@benzid.wael/secure-vault 0.0.1

package/src/electron/services/WindowManager.js

@@ -0,0 +1,266 @@
+import { BrowserWindow, dialog } from 'electron';
+import path from 'path';
+import { fileURLToPath } from 'url';
+import fs from 'fs';
+
+const __filename = fileURLToPath(import.meta.url);
+const __dirname = path.dirname(__filename);
+
+export class WindowManager {
+  constructor() {
+    this.mainWindow = null;
+    // Check if we're in development mode at runtime
+    // Use ELECTRON_IS_DEV or NODE_ENV (ELECTRON_IS_DEV takes precedence)
+    this.isDev =
+      process.env.ELECTRON_IS_DEV === '1' ||
+      process.env.NODE_ENV === 'development';
+    console.log(
+      'WindowManager initialized with ELECTRON_IS_DEV:',
+      process.env.ELECTRON_IS_DEV,
+      'NODE_ENV:',
+      process.env.NODE_ENV,
+      'isDev:',
+      this.isDev
+    );
+  }
+
+  createMainWindow() {
+    try {
+      console.log('Creating main browser window...');
+
+      // Determine the correct preload path based on whether we're bundled or not
+      // When bundled, preload.cjs is in the same directory as main.cjs (build/electron/)
+      // When in development source, it's in public/
+      let preloadPath;
+      const bundledPreloadPath = path.join(__dirname, 'preload.cjs');
+      const devPreloadPath = path.join(__dirname, '../../../public/preload.js');
+
+      if (fs.existsSync(bundledPreloadPath)) {
+        preloadPath = bundledPreloadPath;
+      } else if (fs.existsSync(devPreloadPath)) {
+        preloadPath = devPreloadPath;
+      } else {
+        throw new Error(
+          `Preload script not found. Tried: ${bundledPreloadPath}, ${devPreloadPath}`
+        );
+      }
+
+      // Check if icon exists (try multiple locations)
+      let iconPath;
+      const bundledIconPath = path.join(__dirname, '../icon.png');
+      const devIconPath = path.join(__dirname, '../../../public/icon.png');
+
+      if (fs.existsSync(bundledIconPath)) {
+        iconPath = bundledIconPath;
+      } else if (fs.existsSync(devIconPath)) {
+        iconPath = devIconPath;
+      } else {
+        console.warn(
+          `Icon not found. Tried: ${bundledIconPath}, ${devIconPath}`
+        );
+      }
+
+      // Create the browser window with security settings
+      this.mainWindow = new BrowserWindow({
+        width: 1200,
+        height: 800,
+        minWidth: 800,
+        minHeight: 600,
+        webPreferences: {
+          nodeIntegration: false,
+          contextIsolation: true,
+          enableRemoteModule: false,
+          preload: preloadPath,
+          webSecurity: true,
+          allowRunningInsecureContent: false,
+          experimentalFeatures: false,
+          devTools: this.isDev,
+          webviewTag: false,
+        },
+        icon: fs.existsSync(iconPath) ? iconPath : undefined,
+        show: false,
+        titleBarStyle: 'default',
+      });
+
+      // Handle window events
+      this.setupWindowEvents();
+
+      // Set up security handlers
+      this.setupSecurityHandlers();
+
+      // Load the app
+      this.loadApp();
+
+      return this.mainWindow;
+    } catch (error) {
+      console.error('Failed to create main window:', error);
+      dialog.showErrorBox(
+        'Window Creation Error',
+        `Failed to create main window: ${error.message}`
+      );
+      throw error;
+    }
+  }
+
+  async loadApp() {
+    try {
+      let startUrl;
+
+      if (this.isDev) {
+        startUrl = 'http://localhost:3000';
+        console.log(
+          'Development mode: Loading from development server at',
+          startUrl
+        );
+      } else {
+        // When bundled, the build is in the parent directory
+        const indexPath = path.join(__dirname, '../index.html');
+        if (!fs.existsSync(indexPath)) {
+          throw new Error(
+            `Production build not found at: ${indexPath}. Please run 'npm run build' first.`
+          );
+        }
+        startUrl = `file://${indexPath}`;
+        console.log(
+          'Production mode: Loading from build directory at',
+          startUrl
+        );
+      }
+
+      console.log('Loading URL:', startUrl);
+
+      // Set up error handling for the window
+      this.mainWindow.webContents.on(
+        'did-fail-load',
+        (event, errorCode, errorDescription) => {
+          console.error('Failed to load URL:', {
+            startUrl,
+            errorCode,
+            errorDescription,
+          });
+          this.showErrorPage(`Failed to load application: ${errorDescription}`);
+        }
+      );
+
+      // Load the URL
+      await this.mainWindow.loadURL(startUrl);
+
+      // Show the window once content is loaded
+      this.mainWindow.once('ready-to-show', () => {
+        console.log('Window is ready to show');
+        this.mainWindow.show();
+
+        // Focus on the window
+        if (this.mainWindow.isMinimized()) {
+          this.mainWindow.restore();
