@naturalcycles/nodejs-lib 12.66.0 → 12.67.0

package/dist/bin/secrets-decrypt.js

@@ -6,18 +6,22 @@ const colors_1 = require("../colors");
 const script_1 = require("../script");
 const secrets_decrypt_util_1 = require("../secret/secrets-decrypt.util");
 (0, script_1.runScript)(() => {
-    const { dir, encKey, del } = getDecryptCLIOptions();
-    (0, secrets_decrypt_util_1.secretsDecrypt)(dir, encKey, del);
+    const { dir, file, encKey, del, jsonMode } = getDecryptCLIOptions();
+    (0, secrets_decrypt_util_1.secretsDecrypt)(dir, file, encKey, del, jsonMode);
 });
 function getDecryptCLIOptions() {
     require('dotenv').config();
-    let { dir, encKey, encKeyVar, del } = yargs.options({
+    let { dir, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
         dir: {
             type: 'array',
             desc: 'Directory with secrets. Can be many',
             // demandOption: true,
             default: './secret',
         },
+        file: {
+            type: 'string',
+            desc: 'Single file to decrypt. Useful in jsonMode',
+        },
         encKey: {
             type: 'string',
             desc: 'Encryption key',
@@ -37,6 +41,11 @@ function getDecryptCLIOptions() {
             type: 'boolean',
             desc: 'Delete source files after encryption/decryption. Be careful!',
         },
+        jsonMode: {
+            type: 'boolean',
+            desc: 'JSON mode. Encrypts only json values, not the whole file',
+            default: false,
+        },
     }).argv;
     if (!encKey) {
         encKey = process.env[encKeyVar];
@@ -48,5 +57,5 @@ function getDecryptCLIOptions() {
         }
     }
     // `as any` because @types/yargs can't handle string[] type properly
-    return { dir: dir, encKey, del };
+    return { dir: dir, file, encKey, del, jsonMode };
 }

package/dist/bin/secrets-encrypt.js

@@ -6,12 +6,12 @@ const colors_1 = require("../colors");
 const script_1 = require("../script");
 const secrets_encrypt_util_1 = require("../secret/secrets-encrypt.util");
 (0, script_1.runScript)(() => {
-    const { pattern, encKey, del } = getEncryptCLIOptions();
-    (0, secrets_encrypt_util_1.secretsEncrypt)(pattern, encKey, del);
+    const { pattern, file, encKey, del, jsonMode } = getEncryptCLIOptions();
+    (0, secrets_encrypt_util_1.secretsEncrypt)(pattern, file, encKey, del, jsonMode);
 });
 function getEncryptCLIOptions() {
     require('dotenv').config();
-    let { pattern, encKey, encKeyVar, del } = yargs.options({
+    let { pattern, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
         pattern: {
             type: 'string',
             array: true,
@@ -19,6 +19,10 @@ function getEncryptCLIOptions() {
             // demandOption: true,
             default: './secret/**',
         },
+        file: {
+            type: 'string',
+            desc: 'Single file to decrypt. Useful in jsonMode',
+        },
         encKey: {
             type: 'string',
             desc: 'Encryption key',
@@ -37,6 +41,12 @@ function getEncryptCLIOptions() {
         del: {
             type: 'boolean',
             desc: 'Delete source files after encryption/decryption. Be careful!',
+            default: false,
+        },
+        jsonMode: {
+            type: 'boolean',
+            desc: 'JSON mode. Encrypts only json values, not the whole file',
+            default: false,
         },
     }).argv;
     if (!encKey) {
@@ -49,5 +59,5 @@ function getEncryptCLIOptions() {
         }
     }
     // `as any` because @types/yargs can't handle string[] type properly
-    return { pattern: pattern, encKey, del };
+    return { pattern: pattern, file, encKey, del, jsonMode };
 }

package/dist/secret/secrets-decrypt.util.d.ts

@@ -1,11 +1,12 @@
 export interface DecryptCLIOptions {
     dir: string[];
+    file?: string;
     encKey: string;
-    algorithm?: string;
     del?: boolean;
+    jsonMode?: boolean;
 }
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
-export declare function secretsDecrypt(dir: string[], encKey: string, del?: boolean): void;
+export declare function secretsDecrypt(dir: string[], file: string | undefined, encKey: string, del?: boolean, jsonMode?: boolean): void;

