@orion-js/env 4.0.0 → 4.0.1

package/dist-cli/index.js

@@ -0,0 +1,287 @@
+#!/usr/bin/env node
+
+// src/cli/index.ts
+import { Command } from "commander";
+import colors from "colors/safe";
+
+// src/cli/init/index.ts
+import YAML from "yaml";
+
+// src/crypto/tweetnacl.ts
+import nacl from "tweetnacl-es6";
+
+// src/crypto/util.ts
+function validateBase64(s) {
+  if (!/^(?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=)?$/.test(s)) {
+    throw new TypeError("invalid encoding");
+  }
+}
+var decodeUTF8 = (s) => {
+  if (typeof s !== "string") throw new TypeError("expected string");
+  let i;
+  const d = unescape(encodeURIComponent(s));
+  const b = new Uint8Array(d.length);
+  for (i = 0; i < d.length; i++) b[i] = d.charCodeAt(i);
+  return b;
+};
+var encodeUTF8 = (arr) => {
+  let i;
+  const s = [];
+  for (i = 0; i < arr.length; i++) s.push(String.fromCharCode(arr[i]));
+  return decodeURIComponent(escape(s.join("")));
+};
+var encodeBase64 = (arr) => Buffer.from(arr).toString("base64");
+var decodeBase64 = (s) => {
+  validateBase64(s);
+  return new Uint8Array(Array.prototype.slice.call(Buffer.from(s, "base64"), 0));
+};
+
+// src/crypto/tweetnacl.ts
+var newNonce = () => nacl.randomBytes(nacl.box.nonceLength);
+var generateKeyPair = () => nacl.box.keyPair();
+var encrypt = (bSecretKey, aPublicKey, message) => {
+  const nonce = newNonce();
+  const messageUint8 = decodeUTF8(message);
+  const encrypted = nacl.box(messageUint8, nonce, aPublicKey, bSecretKey);
+  const fullMessage = new Uint8Array(nonce.length + encrypted.length);
+  fullMessage.set(nonce);
+  fullMessage.set(encrypted, nonce.length);
+  const base64FullMessage = encodeBase64(fullMessage);
+  return base64FullMessage;
+};
+var decrypt = (aSecretKey, bPublicKey, messageWithNonce) => {
+  const messageWithNonceAsUint8Array = decodeBase64(messageWithNonce);
+  const nonce = messageWithNonceAsUint8Array.slice(0, nacl.box.nonceLength);
+  const message = messageWithNonceAsUint8Array.slice(nacl.box.nonceLength, messageWithNonce.length);
+  const decrypted = nacl.box.open(message, nonce, bPublicKey, aSecretKey);
+  if (!decrypted) {
+    throw new Error("Could not decrypt message");
+  }
+  const base64DecryptedMessage = encodeUTF8(decrypted);
+  return base64DecryptedMessage;
+};
+
+// src/crypto/index.ts
+function generateKeys() {
+  const { publicKey, secretKey } = generateKeyPair();
+  const encryptKeyHex = encodeBase64(publicKey);
+  const decryptKeyHex = encodeBase64(secretKey);
+  return {
+    encryptKey: encryptKeyHex,
+    decryptKey: decryptKeyHex
+  };
+}
+function encrypt2(encryptKey, message) {
+  const encryptPublicKey = decodeBase64(encryptKey);
+  const tempPair = generateKeyPair();
+  const encrypted = encrypt(tempPair.secretKey, encryptPublicKey, message);
+  const hexTempPublic = encodeBase64(tempPair.publicKey);
+  return `${hexTempPublic}:${encrypted}`;
+}
+function decrypt2(decryptKey, encrypted) {
+  const decryptSecretKey = decodeBase64(decryptKey);
+  const [messagePubKeyHex, encryptedMessage] = encrypted.split(":");
+  const messagePubKey = decodeBase64(messagePubKeyHex);
+  return decrypt(decryptSecretKey, messagePubKey, encryptedMessage);
+}
+
+// src/files/index.ts
+import fs from "node:fs";
+import path from "node:path";
+function readFile(filePath) {
+  if (!fs.existsSync(filePath)) return null;
+  return fs.readFileSync(filePath).toString();
+}
+function writeFile(path2, content) {
+  ensureDirectory(path2);
+  fs.writeFileSync(path2, content);
+}
+function ensureDirectory(filePath) {
+  const dirname = path.dirname(filePath);
+  if (fs.existsSync(dirname)) return true;
+  ensureDirectory(dirname);
+  fs.mkdirSync(dirname);
+}
+
+// src/cli/init/index.ts
+async function envInit({ path: path2 }) {
+  if (!path2) {
+    path2 = ".env.local.yml";
+  }
+  const keypair = generateKeys();
+  const envFile = {
+    version: "1.0",
+    publicKey: keypair.encryptKey,
+    cleanKeys: {},
+    encryptedKeys: {},
+    readFromSecret: {}
+  };
+  const text = YAML.stringify(envFile);
+  writeFile(path2, text);
+  console.log("");
+  console.log(
+    `Environment file created. You need to use the following key to decrypt the environment variables:`
+  );
+  console.log("");
+  console.log(keypair.decryptKey);
+  console.log("");
+}
+
+// src/cli/add/encryptValue.ts
+var encryptValue = (key, value, config) => {
+  config.encryptedKeys[key] = encrypt2(config.publicKey, value);
+};
+
+// src/cli/add/getConfig.ts
+import YAML2 from "yaml";
+var getConfig = (envPath) => {
+  const configFile = readFile(envPath);
+  if (!configFile) {
+    throw new Error("No config file found at path " + envPath);
+  }
+  return YAML2.parse(configFile);
+};
+
+// src/cli/add/getParams.ts
+import prompts from "prompts";
+var getParams = async (config) => {
+  const response = await prompts([
+    {
+      type: "text",
+      name: "key",
+      message: "Key"
+    },
+    {
+      type: "text",
