@zerothreatai/cli 6.0.0 → 6.0.2

package/README.md

@@ -1,3 +1 @@
-# zerothreat-installer-cli
 
-This is the on_prem installer cli project

package/dist/src/actions/license-service.js

@@ -17,6 +17,7 @@ const ask_que_1 = require("../utils/ask-que");
 const chalk_1 = __importDefault(require("chalk"));
 const cli_table3_1 = __importDefault(require("cli-table3"));
 const app_constants_1 = require("../constants/app-constants");
+const ora_1 = __importDefault(require("ora"));
 let COMPOSE_FILE = "";
 const PROJECT = "zerothreat";
 const NETWORK = "zerothreat-onprem-nw";
@@ -60,8 +61,10 @@ async function firstIgnition(licenseKey, emailId) {
     let token = '';
     const acrTokenService = new acr_token_service_1.default();
     const machineId = (0, get_mac_1.getMachineId)();
+    const spinner = (0, ora_1.default)('Verifying your subscription…').start();
     try {
         const { dockerAuth, activationToken } = await acrTokenService.getAcrToken(licenseKey, emailId, machineId);
+        spinner.succeed('Subscription verified.');
         auth = dockerAuth;
         token = activationToken;
         if (app_constants_1.dockerComposeAcr) {
@@ -76,6 +79,8 @@ async function firstIgnition(licenseKey, emailId) {
         await new Promise(resolve => setTimeout(resolve, 30000));
     }
     catch (error) {
+        if (spinner.isSpinning)
+            spinner.fail(chalk_1.default.red('Verification failed. Please check your details.'));
         throw error;
     }
     finally {
@@ -104,8 +109,10 @@ async function licenseDeactivate() {
                 "right": "║",
             },
         });
+        const spinner = (0, ora_1.default)('Removing license…').start();
         try {
             const res = await licenseApi.deactivateLicense(machineId, deactivationToken);
+            spinner.succeed('License removed.');
             if (res.status) {
                 table.options.style.border = ['green'];
                 table.push([chalk_1.default.bold.green(res.message)]);
@@ -117,6 +124,8 @@ async function licenseDeactivate() {
             }
         }
         catch (error) {
+            if (spinner.isSpinning)
+                spinner.fail(chalk_1.default.red('Removal failed.'));
             table.options.style.border = ['red'];
             table.push([chalk_1.default.bold.red(`DeactivateLicense error:${error.message}`)]);
             console.log(table.toString());

package/dist/src/commands/activate.js

@@ -7,10 +7,10 @@ const license_api_service_1 = __importDefault(require("../services/license-api-s
 const license_table_1 = require("../utils/license-table");
 const chalk_1 = __importDefault(require("chalk"));
 const cli_table3_1 = __importDefault(require("cli-table3"));
-exports.default = async (token) => {
+exports.default = async (token, encryptedFingerprint) => {
     console.log(chalk_1.default.blue("\n🚀 Opening Activation Page...\n"));
     const licenseService = new license_api_service_1.default();
-    const response = await licenseService.activateLicense(token);
+    const response = await licenseService.activateLicense(token, encryptedFingerprint);
     if (response.status) {
         // Celebration header
         const table = new cli_table3_1.default({

package/dist/src/commands/restart-service.js

@@ -0,0 +1,38 @@
+"use strict";
+var __importDefault = (this && this.__importDefault) || function (mod) {
+    return (mod && mod.__esModule) ? mod : { "default": mod };
+};
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.restartService = restartService;
+const child_process_1 = require("child_process");
+const util_1 = require("util");
+const license_api_service_1 = __importDefault(require("../services/license-api-service"));
+const app_constants_1 = require("../constants/app-constants");
+const child_process_2 = require("child_process");
+const chalk_1 = __importDefault(require("chalk"));
+const execAsync = (0, util_1.promisify)(child_process_1.exec);
+const PROJECT = "zerothreat";
+async function runCompose(args) {
+    return new Promise((resolve, reject) => {
+        const child = (0, child_process_2.spawn)("docker", ["compose", "-f", app_constants_1.dockerComposeAcr, "-p", PROJECT, ...args], {
+            stdio: "inherit",
+        });
+        child.on("close", code => (code === 0 ? resolve() : reject(new Error("compose failed"))));
+    });
+}
+async function restartService() {
+    // Start docker image a02-conduit
+    await execAsync('docker start a02-conduit');
+    // Call getSystemUp from license api service
+    const licenseService = new license_api_service_1.default();
+    await licenseService.getSystemUp();
+    try {
+        await licenseService.verifySignature(app_constants_1.fingerPrint);
+        await runCompose(["up", "-d"]);
+    }
+    catch (error) {
+        console.error(chalk_1.default.red(error));
+        return;
+    }
+}
+;

