@naturalcycles/nodejs-lib 12.65.1 → 12.66.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bin/secrets-decrypt.js +8 -8
- package/dist/bin/secrets-encrypt.js +8 -8
- package/dist/got/getGot.js +1 -1
- package/dist/index.d.ts +2 -2
- package/dist/index.js +37 -38
- package/dist/secret/secrets-decrypt.util.d.ts +1 -1
- package/dist/secret/secrets-decrypt.util.js +2 -2
- package/dist/secret/secrets-encrypt.util.d.ts +1 -1
- package/dist/secret/secrets-encrypt.util.js +2 -2
- package/dist/security/crypto.util.d.ts +16 -2
- package/dist/security/crypto.util.js +39 -8
- package/dist/security/secret.util.d.ts +9 -1
- package/dist/security/secret.util.js +29 -8
- package/dist/util/lruMemoCache.d.ts +4 -3
- package/dist/util/lruMemoCache.js +4 -1
- package/package.json +1 -1
- package/src/bin/secrets-decrypt.ts +8 -8
- package/src/bin/secrets-encrypt.ts +8 -8
- package/src/got/getGot.ts +3 -1
- package/src/index.ts +1 -2
- package/src/secret/secrets-decrypt.util.ts +2 -7
- package/src/secret/secrets-encrypt.util.ts +2 -7
- package/src/security/crypto.util.ts +40 -16
- package/src/security/secret.util.ts +46 -8
- package/src/util/lruMemoCache.ts +9 -5
|
@@ -6,12 +6,12 @@ const colors_1 = require("../colors");
|
|
|
6
6
|
const script_1 = require("../script");
|
|
7
7
|
const secrets_decrypt_util_1 = require("../secret/secrets-decrypt.util");
|
|
8
8
|
(0, script_1.runScript)(() => {
|
|
9
|
-
const { dir, encKey,
|
|
10
|
-
(0, secrets_decrypt_util_1.secretsDecrypt)(dir, encKey,
|
|
9
|
+
const { dir, encKey, del } = getDecryptCLIOptions();
|
|
10
|
+
(0, secrets_decrypt_util_1.secretsDecrypt)(dir, encKey, del);
|
|
11
11
|
});
|
|
12
12
|
function getDecryptCLIOptions() {
|
|
13
13
|
require('dotenv').config();
|
|
14
|
-
let { dir, encKey, encKeyVar,
|
|
14
|
+
let { dir, encKey, encKeyVar, del } = yargs.options({
|
|
15
15
|
dir: {
|
|
16
16
|
type: 'array',
|
|
17
17
|
desc: 'Directory with secrets. Can be many',
|
|
@@ -29,10 +29,10 @@ function getDecryptCLIOptions() {
|
|
|
29
29
|
desc: 'Env variable name to get `encKey` from.',
|
|
30
30
|
default: 'SECRET_ENCRYPTION_KEY',
|
|
31
31
|
},
|
|
32
|
-
algorithm: {
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
},
|
|
32
|
+
// algorithm: {
|
|
33
|
+
// type: 'string',
|
|
34
|
+
// default: 'aes-256-cbc',
|
|
35
|
+
// },
|
|
36
36
|
del: {
|
|
37
37
|
type: 'boolean',
|
|
38
38
|
desc: 'Delete source files after encryption/decryption. Be careful!',
|
|
@@ -48,5 +48,5 @@ function getDecryptCLIOptions() {
|
|
|
48
48
|
}
|
|
49
49
|
}
|
|
50
50
|
// `as any` because @types/yargs can't handle string[] type properly
|
|
51
|
-
return { dir: dir, encKey,
|
|
51
|
+
return { dir: dir, encKey, del };
|
|
52
52
|
}
|
|
@@ -6,12 +6,12 @@ const colors_1 = require("../colors");
|
|
|
6
6
|
const script_1 = require("../script");
|
|
7
7
|
const secrets_encrypt_util_1 = require("../secret/secrets-encrypt.util");
|
|
8
8
|
(0, script_1.runScript)(() => {
|
|
9
|
-
const { pattern, encKey,
|
|
10
|
-
(0, secrets_encrypt_util_1.secretsEncrypt)(pattern, encKey,
|
|
9
|
+
const { pattern, encKey, del } = getEncryptCLIOptions();
|
|
10
|
+
(0, secrets_encrypt_util_1.secretsEncrypt)(pattern, encKey, del);
|
|
11
11
|
});
|
|
12
12
|
function getEncryptCLIOptions() {
|
|
13
13
|
require('dotenv').config();
|
|
14
|
-
let { pattern, encKey, encKeyVar,
|
|
14
|
+
let { pattern, encKey, encKeyVar, del } = yargs.options({
|
|
15
15
|
pattern: {
|
|
16
16
|
type: 'string',
|
|
17
17
|
array: true,
|
|
@@ -30,10 +30,10 @@ function getEncryptCLIOptions() {
|
|
|
30
30
|
desc: 'Env variable name to get `encKey` from.',
|
|
31
31
|
default: 'SECRET_ENCRYPTION_KEY',
|
|
32
32
|
},
|
|
33
|
-
algorithm: {
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
},
|
|
33
|
+
// algorithm: {
|
|
34
|
+
// type: 'string',
|
|
35
|
+
// default: 'aes-256-cbc',
|
|
36
|
+
// },
|
|
37
37
|
del: {
|
|
38
38
|
type: 'boolean',
|
|
39
39
|
desc: 'Delete source files after encryption/decryption. Be careful!',
|
|
@@ -49,5 +49,5 @@ function getEncryptCLIOptions() {
|
|
|
49
49
|
}
|
|
50
50
|
}
|
|
51
51
|
// `as any` because @types/yargs can't handle string[] type properly
|
|
52
|
-
return { pattern: pattern, encKey,
|
|
52
|
+
return { pattern: pattern, encKey, del };
|
|
53
53
|
}
|
package/dist/got/getGot.js
CHANGED
|
@@ -180,7 +180,7 @@ function gotBeforeRetryHook(opt) {
|
|
|
180
180
|
const statusCode = err?.response?.statusCode || 0;
|
|
181
181
|
if (statusCode && statusCode < 300) {
|
|
182
182
|
// todo: possibly remove the log message completely in the future
|
|
183
|
-
opt.logger.log(`skipping got.beforeRetry hook
|
|
183
|
+
opt.logger.log(`skipping got.beforeRetry hook as statusCode is ${statusCode}, err.msg is ${err?.message}`);
|
|
184
184
|
return;
|
|
185
185
|
}
|
|
186
186
|
const { method, url, prefixUrl } = options;
|
package/dist/index.d.ts
CHANGED
|
@@ -54,7 +54,7 @@ export * from './stream/writable/writablePushToArray';
|
|
|
54
54
|
export * from './stream/writable/writableVoid';
|
|
55
55
|
import { inspectAny, InspectAnyOptions, inspectAnyStringifyFn } from './string/inspectAny';
|
|
56
56
|
export * from './util/env.util';
|
|
57
|
-
|
|
57
|
+
export * from './util/lruMemoCache';
|
|
58
58
|
export * from './util/zip.util';
|
|
59
59
|
import { readAjvSchemas, readJsonSchemas } from './validation/ajv/ajv.util';
|
|
60
60
|
import { AjvSchema, AjvSchemaCfg, AjvValidationOptions } from './validation/ajv/ajvSchema';
|
|
@@ -67,4 +67,4 @@ import { JoiValidationError, JoiValidationErrorData } from './validation/joi/joi
|
|
|
67
67
|
import { convert, getValidationResult, isValid, JoiValidationResult, undefinedIfInvalid, validate } from './validation/joi/joi.validation.util';
|
|
68
68
|
import { runScript, RunScriptOptions } from './script';
|
|
69
69
|
