npm - backdot - Versions diffs - 1.7.0 → 1.8.0 - Mend

backdot 1.7.0 → 1.8.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (30) hide show

package/README.md +6 -0
package/dist/cli.js +4 -2
package/dist/commands/backup.js +66 -4
package/dist/commands/history.js +9 -6
package/dist/commands/init.js +3 -2
package/dist/commands/restore.js +52 -31
package/dist/commands/schedule.js +14 -0
package/dist/commands/status.js +46 -11
package/dist/commitUrl.js +5 -4
package/dist/config.d.ts +2 -1
package/dist/config.js +14 -12
package/dist/crypto/encryption.d.ts +8 -0
package/dist/crypto/encryption.js +54 -0
package/dist/crypto/password.d.ts +11 -0
package/dist/crypto/password.js +74 -0
package/dist/crypto.d.ts +13 -0
package/dist/crypto.js +129 -0
package/dist/encryption.d.ts +2 -0
package/dist/encryption.js +39 -0
package/dist/git.d.ts +1 -1
package/dist/git.js +38 -35
package/dist/launchd.js +11 -8
package/dist/password.d.ts +11 -0
package/dist/password.js +74 -0
package/dist/repoVisibility.d.ts +15 -0
package/dist/repoVisibility.js +58 -0
package/dist/resolveFiles.js +2 -2
package/dist/staging.d.ts +9 -3
package/dist/staging.js +84 -36
package/package.json +1 -9

