dotenvx-ui 0.1.2 → 0.2.0

package/dist/chunk-GSBFG44K.js

@@ -0,0 +1,456 @@
+#!/usr/bin/env node
+
+// src/core/scanner.ts
+import { readdirSync, readFileSync, statSync } from "fs";
+import { basename, dirname, join, relative } from "path";
+var SKIP_DIRS = /* @__PURE__ */ new Set([
+  "node_modules",
+  ".git",
+  "dist",
+  ".next",
+  ".turbo",
+  "build",
+  ".cache"
+]);
+function detectRoot(cwd) {
+  let dir = cwd;
+  while (true) {
+    try {
+      statSync(join(dir, ".git"));
+      return dir;
+    } catch {
+    }
+    const parent = dirname(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return cwd;
+}
+function scanForEnvFiles(root) {
+  const results = [];
+  function walk(dir) {
+    let entries;
+    try {
+      entries = readdirSync(dir);
+    } catch {
+      return;
+    }
+    for (const entry of entries) {
+      if (SKIP_DIRS.has(entry)) continue;
+      const full = join(dir, entry);
+      try {
+        const stat = statSync(full);
+        if (stat.isDirectory()) {
+          walk(full);
+        } else if (isEnvFile(entry)) {
+          results.push(full);
+        }
+      } catch {
+      }
+    }
+  }
+  walk(root);
+  return results;
+}
+function isEnvFile(name) {
+  if (name === ".env.keys") return false;
+  return name === ".env" || name.startsWith(".env.");
+}
+function parseEnvironmentFromFilename(filename) {
+  const name = basename(filename);
+  if (name === ".env") return "default";
+  const suffix = name.slice(".env.".length);
+  return suffix || "default";
+}
+function scan(cwd) {
+  const root = detectRoot(cwd);
+  const paths = scanForEnvFiles(root);
+  return paths.map((filePath) => {
+    const rel = relative(root, filePath);
+    const pkg = relative(root, dirname(filePath)) || ".";
+    const environment = parseEnvironmentFromFilename(basename(filePath));
+    let content = "";
+    try {
+      content = readFileSync(filePath, "utf8");
+    } catch {
+    }
+    const hasPublicKey = content.includes("DOTENV_PUBLIC_KEY=");
+    const encrypted = /encrypted:/.test(content);
+    return {
+      path: filePath,
+      relativePath: rel,
+      package: pkg,
+      environment,
+      encrypted,
+      hasPublicKey,
+      keys: []
+    };
+  });
+}
+
+// src/core/parser/values.ts
+function isEncryptedValue(value) {
+  return value.startsWith("encrypted:");
+}
+function parseValue(rawValue, allLines, nextLineIdx) {
+  const trimmed = rawValue.trim();
+  if (trimmed.startsWith('"')) {
+    const inner = trimmed.slice(1);
+    const closeIdx = findClosingQuote(inner);
+    if (closeIdx !== -1) {
+      return { value: unescape(inner.slice(0, closeIdx)), extraLines: [] };
+    }
+    const valueLines = [inner];
+    let idx = nextLineIdx;
+    while (idx < allLines.length) {
+      const continuation = allLines[idx];
+      const close = findClosingQuote(continuation);
+      if (close !== -1) {
+        valueLines.push(continuation.slice(0, close));
+        return {
+          value: valueLines.join("\n"),
+          extraLines: allLines.slice(nextLineIdx, idx + 1)
+        };
+      }
+      valueLines.push(continuation);
+      idx++;
+    }
+    return {
+      value: valueLines.join("\n"),
+      extraLines: allLines.slice(nextLineIdx, idx)
+    };
+  }
+  if (trimmed.startsWith("'")) {
+    const inner = trimmed.slice(1);