+        }
+        this.mainWindow.focus();
+      });
+    } catch (error) {
+      console.error('Error in loadApp:', error);
+      this.showErrorPage(`Failed to load application: ${error.message}`);
+    }
+  }
+
+  showErrorPage(errorMessage) {
+    const errorHtml = `
+      <!DOCTYPE html>
+      <html>
+        <head>
+          <title>Application Error</title>
+          <style>
+            body { 
+              font-family: -apple-system, BlinkMacSystemFont, 'Segoe UI', Roboto, Oxygen, Ubuntu, Cantarell, 'Open Sans', 'Helvetica Neue', sans-serif;
+              display: flex;
+              justify-content: center;
+              align-items: center;
+              height: 100vh;
+              margin: 0;
+              background-color: #f8f9fa;
+              color: #212529;
+            }
+            .error-container {
+              max-width: 600px;
+              padding: 2rem;
+              background: white;
+              border-radius: 8px;
+              box-shadow: 0 2px 10px rgba(0,0,0,0.1);
+              text-align: center;
+            }
+            h1 { color: #dc3545; margin-top: 0; }
+            pre {
+              background: #f8f9fa;
+              padding: 1rem;
+              border-radius: 4px;
+              text-align: left;
+              max-height: 200px;
+              overflow-y: auto;
+            }
+          </style>
+        </head>
+        <body>
+          <div class="error-container">
+            <h1>Application Error</h1>
+            <p>An error occurred while starting the application:</p>
+            <pre>${errorMessage}</pre>
+            <p>Please check the console for more details and try again.</p>
+          </div>
+        </body>
+      </html>
+    `;
+
+    this.mainWindow.loadURL(
+      `data:text/html;charset=utf-8,${encodeURIComponent(errorHtml)}`
+    );
+  }
+
+  setupWindowEvents() {
+    // Show window when ready to prevent visual flash
+    this.mainWindow.once('ready-to-show', () => {
+      this.mainWindow.show();
+    });
+
+    // Open DevTools in development
+    if (this.isDev) {
+      this.mainWindow.webContents.openDevTools();
+    }
+
+    // Handle window closed
+    this.mainWindow.on('closed', () => {
+      this.mainWindow = null;
+    });
+  }
+
+  setupSecurityHandlers() {
+    // Security: Prevent new window creation
+    this.mainWindow.webContents.setWindowOpenHandler(() => {
+      return { action: 'deny' };
+    });
+
+    // Security: Prevent navigation to external URLs
+    this.mainWindow.webContents.on('will-navigate', (event, navigationUrl) => {
+      if (this.isDev) {
+        const parsedUrl = new URL(navigationUrl);
+        if (parsedUrl.origin !== 'http://localhost:3000') {
+          event.preventDefault();
+        }
+      } else {
+        // In production, only allow file:// protocol
+        const parsedUrl = new URL(navigationUrl);
+        if (parsedUrl.protocol !== 'file:') {
+          event.preventDefault();
+        }
+      }
+    });
+  }
+
+  getMainWindow() {
+    return this.mainWindow;
+  }
+
+  sendToRenderer(channel, data) {
+    if (this.mainWindow && !this.mainWindow.isDestroyed()) {
+      this.mainWindow.webContents.send(channel, data);
+    }
+  }
+}

package/src/electron/services/recovery/IRecoveryMethod.js

@@ -0,0 +1,88 @@
+export class RecoveryData {
+  constructor({ data, isEncrypted = false, hint = '' } = {}) {
+    this.data = data;
+    this.isEncrypted = isEncrypted;
+    this.hint = hint;
+  }
+
+  toJSON() {
+    return {
+      data: this.data,
+      isEncrypted: this.isEncrypted,
+      hint: this.hint,
+    };
+  }
+}
+
+export class IRecoveryMethod {
+  /**
+   * Get the unique identifier for this recovery method
+   * @returns {string} Unique identifier
+   */
+  getRecoveryMethodId() {
+    throw new Error('getRecoveryMethodId() must be implemented by subclass');
+  }
+
+  /**
+   * Check if the metadata is valid
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @returns {Promise<boolean>}
+   */
+  isValid(vaultName, metadata) {
+    throw new Error('isValid() must be implemented by subclass');
+  }
+
+  /**
+   * Generate new recovery method
+   * @param {string} vaultName
+   * @returns {Promise<RecoveryData>} RecoveryData
+   */
+  async generate(vaultName) {
+    throw new Error('initialize() must be implemented by subclass');
+  }
+
+  /**
+   * Create and returns metadata for the recovery option
+   * @param {string} vaultName
+   * @param {str} masterPassword
+   * @param {Object} recoveryData
+   * @returns {Promise<Object>} - metadata object
+   */
+  createMetadata(vaultName, masterPassword, recoveryData = {}) {
+    throw new Error('createMetadata() must be implemented by subclass');
+  }
+
+  /**
+   * Verify recovery data
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @param {Object} recoveryData
+   * @returns {Promise<boolean>} - Boolean indicating whether key is valid or not!
