@orion-js/env 3.1.9 → 3.1.20

package/lib/cli/add/encryptValue.d.ts

@@ -0,0 +1,2 @@
+import { Config } from '../../environment/getVariables';
+export declare const encryptValue: (key: string, value: string, config: Config) => void;

package/lib/cli/add/encryptValue.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.encryptValue = void 0;
+const crypto_1 = require("../../crypto");
+const encryptValue = (key, value, config) => {
+    config.encryptedKeys[key] = (0, crypto_1.encrypt)(config.publicKey, value);
+};
+exports.encryptValue = encryptValue;

package/lib/cli/add/getConfig.d.ts

@@ -0,0 +1,2 @@
+import { Config } from '../../environment/getVariables';
+export declare const getConfig: (envPath: string) => Config;

package/lib/cli/add/getConfig.js

@@ -0,0 +1,16 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getConfig = void 0;
+const yaml_1 = __importDefault(require("yaml"));
+const files_1 = require("../../files");
+const getConfig = (envPath) => {
+    const configFile = (0, files_1.readFile)(envPath);
+    if (!configFile) {
+        throw new Error('No config file found at path ' + envPath);
+    }
+    return yaml_1.default.parse(configFile);
+};
+exports.getConfig = getConfig;

package/lib/cli/add/getParams.d.ts

@@ -0,0 +1,5 @@
+import { Config } from '../../environment/getVariables';
+export declare const getParams: (config: Config) => Promise<{
+    key: string;
+    value: string;
+}>;

package/lib/cli/add/getParams.js

@@ -0,0 +1,26 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getParams = void 0;
+const prompts_1 = __importDefault(require("prompts"));
+const getParams = async (config) => {
+    const response = await (0, prompts_1.default)([
+        {
+            type: 'text',
+            name: 'key',
+            message: 'Key'
+        },
+        {
+            type: 'text',
+            name: 'value',
+            message: 'Value'
+        }
+    ]);
+    return {
+        key: response.key,
+        value: response.value
+    };
+};
+exports.getParams = getParams;

package/lib/cli/add/index.d.ts

@@ -0,0 +1,3 @@
+export default function envAdd({ envPath }: {
+    envPath: any;
+}): Promise<void>;

package/lib/cli/add/index.js

@@ -0,0 +1,35 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const encryptValue_1 = require("./encryptValue");
+const getConfig_1 = require("./getConfig");
+const getParams_1 = require("./getParams");
+const yaml_1 = __importDefault(require("yaml"));
+const files_1 = require("../../files");
+const sortObjectByKeys = (object) => {
+    const sorted = {};
+    Object.keys(object)
+        .sort()
+        .forEach(key => {
+        sorted[key] = object[key];
+    });
+    return sorted;
+};
+async function envAdd({ envPath }) {
+    if (!envPath) {
+        envPath = '.env.local.yml';
+    }
+    const config = (0, getConfig_1.getConfig)(envPath);
+    const { key, value } = await (0, getParams_1.getParams)(config);
+    if (!value)
+        return;
+    (0, encryptValue_1.encryptValue)(key, value, config);
+    // sort keys alphabetically
+    config.cleanKeys = sortObjectByKeys(config.cleanKeys);
+    config.encryptedKeys = sortObjectByKeys(config.encryptedKeys);
+    const text = yaml_1.default.stringify(config);
+    (0, files_1.writeFile)(envPath, text);
+}
+exports.default = envAdd;

package/lib/cli/index.d.ts

@@ -0,0 +1,2 @@
+#!/usr/bin/env node
+export {};

package/lib/cli/index.js

@@ -0,0 +1,35 @@
+#!/usr/bin/env node
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const commander_1 = require("commander");
+const safe_1 = __importDefault(require("colors/safe"));
+const init_1 = __importDefault(require("./init"));
+const add_1 = __importDefault(require("./add"));
+const program = new commander_1.Command();
+const run = function (action) {
+    return async function (...args) {
+        try {
+            await action(...args);
+        }
+        catch (e) {
+            console.error(safe_1.default.red('Error: ' + e.message));
+        }
+    };
+};
+program
+    .command('init')
+    .description('Creates a new encrypted env file')
+    .option('--path <path>', 'Specify the env file name')
+    .action(run(init_1.default));
+program
+    .command('add')
+    .description('Adds a new environment to the encrypted env file')
+    .option('--path <path>', 'Specify the env file name')
+    .action(run(add_1.default));
+program.parse(process.argv);
+if (!process.argv.slice(2).length) {
+    program.outputHelp();
+}

