@lockerpm/desktop-service 1.0.0

package/lib/cjs/services/fido.service.js

@@ -0,0 +1,136 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FidoService = void 0;
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const errors_1 = require("../abstractions/errors");
+var FidoMessage;
+(function (FidoMessage) {
+    FidoMessage["DEVICE_LIST"] = "deviceListRequest";
+    FidoMessage["DEVICE_SELECT"] = "deviceInitializationRequest";
+    FidoMessage["LIST_CREDENTIALS"] = "listCredentialRequest";
+    FidoMessage["MAKE_CREDENTIAL"] = "createCredentialRequest";
+    FidoMessage["DELETE_CREDENTIAL"] = "deleteCredentialRequest";
+    FidoMessage["GET_HMAC"] = "hmacRequest";
+})(FidoMessage || (FidoMessage = {}));
+class FidoService {
+    constructor(logger, eventEmitter, grpcService) {
+        this.logger = logger;
+        this.eventEmitter = eventEmitter;
+        this.grpc = grpcService;
+    }
+    getDeviceList() {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.DEVICE_LIST;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                if (!(res === null || res === void 0 ? void 0 : res.device_list)) {
+                    resolve([]);
+                    return;
+                }
+                resolve(res.device_list.map((d) => ({
+                    name: d.name,
+                    path: d.path,
+                })));
+            });
+        });
+    }
+    setSelectedDevice(path) {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.DEVICE_SELECT;
+        req.device_path = path;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve(!!(res === null || res === void 0 ? void 0 : res.success));
+            });
+        });
+    }
+    listCredentials(params) {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.LIST_CREDENTIALS;
+        req.pin = params.pin;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve((res === null || res === void 0 ? void 0 : res.credential_list.map((c) => ({
+                    name: c.user_name,
+                    displayName: c.user_display_name,
+                    credentialId: c.credential_id,
+                }))) || []);
+            });
+        });
+    }
+    makeCredential(params) {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.MAKE_CREDENTIAL;
+        req.email = params.email;
+        req.name = params.name;
+        req.pin = params.pin || '';
+        this.eventEmitter.emit(params.pin ? 'fidoRequestTouch' : 'fidoRequestFingerprint', undefined);
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve({
+                    credentialId: res === null || res === void 0 ? void 0 : res.credential_id,
+                });
+            });
+        });
+    }
+    deleteCredential(params) {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.DELETE_CREDENTIAL;
+        req.credential_id = params.credentialId;
+        req.pin = params.pin;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve(true);
+            });
+        });
+    }
+    getHmacSecret(params) {
+        const req = new locker_service_grpc_1.locker_service_grpc.FidoRequest();
+        req.message = FidoMessage.GET_HMAC;
+        req.credential_id = params.credentialId;
+        req.salt = params.salt;
+        req.pin = params.pin || '';
+        // UP is disabled when get hmac -> no need to request touch
+        if (!params.pin) {
+            this.eventEmitter.emit('fidoRequestFingerprint', undefined);
+        }
+        return new Promise((resolve, reject) => {
+            this.grpc.client.FidoChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve({
+                    secret: (res === null || res === void 0 ? void 0 : res.assertion_hmac) || '',
+                });
+            });
+        });
+    }
+}
+exports.FidoService = FidoService;

