAAM,CAAC;CACrB;AAkBD,wBAAgB,6BAA6B,CAAC,OAAO,EAAE;IACnD,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,EAAE,MAAM,CAAC;IACnB,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC;CAC9B,GAAG,MAAM,CAcT;AAWD,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,GAAG,OAAO,CAAC,cAAc,CAAC,CAUhG;AAED,wBAAsB,iBAAiB,CAAC,QAAQ,EAAE,MAAM,EAAE,KAAK,EAAE,MAAM,EAAE,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,IAAI,CAAC,CAQ/G;AAED,wBAAgB,oBAAoB,CAAC,KAAK,EAAE,MAAM,EAAE,QAAQ,EAAE,MAAM,GAAG,MAAM,CAI5E;AAED,wBAAgB,yBAAyB,CAAC,UAAU,EAAE,MAAM,GAAG,MAAM,CA2BpE;AAiCD,wBAAgB,6BAA6B,CAAC,OAAO,CAAC,EAAE;IACpD,iBAAiB,CAAC,EAAE,MAAM,CAAC;IAC3B,mBAAmB,CAAC,EAAE,MAAM,MAAM,CAAC;CACtC,GAAG,MAAM,CAWT;AA0BD,wBAAsB,+BAA+B,CACjD,QAAQ,EAAE,MAAM,EAChB,QAAQ,EAAE,MAAM,EAChB,OAAO,CAAC,EAAE;IACN,QAAQ,CAAC,EAAE,MAAM,CAAC;IAClB,UAAU,CAAC,EAAE,MAAM,CAAC;IACpB,QAAQ,CAAC,EAAE,MAAM,CAAC,QAAQ,CAAC;CAC9B,GACF,OAAO,CAAC,IAAI,CAAC,CA2Cf;AAED,wBAAsB,qBAAqB,CAAC,OAAO,EAAE;IACjD,QAAQ,EAAE,MAAM,CAAC;IACjB,KAAK,EAAE,MAAM,CAAC;IACd,QAAQ,EAAE,MAAM,CAAC;IACjB,QAAQ,EAAE,MAAM,CAAC;IACjB,UAAU,CAAC,EAAE,MAAM,CAAC;CACvB,GAAG,OAAO,CAAC;IAAE,cAAc,EAAE,MAAM,CAAA;CAAE,CAAC,CAiBtC;AAED,wBAAgB,qBAAqB,CAAC,SAAS,CAAC,EAAE,MAAM,GAAG,MAAM,GAAG,SAAS,CAK5E;AA+ED,wBAAsB,eAAe,CAAC,QAAQ,EAAE,MAAM,EAAE,IAAI,EAAE,QAAQ,mBAerE;AAED,eAAO,MAAM,gBAAgB,GAAU,UAAU,MAAM,KAAG,OAAO,CAAC,QAAQ,GAAG,SAAS,CAYrF,CAAC"}
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@anvil-works/anvil-cli",
3
- "version": "0.7.0-canary.6",
3
+ "version": "0.7.0-canary.7",
4
4
  "description": "CLI tool for developing Anvil apps locally",
5
5
  "main": "dist/index.js",
6
6
  "types": "dist/api.d.ts",