autho 0.0.2 → 0.0.4

package/package.json

@@ -1,10 +1,11 @@
 {
   "name": "autho",
-  "version": "0.0.2",
+  "version": "0.0.4",
   "main": "index.js",
   "type": "module",
-  "bin":{
-    "autho": "./src/cli/bin.js"},
+  "bin": {
+    "autho": "src/cli/bin.js"
+  },
   "scripts": {
     "test": "echo \"Error: no test specified\" && exit 1"
   },

package/src/cli/bin.js

@@ -3,38 +3,38 @@
 import { Command } from "commander";
 import chalk from "chalk";
 import { prompt, ask } from "./utils.js";
-import Config from "../sdk/config.js";
+import DB from "../sdk/db.js";
 import Cipher from "../sdk/cipher.js";
 import createSecret from "./wizards/createSecret.js";
+import getEncryptionKey from "./wizards/getEncryptionKey.js";
+import getSecret from "./wizards/getSecret.js";
 import Secrets from "../sdk/secrets.js";
 import OTP from "../sdk/otp.js";
 
 const program = new Command();
 
-const getSecret = async (config) => {
-  const existingSecrets = config.get("secrets", []);
-  const choices = existingSecrets.map((secret) => ({
-    value: secret.id,
-    name: secret.name,
-  }));
+//type AppOptions = {
+//   masterPasswordHash?: string;
+//   masterPassword?: string;
+//   appFolder?: string;
+// };
 
-  const { id: secretId } = await prompt({
-    name: "id",
-    message: "Secrets:",
-    type: "list",
-    choices,
-    required: true,
-  });
-
-  const secrets = new Secrets(config);
-  const secret = await secrets.get(secretId);
-
-  if (!secret) {
-    throw new Error("Secret not found");
+class App {
+  constructor(options = {}) {
+    let masterPasswordHash =
+      options.masterPasswordHash || process.env.AUTHO_MASTER_PASSWORD_HASH;
+    const masterPassword = options.masterPassword || process.env.AUTHO_MASTER_PASSWORD;
+    if (!masterPasswordHash && !masterPassword) {
+      throw new Error("Master password or master password hash is required")
+    }
+    masterPasswordHash =
+      masterPasswordHash ||
+      Cipher.hash(masterPassword);
+    this.db = new DB({ encryptionKey: masterPasswordHash });
+    this.secrets = new Secrets(this);
   }
 
-  return secret;
-};
+}
 
 program
   .name("autho")
@@ -46,19 +46,13 @@ program
       const masterPassword = args.password
         ? args.password
         : await ask({
-            name: "masterPassword",
-            message: "Password:",
-            type: "password",
-            required: true,
-          });
-      const masterPasswordHash = Cipher.hash(masterPassword);
-      const config = new Config({ encryptionKey: masterPasswordHash });
-      let salt = config.get();
+          name: "masterPassword",
+          message: "Password:",
+          type: "password",
+          required: true,
+        });
 
-      if (!salt) {
-        salt = Cipher.random();
-        config.set("salt", salt);
-      }
+      const app = new App({ masterPassword });
 
       let choices = [
         { value: "create", name: "Create new secret" },
@@ -72,31 +66,52 @@ program
         choices,
         required: true,
       });
+
       switch (action) {
         case "create":
-          await createSecret(config, masterPasswordHash);
+          await createSecret(app);
           break;
 
