npm - @scrt-link/cli - Versions diffs - 0.0.1 - Mend

@scrt-link/cli 0.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/dist/index.js +217 -0
package/package.json +46 -0

package/dist/index.js ADDED Viewed

@@ -0,0 +1,217 @@
+#!/usr/bin/env node
+// ../client/dist/index.js
+var MASTER_PASSWORD_LENGTH = 36;
+var SECRET_ID_LENGTH = 28;
+var getRandomBytes = (length = 16) => crypto.getRandomValues(new Uint8Array(length));
+var blobToBase64 = async (blob) => {
+  const buffer = await blob.arrayBuffer();
+  const bytes = new Uint8Array(buffer);
+  let binary = "";
+  for (const byte of bytes) {
+    binary += String.fromCharCode(byte);
+  }
+  return `data:application/octet-stream;base64,${btoa(binary)}`;
+};
+var encodeText = (text) => {
+  const encoder = new TextEncoder();
+  return encoder.encode(text);
+};
+var generateRandomUrlSafeString = (length = 36) => {
+  const letters = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+  const numbers = "0123456789";
+  const specialCharacters = "$~-_.";
+  const charset = [...letters, ...numbers, ...specialCharacters];
+  const values = getRandomBytes(length);
+  return Array.from(values, (v) => charset[v % charset.length]).join("");
+};
+var sha256Hash = async (message) => {
+  const buffer = await crypto.subtle.digest("SHA-256", encodeText(message));
+  return Array.prototype.map.call(new Uint8Array(buffer), (x) => ("00" + x.toString(16)).slice(-2)).join("");
+};
+var binaryToBase64 = (arrayBuffer) => {
+  const arrayBufferToString = (buffer) => String.fromCharCode(...new Uint8Array(buffer));
+  return btoa(arrayBufferToString(arrayBuffer));
+};
+var encryptData = async (data, cryptoKey, salt) => {
+  const iv = getRandomBytes();
+  const result = await crypto.subtle.encrypt({ name: "AES-GCM", iv }, cryptoKey, data);
+  const encryptedBlob = new Blob([salt, iv, result]);
+  return encryptedBlob;
+};
+var generateKeyFromPassword = async (password) => {
+  const salt = getRandomBytes();
+  const passwordKey = await crypto.subtle.importKey("raw", encodeText(password), "PBKDF2", false, [
+    "deriveKey"
+  ]);
+  const cryptoKey = await crypto.subtle.deriveKey(
+    {
+      name: "PBKDF2",
+      salt,
+      iterations: 1e5,
+      hash: "SHA-256"
+    },
+    passwordKey,
+    {
+      name: "AES-GCM",
+      length: 256
+    },
+    false,
+    ["encrypt"]
+  );
+  return {
+    cryptoKey,
+    salt
+  };
+};
+var encryptString = async (text, password) => {
+  const data = encodeText(text).buffer;
+  const { cryptoKey, salt } = await generateKeyFromPassword(password);
+  const encryptedData = await encryptData(data, cryptoKey, salt);
+  const encryptedDataBase64 = await blobToBase64(encryptedData);
+  return encryptedDataBase64;
+};
+var generateKeyPair = async () => await crypto.subtle.generateKey(
+  {
+    name: "ECDSA",
+    namedCurve: "P-384"
+  },
+  true,
+  ["sign", "verify"]
+);
+var pemHeader = "-----BEGIN PUBLIC KEY-----";
+var pemFooter = "-----END PUBLIC KEY-----";
+var exportPublicKey = async (key) => {
+  const exported = await crypto.subtle.exportKey("spki", key);
+  const exportedAsBase64 = binaryToBase64(exported);
+  const pemExported = `${pemHeader}
+${exportedAsBase64}
+${pemFooter}`;
+  return pemExported;
+};
+var SecretType = /* @__PURE__ */ ((SecretType2) => {
+  SecretType2["TEXT"] = "text";
+  SecretType2["FILE"] = "file";
+  SecretType2["REDIRECT"] = "redirect";
+  SecretType2["SNAP"] = "snap";
+  SecretType2["NEOGRAM"] = "neogram";
+  return SecretType2;
+})(SecretType || {});
+var MIN = 1e3 * 60;
+var DAY = 24 * 60 * MIN;
+var PROTOCOL = "https";
+var DEFAULT_HOST = "scrt.link";
+var scrtLink = (apiKey) => {
+  if (!apiKey) {
+    throw new Error("API key is required");
+  }
+  const createSecret = async (secret, options = {}) => {
+    const {
+      secretType = "text",
+      password,
+      publicNote,
+      expiresIn = 7 * DAY,
+      viewLimit = 1,
+      host = DEFAULT_HOST
+    } = options;
+    let encryptedContent = secret;
+    let encryptedMeta = JSON.stringify({
+      secretType
+    });
+    const masterKey = generateRandomUrlSafeString(MASTER_PASSWORD_LENGTH);
+    const keyPair = await generateKeyPair();
+    const secretIdSubstring = masterKey.substring(SECRET_ID_LENGTH);
+    const secretIdHash = await sha256Hash(secretIdSubstring);
+    const publicKey = await exportPublicKey(keyPair.publicKey);
+    if (password) {
+      encryptedMeta = await encryptString(encryptedMeta, password);
+      encryptedContent = await encryptString(encryptedContent, password);
+    }
+    encryptedMeta = await encryptString(encryptedMeta, masterKey);
+    encryptedContent = await encryptString(encryptedContent, masterKey);
+    const body = JSON.stringify({
+      secretIdHash,
+      meta: encryptedMeta,
+      content: encryptedContent,
+      publicKey,
+      publicNote,
+      expiresIn,
+      viewLimit,
+      password
+    });
+    const checksum = await sha256Hash(body);
+    const res = await fetch(`${PROTOCOL}://${host}/api/v1/secrets`, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${apiKey}`,
+        "X-Checksum": checksum,
+        ...host ? { "X-Host": host } : {}
+      },
+      body
+    });
+    const data = await res.json();
+    if (!res.ok) {
+      return data;
+    }
+    const secretLink = `${PROTOCOL}://${host}/s#${masterKey}`;
+    return { secretLink, ...data };
+  };
+  return {
+    createSecret
+  };
+};
+var index_default = scrtLink;
+// src/index.ts
+import { program } from "commander";
+var EXPIRES_MAP = {
+  "1h": 60 * 60 * 1e3,
+  "1d": 24 * 60 * 60 * 1e3,
+  "1w": 7 * 24 * 60 * 60 * 1e3,
+  "1m": 30 * 24 * 60 * 60 * 1e3
+};
+var TYPE_MAP = {
+  text: SecretType.TEXT,
+  redirect: SecretType.REDIRECT,
+  neogram: SecretType.NEOGRAM
+};
+program.name("scrtlink").description("Create end-to-end encrypted secrets from the command line").version("0.0.1").argument("<secret>", "The secret content to encrypt and share").option("--type <type>", "Secret type: text | redirect | neogram (default: text)").option("--expires <duration>", "Expiration: 1h | 1d | 1w | 1m (default: 1w)").option("--views <n>", "View limit 1\u20131000 (default: 1)").option("--note <text>", "Public note visible to the recipient before revealing").option("--password <pass>", "Password-protect the secret").option("--host <host>", "API host for self-hosted instances (default: scrt.link)").option("--api-key <key>", "API key (or set SCRT_LINK_API_KEY env var)").action(async (secret, opts) => {
+  const apiKey = opts.apiKey ?? process.env.SCRT_LINK_API_KEY ?? "";
+  if (!apiKey) {
+    console.error("Error: API key required. Use --api-key or set SCRT_LINK_API_KEY.");
+    process.exit(1);
+  }
+  const expiresKey = opts.expires ?? "1w";
+  if (!(expiresKey in EXPIRES_MAP)) {
+    console.error(
+      `Error: Invalid --expires value "${expiresKey}". Allowed: ${Object.keys(EXPIRES_MAP).join(", ")}.`
+    );
+    process.exit(1);
+  }
+  const expiresIn = EXPIRES_MAP[expiresKey];
+  const viewLimit = opts.views !== void 0 ? parseInt(opts.views, 10) : 1;
+  const secretType = TYPE_MAP[opts.type ?? "text"] ?? SecretType.TEXT;
+  try {
+    const client = index_default(apiKey);
+    const result = await client.createSecret(secret, {
+      secretType,
+      expiresIn,
+      viewLimit,
+      publicNote: opts.note,
+      password: opts.password,
+      host: opts.host
+    });
+    if ("secretLink" in result && result.secretLink) {
+      process.stdout.write(result.secretLink + "\n");
+    } else {
+      const errResult = result;
+      console.error("Error:", errResult.error ?? errResult.message ?? JSON.stringify(result));
+      process.exit(1);
+    }
+  } catch (err) {
+    console.error("Error:", err instanceof Error ? err.message : String(err));
+    process.exit(1);
+  }
+});
+program.parse();

