autho 0.0.3 → 1.0.0

package/app.js

@@ -0,0 +1,39 @@
+import Secrets from 'sdk/secrets.js';
+import DB from 'sdk/db.js';
+import Cipher from 'sdk/cipher.js';
+import config from 'shared/config.js';
+import { ask } from './utils.js';
+
+export default class App {
+  constructor(options = {}) {
+    this.encryptionKey = options.encryptionKey || config.masterPasswordHash;
+    this.dataFolder = options.dataFolder || config.dataFolder;
+    this.name = options.name || 'default';
+
+    this.db = new DB({
+      encryptionKey: this.encryptionKey,
+      dataFolder: this.dataFolder,
+      name: this.name,
+    });
+    this.secrets = new Secrets(this.db);
+  }
+
+  static async masterKey(masterPassword, masterPasswordHash) {
+    masterPassword = masterPassword || config.masterPassword;
+
+    if (masterPasswordHash) {
+      return masterPasswordHash;
+    } else if (!masterPassword) {
+      masterPassword = await ask({
+        name: 'masterPassword',
+        message: 'Password:',
+        type: 'password',
+        required: true,
+      });
+    }
+
+    masterPasswordHash = Cipher.hash(masterPassword);
+
+    return masterPasswordHash;
+  }
+}

package/bin.js

@@ -0,0 +1,117 @@
+#!/usr/bin/env node
+
+import { Command } from 'commander';
+import Path from 'path';
+import { prompt } from './utils.js';
+import App from './app.js';
+import Cipher from 'sdk/cipher.js';
+import createSecret from './wizards/createSecret.js';
+import getEncryptionKey from './wizards/getEncryptionKey.js';
+import getSecret from './wizards/getSecret.js';
+import OTP from 'sdk/otp.js';
+import { Logger } from 'shared/logger.js';
+
+const logger = new Logger();
+const program = new Command();
+
+const getAuthoAbsolutePath = (path) => {
+  if (Path.isAbsolute(path)) {
+    return Path.join(path, '.autho');
+  }
+
+  return Path.join(process.cwd(), path, '.autho');
+};
+
+program
+  .name('autho')
+  .description('Secrets manager')
+  .version('0.0.1')
+  .option('-p, --password <password>', 'Master password')
+  .option('-ph, --passwordHash <passwordHash>', 'Master password hash')
+  .option('-n, --name <name>', 'Collection name', 'default')
+  .option(
+    '-d, --dataFolder <folderPath>',
+    'Folder path to store secrets db',
+    getAuthoAbsolutePath
+  )
+  .action(async (args) => {
+    try {
+      logger.debug('args:', args);
+      args.encryptionKey = await App.masterKey(
+        args.password,
+        args.passwordHash
+      );
+      const app = new App(args);
+      logger.debug(`Reading data from:`, app.db.path());
+
+      let choices = [
+        { value: 'create', name: 'Create new secret' },
+        { value: 'read', name: 'Read secret' },
+        { value: 'delete', name: 'Delete secret' },
+      ];
+
+      const { action } = await prompt({
+        name: 'action',
+        type: 'list',
+        choices,
+        required: true,
+      });
+
+      switch (action) {
+        case 'create':
+          await createSecret(app);
+          break;
+
+        case 'read':
+          {
+            const readSecret = await getSecret(app);
+            let encryptionKey = app.db.encryptionKey;
+            if (readSecret.protected) {
+              encryptionKey = await getEncryptionKey();
+            }
+
+            readSecret.value = Cipher.decrypt({ ...readSecret, encryptionKey });
+
+            switch (readSecret.type) {
+              case 'password':
+                console.log('Username:', readSecret.typeOptions.username);
+                console.log('Password:', readSecret.value);
+                break;
+              case 'note':
+                console.log('Note:', readSecret.value);
+                break;
+              case 'otp':
+                {
+                  const otp = new OTP(readSecret);
+                  console.log('OTP code:', otp.generate());
+                  setTimeout(() => {
+                    console.log('Expired');
+                    process.exit(0);
+                  }, 30000);
+                }
+
+                break;
+            }
+          }
+
+          break;
+        case 'delete':
+          {
+            const deleteSecret = await getSecret(app);
+            await app.secrets.remove(deleteSecret.id);
+            console.log('Removed');
+            process.exit(0);
+          }
+          break;
+        default:
+          console.log('Unknown action:', action);
+          process.exit(1);
+      }
+    } catch (error) {
+      logger.error('Something went wrong, Error: ', error.message);
+      console.log(error.stack);
+      process.exit(1);
+    }
+  });
+
+program.parse();