         case "read":
-          const readSecret = await getSecret(config);
-    
-            switch (readSecret.type) {
-              case "otp":
-                const otp = new OTP(config, readSecret, masterPasswordHash);
-                console.log(otp.generate());
-                setTimeout(() => {
-                  console.log("Expired");
-                  process.exit(0);
-                }, 30000);
-                break;
-            }
-          
+          const readSecret = await getSecret(app);
+          let encryptionKey = app.db.encryptionKey
+          if (readSecret.protected) {
+            encryptionKey = await getEncryptionKey()
+          }
+
+          readSecret.value = Cipher.decrypt(
+            readSecret.value,
+            readSecret.publicKey,
+            encryptionKey,
+            readSecret.signature
+          );
+          switch (readSecret.type) {
+            case "password":
+              console.log("Username:", readSecret.typeOptions.username);
+              console.log("Password:", readSecret.value);
+              break;
+            case "note":
+              console.log("Note:", readSecret.value);
+              break;
+            case "otp":
+              const otp = new OTP(readSecret);
+              console.log("OTP code:", otp.generate());
+              setTimeout(() => {
+                console.log("Expired");
+                process.exit(0);
+              }, 30000);
+              break;
+          }
+
           break;
         case "delete":
-            const deleteSecret = getSecret(config);
-            const secrets = new Secrets(config);
-            secrets.remove(deleteSecret.id)
-          break;
+          const deleteSecret = await getSecret(app);
+          await app.secrets.remove(deleteSecret.id);
+          console.log("Removed");
+          process.exit(0);
+         default:
+          console.log("Unknown action:", action);
+          process.exit(1);
       }
     } catch (error) {
       console.log(

package/src/cli/wizards/createSecret.js

@@ -1,7 +1,8 @@
 import { prompt } from "../utils.js";
-import Secrets from "../../sdk/secrets.js";
+import getEncryptionKey from "./getEncryptionKey.js";
 
-const wizard = async (config, masterPasswordHash) => {
+const wizard = async (app) => {
+  const secrets = app.secrets;
   const info = await prompt([
     {
       name: "name",
@@ -12,44 +13,94 @@ const wizard = async (config, masterPasswordHash) => {
     {
       name: "type",
       message: "type:",
-      type: "choice",
-      default: "otp",
-      choices: ["otp"],
+      type: "list",
+      default: "password",
+      choices: ["password", "otp", "note"],
+      required: true,
+    },
+    {
+      name: "protected",
+      message: "protected:",
+      type: "confirm",
+      default: false,
       required: true,
     }
   ]);
 
   let newSecret = {};
+  let encryptionKey = app.db.encryptionKey
+
+  if (info.protected) {
+    encryptionKey = await getEncryptionKey(true)
+  }
 
   switch (info.type) {
+    case "password":
+      const password = await prompt([
+        {
+          name: "username",
+          message: "username:",
+          type: "input",
+          required: true,
+        },
+        {
+          name: "value",
+          message: "password:",
+          type: "password",
+          required: true,
+        },
+      ]);
+      newSecret = {
+        ...info,
+        value: password.value,
+        typeOptions: {
+          username: password.username,
+        },
+      };
+      break;
+    case "note":
+      const note = await prompt([
+        {
+          name: "value",
+          message: "note:",
+          type: "password",
+          required: true,
+        },
+      ]);
+      newSecret = {
+        ...info,
+        value: note.value,
+        typeOptions: {
+
+        },
+      };
+      break;
     case "otp":
-        const secret = await prompt([
-            {
-                name: "username",
-                message: "username:",
-                type: "input",
-                required: true,
-              },
-            {
-              name: "value",
-              message: "value:",
-              type: "password",
-              required: true,
-            },
-          ]);
-          newSecret = {
-            name: info.name,
-            type: info.type,
-            value: secret.value,
-            typeOptions: {
-              username: secret.username,
-            },
-          };
+      const otp = await prompt([
+        {
+          name: "username",
+          message: "username:",
+          type: "input",
+          required: true,
+        },
+        {
+          name: "value",
+          message: "value:",
+          type: "password",
+          required: true,
+        },
+      ]);
+      newSecret = {
+        ...info,
+        value: otp.value,
+        typeOptions: {
+          username: otp.username,
+        },
+      };
       break;
   }
 