package/dist/secret/secrets-decrypt.util.js

@@ -2,22 +2,40 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.secretsDecrypt = void 0;
 const path = require("path");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const fs = require("fs-extra");
 const globby = require("globby");
 const colors_1 = require("../colors");
 const crypto_util_1 = require("../security/crypto.util");
+// Debug it like this:
+// yarn tsn ./src/bin/secrets-decrypt.ts --file ./src/test/secrets2.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+// yarn tsn ./src/bin/secrets-encrypt.ts --file ./src/test/secrets2.plain.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
-function secretsDecrypt(dir, encKey, del) {
-    const patterns = dir.map(d => `${d}/**/*.enc`);
+function secretsDecrypt(dir, file, encKey, del = false, jsonMode = false) {
+    // If `file` is provided - only this one file is used
+    const patterns = file ? [file] : dir.map(d => `${d}/**/*.enc`);
     const filenames = globby.sync(patterns);
     filenames.forEach(filename => {
-        const enc = fs.readFileSync(filename);
-        const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey);
-        const plainFilename = filename.slice(0, filename.length - '.enc'.length);
-        fs.writeFileSync(plainFilename, plain);
+        let plainFilename;
+        if (jsonMode) {
+            (0, js_lib_1._assert)(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`);
+            (0, js_lib_1._assert)(!filename.endsWith('.plain.json'), `${path.basename(filename)} MUST NOT end with '.plain.json'`);
+            plainFilename = filename.replace('.json', '.plain.json');
+            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
+            (0, js_lib_1._stringMapEntries)(json).forEach(([k, v]) => {
+                json[k] = (0, crypto_util_1.decryptString)(v, encKey);
+            });
+            fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2));
+        }
+        else {
+            const enc = fs.readFileSync(filename);
+            const plain = (0, crypto_util_1.decryptRandomIVBuffer)(enc, encKey);
+            plainFilename = filename.slice(0, filename.length - '.enc'.length);
+            fs.writeFileSync(plainFilename, plain);
+        }
         if (del) {
             fs.unlinkSync(filename);
         }

package/dist/secret/secrets-encrypt.util.d.ts

@@ -1,11 +1,12 @@
 export interface EncryptCLIOptions {
     pattern: string[];
+    file?: string;
     encKey: string;
-    algorithm?: string;
     del?: boolean;
+    jsonMode?: boolean;
 }
 /**
  * Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
  * Using provided encKey.
  */
-export declare function secretsEncrypt(pattern: string[], encKey: string, del?: boolean): void;
+export declare function secretsEncrypt(pattern: string[], file: string | undefined, encKey: string, del?: boolean, jsonMode?: boolean): void;

package/dist/secret/secrets-encrypt.util.js

@@ -2,6 +2,7 @@
 Object.defineProperty(exports, "__esModule", { value: true });
 exports.secretsEncrypt = void 0;
 const path = require("path");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const fs = require("fs-extra");
 const globby = require("globby");
 const colors_1 = require("../colors");
@@ -10,17 +11,31 @@ const crypto_util_1 = require("../security/crypto.util");
  * Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
  * Using provided encKey.
  */
-function secretsEncrypt(pattern, encKey, del) {
-    const patterns = [
-        ...pattern,
-        `!**/*.enc`, // excluding already encoded
-    ];
+function secretsEncrypt(pattern, file, encKey, del = false, jsonMode = false) {
+    const patterns = file
+        ? [file]
+        : [
+            ...pattern,
+            `!**/*.enc`, // excluding already encoded
+        ];
     const filenames = globby.sync(patterns);
+    let encFilename;
     filenames.forEach(filename => {
-        const plain = fs.readFileSync(filename);
-        const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey);
-        const encFilename = `${filename}.enc`;
-        fs.writeFileSync(encFilename, enc);
+        if (jsonMode) {
+            (0, js_lib_1._assert)(filename.endsWith('.plain.json'), `${path.basename(filename)} MUST end with '.plain.json'`);
+            encFilename = filename.replace('.plain', '');
+            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
+            (0, js_lib_1._stringMapEntries)(json).forEach(([k, plain]) => {
+                json[k] = (0, crypto_util_1.encryptString)(plain, encKey);
+            });
+            fs.writeFileSync(encFilename, JSON.stringify(json, null, 2));
+        }
+        else {
+            const plain = fs.readFileSync(filename);
+            const enc = (0, crypto_util_1.encryptRandomIVBuffer)(plain, encKey);
+            encFilename = `${filename}.enc`;
+            fs.writeFileSync(encFilename, enc);
+        }
         if (del) {
             fs.unlinkSync(filename);
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/nodejs-lib",
-  "version": "12.66.0",
+  "version": "12.67.0",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",