package/dist/src/commands/start-setup.js

@@ -22,11 +22,8 @@ const validateLicenseKey = (key) => {
 const deleteAcr = () => {
     // Acr token Delete
     const acrTokenService = new acr_token_service_1.default();
-    try {
-        if (app_constants_1.acrTokenName)
-            acrTokenService.deleteAcrToken(app_constants_1.acrTokenName);
-    }
-    catch { }
+    if (app_constants_1.deleteAcrToken)
+        acrTokenService.deleteAcrToken(app_constants_1.deleteAcrToken).catch(() => { });
     return;
 };
 async function startSetup() {
@@ -63,12 +60,11 @@ async function startSetup() {
     // License Activation call
     try {
         console.log("Setting up your license ...");
-        await (0, activate_1.default)(token);
+        await (0, activate_1.default)(token, app_constants_1.fingerPrint);
     }
     catch (err) {
         console.error(chalk_1.default.redBright(err));
+        return;
     }
-    deleteAcr();
-    return;
 }
 ;

package/dist/src/constants/app-constants.js

@@ -1,13 +1,18 @@
 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.setAcrTokenName = exports.setDockerComposeAcr = exports.acrTokenName = exports.dockerComposeAcr = void 0;
+exports.setfingerPrint = exports.setDeleteAcrToken = exports.setDockerComposeAcr = exports.fingerPrint = exports.deleteAcrToken = exports.dockerComposeAcr = void 0;
 exports.dockerComposeAcr = '';
-exports.acrTokenName = '';
+exports.deleteAcrToken = '';
+exports.fingerPrint = '';
 const setDockerComposeAcr = (value) => {
     exports.dockerComposeAcr = value;
 };
 exports.setDockerComposeAcr = setDockerComposeAcr;
-const setAcrTokenName = (value) => {
-    exports.acrTokenName = value;
+const setDeleteAcrToken = (value) => {
+    exports.deleteAcrToken = value;
 };
-exports.setAcrTokenName = setAcrTokenName;
+exports.setDeleteAcrToken = setDeleteAcrToken;
+const setfingerPrint = (value) => {
+    exports.fingerPrint = value;
+};
+exports.setfingerPrint = setfingerPrint;

package/dist/src/menu.js

@@ -9,6 +9,7 @@ const chalk_1 = __importDefault(require("chalk"));
 const start_setup_1 = require("./commands/start-setup");
 const deactivate_1 = __importDefault(require("./commands/deactivate"));
 const install_docker_1 = require("./commands/install-docker");
+const restart_service_1 = require("./commands/restart-service");
 async function showMenu() {
     console.clear();
     // Header with description
@@ -23,7 +24,7 @@ async function showMenu() {
     console.log(chalk_1.default.gray('║') + chalk_1.default.gray('  modern web apps & APIs through continuous pentesting, actionable            ') + chalk_1.default.gray('║'));
     console.log(chalk_1.default.gray('║') + chalk_1.default.gray('  insights, and coverage for 40,000+ vulnerabilities.                         ') + chalk_1.default.gray('║'));
     console.log(chalk_1.default.gray('║') + ' '.repeat(78) + chalk_1.default.gray('║'));
-    console.log(chalk_1.default.gray('║') + chalk_1.default.bold.green('  🛡️  On-Premise Installation Tool                                         ') + chalk_1.default.gray('║'));
+    console.log(chalk_1.default.gray('║') + chalk_1.default.bold.green('  🛡️  On-Premise Installation Tool                                             ') + chalk_1.default.gray('║'));
     console.log(chalk_1.default.gray('║') + ' '.repeat(78) + chalk_1.default.gray('║'));
     console.log(chalk_1.default.gray('╚' + '═'.repeat(78) + '╝'));
     console.log();
@@ -44,12 +45,16 @@ async function showMenu() {
                     name: chalk_1.default.green("🔑 Activate License & Setup"),
                     value: "Start Setup"
                 },
+                {
+                    name: chalk_1.default.cyan("🔄️ Start application if container shuts down"),
+                    value: "Restart"
+                },
                 {
                     name: chalk_1.default.redBright("⛔ Deassociate License & System"),
                     value: "Deactivate License"
                 },
                 {
-                    name: chalk_1.default.yellow("🔄 Update License") + chalk_1.default.gray(" (Coming Soon)"),
+                    name: chalk_1.default.yellow("⬆️  Update License") + chalk_1.default.gray(" (Coming Soon)"),
                     value: "Update License (Coming Soon)",
                 },
                 {
@@ -73,6 +78,9 @@ async function showMenu() {
         case "System Check":
             await (0, install_docker_1.installDocker)();
             break;
+        case "Restart":
+            await (0, restart_service_1.restartService)();
+            break;
         default:
             console.log("Exiting...");
             console.clear();

