@dimzxzzx07/file-watcher 1.0.0

package/jest.config.js

@@ -0,0 +1,69 @@
+module.exports = {
+    testEnvironment: 'node',
+    roots: ['<rootDir>/src', '<rootDir>/tests'],
+    testMatch: [
+        '**/__tests__/**/*.+(ts|tsx|js)',
+        '**/?(*.)+(spec|test).+(ts|tsx|js)'
+    ],
+    
+    transform: {
+        '^.+\\.(ts|tsx)$': 'ts-jest'
+    },
+    
+    moduleFileExtensions: ['ts', 'tsx', 'js', 'jsx', 'json', 'node'],
+    collectCoverage: true,
+    coverageDirectory: 'coverage',
+    coverageReporters: ['text', 'lcov', 'clover', 'html'],
+    collectCoverageFrom: [
+        'src/**/*.{ts,tsx}',
+        '!src/**/*.d.ts',
+        '!src/types/**/*',
+        '!src/**/index.ts'
+    ],
+    coverageThreshold: {
+        global: {
+            branches: 80,
+            functions: 80,
+            lines: 80,
+            statements: 80
+        }
+    },
+    
+    setupFilesAfterEnv: ['<rootDir>/tests/setup.ts'],
+    moduleNameMapper: {
+        '^@/(.*)$': '<rootDir>/src/$1'
+    },
+    
+    globals: {
+        'ts-jest': {
+            tsconfig: 'tsconfig.json',
+            diagnostics: true
+        }
+    },
+    
+    verbose: true,
+    testTimeout: 30000,
+    forceExit: true,
+    detectOpenHandles: true,
+    maxWorkers: process.env.CI ? 2 : '50%',
+    testSequencer: '@jest/test-sequencer',
+    watchPlugins: [
+        'jest-watch-typeahead/filename',
+        'jest-watch-typeahead/testname'
+    ],
+    
+    projects: [
+        {
+            displayName: 'unit',
+            testMatch: ['<rootDir>/tests/unit/**/*.test.ts']
+        },
+        {
+            displayName: 'integration',
+            testMatch: ['<rootDir>/tests/integration/**/*.test.ts']
+        },
+        {
+            displayName: 'security',
+            testMatch: ['<rootDir>/tests/security/**/*.test.ts']
+        }
+    ]
+};

package/package.json

@@ -0,0 +1,69 @@
+{
+  "name": "@dimzxzzx07/file-watcher",
+  "version": "1.0.0",
+  "description": "Enterprise-grade secure file watcher with military-grade integrity checking",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "scripts": {
+    "build": "tsc",
+    "start": "node dist/index.js",
+    "dev": "ts-node src/index.ts",
+    "test": "jest",
+    "test:security": "jest tests/security",
+    "lint": "eslint src/**/*.ts",
+    "format": "prettier --write \"src/**/*.ts\"",
+    "prepublishOnly": "npm run build && npm test",
+    "audit": "npm audit --production",
+    "scan": "snyk test"
+  },
+  "dependencies": {
+    "bcryptjs": "^2.4.3",
+    "chokidar": "^3.5.3",
+    "crypto-js": "^4.1.1",
+    "dotenv": "^16.3.1",
+    "pidusage": "^3.0.2",
+    "rate-limiter-flexible": "^2.4.1",
+    "systeminformation": "^5.21.7",
+    "winston": "^3.11.0",
+    "winston-daily-rotate-file": "^4.7.1"
+  },
+  "devDependencies": {
+    "@types/bcrypt": "^5.0.1",
+    "@types/chokidar": "^1.7.5",
+    "@types/crypto-js": "^4.1.1",
+    "@types/jest": "^29.5.5",
+    "@types/node": "^20.8.0",
+    "@types/node-forge": "^1.3.6",
+    "@typescript-eslint/eslint-plugin": "^6.7.5",
+    "@typescript-eslint/parser": "^6.7.5",
+    "eslint": "^8.51.0",
+    "jest": "^29.7.0",
+    "jest-watch-typeahead": "^2.2.2",
+    "prettier": "^3.0.3",
+    "snyk": "^1.1230.0",
+    "ts-jest": "^29.1.1",
+    "ts-node": "^10.9.1",
+    "typescript": "^5.2.2"
+  },
+  "engines": {
+    "node": ">=18.0.0",
+    "npm": ">=9.0.0"
+  },
+  "keywords": [
+    "security",
+    "file-watcher",
+    "integrity",
+    "enterprise",
+    "real-time",
+    "protection",
+    "anti-tamper",
+    "cryptographic",
+    "audit",
+    "compliance",
+    "zero-trust",
+    "military-grade"
+  ],
+  "author": "Secure Enterprise Team",
+  "license": "UNLICENSED",
+  "private": false
+}

package/src/core/BackupManager.ts

@@ -0,0 +1,305 @@
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import * as crypto from 'crypto';
+import { SecurityConfig, FileMetadata, BackupEntry } from '../types';
+import { Logger } from '../utils/Logger';
+
+export class BackupManager {
+    private readonly config: SecurityConfig;
+    private readonly logger: Logger;
+    private readonly backups: Map<string, BackupEntry[]>;
+    private readonly maxBackupsPerFile: number = 10;
+
+    constructor(config: SecurityConfig) {
+        this.config = config;
+        this.logger = Logger.getInstance();
+        this.backups = new Map();
+        
+        this.initializeBackupDirectory();