package/package.json

@@ -1,25 +1,19 @@
 {
   "name": "autho",
-  "version": "0.0.3",
+  "version": "1.0.0",
+  "description": "",
   "main": "index.js",
   "type": "module",
-  "bin": {
-    "autho": "src/cli/bin.js"
-  },
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "keywords": [],
-  "author": "",
-  "license": "ISC",
   "dependencies": {
     "commander": "^12.0.0",
-    "conf": "^12.0.0",
     "inquirer": "^9.2.17",
-    "inquirer-autocomplete-standalone": "^0.8.1",
-    "joi": "^17.12.2",
-    "otpauth": "^9.2.2"
+    "sdk": "1.0.0",
+    "shared": "1.0.0"
   },
-  "devDependencies": {},
-  "description": "Open Source Authentication and Password Management Tool"
-}
+  "keywords": [],
+  "author": "",
+  "license": "ISC",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  }
+}

package/{src/cli/utils.js → utils.js}

@@ -1,15 +1,15 @@
-import inquirer from "inquirer";
-
-export const prompt = inquirer.prompt;
-
-export const ask = async ({ name = "", message = "", type = "input" }) => {
-  const answers = await inquirer.prompt([
-    {
-      name,
-      message,
-      type,
-    },
-  ]);
-
-  return answers[name];
-};
+import inquirer from 'inquirer';
+
+export const prompt = inquirer.prompt;
+
+export const ask = async ({ name = '', message = '', type = 'input' }) => {
+  const answers = await inquirer.prompt([
+    {
+      name,
+      message,
+      type,
+    },
+  ]);
+
+  return answers[name];
+};

package/wizards/createSecret.js

@@ -0,0 +1,124 @@
+import { prompt } from '../utils.js';
+import getEncryptionKey from './getEncryptionKey.js';
+
+const wizard = async (app) => {
+  const secrets = app.secrets;
+  const info = await prompt([
+    {
+      name: 'name',
+      message: 'name:',
+      type: 'input',
+      required: true,
+    },
+    {
+      name: 'type',
+      message: 'type:',
+      type: 'list',
+      default: 'password',
+      choices: [
+        { name: 'Password', value: 'password' },
+        { name: 'OTP', value: 'otp' },
+        { name: 'Note', value: 'note' },
+      ],
+      required: true,
+    },
+    {
+      name: 'protected',
+      message: 'protected:',
+      type: 'confirm',
+      default: false,
+      required: true,
+    },
+  ]);
+
+  let newSecret = { typeOptions: {} };
+  let encryptionKey = app.db.encryptionKey;
+
+  if (info.protected) {
+    encryptionKey = await getEncryptionKey(true);
+  }
+
+  switch (info.type) {
+    case 'password':
+      {
+        const password = await prompt([
+          {
+            name: 'url',
+            message: 'url:',
+            type: 'input',
+            required: false,
+          },
+          {
+            name: 'username',
+            message: 'username:',
+            type: 'input',
+            required: true,
+          },
+          {
+            name: 'value',
+            message: 'password:',
+            type: 'password',
+            required: true,
+          },
+        ]);
+        newSecret = {
+          ...info,
+          value: password.value,
+          typeOptions: {
+            username: password.username,
+            url: password.url,
+          },
+        };
+      }
+
+      break;
+    case 'note':
+      {
+        const note = await prompt([
+          {
+            name: 'value',
+            message: 'note:',
+            type: 'password',
+            required: true,
+          },
+        ]);
+        newSecret = {
+          ...info,
+          value: note.value,
+          typeOptions: {},
+        };
+      }
+
+      break;
+    case 'otp':
+      {
+        const otp = await prompt([
+          {
+            name: 'username',
+            message: 'username:',
+            type: 'input',
+            required: true,
+          },
+          {
+            name: 'value',
+            message: 'value:',
+            type: 'password',
+            required: true,
+          },
+        ]);
+        newSecret = {
+          ...info,
+          value: otp.value,
+          typeOptions: {
+            username: otp.username,
+          },
+        };
+      }
+
+      break;
+  }
+
+  await secrets.add(newSecret, encryptionKey);
+};
+
+export default wizard;

package/wizards/getEncryptionKey.js

@@ -0,0 +1,30 @@
+import Cipher from 'sdk/cipher.js';
+import { prompt } from '../utils.js';
+
+const wizard = async (confirm = false) => {
+  const questions = [
+    {
+      name: 'password',
+      message: 'password:',
+      type: 'password',
+      required: true,
+    },
+  ];
+  if (confirm) {
+    questions.push({
+      name: 'confirmPassword',
+      message: 'confirm password:',
+      type: 'password',
+      required: true,
+    });
+  }
+  const input = await prompt(questions);
+
+  if (input.confirmPassword && input.password !== input.confirmPassword) {
+    throw new Error('Passwords do not match');
+  }
+
+  return Cipher.hash(input.password);
+};
+
+export default wizard;

