@benzid.wael/secure-vault 0.0.1

package/package.json

@@ -0,0 +1,167 @@
+{
+  "name": "@benzid.wael/secure-vault",
+  "version": "0.0.1",
+  "description": "A secure password management application built with Electron and React",
+  "type": "module",
+  "main": "build/electron/main.cjs",
+  "homepage": "./",
+  "license": "MIT",
+  "author": {
+    "name": "Wael Ben Zid",
+    "email": "benzid.wael@hotmail.fr"
+  },
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/benzid-wael/secure-vault.git"
+  },
+  "engines": {
+    "node": ">=20.10.0"
+  },
+  "files": [
+    "bin/",
+    "src/electron/",
+    "README.md",
+    "LICENSE"
+  ],
+  "scripts": {
+    "dev": "vite",
+    "start": "vite",
+    "build": "vite build",
+    "preview": "vite preview",
+    "test": "vitest",
+    "test:ui": "vitest --ui",
+    "test:coverage": "vitest run --coverage",
+    "test:coverage:ui": "vitest --ui --coverage",
+    "test:coverage:check": "node scripts/coverage-check.js",
+    "dev:electron": "npm run build:main && concurrently -k -n VITE,ELECTRON -c blue,green \"vite\" \"wait-on tcp:3000 && cross-env ELECTRON_IS_DEV=1 electron .\"",
+    "dev:renderer": "vite",
+    "dev:main": "cross-env NODE_ENV=development electron .",
+    "build:renderer": "vite build",
+    "build:main": "vite build --config vite.electron.config.js",
+    "build:all": "npm run build:renderer && npm run build:main",
+    "verify-build": "node scripts/verify-build.js",
+    "start:dev": "cross-env NODE_ENV=development electron .",
+    "start:prod": "cross-env NODE_ENV=production electron .",
+    "package": "npm run build:all && electron-builder",
+    "package:mac": "npm run build:all && electron-builder --mac",
+    "package:win": "npm run build:all && electron-builder --win",
+    "package:linux": "npm run build:all && electron-builder --linux",
+    "package:cli": "node scripts/build-cli.js",
+    "electron": "npm run start:prod",
+    "electron-dev": "npm run dev:electron",
+    "electron:build": "npm run build:all",
+    "electron-pack": "npm run package",
+    "preelectron-pack": "npm run build:all",
+    "prepare": "husky"
+  },
+  "dependencies": {
+    "@emotion/react": "^11.11.1",
+    "@emotion/styled": "^11.11.0",
+    "@inquirer/password": "^4.0.17",
+    "@mui/icons-material": "^5.14.1",
+    "@mui/material": "^5.14.1",
+    "chalk": "^5.6.0",
+    "commander": "^14.0.0",
+    "crypto-js": "^4.1.1",
+    "electron-is-dev": "^2.0.0",
+    "figlet": "^1.8.2",
+    "fs-extra": "^11.1.1",
+    "node-forge": "^1.3.1",
+    "ora": "^8.2.0",
+    "path": "^0.12.7",
+    "react": "^18.3.1",
+    "react-dom": "^18.3.1",
+    "react-router-dom": "^6.14.2",
+    "uuid": "^9.0.0"
+  },
+  "devDependencies": {
+    "@babel/core": "^7.23.5",
+    "@emotion/babel-plugin": "^11.11.0",
+    "@testing-library/jest-dom": "^6.1.4",
+    "@testing-library/react": "^14.1.2",
+    "@testing-library/user-event": "^14.5.1",
+    "@types/node": "^20.10.5",
+    "@types/react": "^18.2.45",
+    "@types/react-dom": "^18.2.18",
+    "@vitejs/plugin-react": "^4.2.1",
+    "@vitest/coverage-v8": "^1.2.2",
+    "@vitest/ui": "^1.2.2",
+    "concurrently": "^8.2.2",
+    "cross-env": "^7.0.3",
+    "electron": "^27.1.3",
+    "electron-builder": "^24.6.4",
+    "eslint": "^8.56.0",
+    "eslint-plugin-react": "^7.33.2",
+    "eslint-plugin-react-hooks": "^4.6.0",
+    "eslint-plugin-react-refresh": "^0.4.5",
+    "husky": "^9.1.7",
+    "jsdom": "^22.1.0",
+    "lint-staged": "^15.2.0",
+    "prettier": "^3.1.1",
+    "typescript": "^5.3.2",
+    "vite": "^5.0.8",
+    "vite-plugin-electron": "^0.15.5",
+    "vitest": "^1.2.2",
+    "wait-on": "^7.2.0"
+  },
+  "lint-staged": {
+    "*.{js,jsx,ts,tsx}": [
+      "npx prettier --write"
+    ],
+    "*.{json,md,css}": [
+      "npx prettier --write"
+    ]
+  },
+  "build": {
+    "appId": "com.securepasswordmanager.app",
+    "productName": "Secure Password Manager",
+    "files": [
+      "build/**/*",
+      "node_modules/**/*"
+    ],
+    "directories": {
+      "buildResources": "public",
+      "output": "dist"
+    },
+    "publish": null,
+    "mac": {
+      "category": "public.app-category.utilities",
+      "target": [
+        "dmg",
+        "zip"
+      ]
+    },
+    "win": {
+      "target": [
+        "nsis",
+        "portable"
+      ]
+    },
+    "linux": {
+      "target": [
+        "AppImage",
+        "deb"
+      ],
+      "category": "Utility"
+    },
+    "nsis": {
+      "oneClick": false,
+      "allowToChangeInstallationDirectory": true
+    }
+  },
+  "browserslist": {
+    "production": [
+      ">0.2%",
+      "not dead",
+      "not op_mini all"
+    ],
+    "development": [
+      "last 1 chrome version",
+      "last 1 firefox version",
+      "last 1 safari version"
+    ]
+  },
+  "bin": {
+    "vault": "./bin/cli.js"
+  }
+}