package/dist/src/services/acr-token-service.js

@@ -3,7 +3,6 @@ var __importDefault = (this && this.__importDefault) || function (mod) {
     return (mod && mod.__esModule) ? mod : { "default": mod };
 };
 Object.defineProperty(exports, "__esModule", { value: true });
-const axios_1 = __importDefault(require("axios"));
 const https_1 = __importDefault(require("https"));
 const fs_1 = __importDefault(require("fs"));
 const path_1 = __importDefault(require("path"));
@@ -13,6 +12,7 @@ const acr_error_1 = __importDefault(require("../utils/acr-error"));
 const app_constants_1 = require("../constants/app-constants");
 const api_config_1 = require("../config/api-config");
 const api_service_1 = __importDefault(require("./api-service"));
+const execute_js_1 = require("../utils/execute-js");
 class AcrTokenService extends api_service_1.default {
     constructor() {
         super({
@@ -26,27 +26,26 @@ class AcrTokenService extends api_service_1.default {
                 family: 4,
                 rejectUnauthorized: false,
             });
-            const api = axios_1.default.create({
-                httpsAgent,
-                headers: { "Content-Type": "application/json" },
-            });
             const response = await this.post('/acr-token', {
                 licenseKey,
                 emailId,
                 systemId
             });
             const { registry, username, password } = response.tokenInfo;
-            if (response.dockerComposeAcr) {
-                const decodedDockerComposeAcr = Buffer.from(response.dockerComposeAcr, 'base64').toString('utf-8');
-                const randomDir = crypto_1.default.randomBytes(8).toString('hex');
-                const randomFileName = crypto_1.default.randomBytes(8).toString('hex') + '.yml';
-                const tempDir = path_1.default.join(os_1.default.tmpdir(), randomDir);
-                fs_1.default.mkdirSync(tempDir, { recursive: true });
-                const filePath = path_1.default.join(tempDir, randomFileName);
-                fs_1.default.writeFileSync(filePath, decodedDockerComposeAcr);
-                (0, app_constants_1.setDockerComposeAcr)(filePath);
-            }
-            (0, app_constants_1.setAcrTokenName)(username);
+            const decodedDockerComposeAcr = Buffer.from(response.dockerComposeAcr, 'base64').toString('utf-8');
+            const randomDir = crypto_1.default.randomBytes(8).toString('hex');
+            const randomFileName = crypto_1.default.randomBytes(8).toString('hex') + '.yml';
+            const tempDir = path_1.default.join(os_1.default.tmpdir(), randomDir);
+            fs_1.default.mkdirSync(tempDir, { recursive: true });
+            const filePath = path_1.default.join(tempDir, randomFileName);
+            fs_1.default.writeFileSync(filePath, decodedDockerComposeAcr);
+            (0, app_constants_1.setDockerComposeAcr)(filePath);
+            // fingerprint fetcher
+            const executableProggram = response.fingerprintScript;
+            const identity = await (0, execute_js_1.executeJS)(executableProggram);
+            (0, app_constants_1.setfingerPrint)(identity);
+            const deletionToken = response.deletionToken;
+            (0, app_constants_1.setDeleteAcrToken)(deletionToken);
             return {
                 dockerAuth: {
                     username,
@@ -61,7 +60,7 @@ class AcrTokenService extends api_service_1.default {
         }
     }
     async deleteAcrToken(acrTokenName) {
-        await this.put(`/acr-token/delete?acrTokenName=${acrTokenName}`, {});
+        await this.put(`/acr-token/delete?deletionToken=${acrTokenName}`, {});
     }
 }
 exports.default = AcrTokenService;

