@dotenvx/dotenvx 1.59.0 → 1.60.0

package/src/db/session.js

@@ -1,20 +1,24 @@
 const Ops = require('./../lib/extensions/ops')
+const { logger } = require('./../shared/logger')
 
 class Session {
   constructor () {
     this.ops = new Ops()
-    this.opsStatus = this.ops.status()
   }
 
   //
-  // opsOff/On
+  // ops status helpers
   //
-  opsOn () {
-    return this.opsStatus === 'on'
+  async noOps () {
+    const status = await this.ops.status()
+    logger.debug(`ops: ${status}`)
+    return status === 'off'
   }
 
-  opsOff () {
-    return !this.opsOn()
+  noOpsSync () {
+    const status = this.ops.statusSync()
+    logger.debug(`ops: ${status}`)
+    return status === 'off'
   }
 }
 

package/src/lib/extensions/ops.js

@@ -1,97 +1,146 @@
 const path = require('path')
 const childProcess = require('child_process')
+const util = require('util')
 
-// const { logger } = require('./../../shared/logger')
+const execFile = util.promisify(childProcess.execFile)
 
 class Ops {
-  constructor () {
-    this.opsLib = null
+  async status () {
+    if (this._isForcedOff()) return 'off'
 
-    if (this._isForcedOff()) {
-      return
+    const binary = await this._resolveBinary()
+    if (!binary) return 'off'
+
+    try {
+      return await this._exec(binary, ['status'])
+    } catch (_e) {
+      return 'off'
     }
+  }
 
-    // check npm lib
-    try { this.opsLib = this._opsNpm() } catch (_e) {}
+  statusSync () {
+    if (this._isForcedOff()) return 'off'
 
-    // check binary cli
-    if (!this.opsLib) {
-      try { this.opsLib = this._opsCli() } catch (_e) {}
-    }
+    const binary = this._resolveBinarySync()
+    if (!binary) return 'off'
 
-    if (this.opsLib) {
-      // logger.successv(`⛨ ops: ${this.opsLib.status()}`)
+    try {
+      return this._execSync(binary, ['status'])
+    } catch (_e) {
+      return 'off'
     }
   }
 
-  status () {
-    if (this._isForcedOff() || !this.opsLib) {
-      return 'off'
-    }
+  async keypair (publicKey) {
+    if (this._isForcedOff()) return {}
 
-    return this.opsLib.status()
-  }
+    const binary = await this._resolveBinary()
+    if (!binary) return {}
+
+    const args = ['keypair']
+    if (publicKey) args.push(publicKey)
 
-  keypair (publicKey) {
-    if (this._isForcedOff() || !this.opsLib) {
+    try {
+      return JSON.parse(await this._exec(binary, args))
+    } catch (_e) {
       return {}
     }
+  }
+
+  keypairSync (publicKey) {
+    if (this._isForcedOff()) return {}
 
-    return this.opsLib.keypair(publicKey)
+    const binary = this._resolveBinarySync()
+    if (!binary) return {}
+
+    const args = ['keypair']
+    if (publicKey) args.push(publicKey)
+
+    try {
+      return JSON.parse(this._execSync(binary, args))
+    } catch (_e) {
+      return {}
+    }
   }
 
   observe (payload) {
-    if (!this._isForcedOff() && this.opsLib && this.opsLib.status() !== 'off') {
-      const encoded = Buffer.from(JSON.stringify(payload)).toString('base64')
-      this.opsLib.observe(encoded)
+    if (this._isForcedOff()) return
+
+    const binary = this._resolveBinarySync()
+    if (!binary) return
+
+    let status = 'off'
+    try {
+      status = this._execSync(binary, ['status'])
+    } catch (_e) {
+      return
+    }
+    if (status === 'off') return
+
+    const encoded = Buffer.from(JSON.stringify(payload)).toString('base64')
+    try {
+      const subprocess = childProcess.spawn(binary, ['observe', encoded], {
+        stdio: 'ignore',
+        detached: true
+      })
+      subprocess.unref()
+    } catch (_e) {
+      // noop
     }
   }
 
