pass-manager-cli 1.0.0 → 1.0.2

package/README.md

@@ -1,13 +1,14 @@
 # Password Manager CLI (PMC)
 
-A command-line interface (CLI) tool for managing your passwords efficiently. This tool allows you to add, list, copy, and delete passwords, as well as link to your password manager's host.
+A secure command-line interface (CLI) tool for managing your passwords efficiently.
 
 ## Features
 
-- **Secure Password Management**: Add, list, copy, and delete passwords.
-- **Host Configuration**: Easily link your CLI to a password manager backend by specifying its host IP.
+- **End-to-End Encryption**: All passwords are encrypted with **AES-256-GCM** using a Master Password.
+- **System Keychain Integration**: Securely store your Master Password in your OS keychain (macOS, Windows, or Linux) for seamless access.
+- **Interactive Mode**: Securely add passwords via interactive prompts to keep them out of your terminal history.
 - **Clipboard Integration**: Copy passwords directly to your clipboard for quick use.
-- **Modular Structure**: Built with a clear separation of concerns for easy maintenance and extensibility.
+- **Standalone Local Storage**: Your vault is stored locally in `~/.config/pmc/passwords.json`.
 
 ## Installation
 
@@ -23,6 +24,64 @@ just setup
 pmc --help
 ```
 
-### API Contract
+## User Guide
 
-For details on the backend API endpoints and data structures that this CLI interacts with, please refer to the [API Contract Documentation](./docs/API_CONTRACT.md).
+### 1. Setup & Adding Passwords
+The safest way to add a password is using the interactive mode. This prevents your password from being saved in your terminal history.
+
+```bash
+pmc add
+```
+*You will be prompted for the URL, Username, and Password.*
+
+### 2. Listing Passwords
+To see all your stored accounts (passwords remain hidden):
+
+```bash
+pmc list
+```
+*Note the **index** number of the entry you want to use.*
+
+### 3. Copying to Clipboard
+To use a password, copy it directly to your clipboard using its index:
+
+```bash
+pmc copy <index>
+```
+*Example: `pmc copy 0`*
+
+### 4. Updating an Entry
+If you change a password or username:
+
+```bash
+pmc update <index>
+```
+*This will prompt you with the current values, which you can edit or keep.*
+
+### 5. Deleting an Entry
+To remove a password permanently:
+
+```bash
+pmc delete <index>
+```
+
+---
+
+### Security Tip: The Master Password
+The first time you use PMC, you'll create a **Master Password**.
+- **Keychain:** We recommend saying "Yes" when asked to save it to the System Keychain. This allows you to use PMC without typing your Master Password every time.
+- **Lost Password:** If you lose your Master Password, **your data cannot be recovered**. Keep it safe!
+
+## Contribution
+
+Contributions are welcome! If you'd like to improve PMC, please follow these steps:
+
+1. **Fork the repository** on GitHub.
+2. **Clone your fork** locally: `git clone https://github.com/YOUR_USERNAME/password-manager-cli.git`.
+3. **Create a new branch** for your feature or bugfix: `git checkout -b feature-name`.
+4. **Make your changes** and ensure everything works as expected.
+5. **Commit your changes**: `git commit -m "Add feature name"`.
+6. **Push to your branch**: `git push origin feature-name`.
+7. **Create a Pull Request** on the original repository.
+
+Please ensure your code follows the existing style and structure of the project.