export type { RunScriptOptions, JoiValidationErrorData, JoiValidationResult, ValidationErrorItem, ExtendedJoi, SchemaTyped, AnySchema, AnySchemaTyped, ArraySchemaTyped, BooleanSchemaTyped, NumberSchemaTyped, ObjectSchemaTyped, StringSchemaTyped, IDebug, IDebugger, SlackServiceCfg, SlackMessage, SlackMessageProps, SlackApiBody, SlackMessagePrefixHook, ReadableTyped, WritableTyped, TransformTyped, PipelineFromNDJsonFileOptions, PipelineToNDJsonFileOptions, TransformJsonParseOptions, TransformToNDJsonOptions, TransformMapOptions, TransformMapSyncOptions, NDJSONStreamForEachOptions, TransformOptions, TransformMultiThreadedOptions, WorkerClassInterface, WorkerInput, WorkerOutput, TableDiffOptions, InspectAnyOptions, Got, GetGotOptions, AfterResponseHook, BeforeErrorHook, BeforeRequestHook, AjvValidationOptions, AjvSchemaCfg, AjvValidationErrorData, };
|
|
70
|
-
export { JoiValidationError, validate, getValidationResult, isValid, undefinedIfInvalid, convert, Joi,
|
|
70
|
+
export { JoiValidationError, validate, getValidationResult, isValid, undefinedIfInvalid, convert, Joi, Debug, SlackService, slackDefaultMessagePrefixHook, ndjsonStreamForEach, pipelineFromNDJsonFile, pipelineToNDJsonFile, NDJsonStats, streamToNDJsonFile, transformJsonParse, bufferReviver, transformToNDJson, transformMap, transformMapSync, transformMultiThreaded, BaseWorkerClass, tableDiff, inspectAny, inspectAnyStringifyFn, RequestError, TimeoutError, _chunkBuffer, Ajv, AjvSchema, AjvValidationError, readJsonSchemas, readAjvSchemas, runScript, };
|
package/dist/index.js
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.runScript = exports.readAjvSchemas = exports.readJsonSchemas = exports.AjvValidationError = exports.AjvSchema = exports.Ajv = exports._chunkBuffer = exports.TimeoutError = exports.RequestError = exports.inspectAnyStringifyFn = exports.inspectAny = exports.tableDiff = exports.BaseWorkerClass = exports.transformMultiThreaded = exports.transformMapSync = exports.transformMap = exports.transformToNDJson = exports.bufferReviver = exports.transformJsonParse = exports.streamToNDJsonFile = exports.NDJsonStats = exports.pipelineToNDJsonFile = exports.pipelineFromNDJsonFile = exports.ndjsonStreamForEach = exports.slackDefaultMessagePrefixHook = exports.SlackService = exports.Debug = exports.
|
|
3
|
+
exports.runScript = exports.readAjvSchemas = exports.readJsonSchemas = exports.AjvValidationError = exports.AjvSchema = exports.Ajv = exports._chunkBuffer = exports.TimeoutError = exports.RequestError = exports.inspectAnyStringifyFn = exports.inspectAny = exports.tableDiff = exports.BaseWorkerClass = exports.transformMultiThreaded = exports.transformMapSync = exports.transformMap = exports.transformToNDJson = exports.bufferReviver = exports.transformJsonParse = exports.streamToNDJsonFile = exports.NDJsonStats = exports.pipelineToNDJsonFile = exports.pipelineFromNDJsonFile = exports.ndjsonStreamForEach = exports.slackDefaultMessagePrefixHook = exports.SlackService = exports.Debug = exports.Joi = exports.convert = exports.undefinedIfInvalid = exports.isValid = exports.getValidationResult = exports.validate = exports.JoiValidationError = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
5
|
const ajv_1 = require("ajv");
|
|
6
6
|
exports.Ajv = ajv_1.default;
|
|
@@ -11,23 +11,23 @@ const buffer_util_1 = require("./buffer/buffer.util");
|
|
|
11
11
|
Object.defineProperty(exports, "_chunkBuffer", { enumerable: true, get: function () { return buffer_util_1._chunkBuffer; } });
|
|
12
12
|
const tableDiff_1 = require("./diff/tableDiff");
|
|
13
13
|
Object.defineProperty(exports, "tableDiff", { enumerable: true, get: function () { return tableDiff_1.tableDiff; } });
|
|
14
|
-
|
|
15
|
-
|
|
14
|
+
tslib_1.__exportStar(require("./got/getGot"), exports);
|
|
15
|
+
tslib_1.__exportStar(require("./infra/process.util"), exports);
|
|
16
16
|
const debug_1 = require("./log/debug");
|
|
17
17
|
Object.defineProperty(exports, "Debug", { enumerable: true, get: function () { return debug_1.Debug; } });
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
18
|
+
tslib_1.__exportStar(require("./security/hash.util"), exports);
|
|
19
|
+
tslib_1.__exportStar(require("./security/id.util"), exports);
|
|
20
|
+
tslib_1.__exportStar(require("./security/secret.util"), exports);
|
|
21
|
+
tslib_1.__exportStar(require("./colors/colors"), exports);
|
|
22
|
+
tslib_1.__exportStar(require("./log/log.util"), exports);
|
|
23
23
|
const slack_service_1 = require("./slack/slack.service");
|
|
24
24
|
Object.defineProperty(exports, "slackDefaultMessagePrefixHook", { enumerable: true, get: function () { return slack_service_1.slackDefaultMessagePrefixHook; } });
|
|
25
25
|
Object.defineProperty(exports, "SlackService", { enumerable: true, get: function () { return slack_service_1.SlackService; } });
|
|
26
26
|
const ndjson_model_1 = require("./stream/ndjson/ndjson.model");
|
|
27
27
|
Object.defineProperty(exports, "NDJsonStats", { enumerable: true, get: function () { return ndjson_model_1.NDJsonStats; } });
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
28
|
+
tslib_1.__exportStar(require("./stream/ndjson/ndJsonFileRead"), exports);
|
|
29
|
+
tslib_1.__exportStar(require("./stream/ndjson/ndJsonFileWrite"), exports);
|
|
30
|
+
tslib_1.__exportStar(require("./stream/ndjson/ndjsonMap"), exports);
|
|
31
31
|
const ndjsonStreamForEach_1 = require("./stream/ndjson/ndjsonStreamForEach");
|
|
32
32
|
Object.defineProperty(exports, "ndjsonStreamForEach", { enumerable: true, get: function () { return ndjsonStreamForEach_1.ndjsonStreamForEach; } });
|
|
33
33
|
const pipelineFromNDJsonFile_1 = require("./stream/ndjson/pipelineFromNDJsonFile");
|
|
@@ -41,42 +41,41 @@ Object.defineProperty(exports, "bufferReviver", { enumerable: true, get: functio
|
|
|
41
41
|
