@naturalcycles/nodejs-lib 12.67.0 → 12.68.1

package/dist/index.d.ts

@@ -9,6 +9,7 @@ import { GetGotOptions } from './got/got.model';
 export * from './infra/process.util';
 import { Debug, IDebug, IDebugger } from './log/debug';
 export * from './security/hash.util';
+export * from './security/crypto.util';
 export * from './security/id.util';
 export * from './security/secret.util';
 export * from './colors/colors';

package/dist/index.js

@@ -16,6 +16,7 @@ tslib_1.__exportStar(require("./infra/process.util"), exports);
 const debug_1 = require("./log/debug");
 Object.defineProperty(exports, "Debug", { enumerable: true, get: function () { return debug_1.Debug; } });
 tslib_1.__exportStar(require("./security/hash.util"), exports);
+tslib_1.__exportStar(require("./security/crypto.util"), exports);
 tslib_1.__exportStar(require("./security/id.util"), exports);
 tslib_1.__exportStar(require("./security/secret.util"), exports);
 tslib_1.__exportStar(require("./colors/colors"), exports);

package/dist/secret/secrets-decrypt.util.js

@@ -24,10 +24,7 @@ function secretsDecrypt(dir, file, encKey, del = false, jsonMode = false) {
             (0, js_lib_1._assert)(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`);
             (0, js_lib_1._assert)(!filename.endsWith('.plain.json'), `${path.basename(filename)} MUST NOT end with '.plain.json'`);
             plainFilename = filename.replace('.json', '.plain.json');
-            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
-            (0, js_lib_1._stringMapEntries)(json).forEach(([k, v]) => {
-                json[k] = (0, crypto_util_1.decryptString)(v, encKey);
-            });
+            const json = (0, crypto_util_1.decryptObject)(JSON.parse(fs.readFileSync(filename, 'utf8')), encKey);
             fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2));
         }
         else {

package/dist/secret/secrets-encrypt.util.js

@@ -24,10 +24,7 @@ function secretsEncrypt(pattern, file, encKey, del = false, jsonMode = false) {
         if (jsonMode) {
             (0, js_lib_1._assert)(filename.endsWith('.plain.json'), `${path.basename(filename)} MUST end with '.plain.json'`);
             encFilename = filename.replace('.plain', '');
-            const json = JSON.parse(fs.readFileSync(filename, 'utf8'));
-            (0, js_lib_1._stringMapEntries)(json).forEach(([k, plain]) => {
-                json[k] = (0, crypto_util_1.encryptString)(plain, encKey);
-            });
+            const json = (0, crypto_util_1.encryptObject)(JSON.parse(fs.readFileSync(filename, 'utf8')), encKey);
             fs.writeFileSync(encFilename, JSON.stringify(json, null, 2));
         }
         else {

package/dist/security/crypto.util.d.ts

@@ -1,4 +1,5 @@
 /// <reference types="node" />
+import { StringMap } from '@naturalcycles/js-lib';
 /**
  * Using aes-256-cbc
  */
@@ -7,6 +8,12 @@ export declare function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: st
  * Using aes-256-cbc
  */
 export declare function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer;
+/**
+ * Decrypts all object values.
+ * Returns object with decrypted values.
+ */
+export declare function decryptObject(obj: StringMap, secretKey: string): StringMap;
+export declare function encryptObject(obj: StringMap, secretKey: string): StringMap;
 /**
  * Using aes-256-cbc
  */