+   */
+  async verify(vaultName, metadata = {}, recoveryData = {}) {
+    throw new Error('verify() must be implemented by subclass');
+  }
+
+  /**
+   * recover master password
+   * @param {string} vaultName
+   * @param {Object} recoveryData
+   * @returns {Promise<str>} - Master password
+   */
+  async recoverMasterPassword(vaultName, recoveryData = {}) {
+    throw new Error('recoverMasterPassword() must be implemented by subclass');
+  }
+
+  /**
+   * Recreate metadata when password change
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @param {str} oldPassword
+   * @param {str} newPassword
+   * @returns {Promise<Object>} - new metadata object
+   */
+  onPasswordChange(vaultName, metadata, oldPassword, newPassword) {
+    throw new Error('onPasswordChange() must be implemented by subclass');
+  }
+}

package/src/electron/services/recovery/KeyRecoveryService.js

@@ -0,0 +1,245 @@
+import crypto from 'crypto';
+
+import { IRecoveryMethod, RecoveryData } from './IRecoveryMethod.js';
+import { CryptographyService } from '../CryptographyService.js';
+
+export class KeyRecoveryService extends IRecoveryMethod {
+  #version = '1.0';
+  static BASE32_ALPHABET = 'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567';
+  static MIN_KEY_LENGTH = 50;
+
+  constructor() {
+    super();
+    this.methodId = 'recoveryKey';
+  }
+
+  /**
+   * Get the unique identifier for this recovery method
+   * @returns {string} Unique identifier
+   */
+  getRecoveryMethodId() {
+    return this.methodId;
+  }
+
+  /**
+   * Check if the metadata is valid
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @returns {Promise<boolean>}
+   */
+  isValid(vaultName, metadata) {
+    if (
+      !!!metadata ||
+      !metadata?.salt ||
+      !metadata?.encryptedMasterPassword ||
+      !metadata?.encryptedRecoveryKey
+    ) {
+      return false;
+    }
+    return true;
+  }
+
+  /**
+   * Generate new recovery method
+   * @param {string} vaultName
+   * @returns {Promise<RecoveryData>} RecoveryData
+   */
+  async generate(vaultName) {
+    return new RecoveryData({ data: { key: this.#generateRecoveryKey() } });
+  }
+
+  /**
+   * Create and returns metadata for the recovery option
+   * @param {string} vaultName
+   * @param {str} masterPassword
+   * @param {Object} recoveryData
+   * @returns {Promise<Object>} - metadata object
+   */
+  createMetadata(vaultName, masterPassword, recoveryData = {}) {
+    const salt = CryptographyService.generateSalt();
+    const recoveryKey = recoveryData.data.key;
+    const masterKey = CryptographyService.deriveKey(masterPassword, salt);
+    const recoveryKeyDerived = KeyRecoveryService.deriveKeyFromRecoveryKey(
+      recoveryKey,
+      salt
+    );
+
+    const encryptedRecoveryKey = CryptographyService.encrypt(
+      { recoveryKey },
+      masterKey
+    );
+    const encryptedMasterPassword = CryptographyService.encrypt(
+      { masterPassword },
+      recoveryKeyDerived
+    );
+
+    return {
+      salt: salt.toString('hex'),
+      encryptedRecoveryKey,
+      encryptedMasterPassword,
+      createdAt: new Date().toISOString(),
+      version: this.#version,
+    };
+  }
+
+  /**
+   * Verify recovery data
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @param {Object} recoveryData
+   * @returns {Promise<object>} - Result
+   */
+  async verify(vaultName, metadata, recoveryData) {
+    const result = await this.recoverMasterPassword(
+      vaultName,
+      metadata,
+      recoveryData
+    );
+    if (result.success) {
+      return { success: true };
+    } else {
+      return result;
+    }
+  }
+
+  /**
+   * recover master password
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @param {Object} recoveryData
+   * @returns {Promise<str>} - Master password
+   */
+  async recoverMasterPassword(vaultName, metadata, recoveryData) {
+    // TODO: validate metadata/recoveryData
+    try {
+      const recoveryKey = recoveryData.data.key;