Object.defineProperty(exports, "transformJsonParse", { enumerable: true, get: function () { return transformJsonParse_1.transformJsonParse; } });
|
|
42
42
|
const transformToNDJson_1 = require("./stream/ndjson/transformToNDJson");
|
|
43
43
|
Object.defineProperty(exports, "transformToNDJson", { enumerable: true, get: function () { return transformToNDJson_1.transformToNDJson; } });
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
49
|
-
|
|
50
|
-
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
44
|
+
tslib_1.__exportStar(require("./stream/pipeline/pipeline"), exports);
|
|
45
|
+
tslib_1.__exportStar(require("./stream/readable/readableCreate"), exports);
|
|
46
|
+
tslib_1.__exportStar(require("./stream/readable/readableForEach"), exports);
|
|
47
|
+
tslib_1.__exportStar(require("./stream/readable/readableFromArray"), exports);
|
|
48
|
+
tslib_1.__exportStar(require("./stream/readable/readableMap"), exports);
|
|
49
|
+
tslib_1.__exportStar(require("./stream/readable/readableMapToArray"), exports);
|
|
50
|
+
tslib_1.__exportStar(require("./stream/readable/readableToArray"), exports);
|
|
51
|
+
tslib_1.__exportStar(require("./stream/transform/transformBuffer"), exports);
|
|
52
|
+
tslib_1.__exportStar(require("./stream/transform/transformFilter"), exports);
|
|
53
|
+
tslib_1.__exportStar(require("./stream/transform/transformLimit"), exports);
|
|
54
|
+
tslib_1.__exportStar(require("./stream/transform/transformLogProgress"), exports);
|
|
55
55
|
const transformMap_1 = require("./stream/transform/transformMap");
|
|
56
56
|
Object.defineProperty(exports, "transformMap", { enumerable: true, get: function () { return transformMap_1.transformMap; } });
|
|
57
|
-
|
|
58
|
-
|
|
57
|
+
tslib_1.__exportStar(require("./stream/transform/transformMapSimple"), exports);
|
|
58
|
+
tslib_1.__exportStar(require("./stream/transform/transformNoOp"), exports);
|
|
59
59
|
const transformMapSync_1 = require("./stream/transform/transformMapSync");
|
|
60
60
|
Object.defineProperty(exports, "transformMapSync", { enumerable: true, get: function () { return transformMapSync_1.transformMapSync; } });
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
64
|
-
|
|
61
|
+
tslib_1.__exportStar(require("./stream/transform/transformSplit"), exports);
|
|
62
|
+
tslib_1.__exportStar(require("./stream/transform/transformTap"), exports);
|
|
63
|
+
tslib_1.__exportStar(require("./stream/transform/transformToArray"), exports);
|
|
64
|
+
tslib_1.__exportStar(require("./stream/transform/transformToString"), exports);
|
|
65
65
|
const baseWorkerClass_1 = require("./stream/transform/worker/baseWorkerClass");
|
|
66
66
|
Object.defineProperty(exports, "BaseWorkerClass", { enumerable: true, get: function () { return baseWorkerClass_1.BaseWorkerClass; } });
|
|
67
67
|
const transformMultiThreaded_1 = require("./stream/transform/worker/transformMultiThreaded");
|
|
68
68
|
Object.defineProperty(exports, "transformMultiThreaded", { enumerable: true, get: function () { return transformMultiThreaded_1.transformMultiThreaded; } });
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
69
|
+
tslib_1.__exportStar(require("./stream/writable/writableForEach"), exports);
|
|
70
|
+
tslib_1.__exportStar(require("./stream/writable/writableFork"), exports);
|
|
71
|
+
tslib_1.__exportStar(require("./stream/writable/writablePushToArray"), exports);
|
|
72
|
+
tslib_1.__exportStar(require("./stream/writable/writableVoid"), exports);
|
|
73
73
|
const inspectAny_1 = require("./string/inspectAny");
|
|
74
74
|
Object.defineProperty(exports, "inspectAny", { enumerable: true, get: function () { return inspectAny_1.inspectAny; } });
|
|
75
75
|
Object.defineProperty(exports, "inspectAnyStringifyFn", { enumerable: true, get: function () { return inspectAny_1.inspectAnyStringifyFn; } });
|
|
76
|
-
|
|
77
|
-
|
|
78
|
-
|
|
79
|
-
(0, tslib_1.__exportStar)(require("./util/zip.util"), exports);
|
|
76
|
+
tslib_1.__exportStar(require("./util/env.util"), exports);
|
|
77
|
+
tslib_1.__exportStar(require("./util/lruMemoCache"), exports);
|
|
78
|
+
tslib_1.__exportStar(require("./util/zip.util"), exports);
|
|
80
79
|
const ajv_util_1 = require("./validation/ajv/ajv.util");
|
|
81
80
|
Object.defineProperty(exports, "readAjvSchemas", { enumerable: true, get: function () { return ajv_util_1.readAjvSchemas; } });
|
|
82
81
|
Object.defineProperty(exports, "readJsonSchemas", { enumerable: true, get: function () { return ajv_util_1.readJsonSchemas; } });
|
|
@@ -84,10 +83,10 @@ const ajvSchema_1 = require("./validation/ajv/ajvSchema");
|
|
|
84
83
|
Object.defineProperty(exports, "AjvSchema", { enumerable: true, get: function () { return ajvSchema_1.AjvSchema; } });
|
|
85
84
|
const ajvValidationError_1 = require("./validation/ajv/ajvValidationError");
|
|
86
85
|
Object.defineProperty(exports, "AjvValidationError", { enumerable: true, get: function () { return ajvValidationError_1.AjvValidationError; } });
|
|
87
|
-
|
|
86
|
+
tslib_1.__exportStar(require("./validation/ajv/getAjv"), exports);
|
|
88
87
|
const joi_extensions_1 = require("./validation/joi/joi.extensions");
|
|
89
88
|
Object.defineProperty(exports, "Joi", { enumerable: true, get: function () { return joi_extensions_1.Joi; } });
|
|
90
|
-
|
|
89
|
+
tslib_1.__exportStar(require("./validation/joi/joi.shared.schemas"), exports);
|
|
91
90
|
const joi_validation_error_1 = require("./validation/joi/joi.validation.error");
|
|
92
91
|
Object.defineProperty(exports, "JoiValidationError", { enumerable: true, get: function () { return joi_validation_error_1.JoiValidationError; } });
|
|
93
92
|
const joi_validation_util_1 = require("./validation/joi/joi.validation.util");
|
|
@@ -8,4 +8,4 @@ export interface DecryptCLIOptions {
|
|
|
8
8
|
* Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
|
|
9
9
|
* Using provided encKey.