package/dist/security/crypto.util.js

@@ -1,17 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.encryptString = exports.decryptString = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
+exports.encryptString = exports.decryptString = exports.encryptObject = exports.decryptObject = exports.decryptRandomIVBuffer = exports.encryptRandomIVBuffer = void 0;
 const crypto = require("crypto");
+const js_lib_1 = require("@naturalcycles/js-lib");
 const hash_util_1 = require("./hash.util");
 const algorithm = 'aes-256-cbc';
 /**
  * Using aes-256-cbc
  */
 function encryptRandomIVBuffer(input, secretKeyBase64) {
-    const key = aes256Key(secretKeyBase64);
+    // md5 to match aes-256 key length of 32 bytes
+    const key = (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
     // Random iv to achieve non-deterministic encryption (but deterministic decryption)
-    // const iv = await randomBytes(16)
-    const iv = crypto.randomBytes(16); // use sync method here for speed
+    const iv = crypto.randomBytes(16);
     const cipher = crypto.createCipheriv(algorithm, key, iv);
     return Buffer.concat([iv, cipher.update(input), cipher.final()]);
 }
@@ -20,7 +21,8 @@ exports.encryptRandomIVBuffer = encryptRandomIVBuffer;
  * Using aes-256-cbc
  */
 function decryptRandomIVBuffer(input, secretKeyBase64) {
-    const key = aes256Key(secretKeyBase64);
+    // md5 to match aes-256 key length of 32 bytes
+    const key = (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
     // iv is first 16 bytes of encrypted buffer, the rest is payload
     const iv = input.slice(0, 16);
     const payload = input.slice(16);
@@ -28,32 +30,50 @@ function decryptRandomIVBuffer(input, secretKeyBase64) {
     return Buffer.concat([decipher.update(payload), decipher.final()]);
 }
 exports.decryptRandomIVBuffer = decryptRandomIVBuffer;
+/**
+ * Decrypts all object values.
+ * Returns object with decrypted values.
+ */
+function decryptObject(obj, secretKey) {
+    const { key, iv } = getCryptoParams(secretKey);
+    const r = {};
+    (0, js_lib_1._stringMapEntries)(obj).forEach(([k, v]) => {
+        const decipher = crypto.createDecipheriv(algorithm, key, iv);
+        r[k] = decipher.update(v, 'base64', 'utf8') + decipher.final('utf8');
+    });
+    return r;
+}
+exports.decryptObject = decryptObject;
+function encryptObject(obj, secretKey) {
+    const { key, iv } = getCryptoParams(secretKey);
+    const r = {};
+    (0, js_lib_1._stringMapEntries)(obj).forEach(([k, v]) => {
+        const cipher = crypto.createCipheriv(algorithm, key, iv);
+        r[k] = cipher.update(v, 'utf8', 'base64') + cipher.final('base64');
+    });
+    return r;
+}
+exports.encryptObject = encryptObject;
 /**
  * Using aes-256-cbc
  */
 function decryptString(str, secretKey) {
-    const { algorithm, key, iv } = getCryptoParams(secretKey);
+    const { key, iv } = getCryptoParams(secretKey);
     const decipher = crypto.createDecipheriv(algorithm, key, iv);
-    let decrypted = decipher.update(str, 'base64', 'utf8');
-    return (decrypted += decipher.final('utf8'));
+    return decipher.update(str, 'base64', 'utf8') + decipher.final('utf8');
 }
 exports.decryptString = decryptString;
 /**
  * Using aes-256-cbc
  */
 function encryptString(str, secretKey) {
-    const { algorithm, key, iv } = getCryptoParams(secretKey);
+    const { key, iv } = getCryptoParams(secretKey);
     const cipher = crypto.createCipheriv(algorithm, key, iv);
-    let encrypted = cipher.update(str, 'utf8', 'base64');
-    return (encrypted += cipher.final('base64'));
+    return cipher.update(str, 'utf8', 'base64') + cipher.final('base64');
 }
 exports.encryptString = encryptString;
 function getCryptoParams(secretKey) {
     const key = (0, hash_util_1.md5)(secretKey);
     const iv = (0, hash_util_1.md5)(secretKey + key).slice(0, 16);
-    return { algorithm, key, iv };
-}
-function aes256Key(secretKeyBase64) {
-    // md5 to match aes-256 key length of 32 bytes
-    return (0, hash_util_1.md5)(Buffer.from(secretKeyBase64, 'base64'));
+    return { key, iv };
 }

package/dist/security/secret.util.js

@@ -69,11 +69,9 @@ exports.loadSecretsFromEncryptedJsonFile = loadSecretsFromEncryptedJsonFile;
  */
 function loadSecretsFromEncryptedJsonFileValues(filePath, secretEncryptionKey) {
     (0, js_lib_1._assert)(fs.existsSync(filePath), `loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`);
-    const secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'));
+    let secrets = JSON.parse(fs.readFileSync(filePath, 'utf8'));
     if (secretEncryptionKey) {
-        (0, js_lib_1._stringMapEntries)(secrets).forEach(([k, enc]) => {
-            secrets[k] = (0, crypto_util_1.decryptString)(enc, secretEncryptionKey);
-        });
+        secrets = (0, crypto_util_1.decryptObject)(secrets, secretEncryptionKey);
     }
     Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v));
     loaded = true;

package/dist/util/lruMemoCache.d.ts

@@ -1,7 +1,6 @@
 import { MemoCache } from '@naturalcycles/js-lib';
 import LRUCache = require('lru-cache');
-export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {
-}
+export declare type LRUMemoCacheOptions<KEY, VALUE> = Partial<LRUCache.Options<KEY, VALUE>>;
 /**
  * @example
  * Use it like this:

