@dishantlangayan/sc-cli-core 0.3.0 → 0.4.0

package/README.md

@@ -20,8 +20,11 @@ The ScCommand abstract class extends [@oclif/core's Command class](https://githu
 ## ScConnection Class
 The ScConnection class provide abstraction functions for Solace Cloud API REST calls. It handles the access token and base URL for each REST call, avoiding the need to set these on each Command.
 
+## OrgManager
+The OrgManager class provides utility functions to store and retrieve Solace Cloud authentication information from user's home directory: `~/.sc/` or `%USERPROFILE%\sc\`. The implementation uses AES-256-GCM for authenticated encryption and provides machine-bound encryption that combines OS-level security (keychain) with machine-specific identifiers, making credentials non-transferable between machines.
+
 ## BrokerAuthManager
-The BrokerAuthManager class provides utility functions to store and retrieve broker SEMP management authentication information from user's home directory: `~/.sf/` or `%USERPROFILE%\sf\`. The implementation uses AES-256-GCM for authenticated encryption and provides machine-bound encryption that combines OS-level security (keychain) with machine-specific identifiers, making credentials non-transferable between machines.
+The BrokerAuthManager class provides utility functions to store and retrieve broker SEMP management authentication information similar to the `OrgManager` class. It supports Basic and OAuth authentication schemes.
 
 # Contributing
 Contributions are encouraged! Please read [CONTRIBUTING.md](CONTRIBUTING.md) for details on our code of conduct, and the process for submitting pull requests to us.

package/lib/auth/auth-encryption.d.ts

@@ -12,12 +12,12 @@ export declare class BrokerAuthEncryption {
     private static readonly SALT_LENGTH;
     private static readonly TAG_LENGTH;
     /**
-     * Decrypt broker storage data
+     * Decrypt storage data
      * @param encryptedData - Encrypted data to decrypt
      * @param key - Decryption key
-     * @returns Decrypted broker storage
+     * @returns Decrypted storage
      */
-    static decrypt(encryptedData: EncryptedData, key: Buffer): Promise<BrokerAuthStorage>;
+    static decrypt<T = BrokerAuthStorage>(encryptedData: EncryptedData, key: Buffer): Promise<T>;
     /**
      * Derive encryption key from password using PBKDF2
      * @param password - User password
@@ -26,12 +26,12 @@ export declare class BrokerAuthEncryption {
      */
     static deriveKey(password: string, salt: Buffer): Promise<Buffer>;
     /**
-     * Encrypt broker storage data
-     * @param data - Broker storage to encrypt
+     * Encrypt storage data
+     * @param data - Storage to encrypt
      * @param key - Encryption key
      * @returns Encrypted data with metadata
      */
-    static encrypt(data: BrokerAuthStorage, key: Buffer): Promise<EncryptedData>;
+    static encrypt<T = BrokerAuthStorage>(data: T, key: Buffer): Promise<EncryptedData>;
     /**
      * Generate cryptographically secure random salt
      * @returns Random salt buffer

package/lib/auth/auth-encryption.js

@@ -15,10 +15,10 @@ export class BrokerAuthEncryption {
     static SALT_LENGTH = 32;
     static TAG_LENGTH = 16;
     /**
-     * Decrypt broker storage data
+     * Decrypt storage data
      * @param encryptedData - Encrypted data to decrypt
      * @param key - Decryption key
-     * @returns Decrypted broker storage
+     * @returns Decrypted storage
      */
     static async decrypt(encryptedData, key) {
         try {
@@ -60,8 +60,8 @@ export class BrokerAuthEncryption {
         }
     }
     /**
-     * Encrypt broker storage data
-     * @param data - Broker storage to encrypt
+     * Encrypt storage data
+     * @param data - Storage to encrypt
      * @param key - Encryption key
      * @returns Encrypted data with metadata
      */

package/lib/auth/keychain.js

@@ -65,7 +65,6 @@ export class KeychainService {
      */
     loadMachineId() {
         // Use require for CommonJS module (node-machine-id)
-        // eslint-disable-next-line @typescript-eslint/no-require-imports
         return require('node-machine-id');
     }
 }