package/dist/staging.js CHANGED Viewed

@@ -7,42 +7,55 @@ import { logger } from "./log.js";
 import { errorMessage, pluralize } from "./utils.js";
 import { ensureRemoteUrl, getCurrentBranch, gitError } from "./git.js";
 import { STAGING_DIR, STAGING_GIT_DIR, machineDir } from "./paths.js";
+import { encrypt, decrypt } from "./crypto/encryption.js";
+import { KEY_FILE_PATH, ENC_SUFFIX } from "./crypto/password.js";
 export { STAGING_DIR, STAGING_GIT_DIR, machineDir };
 const HOME = os.homedir();
 export function getStagedPath(filePath, machine) {
-    const rel = path.relative(HOME, filePath);
-    const destRel = rel.startsWith("..") ? filePath.slice(1) : rel;
-    return path.join(machineDir(machine), destRel);
+    const relativePath = path.relative(HOME, filePath);
+    // Files outside HOME (e.g. /etc/foo) produce a relative path starting with "..",
+    // which would escape the machine dir. Use the absolute path minus the leading "/" instead.
+    const pathWithinMachineDir = relativePath.startsWith("..") ? filePath.slice(1) : relativePath;
+    return path.join(machineDir(machine), pathWithinMachineDir);
 }
 export function cleanStaging(machine) {
-    const dir = machineDir(machine);
-    if (!fs.existsSync(dir)) {
+    const machineStagingDir = machineDir(machine);
+    if (!fs.existsSync(machineStagingDir)) {
         return;
     }
-    fs.rmSync(dir, { recursive: true, force: true });
+    fs.rmSync(machineStagingDir, { recursive: true, force: true });
     logger.info(`Cleaned staging directory for machine "${machine}"`);
 }
-export function copyToStaging(files, machine) {
-    const dir = machineDir(machine);
-    fs.mkdirSync(dir, { recursive: true });
-    let copied = 0;
-    for (const filePath of files) {
-        const dest = getStagedPath(filePath, machine);
+export function copyToStaging(files, machine, derivedKey) {
+    const machineStagingDir = machineDir(machine);
+    fs.mkdirSync(machineStagingDir, { recursive: true });
+    const filesExcludingKeyFile = files.filter((f) => path.resolve(f) !== path.resolve(KEY_FILE_PATH));
+    let copiedCount = 0;
+    for (const filePath of filesExcludingKeyFile) {
+        const stagedPath = getStagedPath(filePath, machine);
+        const destinationPath = derivedKey ? stagedPath + ENC_SUFFIX : stagedPath;
         try {
-            fs.mkdirSync(path.dirname(dest), { recursive: true });
-            fs.copyFileSync(filePath, dest);
-            copied++;
+            fs.mkdirSync(path.dirname(destinationPath), { recursive: true });
+            if (derivedKey) {
+                const plaintext = fs.readFileSync(filePath);
+                fs.writeFileSync(destinationPath, encrypt(plaintext, derivedKey));
+            }
+            else {
+                fs.copyFileSync(filePath, destinationPath);
+            }
+            copiedCount++;
         }
         catch {
-            logger.warn(`Failed to copy: ${filePath} -> ${dest}`);
+            logger.warn(`Failed to copy: ${filePath} -> ${destinationPath}`);
         }
     }
-    logger.info(`Copied ${pluralize(copied, "file")} to staging`);
+    logger.info(`Copied ${pluralize(copiedCount, "file")} to staging`);
 }
 function failedComparisonResult(err) {
     return { backedUp: [], modified: [], notBackedUp: [], error: errorMessage(err) };
 }
-export async function compareFiles(files, machine, repository) {
+export async function compareFiles(opts) {
+    const { files, machine, repository, derivedKey } = opts;
     if (files.length === 0) {
         return { backedUp: [], modified: [], notBackedUp: [] };
     }
@@ -64,52 +77,87 @@ export async function compareFiles(files, machine, repository) {
     catch (err) {
         return failedComparisonResult(err);
     }
-    let committedHashes;
+    let remoteBlobHashes;
     try {
         const treeOutput = execFileSync("git", ["ls-tree", "-r", `origin/${branch}`, `${machine}/`], {
             encoding: "utf-8",
             cwd: STAGING_DIR,
         });
-        committedHashes = new Map(treeOutput
+        remoteBlobHashes = new Map(treeOutput
             .split("\n")
             .map((line) => line.match(/^\d+ blob ([0-9a-f]+)\t(.+)$/))
-            .filter((m) => m !== null)
-            .map((m) => [m[2], m[1]]));
+            .filter((match) => match !== null)
+            .map((match) => [match[2], match[1]]));
     }
     catch (err) {
         return failedComparisonResult(err);
     }
-    let sourceHashes;
+    if (derivedKey) {
+        return compareFilesEncrypted(files, machine, remoteBlobHashes, derivedKey);
+    }
+    let localFileHashes;
     try {
         const hashOutput = execFileSync("git", ["hash-object", "--stdin-paths"], {
             encoding: "utf-8",
             input: files.join("\n") + "\n",
         });
-        sourceHashes = hashOutput.trim().split("\n");
+        localFileHashes = hashOutput.trim().split("\n");
     }
     catch (err) {
         return failedComparisonResult(err);
     }
-    return files.reduce((acc, file, i) => {
+    return files.reduce((result, file, i) => {
         const repoRelPath = path.relative(STAGING_DIR, getStagedPath(file, machine));
-        const committedHash = committedHashes.get(repoRelPath);
-        if (!committedHash) {
-            acc.notBackedUp.push(file);
+        const remoteBlobHash = remoteBlobHashes.get(repoRelPath);
+        if (!remoteBlobHash) {
+            result.notBackedUp.push(file);
         }
-        else if (committedHash === sourceHashes[i]) {
-            acc.backedUp.push(file);
+        else if (remoteBlobHash === localFileHashes[i]) {
+            result.backedUp.push(file);
         }
         else {
-            acc.modified.push(file);
+            result.modified.push(file);
         }
-        return acc;
+        return result;
     }, { backedUp: [], modified: [], notBackedUp: [] });
 }
-function repoReadme(repository) {
+function compareFilesEncrypted(files, machine, remoteBlobHashes, derivedKey) {
+    const result = { backedUp: [], modified: [], notBackedUp: [] };
+    for (const file of files) {
+        const repoRelPath = path.relative(STAGING_DIR, getStagedPath(file, machine)) + ENC_SUFFIX;
+        const remoteBlobHash = remoteBlobHashes.get(repoRelPath);
+        if (!remoteBlobHash) {
+            result.notBackedUp.push(file);
+            continue;
+        }
+        try {
+            const blobContent = execFileSync("git", ["cat-file", "blob", remoteBlobHash], {
+                cwd: STAGING_DIR,
+                maxBuffer: 50 * 1024 * 1024,
+            });
+            const decrypted = decrypt(blobContent, derivedKey);
+            const localContent = fs.readFileSync(file);
+            if (decrypted.equals(localContent)) {
+                result.backedUp.push(file);
+            }
+            else {
+                result.modified.push(file);
+            }
+        }
+        catch {
+            result.modified.push(file);
+        }
+    }
+    return result;
+}
+function generateReadmeContent(repository, encrypted) {
+    const encryptionNote = encrypted
+        ? "\n> **Note:** Files in this repository are encrypted. You will need the backup password to restore.\n"
+        : "";
     return `# Backdot Backup
 This repository contains files backed up automatically using [backdot](https://github.com/sorenlouv/backdot).
+${encryptionNote}
 ## Restore
 \`\`\`bash
@@ -119,7 +167,7 @@ npx backdot restore ${repository}
 For full documentation, configuration options, and scheduling, see the [official README](https://github.com/sorenlouv/backdot).
 `;
 }
-export function writeRepoReadme(repository) {
-    fs.writeFileSync(path.join(STAGING_DIR, "README.md"), repoReadme(repository));
+export function writeRepoReadme(repository, encrypted = false) {
+    fs.writeFileSync(path.join(STAGING_DIR, "README.md"), generateReadmeContent(repository, encrypted));
     logger.info("Wrote README.md to staging directory");
 }

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "backdot",
-  "version": "1.7.0",
+  "version": "1.8.0",
   "description": "Lightweight CLI to backup dotfiles and gitignored files to a Git repo on a daily schedule",
   "type": "module",
   "license": "MIT",
@@ -53,20 +53,12 @@
   "engines": {
     "node": ">=18"
   },
-  "lint-staged": {
-    "*.{ts,js}": [
-      "prettier --write",
-      "eslint --fix"
-    ],
-    "*.{json,md,yml}": "prettier --write"
-  },
   "devDependencies": {
     "@eslint/js": "^10.0.1",
     "@types/node": "^22.13.5",
     "eslint": "^10.0.2",
     "eslint-config-prettier": "^10.1.8",
     "husky": "^9.1.7",
-    "lint-staged": "^16.2.7",
     "prettier": "^3.8.1",
     "typescript": "^5.7.3",
     "typescript-eslint": "^8.56.1",