+    }
+
+    private async initializeBackupDirectory(): Promise<void> {
+        try {
+            await fs.mkdir(this.config.backupDir, { recursive: true, mode: 0o700 });
+            await this.loadExistingBackups();
+        } catch (error) {
+            this.logger.error('Failed to initialize backup directory', { error });
+        }
+    }
+
+    private async loadExistingBackups(): Promise<void> {
+        try {
+            const files = await fs.readdir(this.config.backupDir);
+            
+            for (const file of files) {
+                if (file.endsWith('.backup')) {
+                    const backupPath = path.join(this.config.backupDir, file);
+                    const backupData = await this.readBackupFile(backupPath);
+                    
+                    if (backupData) {
+                        const backups = this.backups.get(backupData.originalPath) || [];
+                        backups.push(backupData);
+                        this.backups.set(backupData.originalPath, backups);
+                    }
+                }
+            }
+            
+            this.logger.info(`Loaded ${this.backups.size} backup entries`);
+        } catch (error) {
+            this.logger.error('Failed to load existing backups', { error });
+        }
+    }
+
+    private async readBackupFile(backupPath: string): Promise<BackupEntry | null> {
+        try {
+            const content = await fs.readFile(backupPath, 'utf8');
+            return JSON.parse(content) as BackupEntry;
+        } catch {
+            return null;
+        }
+    }
+
+    public async createBackup(filePath: string, metadata: FileMetadata): Promise<string> {
+        try {
+            const backupId = crypto.randomUUID();
+            const backupFileName = `${path.basename(filePath)}.${backupId}.backup`;
+            const backupPath = path.join(this.config.backupDir, backupFileName);
+            
+            const content = await fs.readFile(filePath);
+            
+            const backupEntry: BackupEntry = {
+                id: backupId,
+                originalPath: filePath,
+                backupPath,
+                timestamp: new Date(),
+                hash: metadata.hash,
+                encrypted: this.config.signatureVerification,
+                size: metadata.size,
+                metadata,
+                version: this.getNextVersion(filePath)
+            };
+
+            let backupContent: Buffer | Uint8Array = content;
+            if (this.config.signatureVerification) {
+                backupContent = Buffer.from(await this.encryptBackup(content));
+            }
+
+            await fs.writeFile(backupPath, backupContent);
+            
+            const metadataPath = backupPath + '.meta';
+            await fs.writeFile(metadataPath, JSON.stringify(backupEntry, null, 2));
+            
+            const backups = this.backups.get(filePath) || [];
+            backups.push(backupEntry);
+            
+            backups.sort((a, b) => b.version - a.version);
+            while (backups.length > this.maxBackupsPerFile) {
+                const oldBackup = backups.pop();
+                if (oldBackup) {
+                    await this.deleteBackup(oldBackup);
+                }
+            }
+            
+            this.backups.set(filePath, backups);
+            
+            this.logger.debug(`Backup created: ${filePath} -> ${backupPath}`);
+            return backupPath;
+            
+        } catch (error) {
+            this.logger.error(`Failed to create backup for ${filePath}`, { error });
+            throw error;
+        }
+    }
+
+    public async rollbackFile(filePath: string, version?: number): Promise<boolean> {
+        try {
+            const backups = this.backups.get(filePath);
+            if (!backups || backups.length === 0) {
+                this.logger.warning(`No backups found for ${filePath}`);
+                return false;
+            }
+
+            let targetBackup: BackupEntry | undefined;
+            
+            if (version) {
+                targetBackup = backups.find(b => b.version === version);
+            } else {
+                targetBackup = backups[0];
+            }
+
+            if (!targetBackup) {
+                this.logger.warning(`Backup version ${version} not found for ${filePath}`);
+                return false;
+            }
+
