safedrop-cli 1.0.0

package/src/receive.js

@@ -0,0 +1,190 @@
+// receive.js — the receiver workflow.
+//
+// 1. parse code/link              7. download encrypted bytes
+// 2. extract uploadCode + key     8. decrypt filename
+// 3. initiate handshake           9. decrypt file
+// 4. print handshake code        10. save safely to disk
+// 5. (optional) verify SAS       11. confirm; server copy is deleted
+// 6. poll until sender authorizes
+
+import { promises as fs, existsSync, statSync } from 'node:fs';
+
+import { decryptBuffer, decryptString } from './crypto.js';
+import { decodeCombinedCode } from './code.js';
+import { generateSAS } from './sas.js';
+import { SafeDropApi, SafeDropApiError } from './api.js';
+import { resolveOutputPath, dedupePath } from './paths.js';
+import { log, style, ask, confirm, spinner, formatBytes } from './ui.js';
+
+const HANDSHAKE_TTL_SECONDS = 5 * 60; // mirrors backend HANDSHAKE_TTL
+const POLL_INTERVAL_MS = 2000;
+
+const sleep = (ms) => new Promise((r) => setTimeout(r, ms));
+
+export async function runReceive(codeOrLink, opts = {}) {
+  const api = new SafeDropApi(opts.api);
+
+  // --- 1-2. Parse the code/link -----------------------------------------
+  let uploadCode, key, fullSecurity;
+  try {
+    ({ uploadCode, key, fullSecurity } = decodeCombinedCode(codeOrLink));
+  } catch (err) {
+    log.error(err.message);
+    process.exitCode = 1;
+    return;
+  }
+  log.ok('Code parsed. The encryption key stays on this machine.');
+
+  // --- (optional) SAS verification ---------------------------------------
+  if (fullSecurity) {
+    const sas = generateSAS(key);
+    log.plain();
+    log.plain(`  ${style.yellow('Safety code')}: ${style.bold(sas)}`);
+    log.plain(style.dim('  This must match the code the sender reads to you. If it differs, STOP.'));
+    log.plain();
+    const matches = await confirm('Does the safety code match the sender\'s?', false);
+    if (!matches) {
+      log.error('Safety code mismatch — aborting to avoid a possible interception.');
+      process.exitCode = 1;
+      return;
+    }
+  }
+
+  // --- 3-4. Initiate handshake -------------------------------------------
+  let handshakeCode, recipientToken;
+  try {
+    const spin = spinner('Initiating handshake…');
+    const hs = await api.initiateHandshake(uploadCode);
+    ({ handshakeCode, recipientToken } = hs);
+    spin.stop(`${style.green('✓')} Handshake ready.`);
+  } catch (err) {
+    if (err instanceof SafeDropApiError && err.statusCode === 404) {
+      log.error('This transfer was not found. It may have expired, been downloaded, or been cancelled.');
+    } else {
+      log.error(err instanceof SafeDropApiError ? err.message : `Handshake failed: ${err.message}`);
+    }
+    process.exitCode = 1;
+    return;
+  }
+
+  log.plain();
+  log.plain(style.bold('  Give this handshake code to the sender:'));
+  log.plain();
+  log.plain(`  ${style.cyan(style.bold(handshakeCode))}`);
+  log.plain();
+
+  // Ctrl-C cancels the recipient session cleanly.
+  let stopped = false;
+  const cancelRemote = async () => {
+    try { await api.cancelHandshake(uploadCode, recipientToken); } catch { /* best effort */ }
+  };
+  const onSigint = () => { stopped = true; cancelRemote().then(() => process.exit(130)); };
+  process.on('SIGINT', onSigint);
+
+  // --- 6. Poll until the sender authorizes -------------------------------
+  let downloadToken;
+  const spin = spinner('Waiting for the sender to authorize…');
+  const deadline = Date.now() + HANDSHAKE_TTL_SECONDS * 1000;
+  try {
+    while (!stopped) {
+      if (Date.now() > deadline) {
+        spin.stop();
+        log.error('The handshake expired before the sender authorized. Ask them to restart and try again.');
+        process.exitCode = 1;
+        return;
+      }
+      try {
+        const { downloadToken: token } = await api.getDownloadToken(uploadCode, recipientToken);
+        if (token) { downloadToken = token; break; }
+      } catch (err) {
+        if (err instanceof SafeDropApiError && err.statusCode === 404) {
+          // Still pending — keep polling.