package/lib/auth/org-manager.d.ts

@@ -0,0 +1,104 @@
+import { KeychainService } from './keychain.js';
+import { type OrgConfig } from './org-types.js';
+/**
+ * Manager for organization storage
+ * Handles encrypted storage of Solace Cloud organization credentials
+ */
+export declare class OrgManager {
+    private static instance;
+    private readonly configDir;
+    private readonly configFile;
+    private encryptionKey;
+    private readonly keychainService;
+    private machineId;
+    private masterKey;
+    private storage;
+    private constructor();
+    /**
+     * Get singleton instance
+     * @param keychainService - Optional keychain service for testing
+     */
+    static getInstance(keychainService?: KeychainService): OrgManager;
+    /**
+     * Add a new organization configuration
+     * @param org - Organization configuration
+     */
+    addOrg(org: OrgConfig): Promise<void>;
+    /**
+     * Clear all organization configurations
+     */
+    clearAll(): Promise<void>;
+    /**
+     * Get all organization configurations
+     * @returns Array of all organization configurations
+     */
+    getAllOrgs(): Promise<OrgConfig[]>;
+    /**
+     * Get the default organization
+     * @returns Default organization or null if no default is set
+     */
+    getDefaultOrg(): Promise<null | OrgConfig>;
+    /**
+     * Get organization configuration by orgId or alias
+     * @param identifier - Organization ID or alias
+     * @returns Organization configuration or null if not found
+     */
+    getOrg(identifier: string): Promise<null | OrgConfig>;
+    /**
+     * Initialize the org manager with encryption key derived from OS keychain and machine ID
+     */
+    initialize(): Promise<void>;
+    /**
+     * List all organization identifiers (orgId or alias if available)
+     * @returns Array of organization identifiers
+     */
+    listOrgs(): Promise<string[]>;
+    /**
+     * Check if organization exists
+     * @param identifier - Organization ID or alias
+     * @returns true if organization exists
+     */
+    orgExists(identifier: string): Promise<boolean>;
+    /**
+     * Remove organization configuration
+     * @param identifier - Organization ID or alias to remove
+     */
+    removeOrg(identifier: string): Promise<void>;
+    /**
+     * Set an organization as the default
+     * @param identifier - Organization ID or alias to set as default
+     */
+    setDefaultOrg(identifier: string): Promise<void>;
+    /**
+     * Update existing organization configuration
+     * @param identifier - Organization ID or alias to update
+     * @param updates - Partial updates to apply
+     */
+    updateOrg(identifier: string, updates: Partial<Omit<OrgConfig, 'orgId'>>): Promise<void>;
+    /**
+     * Ensure manager is initialized
+     */
+    private ensureInitialized;
+    /**
+     * Check if config file exists
+     */
+    private fileExists;
+    /**
+     * Load storage from encrypted file
+     * @param combinedKey - Combined master key and machine ID for decryption
+     */
+    private loadStorage;
+    /**
+     * Save storage to encrypted file
+     */
+    private saveStorage;
+    /**
+     * Unset the default flag on all organizations
+     */
+    private unsetAllDefaults;
+    /**
+     * Validate organization configuration
+     * @param org - Organization to validate
+     */
+    private validateOrg;
+}