package/index.js

@@ -2,6 +2,7 @@
 
 import { Command } from "commander";
 import { init } from "./src/lib/commands.js";
+import { getPasswordByUrl } from "./src/lib/api.js";
 
 const program = new Command();
 
@@ -10,4 +11,4 @@ program
   .description("CLI for Password Manager")
   .version("1.0.0");
 
-init(program);
+init(program);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "pass-manager-cli",
-  "version": "1.0.0",
+  "version": "1.0.2",
   "description": "",
   "type": "module",
   "main": "index.js",
@@ -12,10 +12,11 @@
     "pmc": "./index.js"
   },
   "dependencies": {
-    "axios": "^1.13.2",
+    "@inquirer/prompts": "^8.1.0",
     "clipboardy": "^5.0.2",
     "commander": "^14.0.2",
-    "inquirer": "^13.1.0",
-    "node-persist": "^4.0.4"
+    "express": "^5.2.1",
+    "keytar": "^7.9.0",
+    "lowdb": "^7.0.1"
   }
 }

package/src/commands/passwords.js

@@ -3,6 +3,7 @@ import {
   listPasswords,
   copyPassword,
   deletePassword,
+  updatePassword,
 } from "../services/passwordService.js";
 
 export const passwordCommands = (program) => {
@@ -14,9 +15,9 @@ export const passwordCommands = (program) => {
   program
     .command("add")
     .description("add a password")
-    .argument("url", "url")
-    .argument("username", "username")
-    .argument("password", "password")
+    .argument("[url]", "url")
+    .argument("[username]", "username")
+    .argument("[password]", "password")
     .action(addPassword);
 
   program
@@ -30,4 +31,10 @@ export const passwordCommands = (program) => {
     .description("Delete Password")
     .argument("index", "index")
     .action(deletePassword);
-};
+
+  program
+    .command("update")
+    .description("Update password entry")
+    .argument("index", "index")
+    .action((index) => updatePassword(index));
+};

package/src/commands/serve.js

@@ -0,0 +1,24 @@
+import express from "express";
+import { getPasswordByUrl } from "../lib/api.js";
+export const app = express();
+const PORT = 7474;
+
+export const serverCommands = (program) => {
+  program
+    .command("serve")
+    .description("Create a server to interact with UI")
+    .action(startServer);
+};
+
+app.get("/password", async (req, res) => {
+  const url = req.query.url
+  console.log(url)
+  const passwords = await getPasswordByUrl(url);
+  res.send(passwords);
+});
+
+const startServer = () => {
+  app.listen(PORT, () => {
+    console.log(`Server running at http://localhost:${PORT}/`);
+  });
+};

package/src/lib/api.js

@@ -1,28 +1,25 @@
-import axios from "axios";
-import { getHostIP } from "./storage.js";
+import { addItem, clear, getPasswords, updateItem } from "./storage.js";
 
-const getBaseUrl = async () => {
-  const hostIP = await getHostIP();
-  if (!hostIP) {
-    throw new Error("Host IP not set. Please link a password manager first.");
-  }
-  return `http://${hostIP}:5421/passwords`;
-};
+export const getAllPasswords = async () => await getPasswords();
 
-export const getPasswords = async () => {
-  const url = await getBaseUrl();
-  const response = await axios.get(url);
-  return response.data;
-};
+export const getPasswordByUrl = async (url) =>
+  await getPasswords().then((passwords) =>
+    passwords.filter((password) => password.url === url)
+  );
 
 export const createPassword = async (url, username, password) => {
-  const baseUrl = await getBaseUrl();
-  const response = await axios.post(baseUrl, { url, username, password });
-  return response.data;
+  const passwordMapping = {
+    url: url,
+    username: username,
+    password: password,
+  };
+  await addItem(passwordMapping);
 };
 
-export const deletePasswordById = async (id) => {
-  const baseUrl = await getBaseUrl();
-  const response = await axios.delete(`${baseUrl}/${id}`);
-  return response.data;
-};
+export const deletePasswordByIndex = async (index) => {
+  await clear(index);
+};
+
+export const updatePasswordByIndex = async (index, updates) => {
+  await updateItem(index, updates);
+};

package/src/lib/commands.js

@@ -1,8 +1,8 @@
 import { passwordCommands } from "../commands/passwords.js";
-import { hostCommands } from "../commands/host.js";
+import { serverCommands } from "../commands/serve.js";
 
 export const init = (program) => {
   passwordCommands(program);
-  hostCommands(program);
+  serverCommands(program);
   program.parse();
 };

package/src/lib/storage.js

@@ -1,39 +1,123 @@
-import nodePersist from "node-persist";
 import os from "os";
 import path from "path";
+import { JSONFilePreset } from "lowdb/node";
+import { password as passwordPrompt, confirm } from "@inquirer/prompts";
+import { encrypt, decrypt } from "../utils/crypto.js";