|
|
10
10
|
*/
|
|
11
|
-
export declare function secretsDecrypt(dir: string[], encKey: string,
|
|
11
|
+
export declare function secretsDecrypt(dir: string[], encKey: string, del?: boolean): void;
|
|
@@ -10,12 +10,12 @@ const crypto_util_1 = require("../security/crypto.util");
|
|
|
10
10
|
* Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
|
|
11
11
|
* Using provided encKey.
|
|
12
12
|
*/
|
|
13
|
-
function secretsDecrypt(dir, encKey,
|
|
13
|
+
function secretsDecrypt(dir, encKey, del) {
|
|
14
14
|
const patterns = dir.map(d => `${d}/**/*.enc`);
|
|
15
15
|
const filenames = globby.sync(patterns);
|
|
16
16
|
filenames.forEach(filename => {
|
|
17
17
|
const enc = fs.readFileSync(filename);
|
|
18
|
-
const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey
|
|
18
|
+
const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey);
|
|
19
19
|
const plainFilename = filename.slice(0, filename.length - '.enc'.length);
|
|
20
20
|
fs.writeFileSync(plainFilename, plain);
|
|
21
21
|
if (del) {
|
|
@@ -8,4 +8,4 @@ export interface EncryptCLIOptions {
|
|
|
8
8
|
* Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
|
|
9
9
|
* Using provided encKey.
|
|
10
10
|
*/
|
|
11
|
-
export declare function secretsEncrypt(pattern: string[], encKey: string,
|
|
11
|
+
export declare function secretsEncrypt(pattern: string[], encKey: string, del?: boolean): void;
|
|
@@ -10,7 +10,7 @@ const crypto_util_1 = require("../security/crypto.util");
|
|
|
10
10
|
* Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
|
|
11
11
|
* Using provided encKey.
|
|
12
12
|
*/
|
|
13
|
-
function secretsEncrypt(pattern, encKey,
|
|
13
|
+
function secretsEncrypt(pattern, encKey, del) {
|
|
14
14
|
const patterns = [
|
|
15
15
|
...pattern,
|
|
16
16
|
`!**/*.enc`, // excluding already encoded
|
|
@@ -18,7 +18,7 @@ function secretsEncrypt(pattern, encKey, algorithm, del) {
|
|
|
18
18
|
const filenames = globby.sync(patterns);
|
|
19
19
|
filenames.forEach(filename => {
|
|
20
20
|
const plain = fs.readFileSync(filename);
|
|
21
|
-
const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey
|
|
21
|
+
const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey);
|
|
22
22
|
const encFilename = `${filename}.enc`;
|
|
23
23
|
fs.writeFileSync(encFilename, enc);
|
|
24
24
|
if (del) {
|
|
@@ -1,3 +1,17 @@
|
|
|
1
1
|
/// <reference types="node" />
|
|
2
|
-
|
|
3
|
-
|
|
2
|
+
/**
|
|
3
|
+
* Using aes-256-cbc
|
|
4
|
+
*/
|
|
5
|
+
export declare function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer;
|
|
6
|
+
/**
|
|
7
|
+
* Using aes-256-cbc
|
|
8
|
+
*/
|
|
9
|
+
export declare function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer;
|
|
10
|
+
/**
|
|
11
|
+
* Using aes-256-cbc
|
|
12
|
+
*/
|
|
13
|
+
export declare function decryptString(str: string, secretKey: string): string;
|
|
14
|
+
/**
|
|
15
|
+
* Using aes-256-cbc
|
|
16
|
+
*/
|
|
17
|
+
export declare function encryptString(str: string, secretKey: string): string;
|
|
@@ -1,14 +1,13 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
|
|
3
|
+
exports.encryptString = exports.decryptString = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
|
|
4
4
|
const crypto = require("crypto");
|
|
5
5
|
const hash_util_1 = require("./hash.util");
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
function encryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc') {
|
|
6
|
+
const algorithm = 'aes-256-cbc';
|
|
7
|
+
/**
|
|
8
|
+
* Using aes-256-cbc
|
|
9
|
+
*/
|
|
10
|
+
function encryptRandomIVBuffer(input, secretKeyBase64) {
|
|
12
11
|
const key = aes256Key(secretKeyBase64);
|
|
13
12
|
// Random iv to achieve non-deterministic encryption (but deterministic decryption)
|
|
14
13
|
// const iv = await randomBytes(16)
|
|
@@ -17,7 +16,10 @@ function encryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc'
|
|
|
17
16
|
return Buffer.concat([iv, cipher.update(input), cipher.final()]);
|
|
18
17
|
}
|
|
19
18
|
exports.encryptRandomIVBuffer = encryptRandomIVBuffer;
|
|
20
|
-
|
|
19
|
+
/**
|
|
20
|
+
* Using aes-256-cbc
|
|
21
|
+
*/
|
|
22
|
+
function decryptRandomIVBuffer(input, secretKeyBase64) {
|
|
21
23
|
const key = aes256Key(secretKeyBase64);
|
|
22
24
|
// iv is first 16 bytes of encrypted buffer, the rest is payload
|
|
23
25
|
const iv = input.slice(0, 16);
|
|
@@ -26,3 +28,32 @@ function decryptRandomIVBuffer(input, secretKeyBase64, algorithm = 'aes-256-cbc'
|
|
|
26
28
|
return Buffer.concat([decipher.update(payload), decipher.final()]);
|
|
27
29
|
}
|
|
28
30