+            if (!await this.verifyBackup(targetBackup)) {
+                this.logger.error(`Backup integrity check failed for ${targetBackup.id}`);
+                return false;
+            }
+
+            let backupContent = await fs.readFile(targetBackup.backupPath);
+            
+            if (targetBackup.encrypted) {
+                backupContent = Buffer.from(await this.decryptBackup(backupContent));
+            }
+
+            const hash = crypto.createHash(this.config.hashAlgorithm)
+                .update(backupContent)
+                .digest('hex');
+                
+            if (hash !== targetBackup.hash) {
+                this.logger.error('Backup hash mismatch');
+                return false;
+            }
+
+            if (await this.fileExists(filePath)) {
+                const currentContent = await fs.readFile(filePath);
+                const tempBackup = path.join(this.config.backupDir, 'pre_rollback_' + path.basename(filePath));
+                await fs.writeFile(tempBackup, currentContent);
+            }
+
+            await fs.writeFile(filePath, backupContent);
+            
+            this.logger.info(`File rolled back: ${filePath} (version ${targetBackup.version})`);
+            return true;
+            
+        } catch (error) {
+            this.logger.error(`Failed to rollback ${filePath}`, { error });
+            return false;
+        }
+    }
+
+    public async updateBackup(filePath: string, metadata: FileMetadata): Promise<void> {
+        try {
+            const backups = this.backups.get(filePath);
+            if (!backups || backups.length === 0) {
+                await this.createBackup(filePath, metadata);
+                return;
+            }
+
+            if (backups[0] && backups[0].hash === metadata.hash) {
+                backups[0].timestamp = new Date();
+                
+                const metadataPath = backups[0].backupPath + '.meta';
+                await fs.writeFile(metadataPath, JSON.stringify(backups[0], null, 2));
+            } else {
+                await this.createBackup(filePath, metadata);
+            }
+            
+        } catch (error) {
+            this.logger.error(`Failed to update backup for ${filePath}`, { error });
+        }
+    }
+
+    public async restoreFile(filePath: string): Promise<boolean> {
+        return this.rollbackFile(filePath);
+    }
+
+    public async performFinalBackup(): Promise<void> {
+        this.logger.info('Performing final backup...');
+        
+        const entries = Array.from(this.backups.entries());
+        
+        for (const [filePath, backups] of entries) {
+            if (backups.length > 0 && await this.fileExists(filePath)) {
+                const currentContent = await fs.readFile(filePath);
+                const finalBackupPath = path.join(
+                    this.config.backupDir,
+                    'final_' + path.basename(filePath)
+                );
+                await fs.writeFile(finalBackupPath, currentContent);
+            }
+        }
+        
+        this.logger.info('Final backup completed');
+    }
+
+    private async verifyBackup(backup: BackupEntry): Promise<boolean> {
+        try {
+            if (!await this.fileExists(backup.backupPath)) {
+                return false;
+            }
+
+            const metadataPath = backup.backupPath + '.meta';
+            if (!await this.fileExists(metadataPath)) {
+                return false;
+            }
+
+            const stats = await fs.stat(backup.backupPath);
+            if (stats.size !== backup.size) {
+                return false;
+            }
+
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    private async deleteBackup(backup: BackupEntry): Promise<void> {
+        try {
+            await fs.unlink(backup.backupPath);
+            
+            const metadataPath = backup.backupPath + '.meta';
+            try {
+                await fs.unlink(metadataPath);
+            } catch {
+            }
+            
+            this.logger.debug(`Deleted old backup: ${backup.id}`);
+        } catch (error) {
+            this.logger.error(`Failed to delete backup ${backup.id}`, { error });
+        }
+    }
+
+    private async encryptBackup(data: Buffer): Promise<Uint8Array> {
+        const key = crypto.randomBytes(32);
+        const iv = crypto.randomBytes(16);
+        
+        const cipher = crypto.createCipheriv('aes-256-cbc', key, iv);