package/src/electron/models/EnvironmentVault.js

@@ -0,0 +1,251 @@
+export class EnvironmentVault {
+  constructor({
+    vaultVersion = 1,
+    created = new Date().toISOString(),
+    updated = new Date().toISOString(),
+    environments = {},
+  } = {}) {
+    this.vaultVersion = vaultVersion;
+    this.created = created;
+    this.updated = updated;
+    this.environments = {};
+
+    for (const [name, env] of Object.entries(environments)) {
+      this.environments[name] = {
+        description: env.description || '',
+        versions: (env.versions || []).map((v) => ({ ...v })),
+        activeVersion: env.activeVersion || 1,
+        extends: env.extends || null,
+      };
+    }
+  }
+
+  toJSON() {
+    return {
+      vaultVersion: this.vaultVersion,
+      created: this.created,
+      updated: this.updated,
+      environments: Object.fromEntries(
+        Object.entries(this.environments).map(([name, env]) => [
+          name,
+          {
+            description: env.description,
+            versions: env.versions.map((v) => ({ ...v })),
+            activeVersion: env.activeVersion,
+            extends: env.extends,
+          },
+        ])
+      ),
+    };
+  }
+
+  static fromJSON(data) {
+    return new EnvironmentVault(data);
+  }
+
+  listEnvironmentNames() {
+    return Object.keys(this.environments).sort();
+  }
+
+  addEnvironment(name, { description = '' } = {}) {
+    if (this.environments[name]) {
+      throw new Error(`Environment '${name}' already exists`);
+    }
+    this.environments[name] = {
+      description,
+      versions: [],
+      activeVersion: 0,
+      extends: null,
+    };
+    this.updated = new Date().toISOString();
+  }
+
+  removeEnvironment(name) {
+    if (!this.environments[name]) {
+      throw new Error(`Environment '${name}' not found`);
+    }
+    delete this.environments[name];
+    this.updated = new Date().toISOString();
+  }
+
+  renameEnvironment(oldName, newName) {
+    if (!this.environments[oldName]) {
+      throw new Error(`Environment '${oldName}' not found`);
+    }
+    if (this.environments[newName]) {
+      throw new Error(`Environment '${newName}' already exists`);
+    }
+    if (oldName === newName) return;
+
+    this.environments[newName] = this.environments[oldName];
+    delete this.environments[oldName];
+    this.updated = new Date().toISOString();
+  }
+
+  #getEnv(name) {
+    const env = this.environments[name];
+    if (!env) {
+      throw new Error(`Environment '${name}' not found`);
+    }
+    return env;
+  }
+
+  #getVersion(env, versionN) {
+    const version = env.versions.find((v) => v.n === versionN);
+    if (!version) {
+      throw new Error(`Version ${versionN} not found in environment`);
+    }
+    return version;
+  }
+
+  addVersion(
+    name,
+    vars,
+    { required = [], nonSensitive = [], message = null } = {}
+  ) {
+    const env = this.#getEnv(name);
+    const nextN =
+      env.versions.length > 0 ? env.versions[env.versions.length - 1].n + 1 : 1;
+
+    const version = {
+      n: nextN,
+      created: new Date().toISOString(),
+      message: message,
+      vars: { ...vars },
+      required: [...required],
+      nonSensitive: [...nonSensitive],
+    };
+
+    env.versions.push(version);
+    env.activeVersion = nextN;
+    this.updated = new Date().toISOString();
+    return version;
+  }
+
+  getActiveVersion(name) {
+    const env = this.#getEnv(name);