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@naturalcycles/nodejs-lib",
-  "version": "12.67.0",
+  "version": "12.68.1",
   "scripts": {
     "prepare": "husky install",
     "docs-serve": "vuepress dev docs",

package/src/index.ts

@@ -9,6 +9,7 @@ import { GetGotOptions } from './got/got.model'
 export * from './infra/process.util'
 import { Debug, IDebug, IDebugger } from './log/debug'
 export * from './security/hash.util'
+export * from './security/crypto.util'
 export * from './security/id.util'
 export * from './security/secret.util'
 export * from './colors/colors'

package/src/secret/secrets-decrypt.util.ts

@@ -1,9 +1,9 @@
 import * as path from 'path'
-import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
+import { _assert } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { decryptRandomIVBuffer, decryptString } from '../security/crypto.util'
+import { decryptObject, decryptRandomIVBuffer } from '../security/crypto.util'
 
 export interface DecryptCLIOptions {
   dir: string[]
@@ -44,10 +44,7 @@ export function secretsDecrypt(
       )
       plainFilename = filename.replace('.json', '.plain.json')
 
-      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
-      _stringMapEntries(json).forEach(([k, v]) => {
-        json[k] = decryptString(v, encKey)
-      })
+      const json = decryptObject(JSON.parse(fs.readFileSync(filename, 'utf8')), encKey)
 
       fs.writeFileSync(plainFilename, JSON.stringify(json, null, 2))
     } else {

package/src/secret/secrets-encrypt.util.ts

@@ -1,9 +1,9 @@
 import * as path from 'path'
-import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
+import { _assert } from '@naturalcycles/js-lib'
 import * as fs from 'fs-extra'
 import globby = require('globby')
 import { dimGrey, yellow } from '../colors'
-import { encryptRandomIVBuffer, encryptString } from '../security/crypto.util'
+import { encryptObject, encryptRandomIVBuffer } from '../security/crypto.util'
 
 export interface EncryptCLIOptions {
   pattern: string[]
@@ -41,11 +41,7 @@ export function secretsEncrypt(
       )
       encFilename = filename.replace('.plain', '')
 
-      const json: StringMap = JSON.parse(fs.readFileSync(filename, 'utf8'))
-
-      _stringMapEntries(json).forEach(([k, plain]) => {
-        json[k] = encryptString(plain, encKey)
-      })
+      const json = encryptObject(JSON.parse(fs.readFileSync(filename, 'utf8')), encKey)
 
       fs.writeFileSync(encFilename, JSON.stringify(json, null, 2))
     } else {

package/src/security/crypto.util.ts

@@ -1,4 +1,5 @@
 import * as crypto from 'crypto'
+import { _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
 import { md5 } from './hash.util'
 
 const algorithm = 'aes-256-cbc'
@@ -7,12 +8,11 @@ const algorithm = 'aes-256-cbc'
  * Using aes-256-cbc
  */
 export function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
-  const key = aes256Key(secretKeyBase64)
+  // md5 to match aes-256 key length of 32 bytes
+  const key = md5(Buffer.from(secretKeyBase64, 'base64'))
 
   // Random iv to achieve non-deterministic encryption (but deterministic decryption)
-  // const iv = await randomBytes(16)
-  const iv = crypto.randomBytes(16) // use sync method here for speed
-
+  const iv = crypto.randomBytes(16)
   const cipher = crypto.createCipheriv(algorithm, key, iv)
 
   return Buffer.concat([iv, cipher.update(input), cipher.final()])
@@ -22,7 +22,8 @@ export function encryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): B
  * Using aes-256-cbc
  */
 export function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): Buffer {
-  const key = aes256Key(secretKeyBase64)
+  // md5 to match aes-256 key length of 32 bytes
+  const key = md5(Buffer.from(secretKeyBase64, 'base64'))
 
   // iv is first 16 bytes of encrypted buffer, the rest is payload
   const iv = input.slice(0, 16)
@@ -33,33 +34,52 @@ export function decryptRandomIVBuffer(input: Buffer, secretKeyBase64: string): B
   return Buffer.concat([decipher.update(payload), decipher.final()])
 }
 