package/lib/cjs/services/grpc.service.js

@@ -0,0 +1,130 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.GRPCService = void 0;
+const grpc_js_1 = require("@grpc/grpc-js");
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const find_process_1 = __importDefault(require("find-process"));
+const utils_1 = require("../misc/utils");
+const axios_1 = __importDefault(require("axios"));
+const config_1 = require("../misc/config");
+class GRPCService {
+    constructor(services, options) {
+        this.currentPort = 0;
+        this.serviceChecksums = [];
+        this.serviceAlias = '';
+        const { logger, cryptoService, apiService } = services;
+        const { ssl, unsafe, serviceAlias } = options;
+        this.logger = logger;
+        this.crypto = cryptoService;
+        this.api = apiService;
+        this.unsafe = !!unsafe;
+        if (serviceAlias) {
+            this.serviceAlias = serviceAlias;
+        }
+        const cred = ssl ? grpc_js_1.credentials.createSsl(ssl.rootCert) : grpc_js_1.credentials.createInsecure();
+        this.credentials = cred;
+        this.client = new locker_service_grpc_1.locker_service_grpc.LockerServiceClient(`localhost:${this.currentPort}`, cred);
+        this.initConnection();
+    }
+    get isReady() {
+        return this.currentPort !== 0;
+    }
+    initConnection() {
+        return __awaiter(this, void 0, void 0, function* () {
+            this.currentPort = 0;
+            if (!this.unsafe) {
+                yield this.loadServiceChecksums();
+            }
+            for (const httpPort of config_1.HTTP_PORTS) {
+                this.logger.debug(`Ping background service on port ${httpPort}`);
+                const { success, res } = yield this.pingService(httpPort);
+                if (success && res) {
+                    const port = res.tcpPort;
+                    const client = yield this.testConnection(port);
+                    if (client) {
+                        const isValidated = this.unsafe ? true : yield this.validateConnection(port);
+                        if (isValidated) {
+                            this.client = client;
+                            this.currentPort = port;
+                            this.logger.debug(`GRPC server connected on port ${port}`);
+                            return;
+                        }
+                    }
+                }
+            }
+            this.logger.error('Cannot connect to GRPC server');
+        });
+    }
+    // ---------------------- PRIVATE METHODS ----------------------
+    pingService(port) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const url = `http://localhost:${port}/ping-locker-service`;
+                const res = yield axios_1.default.get(url, {
+                    timeout: config_1.GRPC_PING_TIMEOUT,
+                });
+                const data = res.data;
+                return {
+                    success: data.message === 'pong' && data.alias === this.serviceAlias,
+                    res: data,
+                };
+            }
+            catch (e) {
+                return {
+                    success: false,
+                };
+            }
+        });
+    }
+    testConnection(port) {
+        return new Promise((resolve) => {
+            const client = new locker_service_grpc_1.locker_service_grpc.LockerServiceClient(`localhost:${port}`, this.credentials);
+            client.waitForReady(Date.now() + config_1.GRPC_CONNECTION_TIMEOUT, (error) => {
+                if (error) {
+                    resolve(null);
+                }
+                else {
+                    resolve(client);
+                }
+            });
+        });
+    }
+    validateConnection(port) {
+        return __awaiter(this, void 0, void 0, function* () {
+            try {
+                const list = yield (0, find_process_1.default)('port', port, true);
+                const service = list.find((s) => s.name === 'locker-service');
+                if (!service) {
+                    return false;
+                }
+                // TODO: somehow, service.bin does not exist in type but exists in returned value when testing on MacOS
+                // @ts-ignore
+                const checksum = yield this.crypto.getFileChecksum(service.bin);
+                return this.serviceChecksums.includes(checksum);
+            }
+            catch (error) {
+                return false;
+            }
+        });
+    }
+    loadServiceChecksums() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const _os = utils_1.Utils.getCurrentOS();
+            const res = yield this.api.getReleases(_os);
+            this.serviceChecksums = res.map((version) => version.checksum.service);
+        });
+    }
+}
+exports.GRPCService = GRPCService;

package/lib/cjs/services/log.service.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.LogService = exports.LogLevel = void 0;
+var LogLevel;
+(function (LogLevel) {
+    LogLevel[LogLevel["NONE"] = 0] = "NONE";
+    LogLevel[LogLevel["ERROR"] = 1] = "ERROR";
+    LogLevel[LogLevel["DEBUG"] = 2] = "DEBUG";
+})(LogLevel || (exports.LogLevel = LogLevel = {}));
+class LogService {
+    constructor(logLevel) {
+        this.logLevel = logLevel || LogLevel.ERROR;
+    }
+    setLogLevel(level) {
+        this.logLevel = level;
+    }
+    debug(e) {
+        if (this.logLevel >= LogLevel.DEBUG) {
+            console.log(new Date());
+            console.log(e);
+        }
+    }
+    error(e) {
+        if (this.logLevel >= LogLevel.ERROR) {
+            console.log(new Date());
+            console.error(e);
+        }
+    }
+}
+exports.LogService = LogService;