package/src/bin/secrets-decrypt.ts

@@ -6,21 +6,25 @@ import { runScript } from '../script'
 import { DecryptCLIOptions, secretsDecrypt } from '../secret/secrets-decrypt.util'
 
 runScript(() => {
-  const { dir, encKey, del } = getDecryptCLIOptions()
+  const { dir, file, encKey, del, jsonMode } = getDecryptCLIOptions()
 
-  secretsDecrypt(dir, encKey, del)
+  secretsDecrypt(dir, file, encKey, del, jsonMode)
 })
 
 function getDecryptCLIOptions(): DecryptCLIOptions {
   require('dotenv').config()
 
-  let { dir, encKey, encKeyVar, del } = yargs.options({
+  let { dir, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
     dir: {
       type: 'array',
       desc: 'Directory with secrets. Can be many',
       // demandOption: true,
       default: './secret',
     },
+    file: {
+      type: 'string',
+      desc: 'Single file to decrypt. Useful in jsonMode',
+    },
     encKey: {
       type: 'string',
       desc: 'Encryption key',
@@ -40,6 +44,11 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
       type: 'boolean',
       desc: 'Delete source files after encryption/decryption. Be careful!',
     },
+    jsonMode: {
+      type: 'boolean',
+      desc: 'JSON mode. Encrypts only json values, not the whole file',
+      default: false,
+    },
   }).argv
 
   if (!encKey) {
@@ -55,5 +64,5 @@ function getDecryptCLIOptions(): DecryptCLIOptions {
   }
 
   // `as any` because @types/yargs can't handle string[] type properly
-  return { dir: dir as any, encKey, del }
+  return { dir: dir as any, file, encKey, del, jsonMode }
 }

package/src/bin/secrets-encrypt.ts

@@ -6,15 +6,15 @@ import { runScript } from '../script'
 import { EncryptCLIOptions, secretsEncrypt } from '../secret/secrets-encrypt.util'
 
 runScript(() => {
-  const { pattern, encKey, del } = getEncryptCLIOptions()
+  const { pattern, file, encKey, del, jsonMode } = getEncryptCLIOptions()
 
-  secretsEncrypt(pattern, encKey, del)
+  secretsEncrypt(pattern, file, encKey, del, jsonMode)
 })
 
 function getEncryptCLIOptions(): EncryptCLIOptions {
   require('dotenv').config()
 
-  let { pattern, encKey, encKeyVar, del } = yargs.options({
+  let { pattern, file, encKey, encKeyVar, del, jsonMode } = yargs.options({
     pattern: {
       type: 'string',
       array: true,
@@ -22,6 +22,10 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
       // demandOption: true,
       default: './secret/**',
     },
+    file: {
+      type: 'string',
+      desc: 'Single file to decrypt. Useful in jsonMode',
+    },
     encKey: {
       type: 'string',
       desc: 'Encryption key',
@@ -40,6 +44,12 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
     del: {
       type: 'boolean',
       desc: 'Delete source files after encryption/decryption. Be careful!',
+      default: false,
+    },
+    jsonMode: {
+      type: 'boolean',
+      desc: 'JSON mode. Encrypts only json values, not the whole file',
+      default: false,
     },
   }).argv
 
@@ -56,5 +66,5 @@ function getEncryptCLIOptions(): EncryptCLIOptions {
   }
 
   // `as any` because @types/yargs can't handle string[] type properly
-  return { pattern: pattern as any, encKey, del }
+  return { pattern: pattern as any, file, encKey, del, jsonMode }
 }

package/src/secret/secrets-decrypt.util.ts

@@ -1,31 +1,61 @@
 import * as path from 'path'
+import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { decryptRandomIVBuffer } from '../security/crypto.util'
+import { decryptRandomIVBuffer, decryptString } from '../security/crypto.util'
 
 export interface DecryptCLIOptions {
   dir: string[]
+  file?: string
   encKey: string
-  algorithm?: string
   del?: boolean
+  jsonMode?: boolean
 }
 
