npm - stegdoc - Versions diffs - 1.0.1 → 4.0.0 - Mend

stegdoc 1.0.1 → 4.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (14) hide show

package/package.json +6 -7
package/src/commands/decode.js +233 -91
package/src/commands/encode.js +302 -199
package/src/commands/info.js +10 -9
package/src/commands/verify.js +65 -30
package/src/index.js +2 -2
package/src/lib/compression.js +18 -0
package/src/lib/crypto.js +54 -0
package/src/lib/docx-handler.js +1 -1
package/src/lib/metadata.js +13 -2
package/src/lib/streams.js +197 -0
package/src/lib/utils.js +2 -2
package/src/lib/xlsx-handler.js +133 -76
package/bootstrap.js +0 -33

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "stegdoc",
-  "version": "1.0.1",
+  "version": "4.0.0",
   "description": "Hide files inside Office documents (XLSX/DOCX) with AES-256 encryption and steganography",
   "main": "src/index.js",
   "bin": {
@@ -41,20 +41,19 @@
   },
   "files": [
     "src",
-    "bootstrap.js",
     "LICENSE",
     "README.md"
   ],
   "packageManager": "pnpm@10.19.0",
   "dependencies": {
     "adm-zip": "^0.5.16",
-    "chalk": "4.1.2",
+    "chalk": "^4.1.2",
     "commander": "^14.0.2",
     "docx": "^9.5.1",
     "exceljs": "^4.4.0",
-    "fast-xml-parser": "^5.3.2",
-    "file-type": "^21.1.1",
-    "inquirer": "^13.0.1",
-    "ora": "5.4.1"
+    "fast-xml-parser": "^5.3.3",
+    "file-type": "^16.5.4",
+    "inquirer": "^8.2.6",
+    "ora": "^5.4.1"
   }
 }