package/lib/cjs/services/pairing.service.js

@@ -0,0 +1,122 @@
+"use strict";
+var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
+    function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
+    return new (P || (P = Promise))(function (resolve, reject) {
+        function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
+        function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
+        function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
+        step((generator = generator.apply(thisArg, _arguments || [])).next());
+    });
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.PairingService = void 0;
+const errors_1 = require("../abstractions/errors");
+const socket_service_1 = require("../abstractions/socket.service");
+const locker_service_grpc_1 = require("../proto/locker-service-grpc");
+const STORAGE_KEY = 'service_paired_clients';
+class PairingService {
+    constructor(services) {
+        this.clients = {};
+        this.isReady = false;
+        const { cryptoService, eventService, storageService, grpcService, logger } = services;
+        this.crypto = cryptoService;
+        this.events = eventService;
+        this.storage = storageService;
+        this.grpc = grpcService;
+        this.logger = logger;
+        this.loadFromStore().then(() => (this.isReady = true));
+    }
+    getClient(clientId) {
+        return this.clients[clientId];
+    }
+    isClientConfirmed(clientId) {
+        var _a;
+        return (_a = this.clients[clientId]) === null || _a === void 0 ? void 0 : _a.confirmed;
+    }
+    getResponseForPairingRequest(clientId, publicKey, clientType) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const keyPair = yield this.crypto.createECDHKeyPair();
+            const sharedKey = yield this.crypto.createEncKey(publicKey, keyPair.privateKey);
+            this.clients[clientId] = {
+                encKey: sharedKey.encKey,
+                confirmed: false,
+            };
+            yield this.saveToStore();
+            this.events.emit('pairingConfirmation', {
+                clientId,
+                approveCode: sharedKey.approveCode,
+                clientType,
+            });
+            return (0, socket_service_1.buildOutgoingSocketMessage)('pairingResponse', {
+                key: keyPair.publicKey,
+            });
+        });
+    }
+    confirmPairingClient(clientId, keepInKeyring) {
+        return __awaiter(this, void 0, void 0, function* () {
+            if (!this.clients[clientId]) {
+                this.logger.debug(`Pairing client with id ${clientId} not found`);
+                return;
+            }
+            this.clients[clientId].confirmed = true;
+            yield Promise.all([this.saveToStore(), this.registerClientOnService(clientId, keepInKeyring)]);
+        });
+    }
+    encryptDataForClient(clientId, data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const client = this.clients[clientId];
+            if (!(client === null || client === void 0 ? void 0 : client.confirmed)) {
+                throw new errors_1.ServiceError('3001');
+            }
+            const res = yield this.crypto.aesEncrypt(data, client.encKey);
+            return res;
+        });
+    }
+    decryptDataFromClient(clientId, data) {
+        return __awaiter(this, void 0, void 0, function* () {
+            const client = this.clients[clientId];
+            if (!(client === null || client === void 0 ? void 0 : client.confirmed)) {
+                throw new errors_1.ServiceError('3001');
+            }
+            const res = yield this.crypto.aesDecrypt(data, client.encKey);
+            return res;
+        });
+    }
+    registerClientOnService(clientId, keepInKeyring = false) {
+        const client = this.clients[clientId];
+        const req = new locker_service_grpc_1.locker_service_grpc.WebCredRequest();
+        req.message = 'forwardingWebCred';
+        req.client_id = clientId;
+        req.enc_key = client.encKey;
+        req.save_to_keyring = keepInKeyring;
+        return new Promise((resolve, reject) => {
+            this.grpc.client.WebCredChannel(req, (err, res) => {
+                this.logger.debug(res);
+                if (err) {
+                    reject(errors_1.ServiceError.fromError(err));
+                    return;
+                }
+                resolve();
+            });
+        });
+    }
+    loadFromStore() {
+        return __awaiter(this, void 0, void 0, function* () {
+            const data = yield this.storage.getSecure(STORAGE_KEY);
+            if (data) {
+                // Remove unconfirmed client
+                const res = {};
+                Object.keys(data).forEach((k) => {
+                    if (data[k].confirmed) {
+                        res[k] = data[k];
+                    }
+                });
+                this.clients = res;
+            }
+        });
+    }
+    saveToStore() {
+        return this.storage.setSecure(STORAGE_KEY, this.clients);
+    }
+}
+exports.PairingService = PairingService;