+        const encrypted = Buffer.concat([cipher.update(data), cipher.final()]);
+        
+        return Buffer.concat([iv, encrypted]);
+    }
+
+    private async decryptBackup(data: Buffer): Promise<Uint8Array> {
+        const iv = data.subarray(0, 16);
+        const encrypted = data.subarray(16);
+        
+        const key = crypto.randomBytes(32);
+        
+        const decipher = crypto.createDecipheriv('aes-256-cbc', key, iv);
+        return Buffer.concat([decipher.update(encrypted), decipher.final()]);
+    }
+
+    private getNextVersion(filePath: string): number {
+        const backups = this.backups.get(filePath) || [];
+        if (backups.length === 0) return 1;
+        
+        const maxVersion = Math.max(...backups.map(b => b.version));
+        return maxVersion + 1;
+    }
+
+    private async fileExists(filePath: string): Promise<boolean> {
+        try {
+            await fs.access(filePath);
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    public getBackups(filePath: string): BackupEntry[] {
+        return this.backups.get(filePath) || [];
+    }
+
+    public getStatus(): any {
+        return {
+            totalBackups: Array.from(this.backups.values()).reduce(
+                (sum, backups) => sum + backups.length, 0
+            ),
+            filesWithBackups: this.backups.size,
+            backupDir: this.config.backupDir
+        };
+    }
+}

package/src/core/IntegrityValidator.ts

@@ -0,0 +1,200 @@
+import * as crypto from 'crypto';
+import * as fs from 'fs/promises';
+import * as path from 'path';
+import { SecurityConfig, FileMetadata } from '../types';
+import { HashGenerator } from '../crypto/HashGenerator';
+import { SignatureValidator } from '../crypto/SignatureValidator';
+import { InjectionDetector } from '../detectors/InjectionDetector';
+import { Logger } from '../utils/Logger';
+
+export class IntegrityValidator {
+    private readonly hashGenerator: HashGenerator;
+    private readonly signatureValidator: SignatureValidator;
+    private readonly injectionDetector: InjectionDetector;
+    private readonly logger: Logger;
+    private readonly config: SecurityConfig;
+
+    constructor(config: SecurityConfig) {
+        this.config = config;
+        this.logger = Logger.getInstance();
+        this.hashGenerator = new HashGenerator(config);
+        this.signatureValidator = new SignatureValidator();
+        this.injectionDetector = new InjectionDetector();
+    }
+
+    public async generateFileMetadata(filePath: string): Promise<FileMetadata> {
+        try {
+            const stats = await fs.stat(filePath);
+            const content = await fs.readFile(filePath);
+            const hash = this.hashGenerator.generateHash(content);
+            const encryptedHash = this.hashGenerator.generateEncryptedHash(content);
+            const entropy = this.calculateEntropy(content);
+            const magicBytes = await this.getMagicBytes(filePath);
+            
+            let signature: string | undefined;
+            if (this.config.signatureVerification) {
+                signature = await this.signatureValidator.generateSignature(content);
+            }
+
+            return {
+                path: filePath,
+                hash,
+                signature,
+                size: stats.size,
+                created: stats.birthtime,
+                modified: stats.mtime,
+                accessed: stats.atime,
+                permissions: stats.mode,
+                owner: stats.uid.toString(),
+                group: stats.gid.toString(),
+                inode: stats.ino,
+                checksum: this.generateChecksum(content),
+                version: 1,
+                encryptedHash,
+                entropy,
+                magicBytes
+            };
+        } catch (error) {
+            this.logger.error(`Failed to generate metadata for ${filePath}`, { error });
+            throw error;
+        }
+    }
+
+    public async validateFile(filePath: string, metadata: FileMetadata): Promise<boolean> {
+        try {
+            if (!await this.fileExists(filePath)) {
+                return false;
+            }
+
+            const stats = await fs.stat(filePath);
+            const content = await fs.readFile(filePath);
+            const currentHash = this.hashGenerator.generateHash(content);
+
+            if (currentHash !== metadata.hash) {
