nodio-cli 1.1.2 → 1.1.4

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "nodio-cli",
-  "version": "1.1.2",
+  "version": "1.1.4",
   "description": "Nodio distributed storage network",
   "main": "src/server/index.js",
   "type": "commonjs",

package/src/server/index.js

@@ -5,7 +5,8 @@ const mongoose = require('mongoose');
 const { getServerConfig } = require('./config');
 const { buildRoutes } = require('./routes');
 const authRoutes = require('./routes/auth');
-const { NodeModel } = require('./models');
+const { NodeModel, FileModel } = require('./models');
+const verifyToken = require('./middleware/verifyToken');
 const { markNodeOfflineAndRecover } = require('./services');
 const { getWalletBalance } = require('../../services/filecoin');
 
@@ -18,7 +19,10 @@ async function startServer() {
   const corsAllowlist = new Set([
     'https://nodio.me',
     'https://drive.nodio.me',
-    'https://effective-space-rotary-phone-wrv6xg64p7w72wj-3000.app.github.dev'
+    'https://effective-space-rotary-phone-wrv6xg64p7w72wj-3000.app.github.dev',
+    'https://cautious-sniffle-wrv6xg64pg7jhq7x-5173.app.github.dev',
+    'http://localhost:5173',
+    'http://127.0.0.1:5173'
   ]);
 
   const corsOptions = {
@@ -40,6 +44,19 @@ async function startServer() {
   app.use('/api/auth', authRoutes);
   app.use('/api', buildRoutes(config));
 
+  app.get('/api/files', verifyToken, async (req, res, next) => {
+    try {
+      const files = await FileModel.find({ userId: req.userId })
+        .sort({ createdAt: -1 })
+        .select('fileId originalName sizeBytes createdAt filecoinBackedUp filecoinCid')
+        .lean();
+
+      res.json({ files });
+    } catch (error) {
+      next(error);
+    }
+  });
+
   app.use((error, _req, res, _next) => {
     const status = error.statusCode || 500;
     const message = error.message || 'internal server error';

package/src/server/routes.js

@@ -57,6 +57,19 @@ function buildRoutes(config) {
     res.json({ ok: true, service: 'nodio-server' });
   });
 
+  router.get('/files', verifyToken, async (req, res, next) => {
+    try {
+      const files = await FileModel.find({ userId: req.userId })
+        .sort({ createdAt: -1 })
+        .select('fileId originalName sizeBytes createdAt filecoinBackedUp filecoinCid')
+        .lean();
+
+      res.json({ files });
+    } catch (error) {
+      next(error);
+    }
+  });
+
   router.post('/nodes/register', async (req, res, next) => {
     try {
       const { nodeId, deviceKey, nodeKey, knownNodeIds, url, capacityBytes, freeBytes } = req.body;
@@ -559,6 +572,67 @@ function buildRoutes(config) {
     }
   });
 
+  router.post('/files/:fileId/store-key', verifyToken, async (req, res, next) => {
+    try {
+      const { fileId } = req.params;
+      const encryptedAESKey = String(req.body?.encryptedAESKey || '').trim();
+
+      if (!fileId) {
+        return res.status(400).json({ error: 'fileId is required' });
+      }
+      if (!encryptedAESKey) {
+        return res.status(400).json({ error: 'encryptedAESKey is required' });
+      }
+
+      const file = await FileModel.findOne({ fileId });
+      if (!file) {
+        return res.status(404).json({ error: 'file not found' });
+      }
+      if (file.userId !== req.userId) {
+        return res.status(403).json({ error: 'Forbidden' });
+      }
+
+      await FileModel.findOneAndUpdate(
+        { fileId },
+        {
+          $set: {
+            encryptedAESKey
+          }
+        },
+        { new: true }
+      );
+
+      res.json({ ok: true });
+    } catch (error) {
+      next(error);
+    }
+  });
+
+  router.get('/files/:fileId/key', verifyToken, async (req, res, next) => {
+    try {
+      const { fileId } = req.params;
+
+      if (!fileId) {
+        return res.status(400).json({ error: 'fileId is required' });
+      }
+
+      const file = await FileModel.findOne({ fileId }).lean();
+      if (!file) {
+        return res.status(404).json({ error: 'file not found' });
+      }
+      if (file.userId !== req.userId) {
+        return res.status(403).json({ error: 'Forbidden' });
+      }
+      if (!file.encryptedAESKey) {
+        return res.status(404).json({ error: 'encrypted key not found' });
+      }
+
+      res.json({ encryptedAESKey: file.encryptedAESKey });
+    } catch (error) {
+      next(error);
+    }
+  });
+
   router.post('/files/:fileId/filecoin', verifyToken, async (req, res, next) => {
     try {
       const { fileId } = req.params;