package/lib/cli/init/index.d.ts

@@ -0,0 +1,3 @@
+export default function envInit({ envPath }: {
+    envPath: any;
+}): Promise<void>;

package/lib/cli/init/index.js

@@ -0,0 +1,28 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+const yaml_1 = __importDefault(require("yaml"));
+const crypto_1 = require("../../crypto");
+const files_1 = require("../../files");
+async function envInit({ envPath }) {
+    if (!envPath) {
+        envPath = '.env.local.yml';
+    }
+    const keypair = (0, crypto_1.generateKeys)();
+    const envFile = {
+        version: '1.0',
+        publicKey: keypair.encryptKey,
+        cleanKeys: {},
+        encryptedKeys: {}
+    };
+    const text = yaml_1.default.stringify(envFile);
+    (0, files_1.writeFile)(envPath, text);
+    console.log('');
+    console.log(`Environment file created. You need to use the following key to decrypt the environment variables:`);
+    console.log('');
+    console.log(keypair.decryptKey);
+    console.log('');
+}
+exports.default = envInit;

package/lib/crypto/index.d.ts

@@ -0,0 +1,13 @@
+export declare function generateKeys(): {
+    encryptKey: string;
+    decryptKey: string;
+};
+/**
+ * Creates a temporal keypair just to encrypt one message.
+ * Saves the public key in the result so that the message can be decrypted.
+ */
+export declare function encrypt(encryptKey: string, message: string): string;
+/**
+ * Ecrypts a message using the decrypt key
+ */
+export declare function decrypt(decryptKey: string, encrypted: string): string;

package/lib/crypto/index.js

@@ -0,0 +1,37 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decrypt = exports.encrypt = exports.generateKeys = void 0;
+const tweetnacl_1 = require("./tweetnacl");
+const tweetnacl_util_1 = require("tweetnacl-util");
+function generateKeys() {
+    const { publicKey, secretKey } = (0, tweetnacl_1.generateKeyPair)();
+    const encryptKeyHex = (0, tweetnacl_util_1.encodeBase64)(publicKey);
+    const decryptKeyHex = (0, tweetnacl_util_1.encodeBase64)(secretKey);
+    return {
+        encryptKey: encryptKeyHex,
+        decryptKey: decryptKeyHex
+    };
+}
+exports.generateKeys = generateKeys;
+/**
+ * Creates a temporal keypair just to encrypt one message.
+ * Saves the public key in the result so that the message can be decrypted.
+ */
+function encrypt(encryptKey, message) {
+    const encryptPublicKey = (0, tweetnacl_util_1.decodeBase64)(encryptKey);
+    const tempPair = (0, tweetnacl_1.generateKeyPair)();
+    const encrypted = (0, tweetnacl_1.encrypt)(tempPair.secretKey, encryptPublicKey, message);
+    const hexTempPublic = (0, tweetnacl_util_1.encodeBase64)(tempPair.publicKey);
+    return `${hexTempPublic}:${encrypted}`;
+}
+exports.encrypt = encrypt;
+/**
+ * Ecrypts a message using the decrypt key
+ */
+function decrypt(decryptKey, encrypted) {
+    const decryptSecretKey = (0, tweetnacl_util_1.decodeBase64)(decryptKey);
+    const [messagePubKeyHex, encryptedMessage] = encrypted.split(':');
+    const messagePubKey = (0, tweetnacl_util_1.decodeBase64)(messagePubKeyHex);
+    return (0, tweetnacl_1.decrypt)(decryptSecretKey, messagePubKey, encryptedMessage);
+}
+exports.decrypt = decrypt;

package/lib/crypto/index.test.d.ts

@@ -0,0 +1 @@
+export {};