+        } else if (err instanceof SafeDropApiError && err.statusCode === 403) {
+          spin.stop();
+          log.error('The session is no longer available (it may have been cancelled).');
+          process.exitCode = 1;
+          return;
+        } else {
+          throw err;
+        }
+      }
+      const left = Math.max(0, Math.round((deadline - Date.now()) / 1000));
+      spin.setLabel(`Waiting for the sender to authorize… ${style.dim(`(${left}s left)`)}`);
+      await sleep(POLL_INTERVAL_MS);
+    }
+  } catch (err) {
+    spin.stop();
+    log.error(err instanceof SafeDropApiError ? err.message : `Error while waiting: ${err.message}`);
+    process.exitCode = 1;
+    return;
+  } finally {
+    process.off('SIGINT', onSigint);
+  }
+  if (!downloadToken) return; // stopped via SIGINT
+  spin.stop(`${style.green('✓')} Authorized by the sender.`);
+
+  // --- 7. Download --------------------------------------------------------
+  let bytes, encryptedFilename;
+  try {
+    const dl = spinner('Downloading encrypted file…');
+    ({ bytes, encryptedFilename } = await api.downloadFile(uploadCode, downloadToken));
+    dl.stop(`${style.green('✓')} Downloaded ${formatBytes(bytes.length)} of ciphertext.`);
+  } catch (err) {
+    log.error(err instanceof SafeDropApiError ? err.message : `Download failed: ${err.message}`);
+    process.exitCode = 1;
+    return;
+  }
+
+  // --- 8-9. Decrypt filename and contents --------------------------------
+  let senderFilename = 'safedrop-file';
+  if (encryptedFilename) {
+    try {
+      senderFilename = decryptString(encryptedFilename, key);
+    } catch {
+      log.warn('Could not decrypt the original filename; using a default name.');
+    }
+  }
+
+  let plain;
+  try {
+    plain = decryptBuffer(bytes, key);
+  } catch {
+    log.error('Decryption failed. The key may be wrong, or the data was corrupted in transit.');
+    process.exitCode = 1;
+    return;
+  }
+
+  // --- 10. Save safely ----------------------------------------------------
+  let target;
+  try {
+    target = resolveOutputPath(senderFilename, opts.output, {
+      isDirectory: (p) => existsSync(p) && statSync(p).isDirectory(),
+    });
+  } catch (err) {
+    log.error(err.message);
+    process.exitCode = 1;
+    return;
+  }
+
+  if (existsSync(target)) {
+    const overwrite = await confirm(`File ${style.bold(target)} already exists. Overwrite?`, false);
+    if (!overwrite) {
+      target = dedupePath(target, (p) => existsSync(p));
+      log.info(`Saving as ${style.bold(target)} instead.`);
+    }
+  }
+
+  try {
+    await fs.writeFile(target, plain);
+  } catch (err) {
+    log.error(`Could not write file: ${err.message}`);
+    process.exitCode = 1;
+    return;
+  }
+
+  // --- 11. Confirm --------------------------------------------------------
+  log.plain();
+  log.ok(`Saved ${style.bold(target)} ${style.dim(`(${formatBytes(plain.length)})`)}`);
+  log.info('Decryption happened entirely on this machine.');
+  log.warn('The server has now deleted its encrypted copy — this code cannot be used again.');
+}

package/src/sas.js

@@ -0,0 +1,59 @@
+// sas.js
+//
+// Short Authentication String (SAS) generation — identical to the browser
+// client (frontend/utils/sas.ts). When "full security" is enabled, both sides
+// derive a 3-word code from SHA-256 of the raw key and compare them out-of-band
+// to detect a man-in-the-middle. The wordlist and indexing must match the
+// browser byte-for-byte.