package/lib/auth/org-manager.js

@@ -0,0 +1,336 @@
+import { mkdir, readFile, rename, unlink, writeFile } from 'node:fs/promises';
+import { homedir } from 'node:os';
+import { join } from 'node:path';
+import { BrokerAuthEncryption } from './auth-encryption.js';
+import { KeychainService } from './keychain.js';
+import { OrgError, OrgErrorCode } from './org-types.js';
+const SERVICE_NAME = 'local';
+const KEY_NAME = 'sc-cli';
+/**
+ * Manager for organization storage
+ * Handles encrypted storage of Solace Cloud organization credentials
+ */
+export class OrgManager {
+    static instance = null;
+    configDir;
+    configFile;
+    encryptionKey = null;
+    keychainService;
+    machineId = null;
+    masterKey = null;
+    storage = null;
+    constructor(keychainService) {
+        const homeDirectory = homedir();
+        this.configDir = join(homeDirectory, '.sc');
+        this.configFile = join(this.configDir, 'orgs.json');
+        this.keychainService = keychainService ?? new KeychainService();
+    }
+    /**
+     * Get singleton instance
+     * @param keychainService - Optional keychain service for testing
+     */
+    static getInstance(keychainService) {
+        if (!OrgManager.instance) {
+            OrgManager.instance = new OrgManager(keychainService);
+        }
+        return OrgManager.instance;
+    }
+    /**
+     * Add a new organization configuration
+     * @param org - Organization configuration
+     */
+    async addOrg(org) {
+        this.ensureInitialized();
+        // Validate organization
+        this.validateOrg(org);
+        // Check if organization already exists (by orgId or alias)
+        const existingByOrgId = this.storage.orgs.find((o) => o.orgId === org.orgId);
+        if (existingByOrgId) {
+            throw new OrgError(`Organization '${org.orgId}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+        }
+        if (org.alias) {
+            const existingByAlias = this.storage.orgs.find((o) => o.alias === org.alias);
+            if (existingByAlias) {
+                throw new OrgError(`Organization with alias '${org.alias}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+            }
+        }
+        // If this org is being set as default, unset any existing default
+        if (org.isDefault) {
+            this.unsetAllDefaults();
+        }
+        // Add organization
+        this.storage.orgs.push(org);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Clear all organization configurations
+     */
+    async clearAll() {
+        this.ensureInitialized();
+        this.storage.orgs = [];
+        await this.saveStorage();
+    }
+    /**
+     * Get all organization configurations
+     * @returns Array of all organization configurations
+     */
+    async getAllOrgs() {
+        this.ensureInitialized();
+        return [...this.storage.orgs];
+    }
+    /**
+     * Get the default organization
+     * @returns Default organization or null if no default is set
+     */
+    async getDefaultOrg() {
+        this.ensureInitialized();
+        const org = this.storage.orgs.find((o) => o.isDefault === true);
+        return org ?? null;
+    }
+    /**
+     * Get organization configuration by orgId or alias
+     * @param identifier - Organization ID or alias
+     * @returns Organization configuration or null if not found
+     */
+    async getOrg(identifier) {
+        this.ensureInitialized();
+        const org = this.storage.orgs.find((o) => o.orgId === identifier || o.alias === identifier);
+        return org ?? null;
+    }
+    /**
+     * Initialize the org manager with encryption key derived from OS keychain and machine ID
+     */
+    async initialize() {
+        try {
+            // Get machine ID
+            this.machineId = this.keychainService.getMachineId();
+            // Get or create master key from OS keychain
+            this.masterKey = await this.keychainService.getPassword(KEY_NAME, SERVICE_NAME);
+            if (!this.masterKey) {
+                // Generate new master key and store in OS keychain
+                this.masterKey = this.keychainService.generateMasterKey();
+                await this.keychainService.setPassword(KEY_NAME, SERVICE_NAME, this.masterKey);
+            }
+            // Combine master key with machine ID for encryption
+            const combinedKey = `${this.masterKey}:${this.machineId}`;
+            // Try to load existing storage
+            const fileExists = await this.fileExists();
+            if (fileExists) {
+                // Load existing file and derive key from stored salt
+                await this.loadStorage(combinedKey);
+            }
+            else {
+                // Create new storage with new salt
+                const salt = BrokerAuthEncryption.generateSalt();
+                this.encryptionKey = await BrokerAuthEncryption.deriveKey(combinedKey, salt);
+                this.storage = {
+                    orgs: [],
+                    version: '1.0.0',
+                };
+            }
+        }
+        catch (error) {
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to initialize org manager', OrgErrorCode.NOT_INITIALIZED, error);
+        }
+    }
+    /**
+     * List all organization identifiers (orgId or alias if available)
+     * @returns Array of organization identifiers
+     */
+    async listOrgs() {
+        this.ensureInitialized();
+        return this.storage.orgs.map((o) => o.alias ?? o.orgId);
+    }
+    /**
+     * Check if organization exists
+     * @param identifier - Organization ID or alias
+     * @returns true if organization exists
+     */
+    async orgExists(identifier) {
+        this.ensureInitialized();
+        return this.storage.orgs.some((o) => o.orgId === identifier || o.alias === identifier);
+    }
+    /**
+     * Remove organization configuration
+     * @param identifier - Organization ID or alias to remove
+     */
+    async removeOrg(identifier) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        // Remove organization
+        this.storage.orgs.splice(index, 1);
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Set an organization as the default