+import keytar from "keytar";
 
-let isInitialized = false;
+const SERVICE_NAME = "PMC-CLI";
+const ACCOUNT_NAME = "MasterPassword";
 
-const initStorage = async () => {
-  if (!isInitialized) {
-    const homeDirectory = os.homedir();
-    const storageDirectory = path.join(homeDirectory, ".config", "pmc");
-
-    await nodePersist.init({
-      dir: storageDirectory,
-      logging: false,
-      ttl: false,
-    });
-    isInitialized = true;
+const getMasterPassword = async (isNew = false) => {
+  if (!isNew) {
+    const storedPassword = await keytar.getPassword(SERVICE_NAME, ACCOUNT_NAME);
+    if (storedPassword) {
+      return storedPassword;
+    }
+  }
+
+  const masterPassword = await passwordPrompt({
+    message: isNew
+      ? "Create a new Master Password for your vault:"
+      : "Enter your Master Password to unlock the vault:",
+    mask: "*",
+  });
+
+  const shouldSave = await confirm({
+    message: "Save Master Password to System Keychain?",
+    default: true,
+  });
+
+  if (shouldSave) {
+    await keytar.setPassword(SERVICE_NAME, ACCOUNT_NAME, masterPassword);
+    console.log("Master Password saved to System Keychain.");
   }
+
+  return masterPassword;
 };
 
-export const setItem = async (key, value) => {
-  await initStorage();
-  return nodePersist.setItem(key, value);
+const initStorage = async () => {
+  const homeDirectory = os.homedir();
+  const storageDirectory = path.join(
+    homeDirectory,
+    ".config",
+    "pmc",
+    "passwords.json"
+  );
+
+  const defaultData = { vault: null };
+  const db = await JSONFilePreset(storageDirectory, defaultData);
+
+  return db;
+};
+
+export const addItem = async (newPasswordEntry) => {
+  const db = await initStorage();
+  const isNew = !db.data.vault;
+
+  const masterPassword = await getMasterPassword(isNew);
+
+  let passwords = [];
+  if (!isNew) {
+    passwords = await decrypt(db.data.vault, masterPassword);
+  }
+
+  passwords.push(newPasswordEntry);
+
+  const encryptedVault = await encrypt(passwords, masterPassword);
+  await db.update((data) => {
+    data.vault = encryptedVault;
+  });
 };
 
-export const getItem = async (key) => {
-  await initStorage();
-  return nodePersist.getItem(key);
+export const getPasswords = async () => {
+  const db = await initStorage();
+  if (!db.data.vault) {
+    console.log("Vault is empty.");
+    return [];
+  }
+
+  const masterPassword = await getMasterPassword();
+
+  try {
+    return await decrypt(db.data.vault, masterPassword);
+  } catch (error) {
+    console.error("Decryption failed. " + error.message);
+    // If decryption fails, maybe the keychain password is wrong/stale?
+    // Optionally delete it so the user can re-enter.
+    await keytar.deletePassword(SERVICE_NAME, ACCOUNT_NAME);
+    process.exit(1);
+  }
 };
 
-export const clear = async () => {
-  await initStorage();
-  return nodePersist.clear();
+export const clear = async (indexToRemove) => {
+  const db = await initStorage();
+  if (!db.data.vault) return;
+
+  const masterPassword = await getMasterPassword();
+  let passwords = await decrypt(db.data.vault, masterPassword);
+
+  if (indexToRemove >= 0 && indexToRemove < passwords.length) {
+    passwords.splice(indexToRemove, 1);
+    const encryptedVault = await encrypt(passwords, masterPassword);
+    await db.update((data) => {
+      data.vault = encryptedVault;
+    });
+  }
 };
 
-export const getHostIP = async () => {
-  await initStorage();
-  return nodePersist.getItem("host");
-};
+export const updateItem = async (indexToUpdate, updatedEntry) => {
+  const db = await initStorage();
+  if (!db.data.vault) return;
+
+  const masterPassword = await getMasterPassword();
+  let passwords = await decrypt(db.data.vault, masterPassword);
+
+  if (indexToUpdate >= 0 && indexToUpdate < passwords.length) {
+    passwords[indexToUpdate] = { ...passwords[indexToUpdate], ...updatedEntry };
+    const encryptedVault = await encrypt(passwords, masterPassword);
+    await db.update((data) => {
+      data.vault = encryptedVault;
+    });
+  }
+};

package/src/services/passwordService.js

@@ -1,13 +1,24 @@
 import {
-  getPasswords,
+  getAllPasswords,
   createPassword,
-  deletePasswordById,
+  deletePasswordByIndex,
+  updatePasswordByIndex,
 } from "../lib/api.js";
 import { copyToClipboard } from "../utils/clipboard.js";
+import { input, password as passwordPrompt } from "@inquirer/prompts";
 
 export const addPassword = async (url, username, password) => {
   try {
-    await createPassword(url, username, password);
+    const finalUrl =
+      url ||
+      (await input({ message: "Enter URL (e.g., google.com):" }));
