autho 0.0.3 → 0.0.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "autho",
-  "version": "0.0.3",
+  "version": "0.0.4",
   "main": "index.js",
   "type": "module",
   "bin": {

package/src/cli/bin.js

@@ -3,42 +3,38 @@
 import { Command } from "commander";
 import chalk from "chalk";
 import { prompt, ask } from "./utils.js";
-import Config from "../sdk/config.js";
+import DB from "../sdk/db.js";
 import Cipher from "../sdk/cipher.js";
 import createSecret from "./wizards/createSecret.js";
+import getEncryptionKey from "./wizards/getEncryptionKey.js";
+import getSecret from "./wizards/getSecret.js";
 import Secrets from "../sdk/secrets.js";
 import OTP from "../sdk/otp.js";
 
 const program = new Command();
 
-const getSecret = async (config) => {
-  const existingSecrets = config.get("secrets", []);
+//type AppOptions = {
+//   masterPasswordHash?: string;
+//   masterPassword?: string;
+//   appFolder?: string;
+// };
 
-  if (existingSecrets.length === 0) {
-    throw new Error("No secrets found");
-  }
-
-  const choices = existingSecrets.map((secret) => ({
-    value: secret.id,
-    name: `${secret.name} (${secret.typeOptions.username || secret.id})`,
-  }));
-
-  const { id: secretId } = await prompt({
-    name: "id",
-    message: "Secrets:",
-    type: "list",
-    choices,
-    required: true,
-  });
-  const secrets = new Secrets(config);
-  const secret = await secrets.get(secretId);
-
-  if (!secret) {
-    throw new Error("Secret not found");
+class App {
+  constructor(options = {}) {
+    let masterPasswordHash =
+      options.masterPasswordHash || process.env.AUTHO_MASTER_PASSWORD_HASH;
+    const masterPassword = options.masterPassword || process.env.AUTHO_MASTER_PASSWORD;
+    if (!masterPasswordHash && !masterPassword) {
+      throw new Error("Master password or master password hash is required")
+    }
+    masterPasswordHash =
+      masterPasswordHash ||
+      Cipher.hash(masterPassword);
+    this.db = new DB({ encryptionKey: masterPasswordHash });
+    this.secrets = new Secrets(this);
   }
 
-  return secret;
-};
+}
 
 program
   .name("autho")
@@ -55,8 +51,8 @@ program
           type: "password",
           required: true,
         });
-      const masterPasswordHash = Cipher.hash(masterPassword);
-      const config = new Config({ encryptionKey: masterPasswordHash });
+
+      const app = new App({ masterPassword });
 
       let choices = [
         { value: "create", name: "Create new secret" },
@@ -70,15 +66,25 @@ program
         choices,
         required: true,
       });
+
       switch (action) {
         case "create":
-          await createSecret(config, masterPasswordHash);
+          await createSecret(app);
           break;
 
         case "read":
-          const readSecret = await getSecret(config);
-          readSecret.value = Cipher.decrypt(readSecret.value, readSecret.publicKey, masterPasswordHash)
+          const readSecret = await getSecret(app);
+          let encryptionKey = app.db.encryptionKey
+          if (readSecret.protected) {
+            encryptionKey = await getEncryptionKey()
+          }
 
+          readSecret.value = Cipher.decrypt(
+            readSecret.value,
+            readSecret.publicKey,
+            encryptionKey,
+            readSecret.signature
+          );
           switch (readSecret.type) {
             case "password":
               console.log("Username:", readSecret.typeOptions.username);
@@ -99,12 +105,13 @@ program
 
           break;
         case "delete":
-          const deleteSecret = await getSecret(config);
-          const secrets = new Secrets(config);
-          await secrets.remove(deleteSecret.id)
+          const deleteSecret = await getSecret(app);
+          await app.secrets.remove(deleteSecret.id);
           console.log("Removed");
           process.exit(0);
-          break;
+         default:
+          console.log("Unknown action:", action);
+          process.exit(1);
       }
     } catch (error) {
       console.log(

package/src/cli/wizards/createSecret.js

@@ -1,7 +1,8 @@
 import { prompt } from "../utils.js";
-import Secrets from "../../sdk/secrets.js";
+import getEncryptionKey from "./getEncryptionKey.js";
 