package/wizards/getSecret.js

@@ -0,0 +1,31 @@
+import { prompt } from '../utils.js';
+
+const wizard = async (app) => {
+  const existingSecrets = app.db.get('secrets', []);
+
+  if (existingSecrets.length === 0) {
+    throw new Error('No secrets found');
+  }
+
+  const choices = existingSecrets.map((secret) => ({
+    value: secret.id,
+    name: `${secret.name} (${secret.typeOptions.username || secret.id})`,
+  }));
+
+  const { id: secretId } = await prompt({
+    name: 'id',
+    message: 'Secrets:',
+    type: 'list',
+    choices,
+    required: true,
+  });
+  const secret = await app.secrets.get(secretId);
+
+  if (!secret) {
+    throw new Error('Secret not found');
+  }
+
+  return secret;
+};
+
+export default wizard;

package/Readme.md

@@ -1,63 +0,0 @@
-# Autho: Open Source Authentication and Password Management Tool
-
-Autho is an open-source, self-hosted alternative to services like Authy, providing One-Time Password (OTP) generation and password management functionalities. With Autho, users can securely manage their authentication tokens and passwords while maintaining full control over their data.
-
-## Features
-
-- **OTP Generation**: Autho allows users to generate One-Time Passwords (OTPs) for two-factor authentication (2FA) using industry-standard algorithms.
-  
-- **Password Management**: Autho provides a secure vault for users to store and manage their passwords, ensuring easy access and strong encryption.
-
-- **Self-Hosted**: Autho can be self-hosted, giving users complete control over their data and eliminating reliance on third-party services.
-
-- **Open Source**: Autho is open-source software, allowing users to inspect, modify, and contribute to its codebase, ensuring transparency and security.
-
-## Installation
-
-To install Autho globally, use npm:
-
-```sh
-npm install -g autho
-```
-
-## Usage
-
-After installing Autho, you can run the `autho` command in your terminal to access its functionalities:
-
-This will start the Autho CLI, where you can generate OTPs, manage passwords, and configure settings as needed.
-
-## Getting Started
-
-1. **Setting Up Autho**: After installation, run the `autho` command to set up Autho for the first time. Follow the on-screen instructions to configure your master password and other settings.
-
-2. **Generating OTPs**: Use Autho to generate OTPs for your accounts by providing the associated account name or label. Autho will generate a time-based OTP using a secure algorithm.
-
-3. **Managing Passwords**: Autho provides a secure vault for storing and managing your passwords. You can add, view, update, and delete passwords using the CLI interface.
-
-4. **Self-Hosting**: If you prefer self-hosting, deploy Autho on your own server by following the instructions provided in the documentation.
-
-## Security Considerations
-
-- **Encryption**: Autho employs strong encryption algorithms to protect user data, ensuring that passwords and OTPs are securely stored.
-
-- **Master Password**: Users are required to set a master password during setup, which is used to encrypt and decrypt their data. Choose a strong and unique master password to enhance security.
-
-- **Self-Hosting**: By self-hosting Autho, users maintain control over their data and reduce reliance on external services, minimizing the risk of data breaches.
-
-- **Regular Updates**: Keep Autho and its dependencies up to date to ensure that security vulnerabilities are addressed promptly.
-
-## Contributing
-
-Autho is an open-source project, and contributions are welcome! Feel free to report issues, suggest features, or submit pull requests on the project's GitHub repository.
-
-## License
-
-Autho is licensed under the [MIT License](link-to-license), allowing for unrestricted use, modification, and distribution.
-
-## Support
-
-For support or inquiries, please reach out to the [official Autho community](link-to-community) for assistance.
-
-## Acknowledgments
-
-Autho is built upon various open-source libraries and technologies. We extend our gratitude to the developers and contributors of these projects.