|
exports.decryptRandomIVBuffer = decryptRandomIVBuffer;
|
|
31
|
+
/**
|
|
32
|
+
* Using aes-256-cbc
|
|
33
|
+
*/
|
|
34
|
+
function decryptString(str, secretKey) {
|
|
35
|
+
const { algorithm, key, iv } = getCryptoParams(secretKey);
|
|
36
|
+
const decipher = crypto.createDecipheriv(algorithm, key, iv);
|
|
37
|
+
let decrypted = decipher.update(str, 'base64', 'utf8');
|
|
38
|
+
return (decrypted += decipher.final('utf8'));
|
|
39
|
+
}
|
|
40
|
+
exports.decryptString = decryptString;
|
|
41
|
+
/**
|
|
42
|
+
* Using aes-256-cbc
|
|
43
|
+
*/
|
|
44
|
+
function encryptString(str, secretKey) {
|
|
45
|
+
const { algorithm, key, iv } = getCryptoParams(secretKey);
|
|
46
|
+
const cipher = crypto.createCipheriv(algorithm, key, iv);
|
|
47
|
+
let encrypted = cipher.update(str, 'utf8', 'base64');
|
|
48
|
+
return (encrypted += cipher.final('base64'));
|
|
49
|
+
}
|
|
50
|
+
exports.encryptString = encryptString;
|
|
51
|
+
function getCryptoParams(secretKey) {
|
|
52
|
+
const key = (0, hash_util_1.md5)(secretKey);
|
|
53
|
+
const iv = (0, hash_util_1.md5)(secretKey + key).slice(0, 16);
|
|
54
|
+
return { algorithm, key, iv };
|
|
55
|
+
}
|
|
56
|
+
function aes256Key(secretKeyBase64) {
|
|
57
|
+
// md5 to match aes-256 key length of 32 bytes
|
|
58
|
+
return (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
|
|
59
|
+
}
|
|
@@ -14,8 +14,16 @@ export declare function removeSecretsFromEnv(): void;
|
|
|
14
14
|
* Does NOT delete previous secrets from secretMap.
|
|
15
15
|
*
|
|
16
16
|
* If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
|
|
17
|
+
*
|
|
18
|
+
* Whole file is encrypted.
|
|
19
|
+
* For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
|
|
20
|
+
*/
|
|
21
|
+
export declare function loadSecretsFromEncryptedJsonFile(filePath: string, secretEncryptionKey?: string): void;
|
|
22
|
+
/**
|
|
23
|
+
* Whole file is NOT encrypted, but instead individual json values ARE encrypted..
|
|
24
|
+
* For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
|
|
17
25
|
*/
|
|
18
|
-
export declare function
|
|
26
|
+
export declare function loadSecretsFromEncryptedJsonFileValues(filePath: string, secretEncryptionKey?: string): void;
|
|
19
27
|
/**
|
|
20
28
|
* json secrets are always base64'd
|
|
21
29
|
*/
|
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
"use strict";
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.setSecretMap = exports.getSecretMap = exports.secretOptional = exports.secret = exports.
|
|
3
|
+
exports.setSecretMap = exports.getSecretMap = exports.secretOptional = exports.secret = exports.loadSecretsFromEncryptedJsonFileValues = exports.loadSecretsFromEncryptedJsonFile = exports.removeSecretsFromEnv = exports.loadSecretsFromEnv = void 0;
|
|
4
4
|
const fs = require("fs");
|
|
5
|
+
const js_lib_1 = require("@naturalcycles/js-lib");
|
|
5
6
|
const __1 = require("..");
|
|
6
7
|
const crypto_util_1 = require("./crypto.util");
|
|
7
8
|
let loaded = false;
|
|
@@ -39,16 +40,17 @@ exports.removeSecretsFromEnv = removeSecretsFromEnv;
|
|
|
39
40
|
* Does NOT delete previous secrets from secretMap.
|
|
40
41
|
*
|
|
41
42
|
* If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
|
|
43
|
+
*
|
|
44
|
+
* Whole file is encrypted.
|
|
45
|
+
* For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
|
|
42
46
|
*/
|
|
43
47
|
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
44
|
-
function
|
|
45
|
-
|
|
46
|
-
throw new Error(`loadSecretsFromPlainJsonFile() cannot load from path: ${filePath}`);
|
|
47
|
-
}
|
|
48
|
+
function loadSecretsFromEncryptedJsonFile(filePath, secretEncryptionKey) {
|
|
49
|
+
(0, js_lib_1._assert)(fs.existsSync(filePath), `loadSecretsFromEncryptedJsonFile() cannot load from path: ${filePath}`);
|
|
48
50
|
let secrets;
|
|
49
|
-
if (
|
|
51
|
+
if (secretEncryptionKey) {
|
|
50
52
|
const buf = fs.readFileSync(filePath);
|
|
51
|
-
const plain = (0, crypto_util_1.decryptRandomIVBuffer)(buf,
|
|
53
|
+
const plain = (0, crypto_util_1.decryptRandomIVBuffer)(buf, secretEncryptionKey).toString('utf8');
|
|
52
54
|
secrets = JSON.parse(plain);
|
|
53
55
|
}
|
|
54
56
|
else {
|
|
@@ -60,7 +62,26 @@ function loadSecretsFromJsonFile(filePath, SECRET_ENCRYPTION_KEY) {
|
|
|
60
62
|
.map(s => s.toUpperCase())
|
|
61
63
|
.join(', ')}`);
|
|
62
64
|
}
|
|
63
|
-
exports.
|
|
65
|
+
exports.loadSecretsFromEncryptedJsonFile = loadSecretsFromEncryptedJsonFile;
|
|
66
|
+
/**
|
|
67
|
+
* Whole file is NOT encrypted, but instead individual json values ARE encrypted..
