@bgord/bun 1.2.2 → 1.2.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@bgord/bun",
-  "version": "1.2.2",
+  "version": "1.2.4",
   "license": "MIT",
   "type": "module",
   "author": "Bartosz Gordon",
@@ -20,17 +20,17 @@
     "preinstall": "bunx only-allow bun"
   },
   "devDependencies": {
-    "@biomejs/biome": "2.3.4",
+    "@biomejs/biome": "2.3.5",
     "@commitlint/cli": "20.1.0",
     "@commitlint/config-conventional": "20.0.0",
-    "@types/bun": "1.3.1",
+    "@types/bun": "1.3.2",
     "@types/lodash": "4.17.20",
     "@types/mime-types": "3.0.1",
     "@types/nodemailer": "7.0.3",
     "@types/yazl": "3.3.0",
-    "cspell": "9.3.0",
-    "knip": "5.67.1",
-    "lefthook": "2.0.2",
+    "cspell": "9.3.1",
+    "knip": "5.69.1",
+    "lefthook": "2.0.4",
     "only-allow": "1.2.1",
     "shellcheck": "4.1.0",
     "typescript": "5.9.3",
@@ -38,18 +38,18 @@
   },
   "dependencies": {
     "@axiomhq/winston": "1.3.1",
-    "@bgord/tools": "1.1.6",
-    "@hono/ua-blocker": "0.1.15",
+    "@bgord/tools": "1.1.7",
+    "@hono/ua-blocker": "0.1.16",
     "better-auth": "1.3.34",
     "croner": "9.1.0",
     "csv": "6.4.1",
     "hcaptcha": "0.2.0",
-    "hono": "4.10.4",
+    "hono": "4.10.6",
     "lodash": "4.17.21",
     "mime-types": "3.0.1",
     "node-cache": "5.1.2",
     "nodemailer": "7.0.10",
-    "sharp": "0.34.4",
+    "sharp": "0.34.5",
     "winston": "3.18.3",
     "yazl": "3.3.1"
   },

package/readme.md

@@ -53,6 +53,9 @@ src/
 ├── context.middleware.ts
 ├── correlation-id.vo.ts
 ├── correlation-storage.service.ts
+├── crypto-key-provider-env.adapter.ts
+├── crypto-key-provider-noop.adapter.ts
+├── crypto-key-provider.port.ts
 ├── csv-stringifier.adapter.ts
 ├── csv-stringifier.port.ts
 ├── decorators.service.ts
@@ -60,6 +63,11 @@ src/
 ├── disk-space-checker-noop.adapter.ts
 ├── disk-space-checker.port.ts
 ├── dispatching-event-store.ts
+├── encryption-bun.adapter.ts
+├── encryption-iv.vo.ts
+├── encryption-key.vo.ts
+├── encryption-noop.adapter.ts
+├── encryption.port.ts
 ├── env-validator.service.ts
 ├── etag-extractor.middleware.ts
 ├── event-bus-like.types.ts
@@ -86,6 +94,10 @@ src/
 ├── file-renamer.port.ts
 ├── file-uploader.middleware.ts
 ├── graceful-shutdown.service.ts
+├── gzip-bun.adapter.ts
+├── gzip-noop.adapter.ts
+├── gzip-stream.adapter.ts
+├── gzip.port.ts
 ├── hcaptcha-secret-key.vo.ts
 ├── hcaptcha-site-key.vo.ts
 ├── healthcheck.service.ts

package/src/crypto-key-provider-env.adapter.ts

@@ -0,0 +1,16 @@
+import type { CryptoKeyProviderPort } from "./crypto-key-provider.port";
+import type { EncryptionKeyType } from "./encryption-key.vo";
+
+export class CryptoKeyProviderEnvAdapter implements CryptoKeyProviderPort {
+  constructor(private readonly ENCRYPTION_KEY: EncryptionKeyType) {}
+
+  async get(): Promise<CryptoKey> {
+    const bytes = new Uint8Array(32);
+
+    for (let i = 0; i < 32; i++) {
+      bytes[i] = Number.parseInt(this.ENCRYPTION_KEY.slice(i * 2, i * 2 + 2), 16);
+    }
+
+    return crypto.subtle.importKey("raw", bytes, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+  }
+}

package/src/crypto-key-provider-noop.adapter.ts

@@ -0,0 +1,9 @@
+import type { CryptoKeyProviderPort } from "./crypto-key-provider.port";
+
+export class CryptoKeyProviderNoopAdapter implements CryptoKeyProviderPort {
+  async get(): Promise<CryptoKey> {
+    const bytes = new Uint8Array(32);
+
+    return crypto.subtle.importKey("raw", bytes, { name: "AES-GCM" }, false, ["encrypt", "decrypt"]);
+  }
+}