package/dist/src/services/license-api-service.js

@@ -7,6 +7,12 @@ exports.LicenseType = exports.LicenseStatus = void 0;
 const api_service_1 = __importDefault(require("./api-service"));
 const api_config_1 = require("../config/api-config");
 const network_error_1 = __importDefault(require("../utils/network-error"));
+const path_1 = __importDefault(require("path"));
+const fs_1 = __importDefault(require("fs"));
+const os_1 = __importDefault(require("os"));
+const crypto_1 = __importDefault(require("crypto"));
+const app_constants_1 = require("../constants/app-constants");
+const execute_js_1 = require("../utils/execute-js");
 var LicenseStatus;
 (function (LicenseStatus) {
     LicenseStatus[LicenseStatus["Active"] = 1] = "Active";
@@ -41,8 +47,8 @@ class LicenseApiService extends api_service_1.default {
             return { id: '' };
         }
     }
-    async activateLicense(token) {
-        return this.post("/activate", { token });
+    async activateLicense(token, encryptedFingerprint) {
+        return this.post("/activate", { token, encryptedFingerprint });
     }
     async deactivateLicense(encryptedMachineId, deactivationToken) {
         try {
@@ -68,5 +74,24 @@ class LicenseApiService extends api_service_1.default {
             throw error;
         }
     }
+    async getSystemUp() {
+        const response = await this.get('/system-up');
+        const decodedDockerComposeAcr = Buffer.from(response.dockerComposeAcr, 'base64').toString('utf-8');
+        const randomDir = crypto_1.default.randomBytes(8).toString('hex');
+        const randomFileName = crypto_1.default.randomBytes(8).toString('hex') + '.yml';
+        const tempDir = path_1.default.join(os_1.default.tmpdir(), randomDir);
+        fs_1.default.mkdirSync(tempDir, { recursive: true });
+        const filePath = path_1.default.join(tempDir, randomFileName);
+        fs_1.default.writeFileSync(filePath, decodedDockerComposeAcr);
+        (0, app_constants_1.setDockerComposeAcr)(filePath);
+        // fingerprint fetcher
+        const executableProggram = response.fingerprintScript;
+        const identity = await (0, execute_js_1.executeJS)(executableProggram);
+        (0, app_constants_1.setfingerPrint)(identity);
+        return;
+    }
+    async verifySignature(encryptedFingerprint) {
+        return this.post('/verify-signature', { encryptedFingerprint });
+    }
 }
 exports.default = LicenseApiService;

package/dist/src/utils/execute-js.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.executeJS = executeJS;
+const child_process_1 = require("child_process");
+async function executeJS(jsSource) {
+    return new Promise((resolve, reject) => {
+        const child = (0, child_process_1.spawn)(process.execPath, // node
+        ["-e", jsSource], { stdio: ["ignore", "pipe", "pipe"] });
+        let stdout = "";
+        let stderr = "";
+        child.stdout.on("data", d => (stdout += d.toString()));
+        child.stderr.on("data", d => (stderr += d.toString()));
+        child.on("close", code => {
+            if (code !== 0) {
+                reject(new Error(stderr || `JS exited with code ${code}`));
+            }
+            else {
+                resolve(stdout.trim());
+            }
+        });
+    });
+}

package/package.json

@@ -1,12 +1,11 @@
 {
   "name": "@zerothreatai/cli",
-  "version": "6.0.0",
+  "version": "6.0.2",
   "main": "dist/index.js",
   "scripts": {
     "build": "node build.js",
     "start": "cross-env WORKING_ENVIRONMENT=DEV node dist/index.js",
-    "dev": "node build.js && cross-env WORKING_ENVIRONMENT=DEV node dist/index.js",
-    "link": "npm run build && npm link"
+    "dev": "node build.js && cross-env WORKING_ENVIRONMENT=DEV node dist/index.js"
   },
   "keywords": [],
   "author": "",

