@lockerpm/desktop-service 1.0.0

package/lib/cjs/services/api.service.js

@@ -0,0 +1,182 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ApiService = void 0;
+const axios_1 = __importDefault(require("axios"));
+const errors_1 = require("../abstractions/errors");
+class ApiService {
+    constructor(params) {
+        const { baseUrl, logger, headers } = params;
+        this.baseUrl = baseUrl;
+        this.token = '';
+        this.logger = logger;
+        this.headers = headers || {};
+    }
+    setToken(token) {
+        this.token = token;
+    }
+    getPasswordlessCredentials(email) {
+        var _a;
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/passwordless/credential`;
+                const res = yield axios_1.default.get(url, {
+                    params: {
+                        email,
+                    },
+                    headers: this.headers,
+                });
+                const data = res.data;
+                this.logDebug({ url, method: 'GET', data });
+                return data;
+            }
+            catch (error) {
+                if (((_a = error.response) === null || _a === void 0 ? void 0 : _a.status) === 404) {
+                    throw new errors_1.ServiceError('1002', error);
+                }
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    // TODO: if service is only built by CyStack, then this base API must be fixed
+    getReleases(os) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/releases`;
+                const res = yield axios_1.default.get(url, {
+                    params: {
+                        client_id: 'desktop',
+                        os,
+                    },
+                    headers: this.headers,
+                });
+                const data = res.data;
+                this.logDebug({ url, method: 'GET', data });
+                return data;
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    setPasswordlessCredential(params) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.token) {
+                throw new errors_1.ServiceError('1001');
+            }
+            try {
+                const { credentialId, name, type, random } = params;
+                const url = `${this.baseUrl}/cystack_platform/pm/passwordless/credential`;
+                const res = yield axios_1.default.post(url, {
+                    credential_id: credentialId,
+                    name,
+                    type,
+                    random,
+                }, {
+                    headers: Object.assign({ Authorization: `Bearer ${this.token}` }, this.headers),
+                });
+                const data = res.data;
+                this.logDebug({ url, method: 'POST', data, payload: params });
+                return data;
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    deletePasswordlessCredential() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.token) {
+                throw new errors_1.ServiceError('1001');
+            }
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/passwordless/credential`;
+                yield axios_1.default.delete(url, {
+                    headers: Object.assign({ Authorization: `Bearer ${this.token}` }, this.headers),
+                });
+                this.logDebug({
+                    url,
+                    method: 'DELETE',
+                    data: undefined,
+                });
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    // ---------------- BACKUP KEYS ----------------
+    listBackupPasswordlessCredentials() {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.token) {
+                throw new errors_1.ServiceError('1001');
+            }
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/users/backup_credentials`;
+                const res = yield axios_1.default.get(url, {
+                    params: {
+                        paging: 0,
+                    },
+                    headers: Object.assign({ Authorization: `Bearer ${this.token}` }, this.headers),
+                });
+                const data = res.data;
+                this.logDebug({ url, method: 'GET', data });
+                return data;
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    setBackupPasswordlessCredential(payload) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.token) {
+                throw new errors_1.ServiceError('1001');
+            }
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/users/backup_credentials`;
+                const res = yield axios_1.default.post(url, payload, {
+                    headers: Object.assign({ Authorization: `Bearer ${this.token}` }, this.headers),
+                });
+                this.logDebug({ url, method: 'POST', data: res.data, payload });
+                return res.data;
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    deleteBackupPasswordlessCredential(id) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.token) {
+                throw new errors_1.ServiceError('1001');
+            }
+            try {
+                const url = `${this.baseUrl}/cystack_platform/pm/users/backup_credentials/${id}`;
+                yield axios_1.default.delete(url, {
+                    headers: Object.assign({ Authorization: `Bearer ${this.token}` }, this.headers),
+                });
+            }
+            catch (error) {
+                throw new errors_1.ServiceError('1000', error);
+            }
+        });
+    }
+    // ---------------- PRIVATE METHODS ----------------
+    logDebug(params) {
+        const { url, method, data, payload } = params;
+        this.logger.debug(`API call ${method} ${url}\nwith ${JSON.stringify(payload)} \nreturn ${JSON.stringify(data)}`);
+    }
+}
+exports.ApiService = ApiService;