package/src/crypto-key-provider.port.ts

@@ -0,0 +1,3 @@
+export interface CryptoKeyProviderPort {
+  get(): Promise<CryptoKey>;
+}

package/src/encryption-bun.adapter.ts

@@ -0,0 +1,54 @@
+import type { CryptoKeyProviderPort } from "./crypto-key-provider.port";
+import type { EncryptionPort, EncryptionRecipe } from "./encryption.port";
+import { EncryptionIV } from "./encryption-iv.vo";
+
+export const EncryptionBunAdapterError = { InvalidPayload: "encryption.bun.adapter.invalid.payload" };
+
+export class EncryptionBunAdapter implements EncryptionPort {
+  constructor(private readonly cryptoKeyProvider: CryptoKeyProviderPort) {}
+
+  async encrypt(recipe: EncryptionRecipe) {
+    const key = await this.cryptoKeyProvider.get();
+    const iv = EncryptionIV.generate();
+
+    const plaintext = await Bun.file(recipe.input.get()).arrayBuffer();
+
+    const encrypted = await crypto.subtle.encrypt(
+      { name: "AES-GCM", iv: iv.buffer as ArrayBuffer },
+      key,
+      plaintext,
+    );
+
+    const ciphertext = new Uint8Array(encrypted);
+    const output = new Uint8Array(iv.length + ciphertext.length);
+    output.set(iv, 0);
+    output.set(ciphertext, iv.length);
+
+    await Bun.write(recipe.output.get(), output);
+
+    return recipe.output;
+  }
+
+  async decrypt(recipe: EncryptionRecipe) {
+    const key = await this.cryptoKeyProvider.get();
+
+    const bytes = new Uint8Array(await Bun.file(recipe.input.get()).arrayBuffer());
+    if (bytes.length < EncryptionIV.LENGTH + 1) throw new Error(EncryptionBunAdapterError.InvalidPayload);
+
+    const iv = bytes.subarray(0, EncryptionIV.LENGTH);
+    const ivBuffer = iv.buffer.slice(iv.byteOffset, iv.byteOffset + iv.byteLength);
+
+    const ciphertext = bytes.subarray(EncryptionIV.LENGTH);
+
+    const ciphertextBuffer = ciphertext.buffer.slice(
+      ciphertext.byteOffset,
+      ciphertext.byteOffset + ciphertext.byteLength,
+    );
+
+    const decrypted = await crypto.subtle.decrypt({ name: "AES-GCM", iv: ivBuffer }, key, ciphertextBuffer);
+
+    await Bun.write(recipe.output.get(), new Uint8Array(decrypted));
+
+    return recipe.output;
+  }
+}

package/src/encryption-iv.vo.ts

@@ -0,0 +1,9 @@
+export class EncryptionIV {
+  static LENGTH = 12;
+
+  static generate(): Uint8Array {
+    const iv = new Uint8Array(EncryptionIV.LENGTH);
+    crypto.getRandomValues(iv);
+    return iv;
+  }
+}

package/src/encryption-key.vo.ts

@@ -0,0 +1,15 @@
+import { z } from "zod/v4";
+
+export const EncryptionKeyError = {
+  Type: "encryption.key.type",
+  InvalidHex: "encryption.key.invalid.hex",
+} as const;
+
+const CHARS_WHITELIST = /^[0-9a-fA-F]{64}$/;
+
+export const EncryptionKey = z
+  .string(EncryptionKeyError.Type)
+  .regex(CHARS_WHITELIST, EncryptionKeyError.InvalidHex)
+  .brand("EncryptionKey");
+
+export type EncryptionKeyType = z.infer<typeof EncryptionKey>;

package/src/encryption-noop.adapter.ts

@@ -0,0 +1,11 @@
+import type { EncryptionPort, EncryptionRecipe } from "./encryption.port";
+
+export class EncryptionNoopAdapter implements EncryptionPort {
+  async encrypt(recipe: EncryptionRecipe) {
+    return recipe.output;
+  }
+
+  async decrypt(recipe: EncryptionRecipe) {
+    return recipe.output;
+  }
+}

package/src/encryption.port.ts

@@ -0,0 +1,11 @@
+import type * as tools from "@bgord/tools";
+
+export type EncryptionRecipe = {
+  input: tools.FilePathRelative | tools.FilePathAbsolute;
+  output: tools.FilePathRelative | tools.FilePathAbsolute;
+};
+
+export interface EncryptionPort {
+  encrypt(recipe: EncryptionRecipe): Promise<tools.FilePathRelative | tools.FilePathAbsolute>;
+  decrypt(recipe: EncryptionRecipe): Promise<tools.FilePathRelative | tools.FilePathAbsolute>;
+}