+/**
+ * Decrypts all object values.
+ * Returns object with decrypted values.
+ */
+export function decryptObject(obj: StringMap, secretKey: string): StringMap {
+  const { key, iv } = getCryptoParams(secretKey)
+
+  const r: StringMap = {}
+  _stringMapEntries(obj).forEach(([k, v]) => {
+    const decipher = crypto.createDecipheriv(algorithm, key, iv)
+    r[k] = decipher.update(v, 'base64', 'utf8') + decipher.final('utf8')
+  })
+  return r
+}
+
+export function encryptObject(obj: StringMap, secretKey: string): StringMap {
+  const { key, iv } = getCryptoParams(secretKey)
+
+  const r: StringMap = {}
+  _stringMapEntries(obj).forEach(([k, v]) => {
+    const cipher = crypto.createCipheriv(algorithm, key, iv)
+    r[k] = cipher.update(v, 'utf8', 'base64') + cipher.final('base64')
+  })
+  return r
+}
+
 /**
  * Using aes-256-cbc
  */
 export function decryptString(str: string, secretKey: string): string {
-  const { algorithm, key, iv } = getCryptoParams(secretKey)
+  const { key, iv } = getCryptoParams(secretKey)
   const decipher = crypto.createDecipheriv(algorithm, key, iv)
-  let decrypted = decipher.update(str, 'base64', 'utf8')
-  return (decrypted += decipher.final('utf8'))
+  return decipher.update(str, 'base64', 'utf8') + decipher.final('utf8')
 }
 
 /**
  * Using aes-256-cbc
  */
 export function encryptString(str: string, secretKey: string): string {
-  const { algorithm, key, iv } = getCryptoParams(secretKey)
+  const { key, iv } = getCryptoParams(secretKey)
   const cipher = crypto.createCipheriv(algorithm, key, iv)
-  let encrypted = cipher.update(str, 'utf8', 'base64')
-  return (encrypted += cipher.final('base64'))
+  return cipher.update(str, 'utf8', 'base64') + cipher.final('base64')
 }
 
-function getCryptoParams(secretKey: string): { algorithm: string; key: string; iv: string } {
+function getCryptoParams(secretKey: string): { key: string; iv: string } {
   const key = md5(secretKey)
   const iv = md5(secretKey + key).slice(0, 16)
-  return { algorithm, key, iv }
-}
-
-function aes256Key(secretKeyBase64: string): string {
-  // md5 to match aes-256 key length of 32 bytes
-  return md5(Buffer.from(secretKeyBase64, 'base64'))
+  return { key, iv }
 }

package/src/security/secret.util.ts

@@ -1,7 +1,7 @@
 import * as fs from 'fs'
-import { _assert, _stringMapEntries, StringMap } from '@naturalcycles/js-lib'
+import { _assert, StringMap } from '@naturalcycles/js-lib'
 import { base64ToString } from '..'
-import { decryptRandomIVBuffer, decryptString } from './crypto.util'
+import { decryptObject, decryptRandomIVBuffer } from './crypto.util'
 
 let loaded = false
 
@@ -93,12 +93,10 @@ export function loadSecretsFromEncryptedJsonFileValues(
     `loadSecretsFromEncryptedJsonFileValues() cannot load from path: ${filePath}`,
   )
 
-  const secrets: StringMap = JSON.parse(fs.readFileSync(filePath, 'utf8'))
+  let secrets: StringMap = JSON.parse(fs.readFileSync(filePath, 'utf8'))
 
   if (secretEncryptionKey) {
-    _stringMapEntries(secrets).forEach(([k, enc]) => {
-      secrets[k] = decryptString(enc, secretEncryptionKey)
-    })
+    secrets = decryptObject(secrets, secretEncryptionKey)
   }
 
   Object.entries(secrets).forEach(([k, v]) => (secretMap[k.toUpperCase()] = v))

package/src/util/lruMemoCache.ts

@@ -2,7 +2,7 @@ import { MemoCache } from '@naturalcycles/js-lib'
 import LRUCache = require('lru-cache')
 
 // Partial, to be able to provide default `max`
-export interface LRUMemoCacheOptions<KEY, VALUE> extends Partial<LRUCache.Options<KEY, VALUE>> {}
+export type LRUMemoCacheOptions<KEY, VALUE> = Partial<LRUCache.Options<KEY, VALUE>>
 
 /**
  * @example