-  const secrets = new Secrets(config);
-  await secrets.add(newSecret, masterPasswordHash);
+  await secrets.add(newSecret, encryptionKey);
 };
 
 export default wizard;

package/src/cli/wizards/getEncryptionKey.js

@@ -0,0 +1,30 @@
+import Cipher from "../../sdk/cipher.js";
+import { prompt } from "../utils.js";
+
+const wizard = async (confirm = false) => {
+  const questions = [{
+    name: "password",
+    message: "password:",
+    type: "password",
+    required: true,
+  }
+  ]
+  if (confirm) {
+    questions.push({
+      name: "confirmPassword",
+      message: "confirm password:",
+      type: "password",
+      required: true,
+    });
+  }
+  const input = await prompt(questions);
+
+  if (input.confirmPassword && input.password !== input.confirmPassword) {
+    throw new Error("Passwords do not match");
+  }
+
+  return Cipher.hash(input.password);
+}
+
+
+export default wizard;

package/src/cli/wizards/getSecret.js

@@ -0,0 +1,31 @@
+import { prompt } from "../utils.js";
+
+const wizard = async (app) => {
+  const existingSecrets = app.db.get("secrets", []);
+
+  if (existingSecrets.length === 0) {
+    throw new Error("No secrets found");
+  }
+
+  const choices = existingSecrets.map((secret) => ({
+    value: secret.id,
+    name: `${secret.name} (${secret.typeOptions.username || secret.id})`,
+  }));
+
+  const { id: secretId } = await prompt({
+    name: "id",
+    message: "Secrets:",
+    type: "list",
+    choices,
+    required: true,
+  });
+  const secret = await app.secrets.get(secretId);
+
+  if (!secret) {
+    throw new Error("Secret not found");
+  }
+
+  return secret;
+};
+
+export default wizard;

package/src/models/Secret.js

@@ -2,10 +2,10 @@ import Joi from 'joi';
 import Cipher from "../sdk/cipher.js";
 
 export const createSecretSchema = Joi.object({
-    id: Joi.string().default(Cipher.random()), 
+    id: Joi.string().default(Cipher.randomString()), 
     protected: Joi.boolean().default(false), // ask for password
     name: Joi.string().required(),
-    type: Joi.string().required().valid('otp'),
+    type: Joi.string().required().valid('otp', 'password', 'note'),
     value: Joi.string().required(),
     typeOptions: Joi.object().default({}),
     createdAt: Joi.date().default(new Date()),

package/src/sdk/cipher.js

@@ -1,49 +1,69 @@
 import crypto from "crypto";
 
 export default class Cipher {
-  constructor(config) {
-    this.config = config;
-    this.salt = config.get("salt", "");
-  }
 
-  static hash(text) {
-    const hash = crypto.createHash("sha256");
+  static hash(text, algorithm = "sha256") {
+    const hash = crypto.createHash(algorithm);
     hash.update(text);
 
     return hash.digest("hex");
   }
 
-  static random() {
-    const rnd = crypto.randomBytes(16).toString("hex");
+  static random(size = 16) {
+    const rnd = crypto.randomBytes(size);
+
+    return rnd;
+  }
+
+  static randomString() {
+    const rnd = Cipher.random().toString("hex");
 
     return rnd;
   }
 
-  static createKey(salt="") {
-    const rnd = Cipher.random(salt)
+  static sign(text) {
+    const hash = Cipher.hash(text)
+    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
 
-    return Cipher.hash(salt+rnd);
+    return signature;
   }
 
-  encrypt(text, password) {
-    const publicKey = Cipher.createKey(this.salt);
-    const cipher = crypto.createCipher(
-      "aes-256-cbc",
-       publicKey + password
+  static verify(text, signature) {
+    const expectedSignature = Cipher.sign(text)
+
+    return expectedSignature === signature;
+  }
+
+  static encrypt(text, encryptionKey, algorithm = "aes-256-ctr") {
+    const publicKey = Cipher.randomString();
+    let cipher = crypto.createCipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, "hex"),
+      Buffer.from(publicKey, "hex"),
     );
-    let encrypted = cipher.update(text, "utf8", "hex");
-    encrypted += cipher.final("hex");
+    let encrypted = cipher.update(text);
+    encrypted = Buffer.concat([encrypted, cipher.final()]);
+    encrypted = encrypted.toString("hex");
 
-    return { publicKey, encrypted };
+    return { publicKey, encrypted, algorithm, signature: Cipher.sign(text) };
   }
 