|
|
68
|
+
* For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
|
|
69
|
+
*/
|
|
70
|
+
function loadSecretsFromEncryptedJsonFileValues(filePath, secretEncryptionKey) {
|
|
71
|
+
(0, js_lib_1._assert)(fs.existsSync(filePath), `loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`);
|
|
72
|
+
const secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'));
|
|
73
|
+
if (secretEncryptionKey) {
|
|
74
|
+
(0, js_lib_1._stringMapEntries)(secrets).forEach(([k, enc]) => {
|
|
75
|
+
secrets[k] = (0, crypto_util_1.decryptString)(enc, secretEncryptionKey);
|
|
76
|
+
});
|
|
77
|
+
}
|
|
78
|
+
Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v));
|
|
79
|
+
loaded = true;
|
|
80
|
+
console.log(`${Object.keys(secrets).length} secret(s) loaded from ${filePath}: ${Object.keys(secrets)
|
|
81
|
+
.map(s => s.toUpperCase())
|
|
82
|
+
.join(', ')}`);
|
|
83
|
+
}
|
|
84
|
+
exports.loadSecretsFromEncryptedJsonFileValues = loadSecretsFromEncryptedJsonFileValues;
|
|
64
85
|
/**
|
|
65
86
|
* json secrets are always base64'd
|
|
66
87
|
*/
|
|
@@ -1,6 +1,7 @@
|
|
|
1
1
|
import { MemoCache } from '@naturalcycles/js-lib';
|
|
2
2
|
import LRUCache = require('lru-cache');
|
|
3
|
-
export
|
|
3
|
+
export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {
|
|
4
|
+
}
|
|
4
5
|
/**
|
|
5
6
|
* @example
|
|
6
7
|
* Use it like this:
|
|
@@ -8,8 +9,8 @@ export declare type LRUMemoCacheOpts = LRUCache.Options<string, any>;
|
|
|
8
9
|
* @_Memo({ cacheFactory: () => new LRUMemoCache({...}) })
|
|
9
10
|
* method1 ()
|
|
10
11
|
*/
|
|
11
|
-
export declare class LRUMemoCache implements MemoCache {
|
|
12
|
-
constructor(opt:
|
|
12
|
+
export declare class LRUMemoCache<KEY = any, VALUE = any> implements MemoCache<KEY, VALUE> {
|
|
13
|
+
constructor(opt: LRUMemoCacheOptions<KEY, VALUE>);
|
|
13
14
|
private lru;
|
|
14
15
|
has(k: any): boolean;
|
|
15
16
|
get(k: any): any;
|
package/package.json
CHANGED
|
@@ -6,15 +6,15 @@ import { runScript } from '../script'
|
|
|
6
6
|
import { DecryptCLIOptions, secretsDecrypt } from '../secret/secrets-decrypt.util'
|
|
7
7
|
|
|
8
8
|
runScript(() => {
|
|
9
|
-
const { dir, encKey,
|
|
9
|
+
const { dir, encKey, del } = getDecryptCLIOptions()
|
|
10
10
|
|
|
11
|
-
secretsDecrypt(dir, encKey,
|
|
11
|
+
secretsDecrypt(dir, encKey, del)
|
|
12
12
|
})
|
|
13
13
|
|
|
14
14
|
function getDecryptCLIOptions(): DecryptCLIOptions {
|
|
15
15
|
require('dotenv').config()
|
|
16
16
|
|
|
17
|
-
let { dir, encKey, encKeyVar,
|
|
17
|
+
let { dir, encKey, encKeyVar, del } = yargs.options({
|
|
18
18
|
dir: {
|
|
19
19
|
type: 'array',
|
|
20
20
|
desc: 'Directory with secrets. Can be many',
|
|
@@ -32,10 +32,10 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
|
|
|
32
32
|
desc: 'Env variable name to get `encKey` from.',
|
|
33
33
|
default: 'SECRET_ENCRYPTION_KEY',
|
|
34
34
|
},
|
|
35
|
-
algorithm: {
|
|
36
|
-
|
|
37
|
-
|
|
38
|
-
},
|
|
35
|
+
// algorithm: {
|
|
36
|
+
// type: 'string',
|
|
37
|
+
// default: 'aes-256-cbc',
|
|
38
|
+
// },
|
|
39
39
|
del: {
|
|
40
40
|
type: 'boolean',
|
|
41
41
|
desc: 'Delete source files after encryption/decryption. Be careful!',
|
|
@@ -55,5 +55,5 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
|
|
|
55
55
|
}
|
|
56
56
|
|
|
57
57
|
// `as any` because @types/yargs can't handle string[] type properly
|
|
58
|
-
return { dir: dir as any, encKey,
|
|
58
|
+
return { dir: dir as any, encKey, del }
|
|
59
59
|
}
|
|
@@ -6,15 +6,15 @@ import { runScript } from '../script'
|
|
|
6
6
|
import { EncryptCLIOptions, secretsEncrypt } from '../secret/secrets-encrypt.util'
|
|
7
7
|
|
|
8
8
|
runScript(() => {
|
|
9
|
-
const { pattern, encKey,
|
|
9
|
+
const { pattern, encKey, del } = getEncryptCLIOptions()
|
|
10
10
|
|
|
11
|
-
secretsEncrypt(pattern, encKey,
|
|
11
|
+
secretsEncrypt(pattern, encKey, del)
|
|
12
12
|
})
|
|
13
13
|
|
|
14
14
|
function getEncryptCLIOptions(): EncryptCLIOptions {
|
|
15
15
|
require('dotenv').config()
|
|
16
16
|
|
|
17
|
-
let { pattern, encKey, encKeyVar,
|
|
17
|
+
let { pattern, encKey, encKeyVar, del } = yargs.options({
|
|
18
18
|
pattern: {
|
|
19
19
|
type: 'string',
|
|
20
20
|
array: true,
|
|
@@ -33,10 +33,10 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
|
|
|
33
33
|
desc: 'Env variable name to get `encKey` from.',
|
|
34
34
|
default: 'SECRET_ENCRYPTION_KEY',
|
|
35
35
|
},
|
|
36
|
-
algorithm: {
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
},
|
|
36
|
+
// algorithm: {
|
|
37
|
+
// type: 'string',
|
|
38
|
+
// default: 'aes-256-cbc',
|
|
39
|
+
// },
|
|
40
40
|
del: {
|
|
41
41
|
type: 'boolean',
|
|
42
42
|
desc: 'Delete source files after encryption/decryption. Be careful!',
|
|
@@ -56,5 +56,5 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
|
|
|
56
56
|
}
|
|
57
57
|
|
|
58
58
|
// `as any` because @types/yargs can't handle string[] type properly
|
|
59
|
-
return { pattern: pattern as any, encKey,
|
|
59
|
+
return { pattern: pattern as any, encKey, del }
|
|
60
60
|
}
|
package/src/got/getGot.ts
CHANGED
|
@@ -207,7 +207,9 @@ function gotBeforeRetryHook(opt: GetGotOptions): BeforeRetryHook {
|
|
|
207
207
|
|
|
208
208
|
if (statusCode && statusCode < 300) {
|
|
209
209
|
// todo: possibly remove the log message completely in the future
|
|
210
|
-
opt.logger!.log(
|
|
210
|
+
opt.logger!.log(
|
|
211
|
+
`skipping got.beforeRetry hook as statusCode is ${statusCode}, err.msg is ${err?.message}`,
|
|
212
|
+
)
|
|
211
213
|
return
|
|
212
214
|
}
|
|
213
215
|
|
package/src/index.ts
CHANGED
|
@@ -81,7 +81,7 @@ export * from './stream/writable/writablePushToArray'
|
|
|
81
81
|
export * from './stream/writable/writableVoid'
|
|
82
82
|
import { inspectAny, InspectAnyOptions, inspectAnyStringifyFn } from './string/inspectAny'
|
|
83
83
|
export * from './util/env.util'
|
|
84
|
-
|
|
84
|
+
export * from './util/lruMemoCache'
|
|
85
85
|
export * from './util/zip.util'
|
|
86
86
|
import { readAjvSchemas, readJsonSchemas } from './validation/ajv/ajv.util'
|
|
87
87
|
import { AjvSchema, AjvSchemaCfg, AjvValidationOptions } from './validation/ajv/ajvSchema'
|
|
@@ -165,7 +165,6 @@ export {
|
|
|
165
165
|
undefinedIfInvalid,
|
|
166
166
|
convert,
|
|
167
167
|
Joi,
|
|
168
|
-
LRUMemoCache,
|
|
169
168
|
Debug,
|
|
170
169
|
SlackService,
|
|
171
170
|
slackDefaultMessagePrefixHook,
|
|
@@ -15,19 +15,14 @@ export interface DecryptCLIOptions {
|
|
|
15
15
|
* Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
|
|
16
16
|
* Using provided encKey.