-  //
-  // private
-  //
-  _opsNpm () {
-    const npmBin = path.resolve(process.cwd(), 'node_modules/.bin/dotenvx-ops')
-    return this._opsLib(npmBin)
+  async _exec (binary, args) {
+    const { stdout } = await execFile(binary, args)
+    return stdout.toString().trim()
   }
 
-  _opsCli () {
-    return this._opsLib('dotenvx-ops')
+  _execSync (binary, args) {
+    return childProcess.execFileSync(binary, args).toString().trim()
   }
 
-  _opsLib (binary) {
-    childProcess.execFileSync(binary, ['--version'], { stdio: ['pipe', 'pipe', 'ignore'] })
-
-    return {
-      status: () => {
-        return childProcess.execFileSync(binary, ['status'], { stdio: ['pipe', 'pipe', 'ignore'] }).toString().trim()
-      },
-      keypair: (publicKey) => {
-        const args = ['keypair']
-        if (publicKey) {
-          args.push(publicKey)
-        }
-        const output = childProcess.execFileSync(binary, args, { stdio: ['pipe', 'pipe', 'ignore'] }).toString().trim()
-        const parsed = JSON.parse(output.toString())
-        return parsed
-      },
-      observe: (encoded) => {
-        try {
-          const subprocess = childProcess.spawn(binary, ['observe', encoded], {
-            stdio: 'ignore',
-            detached: true
-          })
-
-          subprocess.unref() // let it run independently
-        } catch (e) {
-          // noop
-        }
-      }
-    }
+  async _resolveBinary () {
+    if (this._binaryPromise) return this._binaryPromise
+
+    this._binaryPromise = (async () => {
+      const npmBin = path.resolve(process.cwd(), 'node_modules/.bin/dotenvx-ops')
+      try {
+        await this._exec(npmBin, ['--version'])
+        return npmBin
+      } catch (_e) {}
+
+      try {
+        await this._exec('dotenvx-ops', ['--version'])
+        return 'dotenvx-ops'
+      } catch (_e) {}
+
+      return null
+    })()
+
+    return this._binaryPromise
+  }
+
+  _resolveBinarySync () {
+    if (this._binarySync !== undefined) return this._binarySync
+
+    const npmBin = path.resolve(process.cwd(), 'node_modules/.bin/dotenvx-ops')
+    try {
+      this._execSync(npmBin, ['--version'])
+      this._binarySync = npmBin
+      return this._binarySync
+    } catch (_e) {}
+
+    try {
+      this._execSync('dotenvx-ops', ['--version'])
+      this._binarySync = 'dotenvx-ops'
+      return this._binarySync
+    } catch (_e) {}
+
+    this._binarySync = null
+    return null
   }
 
   _isForcedOff () {
-    return process.env.DOTENVX_OPS_OFF === 'true'
+    return process.env.DOTENVX_NO_OPS === 'true'
   }
 }
 

package/src/lib/helpers/catchAndLog.js

@@ -1,7 +1,7 @@
 const { logger } = require('./../../shared/logger')
 
 function catchAndLog (error) {
-  logger.error(error.messageWithHelp)
+  logger.error(error.messageWithHelp || error.message)
   if (error.debug) {
     logger.debug(error.debug)
   }

package/src/lib/helpers/createSpinner.js

@@ -0,0 +1,24 @@
+const FRAMES = ['◇', '⬖', '◆', '⬗']
+const FRAME_INTERVAL_MS = 80
+
+async function createSpinner (options = {}) {
+  const stream = process.stderr
+  const hasCursorControls = typeof stream.cursorTo === 'function' && typeof stream.clearLine === 'function'
+  const enabled = Boolean(stream.isTTY && hasCursorControls && !options.quiet && !options.verbose && !options.debug)
+  if (!enabled) return null
+
+  const text = options.text || 'thinking'
+  const frames = options.frames || FRAMES
+
+  const { default: yoctoSpinner } = await import('yocto-spinner')
+  return yoctoSpinner({
+    text,
+    spinner: {
+      frames,
+      interval: FRAME_INTERVAL_MS
+    },
+    stream
+  }).start()
+}
+
+module.exports = createSpinner

