favacli 0.0.14 → 0.0.15

package/build/commands/export/text.d.mts

@@ -0,0 +1,12 @@
+import BaseCommand from '../../BaseCommand.mjs';
+declare class ExportTextCommand extends BaseCommand {
+    static paths: string[][];
+    requireTwoFaLib: boolean;
+    pathOption: string | undefined;
+    passphraseSource: string | undefined;
+    static usage: import("clipanion").Usage;
+    exec(): Promise<{
+        success: boolean;
+    }>;
+}
+export default ExportTextCommand;

package/build/commands/export/text.mjs

@@ -0,0 +1,118 @@
+import fs from 'node:fs/promises';
+import { Option } from 'clipanion';
+import * as t from 'typanion';
+import keytar from 'keytar';
+import BaseCommand from '../../BaseCommand.mjs';
+import { password, input } from '@inquirer/prompts';
+class ExportTextCommand extends BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.requireTwoFaLib = true;
+        this.pathOption = Option.String('--path', {
+            description: 'File path for the export, if not set will output to stdout',
+        });
+        this.passphraseSource = Option.String('--passphrase-source', {
+            description: 'Source of passphrase, either "stdin" or "stored"',
+            validator: t.isEnum(['stdin', 'stored']),
+        });
+    }
+    static { this.paths = [['export', 'text']]; }
+    static { this.usage = BaseCommand.Usage({
+        category: 'Export',
+        description: 'Export 2FA entries as plain text',
+        details: `
+      This command exports your 2FA entries as a plain text file.
+
+      You can specify a file path for the export using the --path flag.
+
+      You can specify the passphrase source with --passphrase-source flag:
+      - "stdin": You'll be prompted to enter a passphrase
+      - "stored": Will use the previously stored passphrase, if none is found, will be promted for a passphrase
+
+      If no passphrase source is specified, it will export without encryption (no passphrase).
+
+      WARNING: Exporting your 2FA secrets in plain text (without passphrase) is not secure.
+    `,
+        examples: [
+            ['Export entries as unencrypted text (UNSECURE)', 'export text'],
+            ['Export to specific file', 'export text --path=/path/to/export.txt'],
+            [
+                'Export using stored passphrase',
+                'export text --passphrase-source=stored',
+            ],
+            [
+                'Export with manual passphrase entry',
+                'export text --passphrase-source=stdin',
+            ],
+        ],
+    }); }
+    async exec() {
+        const entriesCount = this.twoFaLib.vault.listEntries().length;
+        // Get passphrase based on source
+        let passphrase = undefined;
+        // If passphrase source is "stored", try to get from keytar without prompting
+        if (this.passphraseSource === 'stored') {
+            try {
+                passphrase = await keytar.getPassword('favacli', 'export-passphrase');
+                if (!passphrase) {
+                    this.context.stderr.write('No stored passphrase found. Please enter a passphrase to store.\n');
+                    passphrase = await password({
+                        message: 'Enter passphrase to store and use for encryption:',
+                    });
+                    // Store the passphrase for future use
+                    await keytar.setPassword('favacli', 'export-passphrase', passphrase);
+                    this.context.stdout.write('Passphrase stored.\n');
+                }
+            }
+            catch (error) {
+                if (error instanceof Error) {
+                    this.context.stderr.write(`Failed to access stored passphrase: ${error.message}}\n`);
+                }
+                else {
+                    this.context.stderr.write(`Failed to access stored passphrase: Unknown error\n`);
+                }
+                return { success: false };
+            }
+        }
+        // Default behavior or explicit "stdin"
+        else if (this.passphraseSource === 'stdin') {
+            passphrase = await password({
+                message: 'Enter passphrase to use for encryption:',
+            });
+        }
+        // Add warning and confirmation if no passphrase is provided
+        else if (!this.passphraseSource) {
+            this.context.stderr.write('WARNING: You are about to export 2FA secrets in plain text without encryption.\n');
+            this.context.stderr.write('This is NOT SECURE and could expose your 2FA secrets if the file is accessed by others.\n');
+            const confirm = await input({
+                message: 'Type "unsecure" to acknowldge you understand the risks and to proceed with unencrypted export:',
+            });
+            if (confirm !== 'unsecure') {
+                this.context.stderr.write('Export cancelled.\n');
+                return { success: false };
+            }
+        }
+        const content = await this.twoFaLib.exportImport.exportEntries('text', passphrase, true);
+        if (this.pathOption) {
+            try {
+                await fs.writeFile(this.pathOption, content);
+                this.context.stdout.write(`Successfully exported ${entriesCount} entries to ${this.pathOption}\n`);
+                return { success: true };
+            }
+            catch (error) {
+                if (error instanceof Error) {
+                    this.context.stderr.write(`Failed to export: ${error.message}\n`);
+                }
+                else {
+                    this.context.stderr.write('Failed to export: Unknown error\n');
+                }
+                return { success: false };
+            }
+        }
+        else {
+            this.context.stdout.write(content);
+            return { success: true };
+        }
+    }
+}
+export default ExportTextCommand;