|
|
17
17
|
*/
|
|
18
|
-
export function secretsDecrypt(
|
|
19
|
-
dir: string[],
|
|
20
|
-
encKey: string,
|
|
21
|
-
algorithm?: string,
|
|
22
|
-
del?: boolean,
|
|
23
|
-
): void {
|
|
18
|
+
export function secretsDecrypt(dir: string[], encKey: string, del?: boolean): void {
|
|
24
19
|
const patterns = dir.map(d => `${d}/**/*.enc`)
|
|
25
20
|
|
|
26
21
|
const filenames = globby.sync(patterns)
|
|
27
22
|
|
|
28
23
|
filenames.forEach(filename => {
|
|
29
24
|
const enc = fs.readFileSync(filename)
|
|
30
|
-
const plain = decryptRandomIVBuffer(enc, encKey
|
|
25
|
+
const plain = decryptRandomIVBuffer(enc, encKey)
|
|
31
26
|
|
|
32
27
|
const plainFilename = filename.slice(0, filename.length - '.enc'.length)
|
|
33
28
|
fs.writeFileSync(plainFilename, plain)
|
|
@@ -15,12 +15,7 @@ export interface EncryptCLIOptions {
|
|
|
15
15
|
* Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
|
|
16
16
|
* Using provided encKey.
|
|
17
17
|
*/
|
|
18
|
-
export function secretsEncrypt(
|
|
19
|
-
pattern: string[],
|
|
20
|
-
encKey: string,
|
|
21
|
-
algorithm?: string,
|
|
22
|
-
del?: boolean,
|
|
23
|
-
): void {
|
|
18
|
+
export function secretsEncrypt(pattern: string[], encKey: string, del?: boolean): void {
|
|
24
19
|
const patterns = [
|
|
25
20
|
...pattern,
|
|
26
21
|
`!**/*.enc`, // excluding already encoded
|
|
@@ -29,7 +24,7 @@ export function secretsEncrypt(
|
|
|
29
24
|
|
|
30
25
|
filenames.forEach(filename => {
|
|
31
26
|
const plain = fs.readFileSync(filename)
|
|
32
|
-
const enc = encryptRandomIVBuffer(plain, encKey
|
|
27
|
+
const enc = encryptRandomIVBuffer(plain, encKey)
|
|
33
28
|
|
|
34
29
|
const encFilename = `${filename}.enc`
|
|
35
30
|
fs.writeFileSync(encFilename, enc)
|
|
@@ -1,18 +1,12 @@
|
|
|
1
1
|
import * as crypto from 'crypto'
|
|
2
2
|
import { md5 } from './hash.util'
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
const algorithm = 'aes-256-cbc'
|
|
5
5
|
|
|
6
|
-
|
|
7
|
-
|
|
8
|
-
|
|
9
|
-
|
|
10
|
-
|
|
11
|
-
export function encryptRandomIVBuffer(
|
|
12
|
-
input: Buffer,
|
|
13
|
-
secretKeyBase64: string,
|
|
14
|
-
algorithm = 'aes-256-cbc',
|
|
15
|
-
): Buffer {
|
|
6
|
+
/**
|
|
7
|
+
* Using aes-256-cbc
|
|
8
|
+
*/
|
|
9
|
+
export function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
|
|
16
10
|
const key = aes256Key(secretKeyBase64)
|
|
17
11
|
|
|
18
12
|
// Random iv to achieve non-deterministic encryption (but deterministic decryption)
|
|
@@ -24,11 +18,10 @@ export function encryptRandomIVBuffer(
|
|
|
24
18
|
return Buffer.concat([iv, cipher.update(input), cipher.final()])
|
|
25
19
|
}
|
|
26
20
|
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
): Buffer {
|
|
21
|
+
/**
|
|
22
|
+
* Using aes-256-cbc
|
|
23
|
+
*/
|
|
24
|
+
export function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
|
|
32
25
|
const key = aes256Key(secretKeyBase64)
|
|
33
26
|
|
|
34
27
|
// iv is first 16 bytes of encrypted buffer, the rest is payload
|
|
@@ -39,3 +32,34 @@ export function decryptRandomIVBuffer(
|
|
|
39
32
|
|
|
40
33
|
return Buffer.concat([decipher.update(payload), decipher.final()])
|
|
41
34
|
}
|
|
35
|
+
|
|
36
|
+
/**
|
|
37
|
+
* Using aes-256-cbc
|
|
38
|
+
*/
|
|
39
|
+
export function decryptString(str: string, secretKey: string): string {
|
|
40
|
+
const { algorithm, key, iv } = getCryptoParams(secretKey)
|
|
41
|
+
const decipher = crypto.createDecipheriv(algorithm, key, iv)
|
|
42
|
+
let decrypted = decipher.update(str, 'base64', 'utf8')
|
|
43
|
+
return (decrypted += decipher.final('utf8'))
|
|
44
|
+
}
|
|
45
|
+
|
|
46
|
+
/**
|
|
47
|
+
* Using aes-256-cbc
|
|
48
|
+
*/
|
|
49
|
+
export function encryptString(str: string, secretKey: string): string {
|
|
50
|
+
const { algorithm, key, iv } = getCryptoParams(secretKey)
|
|
51
|
+
const cipher = crypto.createCipheriv(algorithm, key, iv)
|
|
52
|
+
let encrypted = cipher.update(str, 'utf8', 'base64')
|
|
53
|
+
return (encrypted += cipher.final('base64'))
|
|
54
|
+
}
|
|
55
|
+
|
|
56
|
+
function getCryptoParams(secretKey: string): { algorithm: string; key: string; iv: string } {
|
|
57
|
+
const key = md5(secretKey)
|
|
58
|
+
const iv = md5(secretKey + key).slice(0, 16)
|
|
59
|
+
return { algorithm, key, iv }
|
|
60
|
+
}
|
|
61
|
+
|
|
62
|
+
function aes256Key(secretKeyBase64: string): string {
|
|
63
|
+
// md5 to match aes-256 key length of 32 bytes
|
|
64
|
+
return md5(Buffer.from(secretKeyBase64, 'base64'))
|
|
65
|
+
}
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
import * as fs from 'fs'
|
|
2
|
-
import { StringMap } from '@naturalcycles/js-lib'
|
|
2
|
+
import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
|
|
3
3
|
import { base64ToString } from '..'