package/src/user/commands.js

@@ -13,7 +13,6 @@ const {
   clearSession,
   deriveMasterKey,
   encryptMasterKey,
-  decryptMasterKey
 } = require('../cli/session');
 
 function promptInput(promptText) {
@@ -32,9 +31,7 @@ function promptHiddenInput(promptText) {
     const rl = readline.createInterface({ input: process.stdin, output: process.stdout, terminal: true });
     rl.stdoutMuted = true;
     rl._writeToOutput = function _writeToOutput(stringToWrite) {
-      if (rl.stdoutMuted) {
-        rl.output.write('*');
-      } else {
+      if (!rl.stdoutMuted) {
         rl.output.write(stringToWrite);
       }
     };
@@ -50,7 +47,7 @@ function promptHiddenInput(promptText) {
 async function requireSession() {
   const session = await loadSession();
   if (!session) {
-    console.log('Please login first using: npx nodio-cli nodio login');
+    console.log('Please login: nodio login');
     process.exit(1);
   }
   return session;
@@ -58,7 +55,8 @@ async function requireSession() {
 
 function attachSessionToken(api, session) {
   if (session?.apiToken) {
-    api.defaults.headers['x-api-token'] = session.apiToken;
+    api.defaults.headers.common.Authorization = `Bearer ${session.apiToken}`;
+    api.defaults.headers.common['x-api-token'] = session.apiToken;
   }
 }
 
@@ -92,8 +90,8 @@ async function buildSessionPayload(authResponse, password) {
 
 async function login(options) {
   const serverUrl = options.server;
-  const email = await promptInput('Email: ');
-  const password = await promptHiddenInput('Password: ');
+  const email = await promptInput('Enter your email: ');
+  const password = await promptHiddenInput('Enter your account password: ');
 
   const api = createApiClient(serverUrl);
   const response = await api.post('/auth/login', { email, password });
@@ -104,8 +102,8 @@ async function login(options) {
 
 async function register(options) {
   const serverUrl = options.server;
-  const email = await promptInput('Email: ');
-  const password = await promptHiddenInput('Password: ');
+  const email = await promptInput('Enter your email: ');
+  const password = await promptHiddenInput('Enter your account password: ');
 
   const api = createApiClient(serverUrl);
   const response = await api.post('/auth/register', { email, password });
@@ -129,6 +127,30 @@ async function whoami(options) {
   console.log(`userId: ${response.data?.userId || session.userId || 'unknown'}`);
 }
 