+// Debug it like this:
+// yarn tsn ./src/bin/secrets-decrypt.ts --file ./src/test/secrets2.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+// yarn tsn ./src/bin/secrets-encrypt.ts --file ./src/test/secrets2.plain.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A==
+
 /**
  * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`.
  * Using provided encKey.
  */
-export function secretsDecrypt(dir: string[], encKey: string, del?: boolean): void {
-  const patterns = dir.map(d => `${d}/**/*.enc`)
+export function secretsDecrypt(
+  dir: string[],
+  file: string | undefined,
+  encKey: string,
+  del = false,
+  jsonMode = false,
+): void {
+  // If `file` is provided - only this one file is used
+  const patterns = file ? [file] : dir.map(d => `${d}/**/*.enc`)
 
   const filenames = globby.sync(patterns)
 
   filenames.forEach(filename => {
-    const enc = fs.readFileSync(filename)
-    const plain = decryptRandomIVBuffer(enc, encKey)
+    let plainFilename
+
+    if (jsonMode) {
+      _assert(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`)
+      _assert(
+        !filename.endsWith('.plain.json'),
+        `${path.basename(filename)} MUST NOT end with '.plain.json'`,
+      )
+      plainFilename = filename.replace('.json', '.plain.json')
 
-    const plainFilename = filename.slice(0, filename.length - '.enc'.length)
-    fs.writeFileSync(plainFilename, plain)
+      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
+      _stringMapEntries(json).forEach(([k, v]) => {
+        json[k] = decryptString(v, encKey)
+      })
+
+      fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2))
+    } else {
+      const enc = fs.readFileSync(filename)
+      const plain = decryptRandomIVBuffer(enc, encKey)
+      plainFilename = filename.slice(0, filename.length - '.enc'.length)
+      fs.writeFileSync(plainFilename, plain)
+    }
 
     if (del) {
       fs.unlinkSync(filename)

package/src/secret/secrets-encrypt.util.ts

@@ -1,33 +1,59 @@
 import * as path from 'path'
+import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { encryptRandomIVBuffer } from '../security/crypto.util'
+import { encryptRandomIVBuffer, encryptString } from '../security/crypto.util'
 
 export interface EncryptCLIOptions {
   pattern: string[]
+  file?: string
   encKey: string
-  algorithm?: string
   del?: boolean
+  jsonMode?: boolean
 }
 
 /**
  * Encrypts all files in given directory (except *.enc), saves encrypted versions as filename.ext.enc.
  * Using provided encKey.
  */
-export function secretsEncrypt(pattern: string[], encKey: string, del?: boolean): void {
-  const patterns = [
-    ...pattern,
-    `!**/*.enc`, // excluding already encoded
-  ]
+export function secretsEncrypt(
+  pattern: string[],
+  file: string | undefined,
+  encKey: string,
+  del = false,
+  jsonMode = false,
+): void {
+  const patterns = file
+    ? [file]
+    : [
+        ...pattern,
+        `!**/*.enc`, // excluding already encoded
+      ]
   const filenames = globby.sync(patterns)
+  let encFilename
 
   filenames.forEach(filename => {
-    const plain = fs.readFileSync(filename)
-    const enc = encryptRandomIVBuffer(plain, encKey)
+    if (jsonMode) {
+      _assert(
+        filename.endsWith('.plain.json'),
+        `${path.basename(filename)} MUST end with '.plain.json'`,
+      )
+      encFilename = filename.replace('.plain', '')
 
-    const encFilename = `${filename}.enc`
-    fs.writeFileSync(encFilename, enc)
+      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
+
+      _stringMapEntries(json).forEach(([k, plain]) => {
+        json[k] = encryptString(plain, encKey)
+      })
+
+      fs.writeFileSync(encFilename, JSON.stringify(json, null, 2))
+    } else {
+      const plain = fs.readFileSync(filename)
+      const enc = encryptRandomIVBuffer(plain, encKey)
+      encFilename = `${filename}.enc`
+      fs.writeFileSync(encFilename, enc)
+    }
 
     if (del) {
       fs.unlinkSync(filename)