+
+import { createHash } from 'node:crypto';
+
+// BIP39-inspired wordlist (256 words). Mirrors frontend/utils/sas.ts.
+const wordList = [
+  'abandon', 'ability', 'able', 'about', 'above', 'absent', 'absorb', 'abstract',
+  'absurd', 'abuse', 'access', 'accident', 'account', 'accuse', 'achieve', 'acid',
+  'acoustic', 'acquire', 'across', 'act', 'action', 'actor', 'actress', 'actual',
+  'adapt', 'add', 'addict', 'address', 'adjust', 'admit', 'adult', 'advance',
+  'advice', 'aerobic', 'affair', 'afford', 'afraid', 'again', 'age', 'agent',
+  'agree', 'ahead', 'aim', 'air', 'airport', 'aisle', 'alarm', 'album',
+  'alcohol', 'alert', 'alien', 'all', 'alley', 'allow', 'almost', 'alone',
+  'alpha', 'already', 'also', 'alter', 'always', 'amateur', 'amazing', 'among',
+  'amount', 'amused', 'analyst', 'anchor', 'ancient', 'anger', 'angle', 'angry',
+  'animal', 'ankle', 'announce', 'annual', 'another', 'answer', 'antenna', 'antique',
+  'anxiety', 'any', 'apart', 'apology', 'appear', 'apple', 'approve', 'april',
+  'arch', 'arctic', 'area', 'arena', 'argue', 'arm', 'armed', 'armor',
+  'army', 'around', 'arrange', 'arrest', 'arrive', 'arrow', 'art', 'artefact',
+  'artist', 'artwork', 'ask', 'aspect', 'assault', 'asset', 'assist', 'assume',
+  'asthma', 'athlete', 'atom', 'attack', 'attend', 'attitude', 'attract', 'auction',
+  'audit', 'august', 'aunt', 'author', 'auto', 'autumn', 'average', 'avocado',
+  'avoid', 'awake', 'aware', 'away', 'awesome', 'awful', 'awkward', 'axis',
+  'baby', 'bachelor', 'bacon', 'badge', 'bag', 'balance', 'balcony', 'ball',
+  'bamboo', 'banana', 'banner', 'bar', 'barely', 'bargain', 'barrel', 'base',
+  'basic', 'basket', 'battle', 'beach', 'bean', 'beauty', 'because', 'become',
+  'beef', 'before', 'begin', 'behave', 'behind', 'believe', 'below', 'belt',
+  'bench', 'benefit', 'best', 'betray', 'better', 'between', 'beyond', 'bicycle',
+  'bid', 'bike', 'bind', 'biology', 'bird', 'birth', 'bitter', 'black',
+  'blade', 'blame', 'blanket', 'blast', 'bleak', 'bless', 'blind', 'blood',
+  'blossom', 'blouse', 'blue', 'blur', 'blush', 'board', 'boat', 'body',
+  'boil', 'bomb', 'bone', 'bonus', 'book', 'boost', 'border', 'boring',
+  'borrow', 'boss', 'bottom', 'bounce', 'box', 'boy', 'bracket', 'brain',
+  'brand', 'brass', 'brave', 'bread', 'breeze', 'brick', 'bridge', 'brief',
+  'bright', 'bring', 'brisk', 'broccoli', 'broken', 'bronze', 'broom', 'brother',
+  'brown', 'brush', 'bubble', 'buddy', 'budget', 'buffalo', 'build', 'bulb',
+  'bulk', 'bullet', 'bundle', 'bunker', 'burden', 'burger', 'burst', 'bus',
+  'business', 'busy', 'butter', 'buyer', 'buzz', 'cabbage', 'cabin', 'cable',
+];
+
+/**
+ * Derive the 3-word safety code from a hex key.