package/lib/crypto/index.test.js

@@ -0,0 +1,30 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const _1 = require(".");
+describe('Asymetric encryption lib', () => {
+    it('should generate public and private keys', async () => {
+        const { decryptKey, encryptKey } = (0, _1.generateKeys)();
+        expect(decryptKey.length).toBeGreaterThan(0);
+        expect(encryptKey.length).toBeGreaterThan(0);
+        expect(decryptKey).not.toEqual(encryptKey);
+    });
+    it('should encrypt a message using the encrypt key', async () => {
+        const { encryptKey } = (0, _1.generateKeys)();
+        const encrypted = (0, _1.encrypt)(encryptKey, 'hello');
+        expect(encrypted).toBeTruthy();
+        expect(encrypted.length).toBeGreaterThan(0);
+    });
+    it('should decrypt a message using de decrypt key', async () => {
+        const message = 'hello';
+        const { encryptKey, decryptKey } = (0, _1.generateKeys)();
+        const encrypted = (0, _1.encrypt)(encryptKey, message);
+        const decrypted = (0, _1.decrypt)(decryptKey, encrypted);
+        expect(decrypted).toEqual(message);
+    });
+    it('should not produce two equal encryptions for the same message', async () => {
+        const { encryptKey } = (0, _1.generateKeys)();
+        const encrypted = (0, _1.encrypt)(encryptKey, 'hello');
+        const encrypted2 = (0, _1.encrypt)(encryptKey, 'hello');
+        expect(encrypted).not.toEqual(encrypted2);
+    });
+});

package/lib/crypto/tweetnacl.d.ts

@@ -0,0 +1,3 @@
+export declare const generateKeyPair: () => import("tweetnacl").BoxKeyPair;
+export declare const encrypt: (bSecretKey: Uint8Array, aPublicKey: Uint8Array, message: string) => string;
+export declare const decrypt: (aSecretKey: Uint8Array, bPublicKey: Uint8Array, messageWithNonce: string) => string;

package/lib/crypto/tweetnacl.js

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.decrypt = exports.encrypt = exports.generateKeyPair = void 0;
+const tweetnacl_1 = require("tweetnacl");
+const tweetnacl_util_1 = require("tweetnacl-util");
+const newNonce = () => (0, tweetnacl_1.randomBytes)(tweetnacl_1.box.nonceLength);
+const generateKeyPair = () => tweetnacl_1.box.keyPair();
+exports.generateKeyPair = generateKeyPair;
+const encrypt = (bSecretKey, aPublicKey, message) => {
+    const nonce = newNonce();
+    const messageUint8 = (0, tweetnacl_util_1.decodeUTF8)(message);
+    const encrypted = (0, tweetnacl_1.box)(messageUint8, nonce, aPublicKey, bSecretKey);
+    const fullMessage = new Uint8Array(nonce.length + encrypted.length);
+    fullMessage.set(nonce);
+    fullMessage.set(encrypted, nonce.length);
+    const base64FullMessage = (0, tweetnacl_util_1.encodeBase64)(fullMessage);
+    return base64FullMessage;
+};
+exports.encrypt = encrypt;
+const decrypt = (aSecretKey, bPublicKey, messageWithNonce) => {
+    const messageWithNonceAsUint8Array = (0, tweetnacl_util_1.decodeBase64)(messageWithNonce);
+    const nonce = messageWithNonceAsUint8Array.slice(0, tweetnacl_1.box.nonceLength);
+    const message = messageWithNonceAsUint8Array.slice(tweetnacl_1.box.nonceLength, messageWithNonce.length);
+    const decrypted = tweetnacl_1.box.open(message, nonce, bPublicKey, aSecretKey);
+    if (!decrypted) {
+        throw new Error('Could not decrypt message');
+    }
+    const base64DecryptedMessage = (0, tweetnacl_util_1.encodeUTF8)(decrypted);
+    return base64DecryptedMessage;
+};
+exports.decrypt = decrypt;

package/lib/environment/getVariables.d.ts

@@ -0,0 +1,14 @@
+export interface Config {
+    version: string;
+    publicKey: string;
+    cleanKeys: {
+        [key: string]: string;
+    };
+    encryptedKeys: {
+        [key: string]: string;
+    };
+}
+export interface Variables {
+    [key: string]: string;
+}
+export declare function getVariables(config: Config, secretKey: string): Variables;

package/lib/environment/getVariables.js

@@ -0,0 +1,23 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.getVariables = void 0;
+const crypto_1 = require("../crypto");
+function getVariables(config, secretKey) {
+    const { cleanKeys, encryptedKeys } = config;
+    const variables = {};
+    for (const key in cleanKeys) {
+        const value = cleanKeys[key];
+        variables[key] = value;
+    }
+    for (const key in encryptedKeys) {
+        const encrypted = encryptedKeys[key];
+        try {
+            variables[key] = (0, crypto_1.decrypt)(secretKey, encrypted);
+        }
+        catch (error) {
+            throw new Error(`Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for "${key}"`);
+        }
+    }
+    return variables;
+}
+exports.getVariables = getVariables;