+    const finalUsername =
+      username || (await input({ message: "Enter Username:" }));
+    const finalPassword =
+      password ||
+      (await passwordPrompt({ message: "Enter Password:", mask: "*" }));
+
+    await createPassword(finalUrl, finalUsername, finalPassword);
     console.log("Password added successfully.");
   } catch (error) {
     console.error("Failed to add password:", error.message);
@@ -16,7 +27,7 @@ export const addPassword = async (url, username, password) => {
 
 export const listPasswords = async () => {
   try {
-    const passwords = await getPasswords();
+    const passwords = await getAllPasswords();
     console.table(passwords, ["url", "username"]);
   } catch (error) {
     console.error("Failed to list passwords:", error.message);
@@ -25,7 +36,7 @@ export const listPasswords = async () => {
 
 export const copyPassword = async (index) => {
   try {
-    const passwords = await getPasswords();
+    const passwords = await getAllPasswords();
 
     if (index >= 0 && index < passwords.length) {
       const password = passwords[index].password;
@@ -39,14 +50,45 @@ export const copyPassword = async (index) => {
 
 export const deletePassword = async (index) => {
   try {
-    const passwords = await getPasswords();
+    const passwords = await getAllPasswords();
 
     if (index >= 0 && index < passwords.length) {
-      const passwordId = passwords[index].id;
-      await deletePasswordById(passwordId);
+      await deletePasswordByIndex(index);
+
       console.log("Password deleted successfully.");
     } else console.error("Invalid index provided.");
   } catch (error) {
     console.error("Failed to delete password:", error.message);
   }
 };
+
+export const updatePassword = async (index) => {
+  try {
+    const passwords = await getAllPasswords();
+
+    if (index >= 0 && index < passwords.length) {
+      const current = passwords[index];
+      const updates = {};
+
+      const newUsername = await input({
+        message: `Enter Username (leave empty to keep: ${current.username}):`,
+      });
+      if (newUsername) updates.username = newUsername;
+
+      const newPassword = await passwordPrompt({
+        message: "Enter New Password (leave empty to keep current):",
+        mask: "*",
+      });
+      if (newPassword) updates.password = newPassword;
+
+      if (Object.keys(updates).length > 0) {
+        await updatePasswordByIndex(index, updates);
+        console.log("Password entry updated successfully.");
+      } else {
+        console.log("No changes made.");
+      }
+    } else console.error("Invalid index provided.");
+  } catch (error) {
+    console.error("Failed to update password:", error.message);
+  }
+};

package/src/utils/crypto.js

@@ -0,0 +1,54 @@
+import crypto from "crypto";
+import { promisify } from "util";
+
+const pbkdf2 = promisify(crypto.pbkdf2);
+
+const ALGORITHM = "aes-256-gcm";
+const KEY_LENGTH = 32;
+const SALT_LENGTH = 16;
+const IV_LENGTH = 12;
+const ITERATIONS = 100000;
+
+export const encrypt = async (data, password) => {
+  const salt = crypto.randomBytes(SALT_LENGTH);
+  const iv = crypto.randomBytes(IV_LENGTH);
+
+  const key = await pbkdf2(password, salt, ITERATIONS, KEY_LENGTH, "sha256");
+  const cipher = crypto.createCipheriv(ALGORITHM, key, iv);
+
+  const encrypted = Buffer.concat([
+    cipher.update(JSON.stringify(data), "utf8"),
+    cipher.final(),
+  ]);
+
+  const authTag = cipher.getAuthTag();
+
+  return {
+    salt: salt.toString("hex"),
+    iv: iv.toString("hex"),
+    authTag: authTag.toString("hex"),
+    encryptedData: encrypted.toString("hex"),
+  };
+};
+
+export const decrypt = async (vault, password) => {
+  const salt = Buffer.from(vault.salt, "hex");
+  const iv = Buffer.from(vault.iv, "hex");
+  const authTag = Buffer.from(vault.authTag, "hex");
+  const encryptedData = Buffer.from(vault.encryptedData, "hex");
+
+  const key = await pbkdf2(password, salt, ITERATIONS, KEY_LENGTH, "sha256");
+  const decipher = crypto.createDecipheriv(ALGORITHM, key, iv);
+
+  decipher.setAuthTag(authTag);
+
+  try {
+    const decrypted = Buffer.concat([
+      decipher.update(encryptedData),
+      decipher.final(),
+    ]);
+    return JSON.parse(decrypted.toString("utf8"));
+  } catch (error) {
+    throw new Error("Invalid master password or corrupted data.");
+  }
+};

package/docs/API_CONTRACT.md

@@ -1,99 +0,0 @@
-# Backend API Contract for Password Manager CLI
-
-This document outlines the API endpoints, methods, and data structures expected from the backend service that the Password Manager CLI (PMC) interacts with.