package/package.json ADDED Viewed

@@ -0,0 +1,46 @@
+{
+	"name": "@scrt-link/cli",
+	"version": "0.0.1",
+	"description": "CLI for scrt.link — create encrypted secrets from the command line",
+	"keywords": [
+		"scrt.link",
+		"secrets",
+		"cli",
+		"encryption",
+		"security"
+	],
+	"homepage": "https://github.com/stophecom/scrt-link-v2#readme",
+	"bugs": {
+		"url": "https://github.com/stophecom/scrt-link-v2/issues"
+	},
+	"repository": {
+		"type": "git",
+		"url": "git+https://github.com/stophecom/scrt-link-v2.git"
+	},
+	"license": "MIT",
+	"author": "stophe",
+	"type": "module",
+	"bin": {
+		"scrtlink": "./dist/index.js"
+	},
+	"files": [
+		"dist"
+	],
+	"scripts": {
+		"build": "tsup",
+		"dev": "tsup --watch",
+		"prepublishOnly": "npm run build"
+	},
+	"dependencies": {
+		"@scrt-link/client": "workspace:*",
+		"commander": "^12.0.0"
+	},
+	"devDependencies": {
+		"@types/node": "^25.5.2",
+		"tsup": "^8.0.0",
+		"typescript": "^5.0.0"
+	},
+	"engines": {
+		"node": ">=18"
+	}
+}