+ * @param {string} keyHex 64-char hex key
+ * @returns {string} e.g. "apple-bridge-cabin"
+ */
+export function generateSAS(keyHex) {
+  const keyBuffer = Buffer.from(keyHex, 'hex');
+  const hash = createHash('sha256').update(keyBuffer).digest();
+  const w1 = wordList[hash[0] % wordList.length];
+  const w2 = wordList[hash[1] % wordList.length];
+  const w3 = wordList[hash[2] % wordList.length];
+  return `${w1}-${w2}-${w3}`;
+}

package/src/send.js

@@ -0,0 +1,182 @@
+// send.js — the sender workflow.
+//
+// 1. read file               5. initiate upload
+// 2. generate AES-256 key    6. PUT encrypted bytes to presigned URL
+// 3. encrypt file locally    7. finalize with encrypted filename + senderToken
+// 4. encrypt filename        8. print share code/link, wait for handshake,
+//                               authorize, report status.
+
+import { promises as fs } from 'node:fs';
+import path from 'node:path';
+
+import { encryptBuffer, encryptString } from './crypto.js';
+import { encodeCombinedCode, encodeShareLink } from './code.js';
+import { generateSAS } from './sas.js';
+import { SafeDropApi, SafeDropApiError } from './api.js';
+import { log, style, output, ask, spinner, formatBytes, formatDuration } from './ui.js';
+
+const MAX_FILE_SIZE_MB = 1024; // mirrors backend store.ts MAX_FILE_SIZE_MB
+
+/**
+ * Derive a browser origin from the API base so links open the web app.
+ * "https://safedrop.ma/api" -> "https://safedrop.ma".
+ * Local dev backends have no web origin, so we omit the link there.
+ */
+function webOriginFromApi(apiBase) {
+  try {
+    const u = new URL(apiBase);
+    if (u.hostname === 'localhost' || u.hostname === '127.0.0.1') return null;
+    return `${u.protocol}//${u.host}`;
+  } catch {
+    return null;
+  }
+}
+
+export async function runSend(filePath, opts = {}) {
+  const api = new SafeDropApi(opts.api);
+
+  // --- 1. Read and validate the file -------------------------------------
+  let stat;
+  try {
+    stat = await fs.stat(filePath);
+  } catch {
+    log.error(`File not found: ${filePath}`);
+    process.exitCode = 1;
+    return;
+  }
+  if (!stat.isFile()) {
+    log.error(`Not a regular file: ${filePath}`);
+    process.exitCode = 1;
+    return;
+  }
+  const sizeMb = stat.size / 1024 / 1024;
+  if (sizeMb > MAX_FILE_SIZE_MB) {
+    log.error(`File is ${formatBytes(stat.size)} — exceeds the ${MAX_FILE_SIZE_MB} MB limit.`);
+    process.exitCode = 1;
+    return;
+  }
+
+  const filename = path.basename(filePath);
+  log.info(`Sending ${style.bold(filename)} ${style.dim(`(${formatBytes(stat.size)})`)}`);
+
+  const fullSecurity = !!opts.fullSecurity;
+
+  // --- 2-4. Encrypt locally ----------------------------------------------
+  const spin = spinner('Encrypting locally…');
+  let payload, keyHex, encryptedFilename;
+  try {
+    const plain = await fs.readFile(filePath);
+    ({ payload, keyHex } = encryptBuffer(plain));
+    encryptedFilename = encryptString(filename, keyHex);
+  } catch (err) {
+    spin.stop();
+    log.error(`Encryption failed: ${err.message}`);
+    process.exitCode = 1;
+    return;
+  }
+
+  // --- 5-7. Initiate, upload, finalize -----------------------------------
+  let uploadCode, presignedUrl, senderToken, uploadTTLSeconds;
+  try {
+    spin.setLabel('Requesting upload slot…');
+    const customExpirationSeconds = opts.ttlMinutes ? Math.floor(opts.ttlMinutes * 60) : undefined;
+    const init = await api.initiateUpload({ customExpirationSeconds });
+    ({ uploadCode, url: presignedUrl, senderToken, uploadTTLSeconds } = init);
+
+    spin.setLabel('Uploading encrypted bytes…');
+    await api.uploadBytes(presignedUrl, payload);
+
+    spin.setLabel('Finalizing…');
+    await api.finalizeUpload(uploadCode, encryptedFilename, senderToken);
+  } catch (err) {