-const wizard = async (config, masterPasswordHash) => {
+const wizard = async (app) => {
+  const secrets = app.secrets;
   const info = await prompt([
     {
       name: "name",
@@ -16,10 +17,22 @@ const wizard = async (config, masterPasswordHash) => {
       default: "password",
       choices: ["password", "otp", "note"],
       required: true,
+    },
+    {
+      name: "protected",
+      message: "protected:",
+      type: "confirm",
+      default: false,
+      required: true,
     }
   ]);
 
   let newSecret = {};
+  let encryptionKey = app.db.encryptionKey
+
+  if (info.protected) {
+    encryptionKey = await getEncryptionKey(true)
+  }
 
   switch (info.type) {
     case "password":
@@ -38,8 +51,7 @@ const wizard = async (config, masterPasswordHash) => {
         },
       ]);
       newSecret = {
-        name: info.name,
-        type: info.type,
+        ...info,
         value: password.value,
         typeOptions: {
           username: password.username,
@@ -56,8 +68,7 @@ const wizard = async (config, masterPasswordHash) => {
         },
       ]);
       newSecret = {
-        name: info.name,
-        type: info.type,
+        ...info,
         value: note.value,
         typeOptions: {
 
@@ -80,8 +91,7 @@ const wizard = async (config, masterPasswordHash) => {
         },
       ]);
       newSecret = {
-        name: info.name,
-        type: info.type,
+        ...info,
         value: otp.value,
         typeOptions: {
           username: otp.username,
@@ -90,8 +100,7 @@ const wizard = async (config, masterPasswordHash) => {
       break;
   }
 
-  const secrets = new Secrets(config);
-  await secrets.add(newSecret, masterPasswordHash);
+  await secrets.add(newSecret, encryptionKey);
 };
 
 export default wizard;

package/src/cli/wizards/getEncryptionKey.js

@@ -0,0 +1,30 @@
+import Cipher from "../../sdk/cipher.js";
+import { prompt } from "../utils.js";
+
+const wizard = async (confirm = false) => {
+  const questions = [{
+    name: "password",
+    message: "password:",
+    type: "password",
+    required: true,
+  }
+  ]
+  if (confirm) {
+    questions.push({
+      name: "confirmPassword",
+      message: "confirm password:",
+      type: "password",
+      required: true,
+    });
+  }
+  const input = await prompt(questions);
+
+  if (input.confirmPassword && input.password !== input.confirmPassword) {
+    throw new Error("Passwords do not match");
+  }
+
+  return Cipher.hash(input.password);
+}
+
+
+export default wizard;

package/src/cli/wizards/getSecret.js

@@ -0,0 +1,31 @@
+import { prompt } from "../utils.js";
+
+const wizard = async (app) => {
+  const existingSecrets = app.db.get("secrets", []);
+
+  if (existingSecrets.length === 0) {
+    throw new Error("No secrets found");
+  }
+
+  const choices = existingSecrets.map((secret) => ({
+    value: secret.id,
+    name: `${secret.name} (${secret.typeOptions.username || secret.id})`,
+  }));
+
+  const { id: secretId } = await prompt({
+    name: "id",
+    message: "Secrets:",
+    type: "list",
+    choices,
+    required: true,
+  });
+  const secret = await app.secrets.get(secretId);
+
+  if (!secret) {
+    throw new Error("Secret not found");
+  }
+
+  return secret;
+};
+
+export default wizard;

package/src/sdk/cipher.js

@@ -1,19 +1,15 @@
 import crypto from "crypto";
 
-const algorithm = "aes-256-ctr";
-const IV_LENGTH = 16;
-
 export default class Cipher {
-  constructor() { }
 
-  static hash(text) {
-    const hash = crypto.createHash("sha256");
+  static hash(text, algorithm = "sha256") {
+    const hash = crypto.createHash(algorithm);
     hash.update(text);
 
     return hash.digest("hex");
   }
 
-  static random(size = IV_LENGTH) {
+  static random(size = 16) {
     const rnd = crypto.randomBytes(size);
 
     return rnd;
@@ -25,30 +21,50 @@ export default class Cipher {
     return rnd;
   }
 