package/lib/cjs/services/cache.service.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CacheService = void 0;
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const errors_1 = require("../abstractions/errors");
+var CacheMessage;
+(function (CacheMessage) {
+    CacheMessage["GET_CACHE"] = "getCache";
+    CacheMessage["SET_CACHE"] = "setCache";
+})(CacheMessage || (CacheMessage = {}));
+class CacheService {
+    constructor(logger, grpcService) {
+        this.logger = logger;
+        this.grpc = grpcService;
+    }
+    getCache() {
+        const req = new locker_service_grpc_1.locker_service_grpc.CacheRequest();
+        req.message = CacheMessage.GET_CACHE;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.CacheChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                if (!(res === null || res === void 0 ? void 0 : res.json)) {
+                    resolve(null);
+                    return;
+                }
+                resolve(JSON.parse(res.json));
+            });
+        });
+    }
+    setCache(data) {
+        const req = new locker_service_grpc_1.locker_service_grpc.CacheRequest();
+        req.message = CacheMessage.SET_CACHE;
+        req.json = JSON.stringify(data);
+        return new Promise((resolve, reject) => {
+            this.grpc.client.CacheChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+}
+exports.CacheService = CacheService;

package/lib/cjs/services/core-crypto.service.js

@@ -0,0 +1,193 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CoreCryptoService = void 0;
+/**
+ * Crypto core from Locker Vault
+ *  */
+const crypto_1 = __importDefault(require("crypto"));
+const crypto_service_1 = require("../abstractions/crypto.service");
+const utils_1 = require("../misc/utils");
+const crypto = crypto_1.default.webcrypto;
+class CoreCryptoService {
+    makeKey(password, salt, kdf, kdfIterations) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let key;
+            if (!kdf || kdf === crypto_service_1.KdfType.PBKDF2_SHA256) {
+                if (!kdfIterations) {
+                    kdfIterations = 5000;
+                }
+                else if (kdfIterations < 5000) {
+                    throw new Error('PBKDF2 iteration minimum is 5000.');
+                }
+                key = yield this.pbkdf2(password, salt, 'sha256', kdfIterations);
+            }
+            else {
+                throw new Error('Unknown Kdf.');
+            }
+            return new crypto_service_1.SymmetricCryptoKey(key);
+        });
+    }
+    hashPassword(password, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!password || !key) {
+                throw new Error('Invalid parameters.');
+            }
+            const hash = yield this.pbkdf2(key.key, password, 'sha256', 1);
+            return utils_1.Utils.fromBufferToB64(hash);
+        });
+    }
+    remakeEncKey(currentEncKey, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let encKeyEnc;
+            if (key.key.byteLength === 32) {
+                const newKey = yield this.stretchKey(key);
+                encKeyEnc = yield this.encrypt(currentEncKey, newKey);
+            }
+            else if (key.key.byteLength === 64) {
+                encKeyEnc = yield this.encrypt(currentEncKey, key);
+            }
+            else {
+                throw new Error('Invalid key size.');
+            }
+            return [new crypto_service_1.SymmetricCryptoKey(currentEncKey), encKeyEnc];
+        });
+    }
+    // ---------------- PRIVATE METHODS -------------------
+    pbkdf2(password, salt, algorithm, iterations) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const wcLen = algorithm === 'sha256' ? 256 : 512;
+            const passwordBuf = this.toBuf(password);
+            const saltBuf = this.toBuf(salt);
+            const pbkdf2Params = {
+                name: 'PBKDF2',
+                salt: saltBuf,
+                iterations,
+                hash: { name: this.toWebCryptoAlgorithm(algorithm) },
+            };
+            const impKey = yield crypto.subtle.importKey('raw', passwordBuf, { name: 'PBKDF2' }, false, ['deriveBits']);
+            return yield crypto.subtle.deriveBits(pbkdf2Params, impKey, wcLen);
+        });
+    }
+    toBuf(value) {
+        let buf;
+        if (typeof value === 'string') {
+            buf = utils_1.Utils.fromUtf8ToArray(value).buffer;
+        }
+        else {
+            buf = value;
+        }