+    spin.stop();
+    log.error(err instanceof SafeDropApiError ? err.message : `Upload failed: ${err.message}`);
+    process.exitCode = 1;
+    return;
+  }
+  spin.stop(`${style.green('✓')} Encrypted and uploaded. The server holds only ciphertext.`);
+
+  // --- 8. Share details ---------------------------------------------------
+  const combinedCode = encodeCombinedCode({ uploadCode, key: keyHex, fullSecurity });
+  const origin = webOriginFromApi(opts.api);
+  const ttl = uploadTTLSeconds || 15 * 60;
+
+  log.plain();
+  log.plain(style.bold('  Share this code with the receiver:'));
+  log.plain();
+  output(combinedCode); // the only secret printed — it is the whole point
+  log.plain();
+  if (origin) {
+    log.plain(style.dim('  Or this link (key stays in the URL fragment, never sent to the server):'));
+    log.plain(`  ${style.cyan(encodeShareLink(combinedCode, origin))}`);
+    log.plain();
+  }
+  if (fullSecurity) {
+    const sas = generateSAS(keyHex);
+    log.plain(`  ${style.yellow('Safety code')} (read aloud to verify, must match the receiver's): ${style.bold(sas)}`);
+    log.plain();
+  }
+  log.info(`This transfer expires in ${style.bold(formatDuration(ttl))}.`);
+
+  // --- Wait for the receiver handshake, then authorize -------------------
+  const expiresAt = Date.now() + ttl * 1000;
+  let cancelled = false;
+
+  const cleanup = async (reason) => {
+    if (cancelled) return;
+    cancelled = true;
+    try {
+      await api.cancelUpload(uploadCode, senderToken);
+      log.ok(`Transfer cancelled — the encrypted server copy was deleted (${reason}).`);
+    } catch {
+      log.warn('Transfer cancelled locally (server copy may already be gone).');
+    }
+  };
+
+  // Ctrl-C cancels the transfer cleanly from the sender side.
+  const onSigint = () => { cleanup('you pressed Ctrl-C').then(() => process.exit(130)); };
+  process.on('SIGINT', onSigint);
+
+  try {
+    log.plain();
+    log.info('Waiting for the receiver. They will give you a handshake code.');
+    if (Date.now() > expiresAt) { log.warn('Transfer already expired.'); return; }
+
+    const remainingMin = Math.max(1, Math.round((expiresAt - Date.now()) / 60000));
+    const handshakeCode = await ask(
+      `${style.bold('Paste the receiver handshake code')} ${style.dim(`(≤ ${remainingMin}m left, or press Enter to cancel)`)}: `,
+    );
+
+    if (!handshakeCode) {
+      await cleanup('no code entered');
+      return;
+    }
+    if (Date.now() > expiresAt) {
+      log.warn('Transfer expired before authorization. The server copy is gone.');
+      return;
+    }
+
+    const spin2 = spinner('Authorizing the receiver…');
+    try {
+      await api.authorizeHandshake(uploadCode, handshakeCode);
+      spin2.stop(`${style.green('✓')} Receiver authorized.`);
+    } catch (err) {
+      spin2.stop();
+      if (err instanceof SafeDropApiError && err.statusCode === 403) {
+        log.error('That handshake code did not match. Ask the receiver to re-check it and try again.');
+      } else if (err instanceof SafeDropApiError && err.statusCode === 429) {
+        log.error('Too many failed attempts — the session was terminated for safety.');
+      } else {
+        log.error(err.message);
+      }
+      process.exitCode = 1;
+      return;
+    }
+
+    log.plain();
+    log.ok('The receiver can now download and decrypt the file.');
+    log.info('The server deletes its encrypted copy the moment the download completes.');
+  } finally {
+    process.off('SIGINT', onSigint);
+  }
+}

package/src/ui.js

@@ -0,0 +1,94 @@
+// ui.js
+//
+// Minimal terminal helpers: colored status lines, an interactive prompt, and a
+// lightweight spinner. No dependencies. Colors auto-disable when stdout is not
+// a TTY or NO_COLOR is set, so piped/CI output stays clean.