-  static encrypt(text, password) {
+  static sign(text) {
+    const hash = Cipher.hash(text)
+    const signature = `${hash.substring(0, 10)}:${hash.substring(hash.length - 10)}`;
+
+    return signature;
+  }
+
+  static verify(text, signature) {
+    const expectedSignature = Cipher.sign(text)
+
+    return expectedSignature === signature;
+  }
+
+  static encrypt(text, encryptionKey, algorithm = "aes-256-ctr") {
     const publicKey = Cipher.randomString();
     let cipher = crypto.createCipheriv(
       algorithm,
-      Buffer.from(password, "hex"),
+      Buffer.from(encryptionKey, "hex"),
       Buffer.from(publicKey, "hex"),
     );
     let encrypted = cipher.update(text);
     encrypted = Buffer.concat([encrypted, cipher.final()]);
     encrypted = encrypted.toString("hex");
 
-    return { publicKey, encrypted };
+    return { publicKey, encrypted, algorithm, signature: Cipher.sign(text) };
   }
 
-  static decrypt(encryptedText, publicKey, password) {
+  static decrypt(encryptedText, publicKey, encryptionKey, signature, algorithm = "aes-256-ctr") {
     encryptedText = Buffer.from(encryptedText, "hex");
+
     let decipher = crypto.createDecipheriv(
       algorithm,
-      Buffer.from(password, "hex"),
+      Buffer.from(encryptionKey, "hex"),
       Buffer.from(publicKey, "hex")
     );
+
     let decrypted = decipher.update(encryptedText);
     decrypted = Buffer.concat([decrypted, decipher.final()]);
+    decrypted = decrypted.toString();
+
+    if (!Cipher.verify(decrypted, signature)) {
+      throw new Error("Invalid signature")
+    }
 
-    return decrypted.toString();
+    return decrypted;
   }
 }

package/src/sdk/{config.js → db.js}

@@ -2,20 +2,21 @@ import Conf from "conf";
 
 const { AUTHO_ENCRYPTION_KEY = "", AUTHO_NAME = 'default' } = process.env;
 
-export default class Config {
+export default class DB {
     constructor({
         encryptionKey = AUTHO_ENCRYPTION_KEY,
         configName = AUTHO_NAME
     }) {
-        this.config = new Conf({ projectName: "autho", encryptionKey, configName });
+        this.encryptionKey = encryptionKey;
+        this.client = new Conf({ projectName: "autho", encryptionKey, configName });
     }
 
     get(key, defaultValue) {
-        return this.config.get(key, defaultValue);
+        return this.client.get(key, defaultValue);
     }
 
     set(key, value) {
-        this.config.set(key, value);
+        this.client.set(key, value);
     }
 
 }

package/src/sdk/secrets.js

@@ -1,34 +1,32 @@
 import { createSecretSchema } from "../models/Secret.js";
-import Cipher from "./cipher.js";
+import Cipher from "../sdk/cipher.js";
 
 export default class Secrets {
-  constructor(config) {
-    this.config = config;
+  constructor(app) {
+    this.db = app.db;
   }
 
   get secrets() {
-    return this.config.get("secrets", []);
+    return this.db.get("secrets", []);
   }
 
   set secrets(value) {
-    this.config.set("secrets", value);
+    this.db.set("secrets", value);
   }
 
   async get(id) {
     return this.secrets.find((secret) => secret.id == id);
   }
 
-  async add(secret, password) {
+  async add(secret, encryptionKey) {
     const { value, error } = createSecretSchema.validate(secret);
     if (error) {
       throw new Error(error);
     }
 
-    const { publicKey, encrypted } = Cipher.encrypt(value.value, password);
-    value.value = encrypted;
-    value.publicKey = publicKey;
+    const { encrypted, ...encryption } = Cipher.encrypt(value.value, encryptionKey);
 
-    this.secrets = [...this.secrets, value];
+    this.secrets = [...this.secrets, { ...value, ...encryption, value: encrypted }];
   }
 
   async remove(id) {