+        return buf;
+    }
+    toWebCryptoAlgorithm(algorithm) {
+        if (algorithm === 'md5') {
+            throw new Error('MD5 is not supported in WebCrypto.');
+        }
+        return algorithm === 'sha1' ? 'SHA-1' : algorithm === 'sha256' ? 'SHA-256' : 'SHA-512';
+    }
+    stretchKey(key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const newKey = new Uint8Array(64);
+            const encKey = yield this.hkdfExpand(key.key, 'enc', 32, 'sha256');
+            const macKey = yield this.hkdfExpand(key.key, 'mac', 32, 'sha256');
+            newKey.set(new Uint8Array(encKey));
+            newKey.set(new Uint8Array(macKey), 32);
+            return new crypto_service_1.SymmetricCryptoKey(newKey.buffer);
+        });
+    }
+    hkdfExpand(prk, info, outputByteSize, algorithm) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const hashLen = algorithm === 'sha256' ? 32 : 64;
+            if (outputByteSize > 255 * hashLen) {
+                throw new Error('outputByteSize is too large.');
+            }
+            const prkArr = new Uint8Array(prk);
+            if (prkArr.length < hashLen) {
+                throw new Error('prk is too small.');
+            }
+            const infoBuf = this.toBuf(info);
+            const infoArr = new Uint8Array(infoBuf);
+            let runningOkmLength = 0;
+            let previousT = new Uint8Array(0);
+            const n = Math.ceil(outputByteSize / hashLen);
+            const okm = new Uint8Array(n * hashLen);
+            for (let i = 0; i < n; i++) {
+                const t = new Uint8Array(previousT.length + infoArr.length + 1);
+                t.set(previousT);
+                t.set(infoArr, previousT.length);
+                t.set([i + 1], t.length - 1);
+                previousT = new Uint8Array(yield this.hmac(t.buffer, prk, algorithm));
+                okm.set(previousT, runningOkmLength);
+                runningOkmLength += previousT.length;
+                if (runningOkmLength >= outputByteSize) {
+                    break;
+                }
+            }
+            return okm.slice(0, outputByteSize).buffer;
+        });
+    }
+    hmac(value, key, algorithm) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const signingAlgorithm = {
+                name: 'HMAC',
+                hash: { name: this.toWebCryptoAlgorithm(algorithm) },
+            };
+            const impKey = yield crypto.subtle.importKey('raw', key, signingAlgorithm, false, ['sign']);
+            return yield crypto.subtle.sign(signingAlgorithm, impKey, value);
+        });
+    }
+    encrypt(plainValue, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            let plainBuf;
+            if (typeof plainValue === 'string') {
+                plainBuf = utils_1.Utils.fromUtf8ToArray(plainValue).buffer;
+            }
+            else {
+                plainBuf = plainValue;
+            }
+            const encObj = yield this.aesEncrypt(plainBuf, key);
+            const iv = utils_1.Utils.fromBufferToB64(encObj.iv);
+            const data = utils_1.Utils.fromBufferToB64(encObj.data);
+            const mac = encObj.mac ? utils_1.Utils.fromBufferToB64(encObj.mac) : undefined;
+            return new crypto_service_1.EncString(encObj.key.encType, data, iv, mac);
+        });
+    }
+    aesEncrypt(data, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const obj = new crypto_service_1.EncryptedObject();
+            obj.key = key;
+            obj.iv = this.randomBytes(16);
+            obj.data = yield this._aesEncrypt(data, obj.iv, obj.key.encKey);
+            if (obj.key.macKey != null) {
+                const macData = new Uint8Array(obj.iv.byteLength + obj.data.byteLength);
+                macData.set(new Uint8Array(obj.iv), 0);
+                macData.set(new Uint8Array(obj.data), obj.iv.byteLength);
+                obj.mac = yield this.hmac(macData.buffer, obj.key.macKey, 'sha256');
+            }
+            return obj;
+        });
+    }
+    randomBytes(length) {
+        return crypto.getRandomValues(new Uint8Array(length));
+    }
+    _aesEncrypt(data, iv, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const impKey = yield crypto.subtle.importKey('raw', key, { name: 'AES-CBC' }, false, [
+                'encrypt',
+            ]);
+            return yield crypto.subtle.encrypt({ name: 'AES-CBC', iv }, impKey, data);
+        });
+    }
+}
+exports.CoreCryptoService = CoreCryptoService;

