orgnote-api 0.7.1 → 0.7.2

package/encryption/encryption.ts

@@ -0,0 +1,152 @@
+import {
+  createMessage,
+  decrypt,
+  decryptKey,
+  encrypt,
+  readKey,
+  readMessage,
+  readPrivateKey,
+} from 'openpgp';
+
+export class IncorrectOrMissingPrivateKeyPasswordError extends Error {}
+export class ImpossibleToDecryptWithProvidedKeysError extends Error {}
+export class IncorrectEncryptionPasswordError extends Error {}
+
+const noPrivateKeyPassphraseProvidedErrorMsg =
+  'Error: Signing key is not decrypted.';
+const incorrectPrivateKeyPassphraseErrorMsg =
+  'Error decrypting private key: Incorrect key passphrase';
+const decryptionKeyIsNotDecryptedErrorMsg =
+  'Error decrypting message: Decryption key is not decrypted.';
+const corruptedPrivateKeyErrorMsg = 'Misformed armored text';
+
+const decriptionFailedErrorMsg =
+  'Error decrypting message: Session key decryption failed.';
+const incorrectEncryptionPasswordErrorMsg =
+  'Error decrypting message: Modification detected.';
+
+export const encryptViaKeys = withCustomErrors(_encryptViaKeys);
+export const encryptViaPassword = withCustomErrors(_encryptViaPassword);
+export const decryptViaPassword = withCustomErrors(_decryptViaPassword);
+export const decryptViaKeys = withCustomErrors(_decryptViaKeys);
+
+async function _encryptViaPassword(
+  text: string,
+  password: string
+): Promise<string> {
+  const message = await createMessage({
+    text,
+  });
+
+  const encryptedMessage = await encrypt({
+    message,
+    format: 'armored',
+    passwords: [password],
+  });
+
+  return encryptedMessage.toString();
+}
+
+async function _encryptViaKeys(
+  text: string,
+  armoredPublicKey: string,
+  armoredPrivateKey: string,
+  privateKeyPassphrase?: string
+): Promise<string> {
+  const publicKey = await readKey({ armoredKey: armoredPublicKey });
+
+  const message = await createMessage({
+    text,
+  });
+
+  const encryptedPrivateKey = await readPrivateKey({
+    armoredKey: armoredPrivateKey,
+  });
+
+  const privateKey = privateKeyPassphrase
+    ? await decryptKey({
+        privateKey: encryptedPrivateKey,
+        passphrase: privateKeyPassphrase,
+      })
+    : encryptedPrivateKey;
+
+  const encryptedMessage = await encrypt({
+    message,
+    format: 'armored',
+    encryptionKeys: publicKey,
+    signingKeys: privateKey,
+  });
+
+  return encryptedMessage.toString();
+}
+
+async function _decryptViaPassword(
+  data: string,
+  password: string
+): Promise<string> {
+  const message = await readMessage({ armoredMessage: data });
+
+  const { data: decryptedText } = await decrypt({
+    message,
+    passwords: password,
+  });
+
+  return decryptedText.toString();
+}
+
+async function _decryptViaKeys(
+  data: string,
+  armoredPrivateKey: string,
+  privateKeyPassword?: string
+): Promise<string> {
+  const encryptedPrivateKey = await readPrivateKey({
+    armoredKey: armoredPrivateKey,
+  });
+
+  const privateKey = privateKeyPassword
+    ? await decryptKey({
+        privateKey: encryptedPrivateKey,
+        passphrase: privateKeyPassword,
+      })
+    : encryptedPrivateKey;
+
+  const message = await readMessage({ armoredMessage: data });
+
+  const { data: decryptedText } = await decrypt({
+    message,
+    decryptionKeys: privateKey,
+  });
+
+  return decryptedText.toString();
+}
+
+function withCustomErrors<P extends unknown[], T>(
+  fn: (...args: P) => Promise<T | never>
+) {
+  return async (...args: P): Promise<T> => {
+    try {
+      return await fn(...args);
+    } catch (e: unknown) {
+      if (!(e instanceof Error)) {
+        throw e;
+      }
+      if (
+        [
+          noPrivateKeyPassphraseProvidedErrorMsg,
+          incorrectPrivateKeyPassphraseErrorMsg,
+          corruptedPrivateKeyErrorMsg,
+          decryptionKeyIsNotDecryptedErrorMsg,
+        ].includes(e.message)
+      ) {
+        throw new IncorrectOrMissingPrivateKeyPasswordError(e.message);
+      }
+      if (e.message === decriptionFailedErrorMsg) {
+        throw new ImpossibleToDecryptWithProvidedKeysError(e.message);
+      }
+      if (e.message === incorrectEncryptionPasswordErrorMsg) {
+        throw new IncorrectEncryptionPasswordError();
+      }
+      throw e;
+    }
+  };
+}

