@assistkick/create 1.9.0 → 1.10.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/package.json +1 -1
  2. package/templates/assistkick-product-system/packages/backend/src/routes/git.ts +1 -1
  3. package/templates/assistkick-product-system/packages/backend/src/services/ssh_key_service.ts +20 -6
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@assistkick/create",
3
- "version": "1.9.0",
3
+ "version": "1.10.0",
4
4
  "description": "Scaffold assistkick-product-system into any project",
5
5
  "type": "module",
6
6
  "bin": {
package/templates/assistkick-product-system/packages/backend/src/routes/git.ts CHANGED
@@ -241,7 +241,7 @@ export const createGitRoutes = ({ projectService, githubAppService, workspaceSer
241
241
 
242
242
  try {
243
243
  if (!sshKeyService.isConfigured()) {
244
- res.status(400).json({ error: 'ENCRYPTION_KEY environment variable is not configured' });
244
+ res.status(400).json({ error: `ENCRYPTION_KEY environment variable is not configured. ${SshKeyService.KEY_HELP}` });
245
245
  return;
246
246
  }
247
247
 
package/templates/assistkick-product-system/packages/backend/src/services/ssh_key_service.ts CHANGED
@@ -30,15 +30,29 @@ export class SshKeyService {
30
30
  this.log = log;
31
31
  }
32
32
 
33
+ static readonly KEY_HELP = 'Set ENCRYPTION_KEY in your .env file (any string with at least 32 characters). Generate one with: openssl rand -hex 32';
34
+
35
+ /** Parse ENCRYPTION_KEY: try hex first, then base64, then use raw UTF-8 bytes via SHA-256. */
33
36
  private getEncryptionKey = (): Buffer => {
34
37
  const key = process.env.ENCRYPTION_KEY;
35
- if (!key) throw new Error('ENCRYPTION_KEY environment variable is not set');
36
- // Expect a 64-char hex string (32 bytes)
37
- const buf = Buffer.from(key, 'hex');
38
- if (buf.length !== 32) {
39
- throw new Error('ENCRYPTION_KEY must be a 64-character hex string (32 bytes for AES-256)');
38
+ if (!key) {
39
+ throw new Error(`ENCRYPTION_KEY environment variable is not set. ${SshKeyService.KEY_HELP}`);
40
+ }
41
+ if (key.length < 32) {
42
+ throw new Error(`ENCRYPTION_KEY must be at least 32 characters. ${SshKeyService.KEY_HELP}`);
43
+ }
44
+ // Try hex (64-char hex = 32 bytes)
45
+ if (/^[0-9a-fA-F]{64}$/.test(key)) {
46
+ return Buffer.from(key, 'hex');
47
+ }
48
+ // Try base64 (44 chars with padding = 32 bytes)
49
+ if (/^[A-Za-z0-9+/]{43}=?$/.test(key)) {
50
+ const buf = Buffer.from(key, 'base64');
51
+ if (buf.length === 32) return buf;
40
52
  }
41
- return buf;
53
+ // Fallback: SHA-256 hash of the raw string to get exactly 32 bytes
54
+ const { createHash } = require('node:crypto');
55
+ return createHash('sha256').update(key).digest();
42
56
  };
43
57
 
44
58
  /** Generate an ED25519 SSH keypair. */