package/lib/environment/index.d.ts

@@ -1,2 +1,6 @@
-declare const env: {};
+export interface Variables {
+    [key: string]: string;
+}
+export declare const readEnv: () => import("./getVariables").Variables;
+declare const env: Variables;
 export { env };

package/lib/environment/index.js

@@ -1,28 +1,26 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.env = void 0;
-const crypto_1 = require("@orion-js/crypto");
-const env = {};
-exports.env = env;
+exports.env = exports.readEnv = void 0;
+const getConfig_1 = require("../cli/add/getConfig");
+const getVariables_1 = require("./getVariables");
+let variables = {};
 const g = global;
-if (g.__orion_env__) {
-    const secretKey = process.env.ORION_ENV_SECRET_KEY;
+const secretKey = process.env.ORION_ENV_SECRET_KEY;
+const envFilePath = process.env.ORION_ENV_FILE_PATH;
+const readEnv = () => {
+    const data = (0, getConfig_1.getConfig)(envFilePath);
+    return (0, getVariables_1.getVariables)(data, secretKey);
+};
+exports.readEnv = readEnv;
+if (g.__orion_env_final__) {
+    variables = g.__orion_env_final__;
+}
+else if (envFilePath) {
     if (!secretKey) {
         throw new Error('Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined');
     }
-    const cleanKeys = g.__orion_env__.cleanKeys;
-    const encryptedKeys = g.__orion_env__.encryptedKeys;
-    for (const key in cleanKeys) {
-        const value = cleanKeys[key];
-        env[key] = value;
-    }
-    for (const key in encryptedKeys) {
-        const encrypted = encryptedKeys[key];
-        try {
-            env[key] = crypto_1.asymmetric.decrypt(secretKey, encrypted);
-        }
-        catch (error) {
-            throw new Error(`Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for "${key}"`);
-        }
-    }
+    variables = (0, exports.readEnv)();
 }
+g.__orion_env_final__ = variables;
+const env = variables;
+exports.env = env;

package/lib/environment/index.test.d.ts

@@ -1 +1 @@
-import 'reflect-metadata';
+export {};

package/lib/environment/index.test.js

@@ -1,15 +1,17 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-require("reflect-metadata");
-const crypto_1 = require("@orion-js/crypto");
+const crypto_1 = require("../crypto");
+const getVariables_1 = require("./getVariables");
 describe('Environment', () => {
     beforeEach(() => {
+        ;
+        global.__orion_env_final__ = undefined;
         jest.resetModules();
     });
     it('should define all environment variables', async () => {
         const secretKey = 'QShwQT1+d5wk/F6FVpT5VmZFXm50aFRt9/LaDbwSEGo=';
         const secretValue = 'this_is_secret';
-        global.__orion_env__ = {
+        const data = {
             version: '1.0',
             publicKey: 'quyw/56O1P/BmjlHGfguZD27zKbjOtxNBDOTz+FOYho=',
             cleanKeys: {
@@ -20,41 +22,24 @@ describe('Environment', () => {
             }
         };
         process.env.ORION_ENV_SECRET_KEY = secretKey;
-        const { env } = require('./index');
+        const env = (0, getVariables_1.getVariables)(data, secretKey);
         expect(env).toEqual({
             a_key: 'a_value',
             secret1: secretValue
         });
     });
-    it('should thow an error when the secret key is not present', () => {
-        global.__orion_env__ = {
-            version: '1.0',
-            publicKey: 'quyw/56O1P/BmjlHGfguZD27zKbjOtxNBDOTz+FOYho=',
-            encryptedKeys: {
-                secret1: 'nQCxsZxjVkOABeQSdIhYK7jSMYKUggUm9IWUGLpY3i4=:9gvH5IOhV/q5R4ngUIk2onf5oEZM5dIU89PRZ5TGjnnfcnrwkssLqsACNDmr0m4jQZVo0nBL'
-            }
-        };
-        try {
-            process.env.ORION_ENV_SECRET_KEY = '';
-            const { env } = require('./index');
-            console.log(env);
-        }
-        catch (error) {
-            expect(error.message).toEqual('Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined');
-        }
-        expect.assertions(1);
-    });
     it('should thow an error when the secret key is not the one used to encrypt', () => {
-        global.__orion_env__ = {
+        const data = {
             version: '1.0',
             publicKey: 'quyw/56O1P/BmjlHGfguZD27zKbjOtxNBDOTz+FOYho=',
+            cleanKeys: {},
             encryptedKeys: {
                 secret1: 'nQCxsZxjVkOABeQSdIhYK7jSMYKUggUm9IWUGLpY3i4=:9gvH5IOhV/q5R4ngUIk2onf5oEZM5dIU89PRZ5TGjnnfcnrwkssLqsACNDmr0m4jQZVo0nBL'
             }
         };
         try {
-            process.env.ORION_ENV_SECRET_KEY = crypto_1.asymmetric.generateKeys().decryptKey;
-            require('./index');
+            const key = (0, crypto_1.generateKeys)().decryptKey;
+            (0, getVariables_1.getVariables)(data, key);
         }
         catch (error) {
             expect(error.message).toEqual('Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for "secret1"');