+      if (!this.#validateRecoveryKeyFormat(recoveryKey)) {
+        return { success: false, error: 'Invalid recovery key format' };
+      }
+
+      const salt = Buffer.from(metadata.salt, 'hex');
+      const recoveryKeyDerived = KeyRecoveryService.deriveKeyFromRecoveryKey(
+        recoveryKey,
+        salt
+      );
+
+      try {
+        const masterPassword = CryptographyService.decrypt(
+          metadata.encryptedMasterPassword,
+          recoveryKeyDerived
+        );
+        return { success: true, ...masterPassword };
+      } catch (error) {
+        console.error('Invalid recovery key:', error);
+        return { success: false, error: `Invalid recovery key: ${error}` };
+      }
+    } catch (error) {
+      console.error('Failed to recover vault using given recovery key:', error);
+      return {
+        success: false,
+        error: 'Failed to recover vault using given recovery key!',
+      };
+    }
+  }
+
+  /**
+   * Recreate metadata when password change
+   * @param {string} vaultName
+   * @param {Object} metadata
+   * @param {str} oldPassword
+   * @param {str} newPassword
+   * @returns {Promise<Object>} - new metadata object
+   */
+  onPasswordChange(vaultName, metadata, oldPassword, newPassword) {
+    const result = this.#loadRecoveryKey(vaultName, metadata, oldPassword);
+    if (!result.success) {
+      console.warn(`Unable to load recovery key for vault: ${vaultName}.`);
+      console.log(
+        'Looks like the recovery key does not exist or already corrupted!'
+      );
+      return { success: false, metadata };
+    }
+
+    try {
+      const recoveryData = new RecoveryData({
+        data: { key: result.recoveryKey },
+      });
+      const newMetadata = this.createMetadata(
+        vaultName,
+        newPassword,
+        recoveryData
+      );
+      return { success: true, metadata: newMetadata };
+    } catch (error) {
+      console.error('Failed to create metadata:', error);
+      return { success: false, error: 'Failed to create metadata' };
+    }
+  }
+
+  #loadRecoveryKey(vaultName, metadata, masterPassword) {
+    // TODO: validate metadata
+    try {
+      const salt = Buffer.from(metadata.salt, 'hex');
+      const key = CryptographyService.deriveKey(masterPassword, salt);
+
+      try {
+        const recoveryKey = CryptographyService.decrypt(
+          metadata.encryptedRecoveryKey,
+          key
+        );
+        return { success: true, ...recoveryKey };
+      } catch (error) {
+        console.error('Invalid recovery key:', error);
+        return { success: false, error: `Invalid recovery key: ${error}` };
+      }
+    } catch (error) {
+      console.error(
+        'Internal error: Look like the recovery key is corrupted:',
+        error
+      );
+      return {
+        success: false,
+        error: 'Internal error: Look like the recovery key is corrupted.',
+      };
+    }
+  }
+
+  #generateRecoveryKey() {
+    const recoveryKeyBytes = crypto.randomBytes(32);
+
+    let result = '';
+    let bits = 0;
+    let value = 0;
+
+    for (let i = 0; i < recoveryKeyBytes.length; i++) {
+      value = (value << 8) | recoveryKeyBytes[i];
+      bits += 8;
+
+      while (bits >= 5) {
+        result +=
+          KeyRecoveryService.BASE32_ALPHABET[(value >>> (bits - 5)) & 31];
+        bits -= 5;
+      }
+    }
+
+    if (bits > 0) {
+      result += KeyRecoveryService.BASE32_ALPHABET[(value << (5 - bits)) & 31];
+    }
+
+    return result.match(/.{1,4}/g).join('-');
+  }
+
+  #validateRecoveryKeyFormat(recoveryKey) {
+    const cleanKey = recoveryKey.replace(/-/g, '').toUpperCase();
+    const base32Regex = /^[ABCDEFGHIJKLMNOPQRSTUVWXYZ234567]+$/;
+    return (
+      base32Regex.test(cleanKey) &&
+      cleanKey.length >= KeyRecoveryService.MIN_KEY_LENGTH
+    );
+  }
+
+  static deriveKeyFromRecoveryKey(recoveryKey, salt) {
+    const cleanKey = recoveryKey.replace(/-/g, '').toUpperCase();
+    return CryptographyService.deriveKey(cleanKey, salt);
+  }
+}