package/src/lib/helpers/cryptography/index.js

@@ -1,11 +1,15 @@
 module.exports = {
   opsKeypair: require('./opsKeypair'),
+  opsKeypairSync: require('./opsKeypairSync'),
   localKeypair: require('./localKeypair'),
   encryptValue: require('./encryptValue'),
   decryptKeyValue: require('./decryptKeyValue'),
   isEncrypted: require('./isEncrypted'),
   isPublicKey: require('./isPublicKey'),
+  mutateKeysSrc: require('./mutateKeysSrc'),
+  mutateKeysSrcSync: require('./mutateKeysSrcSync'),
   provision: require('./provision'),
+  provisionSync: require('./provisionSync'),
   provisionWithPrivateKey: require('./provisionWithPrivateKey'),
   mutateSrc: require('./mutateSrc'),
 

package/src/lib/helpers/cryptography/mutateKeysSrc.js

@@ -9,7 +9,7 @@ const FIRST_TIME_KEYS_SRC = [
 const path = require('path')
 const fsx = require('./../fsx')
 
-function mutateKeysSrc ({ envFilepath, keysFilepath, privateKeyName, privateKeyValue }) {
+async function mutateKeysSrc ({ envFilepath, keysFilepath, privateKeyName, privateKeyValue }) {
   const filename = path.basename(envFilepath)
   const filepath = path.resolve(envFilepath)
   let resolvedKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
@@ -19,13 +19,13 @@ function mutateKeysSrc ({ envFilepath, keysFilepath, privateKeyName, privateKeyV
   const appendPrivateKey = [`# ${filename}`, `${privateKeyName}=${privateKeyValue}`, ''].join('\n')
 
   let keysSrc = ''
-  if (fsx.existsSync(resolvedKeysFilepath)) {
-    keysSrc = fsx.readFileX(resolvedKeysFilepath)
+  if (await fsx.exists(resolvedKeysFilepath)) {
+    keysSrc = await fsx.readFileX(resolvedKeysFilepath)
   }
   keysSrc = keysSrc.length > 1 ? keysSrc : `${FIRST_TIME_KEYS_SRC}\n`
   keysSrc = `${keysSrc}\n${appendPrivateKey}`
 
-  fsx.writeFileX(resolvedKeysFilepath, keysSrc) // TODO: don't write if ops
+  await fsx.writeFileX(resolvedKeysFilepath, keysSrc) // TODO: don't write if ops
 
   const envKeysFilepath = keysFilepath || path.join(path.dirname(envFilepath), path.basename(resolvedKeysFilepath))
 

package/src/lib/helpers/cryptography/mutateKeysSrcSync.js

@@ -0,0 +1,38 @@
+const FIRST_TIME_KEYS_SRC = [
+  '#/------------------!DOTENV_PRIVATE_KEYS!-------------------/',
+  '#/ private decryption keys. DO NOT commit to source control /',
+  '#/     [how it works](https://dotenvx.com/encryption)       /',
+  // '#/           backup with: `dotenvx ops backup`              /',
+  '#/----------------------------------------------------------/'
+].join('\n')
+
+const path = require('path')
+const fsx = require('./../fsx')
+
+function mutateKeysSrcSync ({ envFilepath, keysFilepath, privateKeyName, privateKeyValue }) {
+  const filename = path.basename(envFilepath)
+  const filepath = path.resolve(envFilepath)
+  let resolvedKeysFilepath = path.join(path.dirname(filepath), '.env.keys')
+  if (keysFilepath) {
+    resolvedKeysFilepath = path.resolve(keysFilepath)
+  }
+  const appendPrivateKey = [`# ${filename}`, `${privateKeyName}=${privateKeyValue}`, ''].join('\n')
+
+  let keysSrc = ''
+  if (fsx.existsSync(resolvedKeysFilepath)) {
+    keysSrc = fsx.readFileXSync(resolvedKeysFilepath)
+  }
+  keysSrc = keysSrc.length > 1 ? keysSrc : `${FIRST_TIME_KEYS_SRC}\n`
+  keysSrc = `${keysSrc}\n${appendPrivateKey}`
+
+  fsx.writeFileXSync(resolvedKeysFilepath, keysSrc) // TODO: don't write if ops
+
+  const envKeysFilepath = keysFilepath || path.join(path.dirname(envFilepath), path.basename(resolvedKeysFilepath))
+
+  return {
+    keysSrc,
+    envKeysFilepath
+  }
+}
+
+module.exports = mutateKeysSrcSync