+      name: "value",
+      message: "Value"
+    }
+  ]);
+  return {
+    key: response.key,
+    value: response.value
+  };
+};
+
+// src/cli/add/index.ts
+import YAML3 from "yaml";
+var sortObjectByKeys = (object) => {
+  if (!object) return {};
+  const sorted = {};
+  Object.keys(object).sort().forEach((key) => {
+    sorted[key] = object[key];
+  });
+  return sorted;
+};
+async function envAdd({ path: path2 }) {
+  if (!path2) {
+    path2 = ".env.local.yml";
+  }
+  const config = getConfig(path2);
+  const { key, value } = await getParams(config);
+  if (!value) return;
+  encryptValue(key, value, config);
+  config.cleanKeys = sortObjectByKeys(config.cleanKeys);
+  config.encryptedKeys = sortObjectByKeys(config.encryptedKeys);
+  config.readFromSecret = sortObjectByKeys(config.readFromSecret);
+  const text = YAML3.stringify(config);
+  writeFile(path2, text);
+}
+
+// src/environment/getVariables.ts
+function readSecrets(readFromSecret) {
+  const variables = {};
+  let secretKey = null;
+  if (!readFromSecret) return { variables, secretKey };
+  for (const secretName in readFromSecret) {
+    const keys = readFromSecret[secretName];
+    if (!process.env[secretName]) {
+      console.warn(
+        `@orion/env could not find the secret "${secretName}" in the environment. Related variables will be undefined.`
+      );
+      continue;
+    }
+    try {
+      const values = JSON.parse(process.env[secretName]);
+      if (values.ORION_ENV_SECRET_KEY) {
+        secretKey = values.ORION_ENV_SECRET_KEY;
+      }
+      for (const key of keys) {
+        if (values[key]) {
+          variables[key] = values[key];
+        } else {
+          console.warn(
+            `@orion/env could not find the variable "${key}" in the secret "${secretName}". Related variables will be undefined.`
+          );
+        }
+      }
+    } catch (error) {
+      console.warn(
+        `'@orion/env found a the secret "${secretName}" variable in the environment but it is not a valid JSON. Related variables will be undefined.'`
+      );
+    }
+  }
+  return { variables, secretKey };
+}
+function getVariables(config, secretKey) {
+  const { cleanKeys, encryptedKeys, readFromSecret } = config;
+  const { variables, secretKey: foundSecretKey } = readSecrets(readFromSecret);
+  let decryptKey = foundSecretKey || secretKey;
+  if (!decryptKey) {
+    throw new Error(
+      "Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not defined"
+    );
+  }
+  for (const key in cleanKeys) {
+    const value = cleanKeys[key];
+    variables[key] = value;
+  }
+  for (const key in encryptedKeys) {
+    const encrypted = encryptedKeys[key];
+    try {
+      variables[key] = decrypt2(decryptKey, encrypted);
+    } catch (error) {
+      throw new Error(
+        `Orion encrypted env was passed but process.env.ORION_ENV_SECRET_KEY is not the right key for "${key}"`
+      );
+    }
+  }
+  return variables;
+}
+
+// src/cli/read/index.ts
+async function envRead({ path: path2, key, secret }) {
+  if (!path2) {
+    path2 = ".env.local.yml";
+  }
+  if (!secret) {
+    throw new Error("Secret is required");
+  }
+  const config = getConfig(path2);
+  const variables = getVariables(config, secret);
+  if (key) {
+    console.log(variables[key]);
+  } else {
+    console.log(JSON.stringify(variables, null, 2));
+  }
+}
+
+// src/cli/index.ts
+var program = new Command();
+var run = function(action) {
+  return async function(...args) {
+    try {
+      await action(...args);
+    } catch (e) {
+      console.error(colors.red("Error: " + e.message));
+    }
+  };
+};
+program.command("init").description("Creates a new encrypted env file").option("--path <path>", "Specify the env file name").action(run(envInit));
+program.command("add").description("Adds a new environment to the encrypted env file").option("--path <path>", "Specify the env file name").action(run(envAdd));
+program.command("read").description("Prints the value of the env file in JSON or a specific variable in plain text").option("--path <path>", "Specify the env file name").option("--key <key>", "Prints the value of a specific variable in plain text").option("--secret <secret>", "The password to decrypt the keys").action(run(envRead));
+program.parse(process.argv);
+if (!process.argv.slice(2).length) {
+  program.outputHelp();
+}
+//# sourceMappingURL=index.js.map

package/package.json

@@ -1,11 +1,11 @@
 {
   "name": "@orion-js/env",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "main": "./dist/index.cjs",
   "author": "nicolaslopezj",
   "license": "MIT",
   "bin": {
-    "orion-env": "./lib/cli/index.js"
+    "orion-env": "./dist-cli/index.js"
   },
   "dependencies": {
     "colors": "^1.4.0",
@@ -38,7 +38,7 @@
   "scripts": {
     "test": "vitest run",
     "clean": "rm -rf ./dist",
-    "build": "tsup",
+    "build": "tsup --config tsup.config.ts && tsup --config cli.tsup.config.ts",
     "dev": "tsup --watch"
   }
 }