+    const closeIdx = inner.indexOf("'");
+    return {
+      value: closeIdx !== -1 ? inner.slice(0, closeIdx) : inner,
+      extraLines: []
+    };
+  }
+  const commentIdx = trimmed.indexOf(" #");
+  const bare = commentIdx !== -1 ? trimmed.slice(0, commentIdx) : trimmed;
+  return { value: bare, extraLines: [] };
+}
+function serializeKeyValue(key, value) {
+  if (value.includes("\n")) {
+    const escaped = value.replace(/\\/g, "\\\\").replace(/"/g, '\\"').replace(/\n/g, "\\n").replace(/\t/g, "\\t").replace(/\r/g, "\\r");
+    return `${key}="${escaped}"`;
+  }
+  if (value === "" || /[\s#"'`]/.test(value)) {
+    return `${key}="${value.replace(/\\/g, "\\\\").replace(/"/g, '\\"')}"`;
+  }
+  return `${key}=${value}`;
+}
+function findClosingQuote(s) {
+  for (let i = 0; i < s.length; i++) {
+    if (s[i] === "\\") {
+      i++;
+      continue;
+    }
+    if (s[i] === '"') return i;
+  }
+  return -1;
+}
+function unescape(s) {
+  return s.replace(/\\n/g, "\n").replace(/\\t/g, "	").replace(/\\r/g, "\r").replace(/\\\\/g, "\\").replace(/\\"/g, '"');
+}
+
+// src/core/parser/io.ts
+import { randomBytes } from "crypto";
+import { readFileSync as readFileSync2, renameSync, writeFileSync } from "fs";
+import { dirname as dirname2, join as join2 } from "path";
+function readEnvFile(filePath) {
+  const content = readFileSync2(filePath, "utf8");
+  return parse(content).filter((e) => e.type === "key").map((e) => ({
+    key: e.key,
+    value: e.value,
+    encrypted: isEncryptedValue(e.value),
+    comment: extractLeadingComment(e.lines)
+  }));
+}
+function writeEnvFile(filePath, keys) {
+  const content = readFileSync2(filePath, "utf8");
+  const entries = parse(content);
+  const updates = new Map(keys.map((k) => [k.key, k]));
+  const outLines = [];
+  const written = /* @__PURE__ */ new Set();
+  for (const entry of entries) {
+    if (entry.type === "raw") {
+      outLines.push(entry.text);
+      continue;
+    }
+    const update = updates.get(entry.key);
+    if (!update) continue;
+    written.add(entry.key);
+    const leadingComments = getLeadingCommentLines(entry.lines);
+    outLines.push(...leadingComments);
+    if (update.value === entry.value) {
+      const keyLines = entry.lines.filter(
+        (l) => !l.trimStart().startsWith("#")
+      );
+      outLines.push(...keyLines);
+    } else {
+      outLines.push(serializeKeyValue(entry.key, update.value));
+    }
+  }
+  for (const k of keys) {
+    if (!written.has(k.key)) {
+      if (k.comment) outLines.push(`# ${k.comment}`);
+      outLines.push(serializeKeyValue(k.key, k.value));
+    }
+  }
+  const output = outLines.join("\n") + (content.endsWith("\n") ? "\n" : "");
+  atomicWrite(filePath, output);
+}
+function addKey(filePath, key, value) {
+  const keys = readEnvFile(filePath);
+  if (keys.some((k) => k.key === key)) {
+    throw new Error(`Key "${key}" already exists in ${filePath}`);
+  }
+  keys.push({ key, value, encrypted: isEncryptedValue(value) });
+  writeEnvFile(filePath, keys);
+}
+function updateKey(filePath, key, value) {
+  const keys = readEnvFile(filePath);
+  const idx = keys.findIndex((k) => k.key === key);
+  if (idx === -1) throw new Error(`Key "${key}" not found in ${filePath}`);
+  keys[idx] = { ...keys[idx], key, value, encrypted: isEncryptedValue(value) };