package/lib/files/index.d.ts

@@ -0,0 +1,3 @@
+export declare function readFile(filePath: string): string;
+export declare function writeFile(path: string, content: string): void;
+export declare function ensureDirectory(filePath: any): boolean;

package/lib/files/index.js

@@ -0,0 +1,27 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.ensureDirectory = exports.writeFile = exports.readFile = void 0;
+const fs_1 = __importDefault(require("fs"));
+const path_1 = __importDefault(require("path"));
+function readFile(filePath) {
+    if (!fs_1.default.existsSync(filePath))
+        return null;
+    return fs_1.default.readFileSync(filePath).toString();
+}
+exports.readFile = readFile;
+function writeFile(path, content) {
+    ensureDirectory(path);
+    fs_1.default.writeFileSync(path, content);
+}
+exports.writeFile = writeFile;
+function ensureDirectory(filePath) {
+    const dirname = path_1.default.dirname(filePath);
+    if (fs_1.default.existsSync(dirname))
+        return true;
+    ensureDirectory(dirname);
+    fs_1.default.mkdirSync(dirname);
+}
+exports.ensureDirectory = ensureDirectory;

package/lib/index.d.ts

@@ -1 +1,2 @@
 export * from './environment';
+export * from './internalGetEnv';

package/lib/index.js

@@ -11,3 +11,4 @@ var __exportStar = (this && this.__exportStar) || function(m, exports) {
 };
 Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./environment"), exports);
+__exportStar(require("./internalGetEnv"), exports);

package/lib/internalGetEnv.d.ts

@@ -0,0 +1 @@
+export declare const internalGetEnv: (orionEnvName: string, processEnvName: string) => string | null;

package/lib/internalGetEnv.js

@@ -0,0 +1,14 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.internalGetEnv = void 0;
+const _1 = require(".");
+const internalGetEnv = (orionEnvName, processEnvName) => {
+    if (_1.env[orionEnvName]) {
+        return _1.env[orionEnvName];
+    }
+    if (process.env[processEnvName]) {
+        return process.env[processEnvName];
+    }
+    return null;
+};
+exports.internalGetEnv = internalGetEnv;

package/package.json

@@ -1,9 +1,12 @@
 {
   "name": "@orion-js/env",
-  "version": "3.1.9",
+  "version": "3.1.20",
   "main": "lib/index.js",
   "author": "nicolaslopezj",
   "license": "MIT",
+  "bin": {
+    "orion-env": "./lib/cli/index.js"
+  },
   "scripts": {
     "test": "ORION_DEV=1 jest",
     "prepare": "yarn run build",
@@ -13,17 +16,20 @@
     "upgrade-interactive": "yarn upgrade-interactive"
   },
   "dependencies": {
-    "@orion-js/crypto": "3.1.7"
+    "colors": "^1.4.0",
+    "commander": "^9.1.0",
+    "prompts": "^2.4.2",
+    "tweetnacl-util": "0.15.1",
+    "yaml": "^2.0.0"
   },
   "devDependencies": {
     "@types/jest": "^27.0.2",
     "jest": "27.3.1",
-    "reflect-metadata": "0.1.13",
     "ts-jest": "27.0.7",
     "typescript": "^4.4.4"
   },
   "publishConfig": {
     "access": "public"
   },
-  "gitHead": "b249f24ee282149ef9a69885662d69b74a4523e6"
+  "gitHead": "57400314f6605eb78cb5eed36430806ee4428e28"
 }