package/build/commands/sync/resilver.d.mts

@@ -0,0 +1,10 @@
+import BaseCommand from '../../BaseCommand.mjs';
+declare class ResilverCommand extends BaseCommand {
+    static paths: string[][];
+    requireTwoFaLib: boolean;
+    static usage: import("clipanion").Usage;
+    exec(): Promise<{
+        success: boolean;
+    }>;
+}
+export default ResilverCommand;

package/build/commands/sync/resilver.mjs

@@ -0,0 +1,24 @@
+import BaseCommand from '../../BaseCommand.mjs';
+class ResilverCommand extends BaseCommand {
+    constructor() {
+        super(...arguments);
+        this.requireTwoFaLib = true;
+    }
+    static { this.paths = [['sync', 'resilver']]; }
+    static { this.usage = BaseCommand.Usage({
+        category: 'Sync',
+        description: 'Resilver a vault',
+        details: `This command allows you to resync a vault to the server. This is useful if some devices have become desynced.`,
+        examples: [['Resilver a vault', 'sync resilver']],
+    }); }
+    async exec() {
+        if (!this.twoFaLib.sync) {
+            throw new Error('No server url set');
+        }
+        this.twoFaLib.sync.requestResilver();
+        // TODO: do this based on events
+        await new Promise((resolve) => setTimeout(resolve, 5000));
+        return { success: true };
+    }
+}
+export default ResilverCommand;

package/build/main.mjs

@@ -7,6 +7,8 @@ import EntriesListCommand from './commands/entries/list.mjs';
 import EntriesSearchCommand from './commands/entries/search.mjs';
 import SyncSetServerUrlCommand from './commands/sync/setServerUrl.mjs';
 import SyncConnect from './commands/sync/connect.mjs';
+import SyncResilver from './commands/sync/resilver.mjs';
+import ExportTextCommand from './commands/export/text.mjs';
 // check node version
 const nodeRuntimeMajorVersion = parseInt(process.version.split('.')[0]);
 if (nodeRuntimeMajorVersion < 20) {
@@ -16,7 +18,7 @@ const [, , ...args] = process.argv;
 const cli = new Cli({
     binaryLabel: 'FavaCli',
     binaryName: `favacli`,
-    binaryVersion: '0.0.14',
+    binaryVersion: '0.0.15',
 });
 cli.register(VaultCreateCommand);
 cli.register(VaultDeleteCommand);
@@ -25,5 +27,7 @@ cli.register(EntriesListCommand);
 cli.register(EntriesSearchCommand);
 cli.register(SyncSetServerUrlCommand);
 cli.register(SyncConnect);
+cli.register(SyncResilver);
+cli.register(ExportTextCommand);
 cli.register(Builtins.HelpCommand);
 void cli.runExit(args);

package/build/utils/loadVault.mjs

@@ -9,16 +9,26 @@ const loadVault = async (vaultData, settings, verbose = false) => {
     const twoFaLib = await twoFaLibVaultCreationUtils.loadTwoFaLibFromLockedRepesentation(vaultData, passphrase);
     twoFaLib.addEventListener(TwoFaLibEvent.Changed, async (ev) => {
         const tempFile = `${settings.vaultLocation}.tmp`;
+        const backupFile = `${settings.vaultLocation}.backup`;
         try {
             // Write to temporary file first, so we don't have to worry about partial writes
             await fs.writeFile(tempFile, ev.detail.newLockedRepresentationString);
+            // Create backup of existing vault if it exists
+            try {
+                await fs.copyFile(settings.vaultLocation, backupFile);
+            }
+            catch (err) {
+                // If the error is not because the original file doesn't exist yet, throw it
+                if (err instanceof Error && 'code' in err && err.code !== 'ENOENT')
+                    throw err;
+            }
             // Atomically rename temp file to target file
             await fs.rename(tempFile, settings.vaultLocation);
         }
         catch (error) {
             // Clean up temp file if something went wrong
             await fs.unlink(tempFile).catch((err) => {
-                console.error(err);
+                console.error('Failed to clean up temp file:', err);
             });
             throw error;
         }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "favacli",
-  "version": "0.0.14",
+  "version": "0.0.15",
   "description": "",
   "type": "module",
   "author": "",
@@ -10,7 +10,7 @@
     "bufferutil": "^4.0.8",
     "clipanion": "^4.0.0-rc.4",
     "env-paths": "^3.0.0",
-    "favalib": "^0.0.4",
+    "favalib": "^0.0.5",
     "keytar": "^7.9.0",
     "node-loader": "^2.0.0",
     "ts-loader": "^9.5.1",