npm - @objectstack/service-settings - Versions diffs - 6.1.1 → 6.3.0 - Mend

@objectstack/service-settings 6.1.1 → 6.3.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (5) hide show

package/dist/index.js CHANGED Viewed

@@ -558,17 +558,51 @@ function coerceEnvValue(raw, hint) {
 // src/in-memory-crypto-provider.ts
 import { createHash, randomBytes, createCipheriv, createDecipheriv } from "crypto";
+var isWebContainerRuntime = () => {
+  const g = globalThis;
+  return typeof g !== "undefined" && (Boolean(g.process?.versions?.webcontainer) || Boolean(g.process?.env?.SHELL?.includes?.("jsh")) || Boolean(g.process?.env?.STACKBLITZ));
+};
+var nobleGcmPromise;
+var loadNobleGcm = () => {
+  if (!nobleGcmPromise) {
+    nobleGcmPromise = (async () => {
+      try {
+        const mod = await import("@noble/ciphers/aes.js");
+        return mod.gcm;
+      } catch (err) {
+        console.warn(
+          `[InMemoryCryptoProvider] WebContainer detected but @noble/ciphers not installed: ${err?.message ?? err}. Falling back to node:crypto (will throw).`
+        );
+        return void 0;
+      }
+    })();
+  }
+  return nobleGcmPromise;
+};
 var InMemoryCryptoProvider = class {
   constructor(opts = {}) {
     this.key = opts.key ?? randomBytes(32);
+    this.useNoble = isWebContainerRuntime();
   }
   async encrypt(plain, ctx) {
     const iv = randomBytes(12);
-    const cipher = createCipheriv("aes-256-gcm", this.key, iv);
-    cipher.setAAD(Buffer.from(this.aadOf(ctx), "utf8"));
-    const enc = Buffer.concat([cipher.update(plain, "utf8"), cipher.final()]);
-    const tag = cipher.getAuthTag();
-    const blob = Buffer.concat([iv, tag, enc]).toString("base64");
+    const aad = Buffer.from(this.aadOf(ctx), "utf8");
+    const plainBytes = Buffer.from(plain, "utf8");
+    let blob;
+    if (this.useNoble) {
+      const gcm = await loadNobleGcm();
+      if (gcm) {
+        const cipher = gcm(this.key, iv, aad);
+        const ctWithTag = cipher.encrypt(plainBytes);
+        const ct = ctWithTag.subarray(0, ctWithTag.length - 16);
+        const tag = ctWithTag.subarray(ctWithTag.length - 16);
+        blob = Buffer.concat([iv, Buffer.from(tag), Buffer.from(ct)]).toString("base64");
+      } else {
+        blob = this.encryptNode(plainBytes, iv, aad);
+      }
+    } else {
+      blob = this.encryptNode(plainBytes, iv, aad);
+    }
     return {
       id: "sec_" + randomBytes(16).toString("hex"),
       kmsKeyId: "local:in-memory:v1",
@@ -582,8 +616,18 @@ var InMemoryCryptoProvider = class {
     const iv = buf.subarray(0, 12);
     const tag = buf.subarray(12, 28);
     const data = buf.subarray(28);
+    const aad = Buffer.from(this.aadOf(ctx), "utf8");
+    if (this.useNoble) {
+      const gcm = await loadNobleGcm();
+      if (gcm) {
+        const cipher = gcm(this.key, iv, aad);
+        const ctWithTag = Buffer.concat([data, tag]);
+        const out = cipher.decrypt(ctWithTag);
+        return Buffer.from(out).toString("utf8");
+      }
+    }
     const decipher = createDecipheriv("aes-256-gcm", this.key, iv);
-    decipher.setAAD(Buffer.from(this.aadOf(ctx), "utf8"));
+    decipher.setAAD(aad);
     decipher.setAuthTag(tag);
     return Buffer.concat([decipher.update(data), decipher.final()]).toString("utf8");
   }
@@ -600,6 +644,13 @@ var InMemoryCryptoProvider = class {
   digest(plain) {
     return "sha256:" + createHash("sha256").update(plain, "utf8").digest("hex");
   }
+  encryptNode(plainBytes, iv, aad) {
+    const cipher = createCipheriv("aes-256-gcm", this.key, iv);
+    cipher.setAAD(aad);
+    const enc = Buffer.concat([cipher.update(plainBytes), cipher.final()]);
+    const tag = cipher.getAuthTag();
+    return Buffer.concat([iv, tag, enc]).toString("base64");
+  }
   aadOf(ctx) {
     return [ctx.namespace, ctx.key].join("|");
   }