package/lib/cjs/services/crypto.service.js

@@ -0,0 +1,101 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CryptoService = void 0;
+const crypto_1 = __importDefault(require("crypto"));
+const fs_1 = __importDefault(require("fs"));
+const crypto_service_1 = require("../abstractions/crypto.service");
+const utils_1 = require("../misc/utils");
+const core_crypto_service_1 = require("./core-crypto.service");
+const crypto = crypto_1.default.webcrypto;
+class CryptoService {
+    constructor() {
+        this.core = new core_crypto_service_1.CoreCryptoService();
+    }
+    createECDHKeyPair() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const keyPair = yield crypto.subtle.generateKey(crypto_service_1.ECDH, true, ['deriveKey', 'deriveBits']);
+            const rawPublicKey = yield crypto.subtle.exportKey('raw', keyPair.publicKey);
+            return {
+                publicKey: utils_1.Utils.fromBufferToHex(rawPublicKey),
+                privateKey: keyPair.privateKey,
+            };
+        });
+    }
+    createEncKey(theirPublicKey, ourPrivateKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const sharedSecret = yield this.createECDHSharedSecret(theirPublicKey, ourPrivateKey);
+            const approveCode = new Uint8Array(sharedSecret, 0, 2).join('').padStart(6, '0').substring(0, 6);
+            return {
+                encKey: utils_1.Utils.fromBufferToHex(sharedSecret),
+                approveCode,
+            };
+        });
+    }
+    aesEncrypt(data, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const iv = this.getRandomValues(16);
+            const dataBuffer = new TextEncoder().encode(data);
+            const cryptoKey = yield crypto.subtle.importKey('raw', utils_1.Utils.fromHexToArray(key), crypto_service_1.AES, false, [
+                'encrypt',
+            ]);
+            const encrypted = yield crypto.subtle.encrypt({
+                name: crypto_service_1.AES.name,
+                iv,
+            }, cryptoKey, dataBuffer);
+            return `${utils_1.Utils.fromBufferToHex(iv)}.${utils_1.Utils.fromBufferToHex(encrypted)}`;
+        });
+    }
+    aesDecrypt(data, key) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const cryptoKey = yield crypto.subtle.importKey('raw', utils_1.Utils.fromHexToArray(key), crypto_service_1.AES, false, [
+                'decrypt',
+            ]);
+            const [iv, encString] = data.split('.');
+            const decrypted = yield crypto.subtle.decrypt({
+                name: crypto_service_1.AES.name,
+                iv: utils_1.Utils.fromHexToArray(iv),
+            }, cryptoKey, utils_1.Utils.fromHexToArray(encString));
+            const decryptedString = new TextDecoder().decode(decrypted);
+            return decryptedString;
+        });
+    }
+    getFileChecksum(path) {
+        return new Promise((resolve, reject) => {
+            try {
+                const file = fs_1.default.readFileSync(path);
+                const checksum = crypto_1.default.createHash('sha256').update(file).digest('hex');
+                resolve(checksum);
+            }
+            catch (error) {
+                reject(error);
+            }
+        });
+    }
+    getRandomValues(length) {
+        return crypto.getRandomValues(new Uint8Array(length));
+    }
+    // ---------------- PRIVATE METHODS -------------------
+    createECDHSharedSecret(theirPublicKey, ourPrivateKey) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const publicKey = yield crypto.subtle.importKey('raw', utils_1.Utils.fromHexToArray(theirPublicKey), crypto_service_1.ECDH, false, []);
+            const secret = yield crypto.subtle.deriveBits({
+                name: crypto_service_1.ECDH.name,
+                public: publicKey,
+            }, ourPrivateKey, 256);
+            return secret;
+        });
+    }
+}
+exports.CryptoService = CryptoService;

package/lib/cjs/services/event.service.js

@@ -0,0 +1,31 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.EventService = void 0;
+const eventemitter3_1 = __importDefault(require("eventemitter3"));
+class EventService {
+    constructor(logger) {
+        this.events = new eventemitter3_1.default();
+        this.logger = logger;
+    }
+    emit(event, args) {
+        this.logger.debug(`Event '${event}' fired`);
+        // console.log(`Event '${event}' fired`)
+        return this.events.emit(event, args);
+    }
+    on(event, handler) {
+        return this.events.on(event, handler);
+    }
+    once(event, handler) {
+        return this.events.once(event, handler);
+    }
+    removeListener(event, handler) {
+        this.events.removeListener(event, handler);
+    }
+    removeAllListeners() {
+        this.events.removeAllListeners();
+    }
+}
+exports.EventService = EventService;