+     * @param identifier - Organization ID or alias to set as default
+     */
+    async setDefaultOrg(identifier) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        // Unset all existing defaults
+        this.unsetAllDefaults();
+        // Set this org as default
+        this.storage.orgs[index].isDefault = true;
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Update existing organization configuration
+     * @param identifier - Organization ID or alias to update
+     * @param updates - Partial updates to apply
+     */
+    async updateOrg(identifier, updates) {
+        this.ensureInitialized();
+        const index = this.storage.orgs.findIndex((o) => o.orgId === identifier || o.alias === identifier);
+        if (index === -1) {
+            throw new OrgError(`Organization '${identifier}' not found`, OrgErrorCode.ORG_NOT_FOUND);
+        }
+        const currentOrg = this.storage.orgs[index];
+        // Check if new alias conflicts with another org
+        if (updates.alias && updates.alias !== currentOrg.alias) {
+            const conflictingOrg = this.storage.orgs.find((o) => o.alias === updates.alias && o.orgId !== currentOrg.orgId);
+            if (conflictingOrg) {
+                throw new OrgError(`Organization with alias '${updates.alias}' already exists`, OrgErrorCode.ORG_ALREADY_EXISTS);
+            }
+        }
+        // If setting this org as default, unset any existing default
+        if (updates.isDefault === true) {
+            this.unsetAllDefaults();
+        }
+        // Merge updates
+        const updated = {
+            ...currentOrg,
+            ...updates,
+        };
+        // Validate updated organization
+        this.validateOrg(updated);
+        // Update organization
+        this.storage.orgs[index] = updated;
+        // Save to file
+        await this.saveStorage();
+    }
+    /**
+     * Ensure manager is initialized
+     */
+    ensureInitialized() {
+        if (!this.encryptionKey || !this.storage) {
+            throw new OrgError('OrgManager not initialized. Call initialize() first.', OrgErrorCode.NOT_INITIALIZED);
+        }
+    }
+    /**
+     * Check if config file exists
+     */
+    async fileExists() {
+        try {
+            await readFile(this.configFile);
+            return true;
+        }
+        catch {
+            return false;
+        }
+    }
+    /**
+     * Load storage from encrypted file
+     * @param combinedKey - Combined master key and machine ID for decryption
+     */
+    async loadStorage(combinedKey) {
+        try {
+            const fileContent = await readFile(this.configFile, 'utf8');
+            const encryptedData = JSON.parse(fileContent);
+            // Derive key from combined key and stored salt
+            const salt = Buffer.from(encryptedData.salt, 'base64');
+            this.encryptionKey = await BrokerAuthEncryption.deriveKey(combinedKey, salt);
+            // Decrypt storage
+            this.storage = await BrokerAuthEncryption.decrypt(encryptedData, this.encryptionKey);
+        }
+        catch (error) {
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to load organization storage', OrgErrorCode.FILE_READ_ERROR, error);
+        }
+    }
+    /**
+     * Save storage to encrypted file
+     */
+    async saveStorage() {
+        try {
+            if (!this.masterKey || !this.machineId) {
+                throw new OrgError('Org manager not initialized', OrgErrorCode.NOT_INITIALIZED);
+            }
+            // Ensure directory exists
+            await mkdir(this.configDir, { mode: 0o700, recursive: true });
+            // Generate new salt and derive key for THIS save
+            const combinedKey = `${this.masterKey}:${this.machineId}`;
+            const newSalt = BrokerAuthEncryption.generateSalt();
+            const newKey = await BrokerAuthEncryption.deriveKey(combinedKey, newSalt);
+            // Encrypt data with the new key
+            const encrypted = await BrokerAuthEncryption.encrypt(this.storage, newKey);
+            // Update the salt in encrypted data to match the salt we used for key derivation
+            encrypted.salt = newSalt.toString('base64');
+            // Store the new key for next operation
+            this.encryptionKey = newKey;
+            // Write to temp file first (atomic write)
+            const jsonData = JSON.stringify(encrypted, null, 2);
+            const tempFile = `${this.configFile}.tmp`;
+            await writeFile(tempFile, jsonData, { mode: 0o600 });
+            // Atomic rename
+            await rename(tempFile, this.configFile);
+            // Set restrictive permissions (Unix only)
+            if (process.platform !== 'win32') {
+                // Already set via writeFile mode option
+            }
+        }
+        catch (error) {
+            // Clean up temp file if it exists
+            try {
+                await unlink(`${this.configFile}.tmp`);
+            }
+            catch {
+                // Ignore cleanup errors
+            }
+            if (error instanceof OrgError) {
+                throw error;
+            }
+            throw new OrgError('Failed to save organization storage', OrgErrorCode.FILE_WRITE_ERROR, error);
+        }
+    }
+    /**
+     * Unset the default flag on all organizations
+     */
+    unsetAllDefaults() {
+        for (const org of this.storage.orgs) {
+            org.isDefault = false;
+        }
+    }
+    /**
+     * Validate organization configuration
+     * @param org - Organization to validate
+     */
+    validateOrg(org) {
+        // Validate orgId
+        if (!org.orgId || org.orgId.trim() === '') {
+            throw new OrgError('Organization ID is required', OrgErrorCode.INVALID_ORG_ID);
+        }
+        // Validate accessToken
+        if (!org.accessToken || org.accessToken.trim() === '') {
+            throw new OrgError('Access token is required', OrgErrorCode.INVALID_ACCESS_TOKEN);
+        }
+        // Validate alias if provided
+        if (org.alias !== undefined && org.alias.trim() === '') {
+            throw new OrgError('Alias cannot be empty if provided', OrgErrorCode.INVALID_ORG_ID);
+        }
+    }
+}