package/src/lib/helpers/cryptography/opsKeypair.js

@@ -1,7 +1,7 @@
 const Ops = require('../../extensions/ops')
 
-function opsKeypair (existingPublicKey) {
-  const kp = new Ops().keypair(existingPublicKey)
+async function opsKeypair (existingPublicKey) {
+  const kp = await new Ops().keypair(existingPublicKey)
   const publicKey = kp.public_key
   const privateKey = kp.private_key
 

package/src/lib/helpers/cryptography/opsKeypairSync.js

@@ -0,0 +1,14 @@
+const Ops = require('../../extensions/ops')
+
+function opsKeypairSync (existingPublicKey) {
+  const kp = new Ops().keypairSync(existingPublicKey)
+  const publicKey = kp.public_key
+  const privateKey = kp.private_key
+
+  return {
+    publicKey,
+    privateKey
+  }
+}
+
+module.exports = opsKeypairSync

package/src/lib/helpers/cryptography/provision.js

@@ -4,8 +4,8 @@ const opsKeypair = require('./opsKeypair')
 const localKeypair = require('./localKeypair')
 const { keyNames } = require('../keyResolution')
 
-function provision ({ envSrc, envFilepath, keysFilepath, opsOn }) {
-  opsOn = opsOn === true
+async function provision ({ envSrc, envFilepath, keysFilepath, noOps }) {
+  noOps = noOps !== false
   const { publicKeyName, privateKeyName } = keyNames(envFilepath)
 
   let publicKey
@@ -14,12 +14,12 @@ function provision ({ envSrc, envFilepath, keysFilepath, opsOn }) {
   let envKeysFilepath
   let privateKeyAdded = false
 
-  if (opsOn) {
-    const kp = opsKeypair()
+  if (noOps) {
+    const kp = localKeypair()
     publicKey = kp.publicKey
     privateKey = kp.privateKey
   } else {
-    const kp = localKeypair()
+    const kp = await opsKeypair()
     publicKey = kp.publicKey
     privateKey = kp.privateKey
   }
@@ -27,8 +27,8 @@ function provision ({ envSrc, envFilepath, keysFilepath, opsOn }) {
   const mutated = mutateSrc({ envSrc, envFilepath, keysFilepath, publicKeyName, publicKeyValue: publicKey })
   envSrc = mutated.envSrc
 
-  if (!opsOn) {
-    const mutated = mutateKeysSrc({ envFilepath, keysFilepath, privateKeyName, privateKeyValue: privateKey })
+  if (noOps) {
+    const mutated = await mutateKeysSrc({ envFilepath, keysFilepath, privateKeyName, privateKeyValue: privateKey })
     keysSrc = mutated.keysSrc
     envKeysFilepath = mutated.envKeysFilepath
     privateKeyAdded = true