-
-**Base URL Structure:** `http://<hostIP>:5421/`
-
-The `<hostIP>` is configured using the `pmc host link <IP_ADDRESS>` command.
-
----
-
-## 1. Passwords API
-
-This API is responsible for managing password entries.
-
-### a. `GET /passwords` - Retrieve All Passwords
-
-Retrieves a list of all password entries stored in the backend.
-
-*   **Method:** `GET`
-*   **Path:** `/passwords`
-*   **Authentication:** (Assumed to be handled by backend, not explicitly defined in current CLI)
-*   **Request Headers:** (None explicitly sent by CLI for now, could include Authorization in future)
-*   **Request Body:** (None)
-*   **Response:** `200 OK` - A JSON array of password objects.
-
-    ```json
-    [
-      {
-        "id": "uuid-v4-string-1",
-        "url": "example.com",
-        "username": "user@example.com",
-        "password": "secure_password_1"
-      },
-      {
-        "id": "uuid-v4-string-2",
-        "url": "another.com",
-        "username": "another_user",
-        "password": "secure_password_2"
-      },
-      // ... more password objects
-    ]
-    ```
-
-### b. `POST /passwords` - Add a New Password
-
-Adds a new password entry to the backend.
-
-*   **Method:** `POST`
-*   **Path:** `/passwords`
-*   **Authentication:** (Assumed)
-*   **Request Headers:**
-    *   `Content-Type: application/json`
-*   **Request Body:** A JSON object containing the new password's details.
-
-    ```json
-    {
-      "url": "new-site.com",
-      "username": "new_user",
-      "password": "new_secure_password"
-    }
-    ```
-*   **Response:** `200 OK` or `201 Created` - The newly created password object, including its generated `id`.
-
-    ```json
-    {
-      "id": "uuid-v4-string-3",
-      "url": "new-site.com",
-      "username": "new_user",
-      "password": "new_secure_password"
-    }
-    ```
-
-### c. `DELETE /passwords/:id` - Delete a Password by ID
-
-Deletes a specific password entry from the backend using its unique ID.
-
-*   **Method:** `DELETE`
-*   **Path:** `/passwords/{id}` (where `{id}` is the unique identifier of the password)
-*   **Authentication:** (Assumed)
-*   **Request Headers:** (None)
-*   **Request Body:** (None)
-*   **Response:** `200 OK` (or `204 No Content`) - Indicates successful deletion. No content is typically returned for 204.
-
-    ```json
-    // Example for 200 OK
-    {
-      "message": "Password deleted successfully"
-    }
-    ```
-    or
-    (No Content for 204)
-
----
-
-## 2. Host Configuration
-
-The `pmc host link <IP_ADDRESS>` command primarily configures the local CLI's storage to remember the backend server's IP address. There is no explicit "Host API" endpoint for this action in the backend. The `hostIP` is used by the CLI to construct the base URL for the Passwords API.
-
----

package/src/commands/host.js

@@ -1,9 +0,0 @@
-import { linkManager } from "../services/hostService.js";
-
-export const hostCommands = (program) => {
-  program
-    .command("link")
-    .description("link a password manager")
-    .argument("ip", "ip")
-    .action(linkManager);
-};

package/src/services/hostService.js

@@ -1,10 +0,0 @@
-import { setItem } from "../lib/storage.js";
-
-export const linkManager = async (ip) => {
-  try {
-    await setItem("host", ip);
-    console.log(`Host IP ${ip} linked successfully.`);
-  } catch (error) {
-    console.error("Failed to link host IP:", error.message);
-  }
-};