@dotenvx/dotenvx 1.9.0 → 1.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/CHANGELOG.md
CHANGED
|
@@ -2,7 +2,13 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file. See [standard-version](https://github.com/conventional-changelog/standard-version) for commit guidelines.
|
|
4
4
|
|
|
5
|
-
## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.9.
|
|
5
|
+
## [Unreleased](https://github.com/dotenvx/dotenvx/compare/v1.9.1...main)
|
|
6
|
+
|
|
7
|
+
## 1.9.1
|
|
8
|
+
|
|
9
|
+
### Added
|
|
10
|
+
|
|
11
|
+
* warn if private key is missing or blank ([#349](https://github.com/dotenvx/dotenvx/pull/349))
|
|
6
12
|
|
|
7
13
|
## 1.9.0
|
|
8
14
|
|
package/package.json
CHANGED
|
@@ -3,35 +3,41 @@ const { decrypt } = require('eciesjs')
|
|
|
3
3
|
const PREFIX = 'encrypted:'
|
|
4
4
|
|
|
5
5
|
function decryptValue (value, privateKey) {
|
|
6
|
+
let decryptedValue
|
|
7
|
+
let decryptionError
|
|
8
|
+
|
|
6
9
|
if (!value.startsWith(PREFIX)) {
|
|
7
10
|
return value
|
|
8
11
|
}
|
|
9
12
|
|
|
10
|
-
|
|
11
|
-
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
const
|
|
16
|
-
const
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
13
|
+
privateKey = privateKey || ''
|
|
14
|
+
if (privateKey.length <= 0) {
|
|
15
|
+
decryptionError = new Error('private key missing or blank')
|
|
16
|
+
decryptionError.code = 'DECRYPTION_FAILED'
|
|
17
|
+
} else {
|
|
18
|
+
const privateKeys = privateKey.split(',')
|
|
19
|
+
for (const key of privateKeys) {
|
|
20
|
+
const secret = Buffer.from(key, 'hex')
|
|
21
|
+
const encoded = value.substring(PREFIX.length)
|
|
22
|
+
const ciphertext = Buffer.from(encoded, 'base64')
|
|
23
|
+
|
|
24
|
+
try {
|
|
25
|
+
decryptedValue = decrypt(secret, ciphertext).toString()
|
|
26
|
+
decryptionError = null // reset to null error (scenario for multiple private keys)
|
|
27
|
+
break
|
|
28
|
+
} catch (e) {
|
|
29
|
+
if (e.message === 'Invalid private key') {
|
|
30
|
+
decryptionError = new Error('private key looks invalid')
|
|
31
|
+
} else if (e.message === 'Unsupported state or unable to authenticate data') {
|
|
32
|
+
decryptionError = new Error('private key looks wrong')
|
|
33
|
+
} else if (e.message === 'Point of length 65 was invalid. Expected 33 compressed bytes or 65 uncompressed bytes') {
|
|
34
|
+
decryptionError = new Error('encrypted data looks malformed')
|
|
35
|
+
} else {
|
|
36
|
+
decryptionError = new Error(`${e.message}`)
|
|
37
|
+
}
|
|
38
|
+
|
|
39
|
+
decryptionError.code = 'DECRYPTION_FAILED'
|
|
32
40
|
}
|
|
33
|
-
|
|
34
|
-
decryptionError.code = 'DECRYPTION_FAILED'
|
|
35
41
|
}
|
|
36
42
|
}
|
|
37
43
|
|
|
@@ -4,8 +4,8 @@ const dotenvExpand = require('./dotenvExpand')
|
|
|
4
4
|
const decryptValue = require('./decryptValue')
|
|
5
5
|
const truncate = require('./truncate')
|
|
6
6
|
|
|
7
|
-
function warning (e, key, privateKey) {
|
|
8
|
-
const warning = new Error(`[${e.code}] could not decrypt ${key} using private key ${truncate(privateKey)}`)
|
|
7
|
+
function warning (e, key, privateKey = null) {
|
|
8
|
+
const warning = new Error(`[${e.code}] could not decrypt ${key} using private key '${truncate(privateKey)}'`)
|
|
9
9
|
warning.code = e.code
|
|
10
10
|
warning.help = `[${e.code}] ? ${e.message}`
|
|
11
11
|
|
|
@@ -17,14 +17,12 @@ function parseDecryptEvalExpand (src, privateKey = null, processEnv = process.en
|
|
|
17
17
|
|
|
18
18
|
// parse
|
|
19
19
|
const parsed = dotenv.parse(src)
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
// do nothing. warnings tracked further below.
|
|
27
|
-
}
|
|
20
|
+
for (const key in parsed) {
|
|
21
|
+
try {
|
|
22
|
+
const decryptedValue = decryptValue(parsed[key], privateKey)
|
|
23
|
+
parsed[key] = decryptedValue
|
|
24
|
+
} catch (_e) {
|
|
25
|
+
// do nothing. warnings tracked further below.
|
|
28
26
|
}
|
|
29
27
|
}
|
|
30
28
|
|
|
@@ -41,22 +39,20 @@ function parseDecryptEvalExpand (src, privateKey = null, processEnv = process.en
|
|
|
41
39
|
parsed: evaled
|
|
42
40
|
}
|
|
43
41
|
const expanded = dotenvExpand.expand(inputEvaled)
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
warnings.push(warning(e, key, privateKey))
|
|
51
|
-
}
|
|
42
|
+
for (const key in expanded.parsed) {
|
|
43
|
+
try {
|
|
44
|
+
const decryptedValue = decryptValue(expanded.parsed[key], privateKey)
|
|
45
|
+
expanded.parsed[key] = decryptedValue
|
|
46
|
+
} catch (e) {
|
|
47
|
+
warnings.push(warning(e, key, privateKey))
|
|
52
48
|
}
|
|
53
|
-
|
|
54
|
-
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
59
|
-
|
|
49
|
+
}
|
|
50
|
+
for (const key in processEnv) {
|
|
51
|
+
try {
|
|
52
|
+
const decryptedValue = decryptValue(processEnv[key], privateKey)
|
|
53
|
+
processEnv[key] = decryptedValue
|
|
54
|
+
} catch (e) {
|
|
55
|
+
warnings.push(warning(e, key, privateKey))
|
|
60
56
|
}
|
|
61
57
|
}
|
|
62
58
|
|
|
@@ -1,6 +1,10 @@
|
|
|
1
1
|
function truncate (str, showChar = 7) {
|
|
2
|
-
|
|
3
|
-
|
|
2
|
+
if (str && str.length > 0) {
|
|
3
|
+
const visiblePart = str.slice(0, showChar)
|
|
4
|
+
return visiblePart + '…'
|
|
5
|
+
} else {
|
|
6
|
+
return ''
|
|
7
|
+
}
|
|
4
8
|
}
|
|
5
9
|
|
|
6
10
|
module.exports = truncate
|