+  writeEnvFile(filePath, keys);
+}
+function removeKey(filePath, key) {
+  const keys = readEnvFile(filePath).filter((k) => k.key !== key);
+  writeEnvFile(filePath, keys);
+}
+function parse(content) {
+  const entries = [];
+  const lines = content.split("\n");
+  if (lines[lines.length - 1] === "") lines.pop();
+  let i = 0;
+  let pendingComments = [];
+  while (i < lines.length) {
+    const line = lines[i];
+    if (line.trim() === "") {
+      for (const c of pendingComments) entries.push({ type: "raw", text: c });
+      pendingComments = [];
+      entries.push({ type: "raw", text: line });
+      i++;
+      continue;
+    }
+    if (line.trimStart().startsWith("#")) {
+      pendingComments.push(line);
+      i++;
+      continue;
+    }
+    const eqIdx = line.indexOf("=");
+    if (eqIdx === -1) {
+      for (const c of pendingComments) entries.push({ type: "raw", text: c });
+      pendingComments = [];
+      entries.push({ type: "raw", text: line });
+      i++;
+      continue;
+    }
+    const key = line.slice(0, eqIdx).trim();
+    const rawValue = line.slice(eqIdx + 1);
+    const { value, extraLines } = parseValue(rawValue, lines, i + 1);
+    entries.push({
+      type: "key",
+      key,
+      value,
+      lines: [...pendingComments, line, ...extraLines]
+    });
+    pendingComments = [];
+    i += 1 + extraLines.length;
+  }
+  for (const c of pendingComments) entries.push({ type: "raw", text: c });
+  return entries;
+}
+function getLeadingCommentLines(lines) {
+  const result = [];
+  for (const l of lines) {
+    if (l.trimStart().startsWith("#")) result.push(l);
+    else break;
+  }
+  return result;
+}
+function extractLeadingComment(lines) {
+  const comments = getLeadingCommentLines(lines).map(
+    (l) => l.trimStart().slice(1).trim()
+  );
+  return comments.length > 0 ? comments.join("\n") : void 0;
+}
+function atomicWrite(filePath, content) {
+  const tmp = join2(
+    dirname2(filePath),
+    `.dotenvx-ui-tmp-${randomBytes(6).toString("hex")}`
+  );
+  try {
+    writeFileSync(tmp, content, { encoding: "utf8", flag: "wx" });
+    renameSync(tmp, filePath);
+  } catch (err) {
+    try {
+      writeFileSync(tmp, "");
+    } catch {
+    }
+    throw new Error(`Failed to write ${filePath}: ${err.message}`);
+  }
+}
+
+// src/core/dotenvx.ts
+import { createRequire } from "module";
+import { existsSync, readFileSync as readFileSync3 } from "fs";
+import { dirname as dirname3, join as join3 } from "path";
+var dotenvx = createRequire(import.meta.url)("@dotenvx/dotenvx");
+function decryptValue(encryptedValue, envFilePath) {
+  if (!isEncryptedValue(encryptedValue)) return encryptedValue;
+  const keyName = findKeyForValue(encryptedValue, envFilePath);
+  if (!keyName) return null;
+  const keysFile = findKeysFile(envFilePath);
+  return silenced(() => {
+    const result = dotenvx.get(keyName, {
+      path: envFilePath,
+      ...keysFile ? { envKeysFile: keysFile } : {},
+      logLevel: "error"
+    });
+    return result ?? null;
+  });
+}
+function decryptAllValues(envFilePath) {
+  let raw;
+  try {
+    raw = readFileSync3(envFilePath, "utf8");
+  } catch {
+    return {};
+  }
+  let privateKey = process.env.DOTENV_PRIVATE_KEY ?? null;
+  if (!privateKey) {
+    const keysFile = findKeysFile(envFilePath);