+    if (env.activeVersion === 0 || env.versions.length === 0) {
+      return null;
+    }
+    return this.#getVersion(env, env.activeVersion);
+  }
+
+  setActiveVersion(name, versionN) {
+    const env = this.#getEnv(name);
+    this.#getVersion(env, versionN);
+    env.activeVersion = versionN;
+    this.updated = new Date().toISOString();
+  }
+
+  getVersion(name, versionN) {
+    const env = this.#getEnv(name);
+    return JSON.parse(JSON.stringify(this.#getVersion(env, versionN)));
+  }
+
+  getHistory(name) {
+    const env = this.#getEnv(name);
+    return env.versions.map((v) => ({
+      n: v.n,
+      created: v.created,
+      message: v.message,
+      keyCount: Object.keys(v.vars).length,
+      isActive: v.n === env.activeVersion,
+    }));
+  }
+
+  rollback(name, versionN) {
+    const env = this.#getEnv(name);
+    const source = this.#getVersion(env, versionN);
+
+    return this.addVersion(
+      name,
+      { ...source.vars },
+      {
+        required: [...source.required],
+        nonSensitive: [...source.nonSensitive],
+        message: `Rollback to version ${versionN}`,
+      }
+    );
+  }
+
+  squash(name, { keep = 1 } = {}) {
+    const env = this.#getEnv(name);
+    const keepN = Math.max(1, keep);
+    if (env.versions.length <= keepN) return;
+
+    const keepFromEnd = keepN - 1;
+    const versionsToKeep =
+      keepFromEnd > 0 ? env.versions.slice(-keepFromEnd) : [];
+    const versionsToSquash =
+      keepFromEnd > 0 ? env.versions.slice(0, -keepFromEnd) : [...env.versions];
+
+    const lastSquashed = versionsToSquash[versionsToSquash.length - 1];
+    const squashedVars = { ...lastSquashed.vars };
+    const squashedRequired = [...lastSquashed.required];
+    const squashedNonSensitive = [...lastSquashed.nonSensitive];
+
+    const wasActiveSquashed = env.activeVersion <= lastSquashed.n;
+
+    env.versions = [
+      {
+        n: 1,
+        created: versionsToSquash[0].created,
+        message: `Squashed ${versionsToSquash.length} versions (v${versionsToSquash[0].n}–v${lastSquashed.n})`,
+        vars: squashedVars,
+        required: squashedRequired,
+        nonSensitive: squashedNonSensitive,
+      },
+      ...versionsToKeep.map((v, i) => ({
+        ...v,
+        n: i + 2,
+      })),
+    ];
+
+    env.activeVersion = wasActiveSquashed ? 1 : env.versions.length;
+    this.updated = new Date().toISOString();
+  }
+
+  isSensitive(name, key) {
+    const version = this.getActiveVersion(name);
+    if (!version) return true;
+    return !version.nonSensitive.includes(key);
+  }
+
+  static parseEnvFile(content) {
+    const vars = {};
+    const lines = content.split('\n');
+
+    for (const rawLine of lines) {
+      const line = rawLine.trim();
+
+      if (!line || line.startsWith('#')) continue;
+
+      const match = line.match(/^(?:export\s+)?([A-Za-z_][A-Za-z0-9_]*)=(.*)$/);
+      if (!match) continue;
+
+      const key = match[1];
+      let value = match[2];
+
+      if (
+        (value.startsWith('"') && value.endsWith('"')) ||
+        (value.startsWith("'") && value.endsWith("'"))
+      ) {
+        value = value.slice(1, -1);
+      }
+
+      vars[key] = value;
+    }
+
+    return vars;
+  }
+
+  importFromEnvFile(name, content, { message = null } = {}) {
+    const vars = EnvironmentVault.parseEnvFile(content);
+
+    if (!this.environments[name]) {
+      this.addEnvironment(name);
+    }
+
+    return this.addVersion(name, vars, { message });
+  }
+}