package/src/cli/bin.js

@@ -1,119 +0,0 @@
-#!/usr/bin/env node
-
-import { Command } from "commander";
-import chalk from "chalk";
-import { prompt, ask } from "./utils.js";
-import Config from "../sdk/config.js";
-import Cipher from "../sdk/cipher.js";
-import createSecret from "./wizards/createSecret.js";
-import Secrets from "../sdk/secrets.js";
-import OTP from "../sdk/otp.js";
-
-const program = new Command();
-
-const getSecret = async (config) => {
-  const existingSecrets = config.get("secrets", []);
-
-  if (existingSecrets.length === 0) {
-    throw new Error("No secrets found");
-  }
-
-  const choices = existingSecrets.map((secret) => ({
-    value: secret.id,
-    name: `${secret.name} (${secret.typeOptions.username || secret.id})`,
-  }));
-
-  const { id: secretId } = await prompt({
-    name: "id",
-    message: "Secrets:",
-    type: "list",
-    choices,
-    required: true,
-  });
-  const secrets = new Secrets(config);
-  const secret = await secrets.get(secretId);
-
-  if (!secret) {
-    throw new Error("Secret not found");
-  }
-
-  return secret;
-};
-
-program
-  .name("autho")
-  .description("Secrets manager")
-  .version("0.0.1")
-  .option("-p, --password <password>", "Master password")
-  .action(async (args) => {
-    try {
-      const masterPassword = args.password
-        ? args.password
-        : await ask({
-          name: "masterPassword",
-          message: "Password:",
-          type: "password",
-          required: true,
-        });
-      const masterPasswordHash = Cipher.hash(masterPassword);
-      const config = new Config({ encryptionKey: masterPasswordHash });
-
-      let choices = [
-        { value: "create", name: "Create new secret" },
-        { value: "read", name: "Read secret" },
-        { value: "delete", name: "Delete secret" },
-      ];
-
-      const { action } = await prompt({
-        name: "action",
-        type: "list",
-        choices,
-        required: true,
-      });
-      switch (action) {
-        case "create":
-          await createSecret(config, masterPasswordHash);
-          break;
-
-        case "read":
-          const readSecret = await getSecret(config);
-          readSecret.value = Cipher.decrypt(readSecret.value, readSecret.publicKey, masterPasswordHash)
-
-          switch (readSecret.type) {
-            case "password":
-              console.log("Username:", readSecret.typeOptions.username);
-              console.log("Password:", readSecret.value);
-              break;
-            case "note":
-              console.log("Note:", readSecret.value);
-              break;
-            case "otp":
-              const otp = new OTP(readSecret);
-              console.log("OTP code:", otp.generate());
-              setTimeout(() => {
-                console.log("Expired");
-                process.exit(0);
-              }, 30000);
-              break;
-          }
-
-          break;
-        case "delete":
-          const deleteSecret = await getSecret(config);
-          const secrets = new Secrets(config);
-          await secrets.remove(deleteSecret.id)
-          console.log("Removed");
-          process.exit(0);
-          break;
-      }
-    } catch (error) {
-      console.log(
-        chalk.redBright("Something went wrong, Error: "),
-        error.message
-      );
-      console.log(error.stack);
-      process.exit(1);
-    }
-  });
-
-program.parse();

package/src/cli/wizards/createSecret.js

@@ -1,97 +0,0 @@
-import { prompt } from "../utils.js";
-import Secrets from "../../sdk/secrets.js";
-
-const wizard = async (config, masterPasswordHash) => {
-  const info = await prompt([
-    {
-      name: "name",
-      message: "name:",
-      type: "input",
-      required: true,
-    },
-    {
-      name: "type",
-      message: "type:",
-      type: "list",
-      default: "password",
-      choices: ["password", "otp", "note"],
-      required: true,
-    }
-  ]);
-
-  let newSecret = {};
-
-  switch (info.type) {
-    case "password":
-      const password = await prompt([
-        {
-          name: "username",
-          message: "username:",
-          type: "input",
-          required: true,
-        },
-        {
-          name: "value",
-          message: "password:",
-          type: "password",
-          required: true,
-        },
-      ]);
-      newSecret = {
-        name: info.name,
-        type: info.type,
-        value: password.value,
-        typeOptions: {
-          username: password.username,
-        },
-      };
-      break;
-    case "note":
-      const note = await prompt([
-        {
-          name: "value",
-          message: "note:",
-          type: "password",
-          required: true,
-        },
-      ]);
-      newSecret = {
-        name: info.name,
-        type: info.type,
-        value: note.value,
-        typeOptions: {
-
-        },
-      };
-      break;
-    case "otp":
-      const otp = await prompt([
-        {
-          name: "username",
-          message: "username:",
-          type: "input",
-          required: true,
-        },
-        {
-          name: "value",
-          message: "value:",
-          type: "password",
-          required: true,
-        },
-      ]);
-      newSecret = {
-        name: info.name,
-        type: info.type,
-        value: otp.value,
-        typeOptions: {
-          username: otp.username,
-        },
-      };
-      break;
-  }
-
-  const secrets = new Secrets(config);
-  await secrets.add(newSecret, masterPasswordHash);
-};
-
-export default wizard;