+    if (keysFile) {
+      try {
+        const keypairs = dotenvx.keypair(
+          envFilePath,
+          void 0,
+          keysFile
+        );
+        for (const [name, value] of Object.entries(keypairs)) {
+          if (name.startsWith("DOTENV_PRIVATE_KEY") && value) {
+            privateKey = value;
+            break;
+          }
+        }
+      } catch {
+      }
+    }
+  }
+  return silenced(() => {
+    try {
+      return dotenvx.parse(raw, {
+        ...privateKey ? { privateKey } : {},
+        processEnv: {}
+      });
+    } catch {
+      return {};
+    }
+  });
+}
+var DOTENVX_INTERNAL_KEYS = /* @__PURE__ */ new Set([
+  "DOTENV_PUBLIC_KEY",
+  "DOTENV_PRIVATE_KEY"
+]);
+function encryptFile(envFilePath) {
+  const keys = readEnvFile(envFilePath);
+  for (const k of keys) {
+    if (!isEncryptedValue(k.value) && !DOTENVX_INTERNAL_KEYS.has(k.key)) {
+      dotenvx.set(k.key, k.value, {
+        path: envFilePath,
+        encrypt: true,
+        logLevel: "error"
+      });
+    }
+  }
+}
+function encryptKey(envFilePath, keyName, plainValue) {
+  dotenvx.set(keyName, plainValue, {
+    path: envFilePath,
+    encrypt: true,
+    logLevel: "error"
+  });
+}
+function decryptFile(envFilePath) {
+  const keys = readEnvFile(envFilePath);
+  const decrypted = decryptAllValues(envFilePath);
+  for (const k of keys) {
+    if (isEncryptedValue(k.value)) {
+      const plain = decrypted[k.key];
+      if (plain !== void 0 && !isEncryptedValue(plain))
+        updateKey(envFilePath, k.key, plain);
+    }
+  }
+}
+function silenced(fn) {
+  const origWrite = process.stderr.write.bind(process.stderr);
+  const origOut = process.stdout.write.bind(process.stdout);
+  const mute = (chunk) => {
+    const s = String(chunk);
+    if (s.includes("[MISSING_PRIVATE_KEY]") || s.includes("could not decrypt") || s.includes("\u2620"))
+      return true;
+    return false;
+  };
+  process.stderr.write = ((chunk, ...args) => mute(chunk) ? true : origWrite(
+    chunk,
+    ...args
+  ));
+  process.stdout.write = ((chunk, ...args) => mute(chunk) ? true : origOut(
+    chunk,
+    ...args
+  ));
+  try {
+    return fn();
+  } finally {
+    process.stderr.write = origWrite;
+    process.stdout.write = origOut;
+  }
+}
+function findKeysFile(envFilePath) {
+  let dir = dirname3(envFilePath);
+  while (true) {
+    const candidate = join3(dir, ".env.keys");
+    if (existsSync(candidate)) return candidate;
+    const parent = dirname3(dir);
+    if (parent === dir) break;
+    dir = parent;
+  }
+  return null;
+}
+function findKeyForValue(encryptedValue, envFilePath) {
+  let raw;
+  try {
+    raw = readFileSync3(envFilePath, "utf8");
+  } catch {
+    return null;
+  }
+  for (const line of raw.split("\n")) {
+    const eqIdx = line.indexOf("=");
+    if (eqIdx === -1) continue;
+    const keyName = line.slice(0, eqIdx).trim();
+    const rawVal = line.slice(eqIdx + 1).trim();
+    const unquoted = rawVal.startsWith('"') && rawVal.endsWith('"') ? rawVal.slice(1, -1) : rawVal;
+    if (unquoted === encryptedValue || rawVal === encryptedValue)
+      return keyName;
+  }
+  return null;
+}
+
+export {
+  scan,
+  isEncryptedValue,
+  readEnvFile,
+  addKey,
+  updateKey,
+  removeKey,
+  decryptValue,
+  decryptAllValues,
+  encryptFile,
+  encryptKey,
+  decryptFile
+};