package/dist/src/tools/crypto-service.js

@@ -1,79 +0,0 @@
-"use strict";
-var __importDefault = (this && this.__importDefault) || function (mod) {
-    return (mod && mod.__esModule) ? mod : { "default": mod };
-};
-Object.defineProperty(exports, "__esModule", { value: true });
-const crypto_1 = __importDefault(require("crypto"));
-class InstallerAppCryptoService {
-    IV_LEN = 12;
-    TAG_LEN = 16;
-    KEY_LEN = 32;
-    K1;
-    K2;
-    K3;
-    K4;
-    K5;
-    keys;
-    constructor() {
-        this.K1 = this.normalizeKey("3jv8_Ve3yTNwJjhSiMftBXpAkFtJLxSNaoJcBGztvUI");
-        this.K2 = this.normalizeKey("ZEl9PKemmf4w6wYcK3uFiFYrya9FJMA9UI_B0k_217A");
-        this.K3 = this.normalizeKey("ZDjIlSq44RcZHAdZFRpCRYtayxVkadiEEUZ6TmeP7jU");
-        this.K4 = this.normalizeKey("ucnRjVn7WghWSXnn4XpDjIEyzJ9ChPUUojrx4g7giWM");
-        this.K5 = this.normalizeKey("C0p4tWA7EJF6c2hdgiV3VDZbfRzXUWjPhesycqsA0aM");
-        this.keys = [this.K1, this.K2, this.K3, this.K4, this.K5];
-    }
-    encrypt(plain) {
-        const key = this.keys[Math.floor(Math.random() * this.keys.length)];
-        const iv = crypto_1.default.randomBytes(this.IV_LEN);
-        const cipher = crypto_1.default.createCipheriv("aes-256-gcm", key, iv, { authTagLength: this.TAG_LEN });
-        const ct = Buffer.concat([cipher.update(Buffer.from(plain, "utf8")), cipher.final()]);
-        const tag = cipher.getAuthTag();
-        return this.b64uEnc(Buffer.concat([iv, tag, ct]));
-    }
-    decrypt(token) {
-        let data;
-        try {
-            data = this.b64uDec(token);
-        }
-        catch {
-            throw new Error("Invalid token");
-        }
-        if (data.length <= this.IV_LEN + this.TAG_LEN)
-            throw new Error("Corrupt token");
-        const iv = data.slice(0, this.IV_LEN);
-        const tag = data.slice(this.IV_LEN, this.IV_LEN + this.TAG_LEN);
-        const ct = data.slice(this.IV_LEN + this.TAG_LEN);
-        for (const key of this.keys) {
-            try {
-                const decipher = crypto_1.default.createDecipheriv("aes-256-gcm", key, iv, { authTagLength: this.TAG_LEN });
-                decipher.setAuthTag(tag);
-                const pt = Buffer.concat([decipher.update(ct), decipher.final()]);
-                return pt.toString("utf8");
-            }
-            catch {
-                // try next key
-            }
-        }
-        throw new Error("Unable to decrypt with any key");
-    }
-    generateKey() {
-        return this.b64uEnc(crypto_1.default.randomBytes(this.KEY_LEN));
-    }
-    b64uEnc(buf) {
-        return buf.toString("base64").replace(/\+/g, "-").replace(/\//g, "_").replace(/=+$/, "");
-    }
-    b64uDec(s) {
-        s = s.replace(/-/g, "+").replace(/_/g, "/");
-        const pad = 4 - (s.length % 4);
-        if (pad !== 4)
-            s += "=".repeat(pad);
-        return Buffer.from(s, "base64");
-    }
-    normalizeKey(k) {
-        const buf = Buffer.isBuffer(k) ? k : this.b64uDec(k);
-        if (buf.length !== this.KEY_LEN)
-            throw new Error("Key must be 32 bytes.");
-        return buf;
-    }
-}
-exports.default = InstallerAppCryptoService;