package/src/models/Secret.js

@@ -1,12 +0,0 @@
-import Joi from 'joi';
-import Cipher from "../sdk/cipher.js";
-
-export const createSecretSchema = Joi.object({
-    id: Joi.string().default(Cipher.randomString()), 
-    protected: Joi.boolean().default(false), // ask for password
-    name: Joi.string().required(),
-    type: Joi.string().required().valid('otp', 'password', 'note'),
-    value: Joi.string().required(),
-    typeOptions: Joi.object().default({}),
-    createdAt: Joi.date().default(new Date()),
-})

package/src/sdk/cipher.js

@@ -1,54 +0,0 @@
-import crypto from "crypto";
-
-const algorithm = "aes-256-ctr";
-const IV_LENGTH = 16;
-
-export default class Cipher {
-  constructor() { }
-
-  static hash(text) {
-    const hash = crypto.createHash("sha256");
-    hash.update(text);
-
-    return hash.digest("hex");
-  }
-
-  static random(size = IV_LENGTH) {
-    const rnd = crypto.randomBytes(size);
-
-    return rnd;
-  }
-
-  static randomString() {
-    const rnd = Cipher.random().toString("hex");
-
-    return rnd;
-  }
-
-  static encrypt(text, password) {
-    const publicKey = Cipher.randomString();
-    let cipher = crypto.createCipheriv(
-      algorithm,
-      Buffer.from(password, "hex"),
-      Buffer.from(publicKey, "hex"),
-    );
-    let encrypted = cipher.update(text);
-    encrypted = Buffer.concat([encrypted, cipher.final()]);
-    encrypted = encrypted.toString("hex");
-
-    return { publicKey, encrypted };
-  }
-
-  static decrypt(encryptedText, publicKey, password) {
-    encryptedText = Buffer.from(encryptedText, "hex");
-    let decipher = crypto.createDecipheriv(
-      algorithm,
-      Buffer.from(password, "hex"),
-      Buffer.from(publicKey, "hex")
-    );
-    let decrypted = decipher.update(encryptedText);
-    decrypted = Buffer.concat([decrypted, decipher.final()]);
-
-    return decrypted.toString();
-  }
-}

package/src/sdk/config.js

@@ -1,22 +0,0 @@
-import Conf from "conf";
-
-const { AUTHO_ENCRYPTION_KEY = "", AUTHO_NAME = 'default' } = process.env;
-
-export default class Config {
-    constructor({
-        encryptionKey = AUTHO_ENCRYPTION_KEY,
-        configName = AUTHO_NAME
-    }) {
-        this.config = new Conf({ projectName: "autho", encryptionKey, configName });
-    }
-
-    get(key, defaultValue) {
-        return this.config.get(key, defaultValue);
-    }
-
-    set(key, value) {
-        this.config.set(key, value);
-    }
-
-}
-

package/src/sdk/otp.js

@@ -1,25 +0,0 @@
-import * as OTPAuth from "otpauth";
-
-export default class OTP {
-  constructor(secret) {
-
-    const options = {
-      issuer: "Autho",
-      label: secret.name,
-      algorithm: "SHA1",
-      digits: 6,
-      period: 30,
-      secret: secret.value,
-    };
-
-    this.totp = new OTPAuth.TOTP(options);
-  }
-
-  generate() {
-    return this.totp.generate();
-  }
-
-  validate(token, window = 1) {
-    return this.totp.validate({ token, window });
-  }
-}

package/src/sdk/secrets.js

@@ -1,41 +0,0 @@
-import { createSecretSchema } from "../models/Secret.js";
-import Cipher from "./cipher.js";
-
-export default class Secrets {
-  constructor(config) {
-    this.config = config;
-  }
-
-  get secrets() {
-    return this.config.get("secrets", []);
-  }
-
-  set secrets(value) {
-    this.config.set("secrets", value);
-  }
-
-  async get(id) {
-    return this.secrets.find((secret) => secret.id == id);
-  }
-
-  async add(secret, password) {
-    const { value, error } = createSecretSchema.validate(secret);
-    if (error) {
-      throw new Error(error);
-    }
-
-    const { publicKey, encrypted } = Cipher.encrypt(value.value, password);
-    value.value = encrypted;
-    value.publicKey = publicKey;
-
-    this.secrets = [...this.secrets, value];
-  }
-
-  async remove(id) {
-    this.secrets = this.secrets.filter((secret) => secret.id != id);
-  }
-
-  async clear() {
-    this.secrets = [];
-  }
-}