package/encryption/index.ts

@@ -0,0 +1,2 @@
+export * from './note-encryption';
+export * from './encryption';

package/encryption/note-encryption.ts

@@ -0,0 +1,129 @@
+import {
+  ModelsPublicNote,
+  ModelsPublicNoteEncryptedEnum,
+} from 'src/remote-api';
+import {
+  decryptViaKeys,
+  decryptViaPassword,
+  encryptViaKeys,
+  encryptViaPassword,
+} from './encryption';
+import { OrgNoteEncryption } from 'src/models/encryption';
+import { parse, withMetaInfo } from 'org-mode-ast';
+
+export interface AbstractEncryptedNote {
+  content: string;
+  encrypted: ModelsPublicNote['encrypted'];
+  meta: {
+    [key: string]: any;
+    published: boolean;
+  };
+}
+
+export async function encryptNote<T extends AbstractEncryptedNote>(
+  note: T,
+  encryptionParams: OrgNoteEncryption
+): Promise<T> {
+  if (
+    encryptionParams.type === ModelsPublicNoteEncryptedEnum.Disabled ||
+    note.meta.published
+  ) {
+    return note;
+  }
+
+  note.meta = { id: note.meta.id, published: note.meta.published };
+
+  if (encryptionParams.type === ModelsPublicNoteEncryptedEnum.GpgKeys) {
+    return encryptNoteViaKeys(
+      note,
+      encryptionParams.publicKey,
+      encryptionParams.privateKey,
+      encryptionParams.privateKeyPassphrase
+    );
+  }
+  return encryptNoteViaPassword(note, encryptionParams.password);
+}
+export async function encryptNoteViaPassword<T extends AbstractEncryptedNote>(
+  note: T,
+  password: string
+): Promise<T> {
+  const content = encryptViaPassword(note.content, password);
+  return {
+    ...note,
+    content,
+    encrypted: ModelsPublicNoteEncryptedEnum.GpgPassword,
+  };
+}
+
+export async function encryptNoteViaKeys<T extends AbstractEncryptedNote>(
+  note: T,
+  publicKey: string,
+  privateKey: string,
+  privateKeyPassphrase?: string
+): Promise<T> {
+  const content = await encryptViaKeys(
+    note.content,
+    publicKey,
+    privateKey,
+    privateKeyPassphrase
+  );
+
+  return {
+    ...note,
+    content,
+    encrypted: ModelsPublicNoteEncryptedEnum.GpgKeys,
+  };
+}
+
+export async function decryptNote<T extends AbstractEncryptedNote>(
+  note: T,
+  encryptionParams: OrgNoteEncryption
+): Promise<T> {
+  if (encryptionParams.type === ModelsPublicNoteEncryptedEnum.Disabled) {
+    return note;
+  }
+  const decryptedNote =
+    encryptionParams.type === ModelsPublicNoteEncryptedEnum.GpgKeys
+      ? await decryptNoteViaKeys(
+          note,
+          encryptionParams.privateKey,
+          encryptionParams.privateKeyPassphrase
+        )
+      : await decryptNoteViaPassword(note, encryptionParams.password);
+
+  const parsed = withMetaInfo(parse(decryptedNote.content));
+
+  return {
+    ...decryptedNote,
+    meta: { ...decryptedNote.meta, published: parsed.meta.published },
+  };
+}
+
+export async function decryptNoteViaPassword<T extends AbstractEncryptedNote>(
+  note: T,
+  password: string
+): Promise<T> {
+  const content = decryptViaPassword(note.content, password);
+  return {
+    ...note,
+    content,
+    encrypted: ModelsPublicNoteEncryptedEnum.GpgPassword,
+  };
+}
+
+export async function decryptNoteViaKeys<T extends AbstractEncryptedNote>(
+  note: T,
+  privateKey: string,
+  privateKeyPassphrase?: string
+): Promise<T> {
+  const content = await decryptViaKeys(
+    note.content,
+    privateKey,
+    privateKeyPassphrase
+  );
+  return {
+    ...note,
+    content,
+    encrypted: ModelsPublicNoteEncryptedEnum.GpgKeys,
+  };
+}

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "orgnote-api",
-  "version": "0.7.1",
+  "version": "0.7.2",
   "description": "Official API for creating extensions for OrgNote app",
   "type": "module",
   "main": "./index.ts",
@@ -17,7 +17,13 @@
     "type": "git",
     "url": "git+https://github.com/artawower/orgnote-api.git"
   },
-  "files": ["index.ts", "api.ts", "remote-api/**", "models/**"],
+  "files": [
+    "index.ts",
+    "api.ts",
+    "remote-api/**",
+    "models/**",
+    "encryption/**"
+  ],
   "exports": {
     ".": "./index.ts",
     "./remote-api": "./remote-api/index.ts",