+async function listFiles(options) {
+  const serverUrl = options.server;
+  const session = await requireSession();
+  const api = createApiClient(serverUrl);
+  attachSessionToken(api, session);
+  const response = await api.get('/files');
+  const files = response.data?.files || [];
+
+  if (files.length === 0) {
+    console.log('No files found for this account.');
+    return;
+  }
+
+  for (const file of files) {
+    console.log(`fileId: ${file.fileId}`);
+    console.log(`name: ${file.originalName}`);
+    console.log(`sizeBytes: ${file.sizeBytes}`);
+    console.log(`createdAt: ${file.createdAt}`);
+    console.log(`filecoinBackedUp: ${Boolean(file.filecoinBackedUp)}`);
+    console.log(`filecoinCid: ${file.filecoinCid || ''}`);
+    console.log('---');
+  }
+}
+
 function splitBuffer(buffer, shardSizeBytes) {
   if (shardSizeBytes <= 0) {
     throw new Error('shard size must be greater than zero');
@@ -384,7 +406,6 @@ async function uploadFile(options) {
   const relayFirst = Boolean(options.relayFirst);
 
   const session = await requireSession();
-  const masterKey = decryptMasterKey(session.encryptedMasterKey, session.apiToken);
 
   if (!Number.isFinite(shardSizeMb) || shardSizeMb <= 0) {
     throw new Error('shard-size-mb must be greater than 0');
@@ -402,8 +423,6 @@ async function uploadFile(options) {
 
   const keyBuffer = options.keyBase64 ? parseAesKey(options.keyBase64) : crypto.randomBytes(32);
   const keyBase64 = keyBuffer.toString('base64');
-  const encryptedKeyPayload = encryptAes256Gcm(keyBuffer, masterKey);
-  const encryptedAESKey = packEncryptedKey(encryptedKeyPayload);
 
   const api = createApiClient(serverUrl);
   attachSessionToken(api, session);
@@ -416,7 +435,6 @@ async function uploadFile(options) {
     sizeBytes: plainBuffer.length,
     shardCount: chunks.length,
     cipher: 'aes-256-gcm',
-    encryptedAESKey,
     metadata: {
       encryption: {
         algorithm: 'aes-256-gcm',
@@ -544,7 +562,6 @@ async function uploadFile(options) {
     sizeBytes: plainBuffer.length,
     shardCount: chunks.length,
     cipher: 'aes-256-gcm',
-    encryptedAESKey,
     metadata: {
       encryption: {
         algorithm: 'aes-256-gcm',
@@ -560,13 +577,35 @@ async function uploadFile(options) {
   console.log(`[filecoin] uploading to Filecoin via central server (this may take a while)...`);
   await requestFilecoinBackup(api, encryptedFileBuffer, fileId);
 
-  console.log(`Upload complete`);
+  console.log(`Upload complete: fileId ${fileId}`);
   console.log(`fileId: ${fileId}`);
   console.log(`originalName: ${originalName}`);
   console.log(`sizeBytes: ${plainBuffer.length}`);
   console.log(`shardCount: ${chunks.length}`);
   console.log(`replicasPerShard: ${replicas}`);
-  console.log(`aes256KeyBase64: ${keyBase64}`);
+
+  if (session?.argon2Salt && session?.apiToken) {
+    console.log('Master password required to save the file key.');
+    const masterPassword = await promptHiddenInput('Enter your master password now: ');
+    try {
+      const masterKey = await deriveMasterKey(masterPassword, session.argon2Salt);
+      const encryptedKeyPayload = encryptAes256Gcm(keyBuffer, masterKey);
+      const encryptedAESKey = packEncryptedKey(encryptedKeyPayload);
+
+      await api.post(`/files/${fileId}/store-key`, {
+        encryptedAESKey
+      });
+
+      console.log('Key saved securely ✅');
+    } catch (error) {
+      if (String(error?.message || '').includes('unsupported state or unable to authenticate data')) {
+        throw new Error('Wrong master password');
+      }
+      throw error;
+    }
+  } else {
+    console.log(`aes256KeyBase64: ${keyBase64}`);
+  }
 }
 
 async function downloadFile(options) {
@@ -577,7 +616,6 @@ async function downloadFile(options) {
   const relayFirst = Boolean(options.relayFirst);
 
   const session = await requireSession();
-  const masterKey = decryptMasterKey(session.encryptedMasterKey, session.apiToken);
 