package/src/gzip-bun.adapter.ts

@@ -0,0 +1,10 @@
+import type { GzipPort, GzipRecipe } from "./gzip.port";
+
+export class GzipBunAdapter implements GzipPort {
+  async pack(recipe: GzipRecipe) {
+    const file = await Bun.file(recipe.input.get()).arrayBuffer();
+    const archive = Bun.gzipSync(file);
+    await Bun.write(recipe.output.get(), archive);
+    return recipe.output;
+  }
+}

package/src/gzip-noop.adapter.ts

@@ -0,0 +1,7 @@
+import type { GzipPort, GzipRecipe } from "./gzip.port";
+
+export class GzipNoopAdapter implements GzipPort {
+  async pack(recipe: GzipRecipe) {
+    return recipe.output;
+  }
+}

package/src/gzip-stream.adapter.ts

@@ -0,0 +1,19 @@
+import { createReadStream, createWriteStream } from "node:fs";
+import { pipeline } from "node:stream/promises";
+import { constants, createGzip } from "node:zlib";
+import type { GzipPort, GzipRecipe } from "./gzip.port";
+
+export class GzipStreamAdapter implements GzipPort {
+  async pack(recipe: GzipRecipe) {
+    const inputPath = recipe.input.get();
+    const outputPath = recipe.output.get();
+
+    await pipeline(
+      createReadStream(inputPath),
+      createGzip({ level: constants.Z_BEST_SPEED }),
+      createWriteStream(outputPath),
+    );
+
+    return recipe.output;
+  }
+}

package/src/gzip.port.ts

@@ -0,0 +1,10 @@
+import type * as tools from "@bgord/tools";
+
+export type GzipRecipe = {
+  input: tools.FilePathRelative | tools.FilePathAbsolute;
+  output: tools.FilePathRelative | tools.FilePathAbsolute;
+};
+
+export interface GzipPort {
+  pack(recipe: GzipRecipe): Promise<tools.FilePathRelative | tools.FilePathAbsolute>;
+}

package/src/index.ts

@@ -26,6 +26,9 @@ export * from "./command-logger.service";
 export * from "./context.middleware";
 export * from "./correlation-id.vo";
 export * from "./correlation-storage.service";
+export * from "./crypto-key-provider.port";
+export * from "./crypto-key-provider-env.adapter";
+export * from "./crypto-key-provider-noop.adapter";
 export * from "./csv-stringifier.adapter";
 export * from "./csv-stringifier.port";
 export * from "./decorators.service";
@@ -33,6 +36,10 @@ export * from "./disk-space-checker.port";
 export * from "./disk-space-checker-bun.adapter";
 export * from "./disk-space-checker-noop.adapter";
 export * from "./dispatching-event-store";
+export * from "./encryption.port";
+export * from "./encryption-bun.adapter";
+export * from "./encryption-key.vo";
+export * from "./encryption-noop.adapter";
 export * from "./env-validator.service";
 export * from "./etag-extractor.middleware";
 export * from "./event.types";
@@ -62,6 +69,10 @@ export * from "./file-renamer-noop.adapter";
 export * from "./file-renamer-noop.adapter";
 export * from "./file-uploader.middleware";
 export * from "./graceful-shutdown.service";
+export * from "./gzip.port";
+export * from "./gzip-bun.adapter";
+export * from "./gzip-noop.adapter";
+export * from "./gzip-stream.adapter";
 export * from "./hcaptcha-secret-key.vo";
 export * from "./hcaptcha-site-key.vo";
 export * from "./healthcheck.service";

package/src/prerequisites/binary.ts

@@ -1,4 +1,3 @@
-import bun from "bun";
 import * as tools from "@bgord/tools";
 import type { BinaryType } from "../binary.vo";
 import type { ClockPort } from "../clock.port";
@@ -23,10 +22,10 @@ export class PrerequisiteBinary implements prereqs.Prerequisite {
     try {
       if (!this.enabled) return prereqs.Verification.undetermined(stopwatch.stop());
 
-      const result = await bun.$`which ${this.binary}`.quiet();
+      const result = Bun.which(this.binary);
 
-      if (result.exitCode === 0) return prereqs.Verification.success(stopwatch.stop());
-      return prereqs.Verification.failure(stopwatch.stop(), { message: `Exit code ${result.exitCode}` });
+      if (result) return prereqs.Verification.success(stopwatch.stop());
+      return prereqs.Verification.failure(stopwatch.stop());
     } catch (error) {
       return prereqs.Verification.failure(stopwatch.stop(), error as Error);
     }