|
|
4
|
-
import { decryptRandomIVBuffer } from './crypto.util'
|
|
4
|
+
import { decryptRandomIVBuffer, decryptString } from './crypto.util'
|
|
5
5
|
|
|
6
6
|
let loaded = false
|
|
7
7
|
|
|
@@ -46,18 +46,25 @@ export function removeSecretsFromEnv(): void {
|
|
|
46
46
|
* Does NOT delete previous secrets from secretMap.
|
|
47
47
|
*
|
|
48
48
|
* If SECRET_ENCRYPTION_KEY argument is passed - will decrypt the contents of the file first, before parsing it as JSON.
|
|
49
|
+
*
|
|
50
|
+
* Whole file is encrypted.
|
|
51
|
+
* For "json-values encrypted" style - use `loadSecretsFromEncryptedJsonFileValues`
|
|
49
52
|
*/
|
|
50
53
|
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
51
|
-
export function
|
|
52
|
-
|
|
53
|
-
|
|
54
|
-
|
|
54
|
+
export function loadSecretsFromEncryptedJsonFile(
|
|
55
|
+
filePath: string,
|
|
56
|
+
secretEncryptionKey?: string,
|
|
57
|
+
): void {
|
|
58
|
+
_assert(
|
|
59
|
+
fs.existsSync(filePath),
|
|
60
|
+
`loadSecretsFromEncryptedJsonFile() cannot load from path: ${filePath}`,
|
|
61
|
+
)
|
|
55
62
|
|
|
56
63
|
let secrets: StringMap
|
|
57
64
|
|
|
58
|
-
if (
|
|
65
|
+
if (secretEncryptionKey) {
|
|
59
66
|
const buf = fs.readFileSync(filePath)
|
|
60
|
-
const plain = decryptRandomIVBuffer(buf,
|
|
67
|
+
const plain = decryptRandomIVBuffer(buf, secretEncryptionKey).toString('utf8')
|
|
61
68
|
secrets = JSON.parse(plain)
|
|
62
69
|
} else {
|
|
63
70
|
secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'))
|
|
@@ -73,6 +80,37 @@ export function loadSecretsFromJsonFile(filePath: string, SECRET_ENCRYPTION_KEY?
|
|
|
73
80
|
)
|
|
74
81
|
}
|
|
75
82
|
|
|
83
|
+
/**
|
|
84
|
+
* Whole file is NOT encrypted, but instead individual json values ARE encrypted..
|
|
85
|
+
* For whole-file encryption - use `loadSecretsFromEncryptedJsonFile`
|
|
86
|
+
*/
|
|
87
|
+
export function loadSecretsFromEncryptedJsonFileValues(
|
|
88
|
+
filePath: string,
|
|
89
|
+
secretEncryptionKey?: string,
|
|
90
|
+
): void {
|
|
91
|
+
_assert(
|
|
92
|
+
fs.existsSync(filePath),
|
|
93
|
+
`loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`,
|
|
94
|
+
)
|
|
95
|
+
|
|
96
|
+
const secrets: StringMap = JSON.parse(fs.readFileSync(filePath, 'utf8'))
|
|
97
|
+
|
|
98
|
+
if (secretEncryptionKey) {
|
|
99
|
+
_stringMapEntries(secrets).forEach(([k, enc]) => {
|
|
100
|
+
secrets[k] = decryptString(enc, secretEncryptionKey)
|
|
101
|
+
})
|
|
102
|
+
}
|
|
103
|
+
|
|
104
|
+
Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v))
|
|
105
|
+
|
|
106
|
+
loaded = true
|
|
107
|
+
console.log(
|
|
108
|
+
`${Object.keys(secrets).length} secret(s) loaded from ${filePath}: ${Object.keys(secrets)
|
|
109
|
+
.map(s => s.toUpperCase())
|
|
110
|
+
.join(', ')}`,
|
|
111
|
+
)
|
|
112
|
+
}
|
|
113
|
+
|
|
76
114
|
/**
|
|
77
115
|
* json secrets are always base64'd
|
|
78
116
|
*/
|
package/src/util/lruMemoCache.ts
CHANGED
|
@@ -1,7 +1,8 @@
|
|
|
1
1
|
import { MemoCache } from '@naturalcycles/js-lib'
|
|
2
2
|
import LRUCache = require('lru-cache')
|
|
3
3
|
|
|
4
|
-
|
|
4
|
+
// Partial, to be able to provide default `max`
|
|
5
|
+
export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {}
|
|
5
6
|
|
|
6
7
|
/**
|
|
7
8
|
* @example
|
|
@@ -10,12 +11,15 @@ export type LRUMemoCacheOpts = LRUCache.Options<string, any>
|
|
|
10
11
|
* @_Memo({ cacheFactory: () => new LRUMemoCache({...}) })
|
|
11
12
|
* method1 ()
|
|
12
13
|
*/
|
|
13
|
-
export class LRUMemoCache implements MemoCache {
|
|
14
|
-
constructor(opt:
|
|
15
|
-
this.lru = new LRUCache<
|
|
14
|
+
export class LRUMemoCache<KEY = any, VALUE = any> implements MemoCache<KEY, VALUE> {
|
|
15
|
+
constructor(opt: LRUMemoCacheOptions<KEY, VALUE>) {
|
|
16
|
+
this.lru = new LRUCache<KEY, VALUE>({
|
|
17
|
+
max: 100,
|
|
18
|
+
...opt,
|
|
19
|
+
})
|
|
16
20
|
}
|
|
17
21
|
|
|
18
|
-
private lru!: LRUCache<
|
|
22
|
+
private lru!: LRUCache<KEY, VALUE>
|
|
19
23
|
|
|
20
24
|
has(k: any): boolean {
|
|
21
25
|
return this.lru.has(k)
|