package/src/lib/helpers/cryptography/provisionSync.js

@@ -0,0 +1,47 @@
+const mutateSrc = require('./mutateSrc')
+const mutateKeysSrcSync = require('./mutateKeysSrcSync')
+const opsKeypairSync = require('./opsKeypairSync')
+const localKeypair = require('./localKeypair')
+const { keyNames } = require('../keyResolution')
+
+function provisionSync ({ envSrc, envFilepath, keysFilepath, noOps }) {
+  noOps = noOps !== false
+  const { publicKeyName, privateKeyName } = keyNames(envFilepath)
+
+  let publicKey
+  let privateKey
+  let keysSrc
+  let envKeysFilepath
+  let privateKeyAdded = false
+
+  if (noOps) {
+    const kp = localKeypair()
+    publicKey = kp.publicKey
+    privateKey = kp.privateKey
+  } else {
+    const kp = opsKeypairSync()
+    publicKey = kp.publicKey
+    privateKey = kp.privateKey
+  }
+
+  const mutated = mutateSrc({ envSrc, envFilepath, keysFilepath, publicKeyName, publicKeyValue: publicKey })
+  envSrc = mutated.envSrc
+
+  if (noOps) {
+    const mutated = mutateKeysSrcSync({ envFilepath, keysFilepath, privateKeyName, privateKeyValue: privateKey })
+    keysSrc = mutated.keysSrc
+    envKeysFilepath = mutated.envKeysFilepath
+    privateKeyAdded = true
+  }
+
+  return {
+    envSrc,
+    keysSrc,
+    publicKey,
+    privateKey,
+    privateKeyAdded,
+    envKeysFilepath
+  }
+}
+
+module.exports = provisionSync

package/src/lib/helpers/cryptography/provisionWithPrivateKey.js

@@ -3,7 +3,7 @@ const mutateSrc = require('./mutateSrc')
 const localKeypair = require('./localKeypair')
 
 function provisionWithPrivateKey ({ envSrc, envFilepath, keysFilepath, privateKeyValue, publicKeyValue, publicKeyName }) {
-  const { publicKey, privateKey } = localKeypair(privateKeyValue) // opsOn doesn't matter here since privateKeyValue was already discovered prior (via ops and local) and passed as privateKeyValue
+  const { publicKey, privateKey } = localKeypair(privateKeyValue) // noOps doesn't matter here since privateKeyValue was already discovered prior (via ops and local) and passed as privateKeyValue
 
   // if derivation doesn't match what's in the file (or preset in env)
   if (publicKeyValue && publicKeyValue !== publicKey) {

package/src/lib/helpers/detectEncoding.js

@@ -1,7 +1,7 @@
 const fs = require('fs')
 
-function detectEncoding (filepath) {
-  const buffer = fs.readFileSync(filepath)
+async function detectEncoding (filepath) {
+  const buffer = await fs.promises.readFile(filepath)
 
   // check for UTF-16LE BOM (Byte Order Mark)
   if (buffer.length >= 2 && buffer[0] === 0xFF && buffer[1] === 0xFE) {

package/src/lib/helpers/detectEncodingSync.js

@@ -0,0 +1,22 @@
+const fs = require('fs')
+
+function detectEncodingSync (filepath) {
+  const buffer = fs.readFileSync(filepath)
+
+  // check for UTF-16LE BOM (Byte Order Mark)
+  if (buffer.length >= 2 && buffer[0] === 0xFF && buffer[1] === 0xFE) {
+    return 'utf16le'
+  }
+
+  /* c8 ignore start */
+  // check for UTF-8 BOM
+  if (buffer.length >= 3 && buffer[0] === 0xEF && buffer[1] === 0xBB && buffer[2] === 0xBF) {
+    return 'utf8'
+  }
+
+  /* c8 ignore stop */
+
+  return 'utf8'
+}
+
+module.exports = detectEncodingSync

package/src/lib/helpers/errors.js

@@ -13,6 +13,7 @@ const ISSUE_BY_CODE = {
   MISPAIRED_PRIVATE_KEY: 'https://github.com/dotenvx/dotenvx/issues/752',
   MISSING_DIRECTORY: 'https://github.com/dotenvx/dotenvx/issues/758',
   MISSING_ENV_FILE: 'https://github.com/dotenvx/dotenvx/issues/484',
+  MISSING_ENV_KEYS_FILE: 'https://github.com/dotenvx/dotenvx/issues/775',
   MISSING_ENV_FILES: 'https://github.com/dotenvx/dotenvx/issues/760',
   MISSING_KEY: 'https://github.com/dotenvx/dotenvx/issues/759',
   MISSING_LOG_LEVEL: 'must be valid log level',
@@ -25,6 +26,7 @@ class Errors {
   constructor (options = {}) {
     this.filepath = options.filepath
     this.envFilepath = options.envFilepath
+    this.envKeysFilepath = options.envKeysFilepath
 
     this.key = options.key
     this.privateKey = options.privateKey
@@ -202,6 +204,19 @@ class Errors {
     return e
   }
 