   if (!Number.isFinite(directTimeoutMs) || directTimeoutMs <= 0) {
     throw new Error('direct-timeout-ms must be greater than 0');
@@ -593,16 +631,36 @@ async function downloadFile(options) {
   let keyBuffer = null;
   if (options.keyBase64) {
     keyBuffer = parseAesKey(options.keyBase64);
-  } else if (manifest.file?.encryptedAESKey) {
-    const encryptedKeyPayload = unpackEncryptedKey(manifest.file.encryptedAESKey);
-    keyBuffer = decryptAes256Gcm(
-      encryptedKeyPayload.cipherText,
-      masterKey,
-      encryptedKeyPayload.iv,
-      encryptedKeyPayload.authTag
-    );
-    if (!Buffer.isBuffer(keyBuffer) || keyBuffer.length !== 32) {
-      throw new Error('invalid decrypted AES key length');
+  } else {
+    console.log('Fetching key from account...');
+    console.log('Master password required to decrypt the file key.');
+    const masterPassword = await promptHiddenInput('Enter your master password now: ');
+
+    try {
+      const masterKey = await deriveMasterKey(masterPassword, session.argon2Salt);
+      const keyResponse = await api.get(`/files/${fileId}/key`);
+      const encryptedAESKey = keyResponse.data?.encryptedAESKey;
+
+      if (!encryptedAESKey) {
+        throw new Error('missing stored key');
+      }
+
+      const encryptedKeyPayload = unpackEncryptedKey(encryptedAESKey);
+      keyBuffer = decryptAes256Gcm(
+        encryptedKeyPayload.cipherText,
+        masterKey,
+        encryptedKeyPayload.iv,
+        encryptedKeyPayload.authTag
+      );
+
+      if (!Buffer.isBuffer(keyBuffer) || keyBuffer.length !== 32) {
+        throw new Error('invalid decrypted AES key length');
+      }
+    } catch (error) {
+      if (String(error?.message || '').includes('unsupported state or unable to authenticate data')) {
+        throw new Error('Wrong master password');
+      }
+      throw error;
     }
   }
 
@@ -614,6 +672,8 @@ async function downloadFile(options) {
     throw new Error('missing or unsupported encryption metadata');
   }
 
+  console.log('Downloading and decrypting...');
+
   const shardMetaMap = new Map((encryption.shards || []).map((entry) => [entry.shardId, entry]));
 
   const orderedShards = [...(manifest.shards || [])].sort((a, b) => a.order - b.order);
@@ -708,7 +768,7 @@ async function downloadFile(options) {
   await fs.mkdir(path.dirname(output), { recursive: true });
   await fs.writeFile(output, reconstructed);
 
-  console.log(`Download complete`);
+  console.log('Done ✅');
   console.log(`fileId: ${fileId}`);
   console.log(`output: ${output}`);
   console.log(`sizeBytes: ${reconstructed.length}`);
@@ -741,5 +801,6 @@ module.exports = {
   login,
   register,
   logout,
-  whoami
+  whoami,
+  listFiles
 };

package/src/user/index.js

@@ -1,6 +1,15 @@
 #!/usr/bin/env node
 const { Command } = require('commander');
-const { uploadFile, downloadFile, deleteFile, login, logout, register, whoami } = require('./commands');
+const {
+  uploadFile,
+  downloadFile,
+  deleteFile,
+  login,
+  logout,
+  register,
+  whoami,
+  listFiles
+} = require('./commands');
 
 const program = new Command();
 
@@ -74,6 +83,14 @@ program
     await whoami(options);
   });
 
+program
+  .command('files')
+  .description('List files uploaded by the authenticated user')
+  .option('--server <url>', 'central server URL', 'https://api.nodio.me')
+  .action(async (options) => {
+    await listFiles(options);
+  });
+
 program.parseAsync(process.argv).catch((error) => {
   const apiErrorMessage = error.response?.data?.error;
   if (apiErrorMessage) {