+                this.logger.warning(`Hash mismatch for ${filePath}`, {
+                    expected: metadata.hash,
+                    actual: currentHash
+                });
+                return false;
+            }
+
+            if (stats.size !== metadata.size) {
+                this.logger.warning(`Size mismatch for ${filePath}`, {
+                    expected: metadata.size,
+                    actual: stats.size
+                });
+                return false;
+            }
+
+            if (stats.ino !== metadata.inode) {
+                this.logger.warning(`Inode mismatch for ${filePath}`, {
+                    expected: metadata.inode,
+                    actual: stats.ino
+                });
+                return false;
+            }
+
+            if (this.isTextFile(filePath)) {
+                const textContent = content.toString('utf8');
+                if (await this.injectionDetector.detectInjection(textContent)) {
+                    this.logger.warning(`Injection detected in ${filePath}`);
+                    return false;
+                }
+            }
+
+            if (this.config.signatureVerification && metadata.signature) {
+                const isValidSignature = await this.signatureValidator.validateSignature(
+                    content,
+                    metadata.signature
+                );
+                if (!isValidSignature) {
+                    this.logger.warning(`Invalid signature for ${filePath}`);
+                    return false;
+                }
+            }
+
+            if (this.config.integrityLevel === 'paranoid') {
+                const currentEntropy = this.calculateEntropy(content);
+                if (Math.abs(currentEntropy - metadata.entropy) > 0.1) {
+                    this.logger.warning(`Entropy changed for ${filePath}`);
+                    return false;
+                }
+
+                const currentMagic = await this.getMagicBytes(filePath);
+                if (currentMagic !== metadata.magicBytes) {
+                    this.logger.warning(`Magic bytes changed for ${filePath}`);
+                    return false;
+                }
+            }
+
+            return true;
+        } catch (error) {
+            this.logger.error(`Validation error for ${filePath}`, { error });
+            return false;
+        }
+    }
+
+    public async verifySignature(filePath: string, metadata: FileMetadata): Promise<boolean> {
+        if (!metadata.signature) {
+            return false;
+        }
+
+        try {
+            const content = await fs.readFile(filePath);
+            return await this.signatureValidator.validateSignature(content, metadata.signature);
+        } catch (error) {
+            this.logger.error(`Signature verification failed for ${filePath}`, { error });
+            return false;
+        }
+    }
+
+    private calculateEntropy(data: Buffer): number {
+        const frequencies: { [key: number]: number } = {};
+        
+        for (const byte of data) {
+            frequencies[byte] = (frequencies[byte] || 0) + 1;
+        }
+        
+        let entropy = 0;
+        const length = data.length;
+        
+        for (const freq of Object.values(frequencies)) {
+            const probability = freq / length;
+            entropy -= probability * Math.log2(probability);
+        }
+        
+        return entropy;
+    }
+
+    private async getMagicBytes(filePath: string): Promise<string | undefined> {
+        try {
+            const buffer = Buffer.alloc(8);
+            const fd = await fs.open(filePath, 'r');
+            await fd.read(buffer, 0, 8, 0);
+            await fd.close();
+            
+            return buffer.toString('hex').substring(0, 8);
+        } catch {
+            return undefined;
+        }
+    }
+
+    private generateChecksum(data: Buffer): string {
+        return crypto.createHash('md5').update(data).digest('hex');
+    }
+
+    private async fileExists(filePath: string): Promise<boolean> {
+        try {
+            await fs.access(filePath);
+            return true;
+        } catch {
+            return false;
+        }
+    }
+
+    private isTextFile(filePath: string): boolean {
+        const textExtensions = ['.js', '.ts', '.json', '.txt', '.md', '.html', '.css', '.xml'];
+        const ext = path.extname(filePath).toLowerCase();
+        return textExtensions.includes(ext);
+    }
+}