package/src/electron/models/Vault.js

@@ -0,0 +1,87 @@
+export class Vault {
+  constructor({
+    name,
+    version = '1.0',
+    created = new Date().toISOString(),
+    lastPasswordChange = new Date().toISOString(),
+    entries = {},
+    passwordHistory = [],
+    settings = {},
+    isDefault = false,
+  } = {}) {
+    this.name = name;
+    this.version = version;
+    this.created = created;
+    this.lastPasswordChange = lastPasswordChange;
+    this.entries = entries;
+    this.passwordHistory = passwordHistory;
+    this.settings = this._validateSettings(settings);
+    this.isDefault = isDefault;
+  }
+
+  _validateSettings(settings) {
+    return {
+      enforcePasswordChange: settings.enforcePasswordChange ?? false,
+      passwordChangeWarningDays: Math.max(
+        1,
+        settings.passwordChangeWarningDays ?? 90
+      ),
+      preventPasswordReuse: settings.preventPasswordReuse ?? true,
+      maxPasswordHistory: Math.max(1, settings.maxPasswordHistory ?? 3),
+      ...settings,
+    };
+  }
+
+  updateSettings(newSettings) {
+    this.settings = this._validateSettings({
+      ...this.settings,
+      ...newSettings,
+    });
+  }
+
+  addPasswordToHistory(passwordHash) {
+    this.passwordHistory.unshift({
+      changedAt: this.lastPasswordChange,
+      passwordHash,
+    });
+
+    // Keep only the specified number of password history entries
+    this.passwordHistory = this.passwordHistory.slice(
+      0,
+      this.settings.maxPasswordHistory
+    );
+  }
+
+  checkPasswordReuse(passwordHash) {
+    if (!this.settings.preventPasswordReuse) {
+      return false;
+    }
+
+    return this.passwordHistory.some(
+      (entry) => entry.passwordHash === passwordHash
+    );
+  }
+
+  updateLastPasswordChange() {
+    this.lastPasswordChange = new Date().toISOString();
+  }
+
+  toJSON() {
+    return {
+      version: this.version,
+      created: this.created,
+      lastPasswordChange: this.lastPasswordChange,
+      entries: this.entries, // This is now an object with IDs as keys
+      passwordHistory: this.passwordHistory,
+      settings: this.settings,
+      isDefault: this.isDefault,
+    };
+  }
+
+  static fromJSON(data, name) {
+    return new Vault({
+      name,
+      ...data,
+    });
+  }
+}

package/src/electron/services/CryptographyService.js

@@ -0,0 +1,54 @@
+import crypto from 'crypto';
+
+export class CryptographyService {
+  static ITERATIONS = 100000;
+  static KEY_LENGTH = 32;
+  static IV_LENGTH = 16;
+  static ALGORITHM = 'aes-256-gcm';
+  static HASH_ALGORITHM = 'sha512';
+
+  static generateSalt(length = 32) {
+    return crypto.randomBytes(length);
+  }
+
+  static deriveKey(password, salt, iterations = this.ITERATIONS) {
+    return crypto.pbkdf2Sync(
+      password,
+      salt,
+      iterations,
+      this.KEY_LENGTH,
+      this.HASH_ALGORITHM
+    );
+  }
+
+  static encrypt(data, key) {
+    const iv = crypto.randomBytes(this.IV_LENGTH);
+    const cipher = crypto.createCipheriv(this.ALGORITHM, key, iv);
+
+    let encrypted = cipher.update(JSON.stringify(data), 'utf8', 'hex');
+    encrypted += cipher.final('hex');
+
+    const authTag = cipher.getAuthTag();
+
+    return {
+      encrypted,
+      authTag: authTag.toString('hex'),
+      iv: iv.toString('hex'),
+    };
+  }
+
+  static decrypt(encryptedData, key) {
+    const iv = Buffer.from(encryptedData.iv, 'hex');
+    const decipher = crypto.createDecipheriv(this.ALGORITHM, key, iv);
+    decipher.setAuthTag(Buffer.from(encryptedData.authTag, 'hex'));
+
+    let decrypted = decipher.update(encryptedData.encrypted, 'hex', 'utf8');
+    decrypted += decipher.final('utf8');
+
+    return JSON.parse(decrypted);
+  }
+
+  static hashPassword(password) {
+    return crypto.createHash('sha256').update(password).digest('hex');
+  }
+}