+
+import readline from 'node:readline';
+
+const useColor = process.stdout.isTTY && !process.env.NO_COLOR;
+const c = (code, s) => (useColor ? `\x1b[${code}m${s}\x1b[0m` : s);
+
+export const style = {
+  bold: (s) => c('1', s),
+  dim: (s) => c('2', s),
+  green: (s) => c('32', s),
+  red: (s) => c('31', s),
+  yellow: (s) => c('33', s),
+  cyan: (s) => c('36', s),
+  gray: (s) => c('90', s),
+};
+
+export const log = {
+  info: (msg) => console.error(`${style.cyan('•')} ${msg}`),
+  ok: (msg) => console.error(`${style.green('✓')} ${msg}`),
+  warn: (msg) => console.error(`${style.yellow('!')} ${msg}`),
+  error: (msg) => console.error(`${style.red('✗')} ${msg}`),
+  plain: (msg = '') => console.error(msg),
+};
+
+/** Print a value to stdout (the "result" channel; logs go to stderr). */
+export function output(value) {
+  process.stdout.write(`${value}\n`);
+}
+
+/** Ask a free-text question. Returns the trimmed answer. */
+export function ask(question) {
+  const rl = readline.createInterface({ input: process.stdin, output: process.stderr });
+  return new Promise((resolve) => {
+    rl.question(question, (answer) => {
+      rl.close();
+      resolve(answer.trim());
+    });
+  });
+}
+
+/** Ask a yes/no question. Returns boolean. */
+export async function confirm(question, defaultYes = false) {
+  const hint = defaultYes ? '[Y/n]' : '[y/N]';
+  const answer = (await ask(`${question} ${hint} `)).toLowerCase();
+  if (!answer) return defaultYes;
+  return answer === 'y' || answer === 'yes';
+}
+
+/** Simple braille spinner. Returns a handle with .stop(). */
+export function spinner(label) {
+  if (!process.stderr.isTTY) {
+    console.error(`${style.dim('…')} ${label}`);
+    return { stop: () => {}, setLabel: () => {} };
+  }
+  const frames = ['⠋', '⠙', '⠹', '⠸', '⠼', '⠴', '⠦', '⠧', '⠇', '⠏'];
+  let i = 0;
+  let current = label;
+  const timer = setInterval(() => {
+    process.stderr.write(`\r${style.cyan(frames[i++ % frames.length])} ${current}   `);
+  }, 80);
+  return {
+    setLabel: (l) => { current = l; },
+    stop: (finalLine) => {
+      clearInterval(timer);
+      process.stderr.write('\r\x1b[K');
+      if (finalLine) console.error(finalLine);
+    },
+  };
+}
+
+/** Format a byte count as a human-readable size. */
+export function formatBytes(bytes) {
+  const units = ['B', 'KB', 'MB', 'GB'];
+  let n = bytes;
+  let u = 0;
+  while (n >= 1024 && u < units.length - 1) { n /= 1024; u++; }
+  return `${n.toFixed(n < 10 && u > 0 ? 2 : 0)} ${units[u]}`;
+}
+
+/** Format seconds as "Xm Ys". */
+export function formatDuration(totalSeconds) {
+  const s = Math.max(0, Math.floor(totalSeconds));
+  const h = Math.floor(s / 3600);
+  const m = Math.floor((s % 3600) / 60);
+  const sec = s % 60;
+  if (h > 0) return `${h}h ${m}m`;
+  if (m > 0) return `${m}m ${sec}s`;
+  return `${sec}s`;
+}