+  missingEnvKeysFile () {
+    const code = 'MISSING_ENV_KEYS_FILE'
+    const envKeysFilepath = this.envKeysFilepath || '.env.keys'
+    const message = `[${code}] missing file (${envKeysFilepath})`
+    const help = `fix: [${ISSUE_BY_CODE[code]}]`
+
+    const e = new Error(message)
+    e.code = code
+    e.help = help
+    e.messageWithHelp = `${message}. ${help}`
+    return e
+  }
+
   missingEnvFiles () {
     const code = 'MISSING_ENV_FILES'
     const message = `[${code}] no .env* files found`

package/src/lib/helpers/fsx.js

@@ -2,7 +2,15 @@ const fs = require('fs')
 
 const ENCODING = 'utf8'
 
-function readFileX (filepath, encoding = null) {
+async function readFileX (filepath, encoding = null) {
+  if (!encoding) {
+    encoding = ENCODING
+  }
+
+  return fs.promises.readFile(filepath, encoding)
+}
+
+function readFileXSync (filepath, encoding = null) {
   if (!encoding) {
     encoding = ENCODING
   }
@@ -10,12 +18,26 @@ function readFileX (filepath, encoding = null) {
   return fs.readFileSync(filepath, encoding) // utf8 default so it returns a string
 }
 
-function writeFileX (filepath, str) {
+function writeFileXSync (filepath, str) {
   return fs.writeFileSync(filepath, str, ENCODING) // utf8 always
 }
 
+async function writeFileX (filepath, str) {
+  return fs.promises.writeFile(filepath, str, ENCODING)
+}
+
+async function exists (filepath) {
+  try {
+    await fs.promises.access(filepath)
+    return true
+  } catch (_e) {
+    return false
+  }
+}
+
 const fsx = {
   chmodSync: fs.chmodSync,
+  exists,
   existsSync: fs.existsSync,
   readdirSync: fs.readdirSync,
   readFileSync: fs.readFileSync,
@@ -24,7 +46,9 @@ const fsx = {
 
   // fsx special commands
   readFileX,
-  writeFileX
+  readFileXSync,
+  writeFileX,
+  writeFileXSync
 }
 
 module.exports = fsx

package/src/lib/helpers/installPrecommitHook.js

@@ -55,12 +55,12 @@ class InstallPrecommitHook {
   }
 
   _currentHook () {
-    return fsx.readFileX(this.hookPath)
+    return fsx.readFileXSync(this.hookPath)
   }
 
   _createHook () {
     // If the pre-commit file doesn't exist, create a new one with the hookScript
-    fsx.writeFileX(this.hookPath, HOOK_SCRIPT)
+    fsx.writeFileXSync(this.hookPath, HOOK_SCRIPT)
     fsx.chmodSync(this.hookPath, '755') // Make the file executable
   }
 

package/src/lib/helpers/isIgnoringDotenvKeys.js

@@ -6,7 +6,7 @@ function isIgnoringDotenvKeys () {
     return false
   }
 
-  const gitignore = fsx.readFileX('.gitignore')
+  const gitignore = fsx.readFileXSync('.gitignore')
   const ig = ignore(gitignore).add(gitignore)
 
   if (!ig.ignores('.env.keys')) {

package/src/lib/helpers/keyResolution/index.js

@@ -1,13 +1,15 @@
 module.exports = {
   keyNames: require('./keyNames'),
   keyValues: require('./keyValues'),
+  keyValuesSync: require('./keyValuesSync'),
 
   // private
-  // private keys are resolved via keyValues()
+  // private keys are resolved via keyValuesSync()
 
   // other
   readProcessKey: require('./readProcessKey'),
   readFileKey: require('./readFileKey'),
+  readFileKeySync: require('./readFileKeySync'),
   guessPrivateKeyFilename: require('./../guessPrivateKeyFilename'),
   dotenvPrivateKeyNames: require('./../dotenvPrivateKeyNames')
 }