-  decrypt(encryptedText, publicKey, password) {
-    const decipher = crypto.createDecipher(
-      "aes-256-cbc",
-      publicKey + password
+  static decrypt(encryptedText, publicKey, encryptionKey, signature, algorithm = "aes-256-ctr") {
+    encryptedText = Buffer.from(encryptedText, "hex");
+
+    let decipher = crypto.createDecipheriv(
+      algorithm,
+      Buffer.from(encryptionKey, "hex"),
+      Buffer.from(publicKey, "hex")
     );
-    let decrypted = decipher.update(encryptedText, "hex", "utf8");
-    decrypted += decipher.final("utf8");
+
+    let decrypted = decipher.update(encryptedText);
+    decrypted = Buffer.concat([decrypted, decipher.final()]);
+    decrypted = decrypted.toString();
+
+    if (!Cipher.verify(decrypted, signature)) {
+      throw new Error("Invalid signature")
+    }
 
     return decrypted;
   }

package/src/sdk/db.js

@@ -0,0 +1,23 @@
+import Conf from "conf";
+
+const { AUTHO_ENCRYPTION_KEY = "", AUTHO_NAME = 'default' } = process.env;
+
+export default class DB {
+    constructor({
+        encryptionKey = AUTHO_ENCRYPTION_KEY,
+        configName = AUTHO_NAME
+    }) {
+        this.encryptionKey = encryptionKey;
+        this.client = new Conf({ projectName: "autho", encryptionKey, configName });
+    }
+
+    get(key, defaultValue) {
+        return this.client.get(key, defaultValue);
+    }
+
+    set(key, value) {
+        this.client.set(key, value);
+    }
+
+}
+

package/src/sdk/otp.js

@@ -1,16 +1,15 @@
 import * as OTPAuth from "otpauth";
-import Cipher from "./cipher.js";
 
 export default class OTP {
-  constructor(config, secret, password) {
-    const cipher = new Cipher(config);
+  constructor(secret) {
+
     const options = {
-      issuer: "ACME",
+      issuer: "Autho",
       label: secret.name,
       algorithm: "SHA1",
       digits: 6,
       period: 30,
-      secret: cipher.decrypt(secret.value, secret.publicKey, password),
+      secret: secret.value,
     };
 
     this.totp = new OTPAuth.TOTP(options);

package/src/sdk/secrets.js

@@ -1,38 +1,39 @@
 import { createSecretSchema } from "../models/Secret.js";
-import Cipher from "./cipher.js";
+import Cipher from "../sdk/cipher.js";
 
 export default class Secrets {
-  constructor(config) {
-    this.config = config;
-    this.cipher = new Cipher(config);
+  constructor(app) {
+    this.db = app.db;
   }
 
   get secrets() {
-    return this.config.get("secrets", []);
+    return this.db.get("secrets", []);
   }
 
   set secrets(value) {
-    this.config.set("secrets", value);
+    this.db.set("secrets", value);
   }
 
   async get(id) {
     return this.secrets.find((secret) => secret.id == id);
   }
 
-  async add(secret, password) {
+  async add(secret, encryptionKey) {
     const { value, error } = createSecretSchema.validate(secret);
     if (error) {
       throw new Error(error);
     }
 
-    const { publicKey, encrypted } = this.cipher.encrypt(value.value, password);
-    value.value = encrypted;
-    value.publicKey = publicKey;
+    const { encrypted, ...encryption } = Cipher.encrypt(value.value, encryptionKey);
 
-    this.secrets = [...this.secrets, value];
+    this.secrets = [...this.secrets, { ...value, ...encryption, value: encrypted }];
   }
 
   async remove(id) {
     this.secrets = this.secrets.filter((secret) => secret.id != id);
   }
+
+  async clear() {
+    this.secrets = [];
+  }
 }

package/src/sdk/config.js

@@ -1,20 +0,0 @@
-import Conf from "conf";
-
-export default class Config {
-    constructor({
-        encryptionKey,
-        configName='default'
-    }) {
-        this.config = new Conf({ projectName: "autho", encryptionKey, configName });
-    }
-
-    get(key, defaultValue) {
-        return this.config.get(key, defaultValue);
-    }
-
-    set(key, value) {
-        this.config.set(key, value);
-    }
-
-}
-