package/lib/auth/org-types.d.ts

@@ -0,0 +1,38 @@
+/**
+ * Organization configuration
+ */
+export interface OrgConfig {
+    accessToken: string;
+    alias?: string;
+    isDefault?: boolean;
+    orgId: string;
+}
+/**
+ * Storage format for organization configurations
+ */
+export interface OrgStorage {
+    orgs: OrgConfig[];
+    version: string;
+}
+/**
+ * Error codes for organization operations
+ */
+export declare enum OrgErrorCode {
+    DECRYPTION_FAILED = "DECRYPTION_FAILED",
+    ENCRYPTION_FAILED = "ENCRYPTION_FAILED",
+    FILE_READ_ERROR = "FILE_READ_ERROR",
+    FILE_WRITE_ERROR = "FILE_WRITE_ERROR",
+    INVALID_ACCESS_TOKEN = "INVALID_ACCESS_TOKEN",
+    INVALID_ORG_ID = "INVALID_ORG_ID",
+    NOT_INITIALIZED = "NOT_INITIALIZED",
+    ORG_ALREADY_EXISTS = "ORG_ALREADY_EXISTS",
+    ORG_NOT_FOUND = "ORG_NOT_FOUND"
+}
+/**
+ * Custom error class for organization operations
+ */
+export declare class OrgError extends Error {
+    readonly code: OrgErrorCode;
+    readonly cause?: Error | undefined;
+    constructor(message: string, code: OrgErrorCode, cause?: Error | undefined);
+}

package/lib/auth/org-types.js

@@ -0,0 +1,28 @@
+/**
+ * Error codes for organization operations
+ */
+export var OrgErrorCode;
+(function (OrgErrorCode) {
+    OrgErrorCode["DECRYPTION_FAILED"] = "DECRYPTION_FAILED";
+    OrgErrorCode["ENCRYPTION_FAILED"] = "ENCRYPTION_FAILED";
+    OrgErrorCode["FILE_READ_ERROR"] = "FILE_READ_ERROR";
+    OrgErrorCode["FILE_WRITE_ERROR"] = "FILE_WRITE_ERROR";
+    OrgErrorCode["INVALID_ACCESS_TOKEN"] = "INVALID_ACCESS_TOKEN";
+    OrgErrorCode["INVALID_ORG_ID"] = "INVALID_ORG_ID";
+    OrgErrorCode["NOT_INITIALIZED"] = "NOT_INITIALIZED";
+    OrgErrorCode["ORG_ALREADY_EXISTS"] = "ORG_ALREADY_EXISTS";
+    OrgErrorCode["ORG_NOT_FOUND"] = "ORG_NOT_FOUND";
+})(OrgErrorCode || (OrgErrorCode = {}));
+/**
+ * Custom error class for organization operations
+ */
+export class OrgError extends Error {
+    code;
+    cause;
+    constructor(message, code, cause) {
+        super(message);
+        this.code = code;
+        this.cause = cause;
+        this.name = 'OrgError';
+    }
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@dishantlangayan/sc-cli-core",
-  "version": "0.3.0",
+  "version": "0.4.0",
   "description": "Base library for the Solace Cloud CLI and plugins",
   "license": "Apache-2.0",
   "author": "Dishant Langayan",