package/src/commands/decode.js CHANGED Viewed

@@ -1,15 +1,17 @@
 const path = require('path');
 const fs = require('fs');
+const { finished } = require('stream/promises');
 const chalk = require('chalk');
 const ora = require('ora');
-const { readDocxBase64 } = require('../lib/docx-handler');
+const { readDocxBase64, } = require('../lib/docx-handler');
 const { readXlsxBase64 } = require('../lib/xlsx-handler');
-const { validateMetadata, isMultiPart } = require('../lib/metadata');
+const { validateMetadata, isMultiPart, isStreamingFormat } = require('../lib/metadata');
 const { detectFormat, formatBytes, generateContentHash } = require('../lib/utils');
-const { decrypt, unpackEncryptionMeta } = require('../lib/crypto');
-const { decompress } = require('../lib/compression');
+const { decrypt, unpackEncryptionMeta, createDecryptStream } = require('../lib/crypto');
+const { decompress, createDecompressStream } = require('../lib/compression');
 const { promptPassword, promptOverwrite } = require('../lib/interactive');
 const { extractContent, findMultiPartFiles, mergeBase64Chunks } = require('../lib/file-utils');
+const { HashPassthrough } = require('../lib/streams');
 /**
  * Read file based on format
@@ -29,10 +31,6 @@ async function readFile(filePath, format) {
  * Decode a DOCX/XLSX file back to original format
  * @param {string} inputFile - Path to input file
  * @param {object} options - Command options
- * @param {string} options.output - Output file path
- * @param {string} options.password - Decryption password
- * @param {boolean} options.force - Overwrite existing files without asking
- * @param {boolean} options.quiet - Minimal output
  */
 async function decodeCommand(inputFile, options) {
   const quiet = options.quiet || false;
@@ -71,18 +69,28 @@ async function decodeCommand(inputFile, options) {
       if (quiet || options.yes) {
         throw new Error('Password is required for encrypted files. Use -p or --password to specify.');
       }
-      // Prompt for password interactively
       options.password = await promptPassword();
     }
     // Determine output path and check overwrite
-    const outputPath = options.output || path.join(process.cwd(), metadata.originalFilename);
+    let outputPath;
+    if (options.output) {
+      if (fs.existsSync(options.output) && fs.statSync(options.output).isDirectory()) {
+        outputPath = path.join(options.output, metadata.originalFilename);
+      } else if (!path.extname(options.output) && !fs.existsSync(options.output)) {
+        fs.mkdirSync(options.output, { recursive: true });
+        outputPath = path.join(options.output, metadata.originalFilename);
+      } else {
+        outputPath = options.output;
+      }
+    } else {
+      outputPath = path.join(process.cwd(), metadata.originalFilename);
+    }
     if (fs.existsSync(outputPath) && !options.force) {
       if (quiet || options.yes) {
         throw new Error(`File already exists: ${outputPath}. Use --force to overwrite.`);
       }
-      // Prompt for overwrite confirmation
       const shouldOverwrite = await promptOverwrite(outputPath);
       if (!shouldOverwrite) {
         console.log(chalk.yellow('Operation cancelled.'));
@@ -90,111 +98,245 @@ async function decodeCommand(inputFile, options) {
       }
     }
-    // Check if multi-part
-    let finalBase64;
+    // Route to v4 streaming decode or legacy decode
+    if (isStreamingFormat(metadata)) {
+      await decodeStreaming(inputFile, format, metadata, encryptedContent, encryptionMeta, isEncrypted, isCompressed, options, outputPath, spinner, quiet);
+    } else {
+      await decodeLegacy(inputFile, format, metadata, encryptedContent, encryptionMeta, isEncrypted, isCompressed, options, outputPath, spinner, quiet);
+    }
+  } catch (error) {
+    spinner.fail && spinner.fail('Decoding failed');
+    console.error(chalk.red(`Error: ${error.message}`));
+    process.exit(1);
+  }
+}
-    if (isMultiPart(metadata)) {
-      spinner.start && (spinner.text = `Multi-part file detected (${metadata.totalParts} parts)`);
+/**
+ * v4 streaming decode — per-part decryption, streaming decompress and write
+ */
+async function decodeStreaming(inputFile, format, metadata, encryptedContent, encryptionMeta, isEncrypted, isCompressed, options, outputPath, spinner, quiet) {
+  // Ensure output directory exists
+  const outputDir = path.dirname(outputPath);
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+  }
-      // Find all parts
-      const inputDir = path.dirname(inputFile);
-      const allParts = findMultiPartFiles(inputDir, metadata.hash, format, metadata.totalParts);
+  // Set up output pipeline: [decompress] → hash → file
+  const hashStream = new HashPassthrough();
+  const outputStream = fs.createWriteStream(outputPath);
-      if (allParts.length !== metadata.totalParts) {
-        throw new Error(
-          `Missing parts! Found ${allParts.length} of ${metadata.totalParts} parts. ` +
-          `Make sure all parts are in the same directory.`
-        );
-      }
+  let decompressStream = null;
+  if (isCompressed) {
+    decompressStream = createDecompressStream();
+    decompressStream.pipe(hashStream).pipe(outputStream);
+  } else {
+    hashStream.pipe(outputStream);
+  }
-      spinner.succeed && spinner.succeed(`Found all ${metadata.totalParts} parts`);
+  const writeTarget = isCompressed ? decompressStream : hashStream;
-      // Read all parts
-      const chunks = [];
+  // v4 files may have partNumber set but totalParts null (unknown at encode time).
+  // Detect multi-part by checking partNumber OR totalParts.
+  const hasMultipleParts = isMultiPart(metadata) || metadata.partNumber !== null;
+  let totalPartsFound = 1;
-      for (let i = 0; i < allParts.length; i++) {
-        const partSpinner = quiet ? spinner : ora(`Reading part ${i + 1} of ${metadata.totalParts}...`).start();
-        const partResult = await readFile(allParts[i].path, format);
-        const { encryptedContent: partContent } = extractContent(partResult, format);
-        chunks.push(partContent);
-        partSpinner.succeed && partSpinner.succeed(`Part ${i + 1} read`);
-      }
+  if (hasMultipleParts) {
+    // Find all parts by filename matching
+    const inputDir = path.dirname(inputFile);
+    const allParts = findMultiPartFiles(inputDir, metadata.hash, format);
+    totalPartsFound = allParts.length;
-      // Merge chunks
-      spinner.text = 'Merging parts...';
-      const mergedContent = mergeBase64Chunks(chunks);
-      spinner.succeed && spinner.succeed('Parts merged successfully');
+    // Validate against totalParts if available
+    if (metadata.totalParts !== null && totalPartsFound !== metadata.totalParts) {
+      throw new Error(
+        `Missing parts! Found ${totalPartsFound} of ${metadata.totalParts} parts. ` +
+        `Make sure all parts are in the same directory.`
+      );
+    }
+    spinner.text = `Multi-part file detected (${totalPartsFound} parts)`;
+    spinner.succeed && spinner.succeed(`Found all ${totalPartsFound} parts`);
+    // Process each part
+    for (let i = 0; i < allParts.length; i++) {
+      const partSpinner = quiet ? spinner : ora(`Decoding part ${i + 1} of ${totalPartsFound}...`).start();
+      const partResult = await readFile(allParts[i].path, format);
+      const { encryptedContent: partContent, encryptionMeta: partEncMeta } = extractContent(partResult, format);
+      // Decode base64 to binary
+      const binaryData = Buffer.from(partContent, 'base64');
-      // Decrypt if needed
-      if (isEncrypted) {
-        spinner.text = 'Decrypting content...';
-        const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
-        finalBase64 = decrypt(mergedContent, options.password, iv, salt, authTag);
-        spinner.succeed && spinner.succeed('Content decrypted');
-      } else {
-        finalBase64 = mergedContent;
-      }
-    } else {
-      // Single file - Decrypt if needed
       if (isEncrypted) {
-        spinner.text = 'Decrypting content...';
-        const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
-        finalBase64 = decrypt(encryptedContent, options.password, iv, salt, authTag);
-        spinner.succeed && spinner.succeed('Content decrypted');
+        // Each part has its own encryption metadata (per-part encryption)
+        const { iv, salt, authTag } = unpackEncryptionMeta(partEncMeta);
+        const decipher = createDecryptStream(options.password, iv, salt, authTag);
+        try {
+          const decrypted = Buffer.concat([decipher.update(binaryData), decipher.final()]);
+          writeTarget.write(decrypted);
+        } catch (error) {
+          throw new Error('Decryption failed: Invalid password or corrupted data');
+        }
       } else {
-        finalBase64 = encryptedContent;
+        writeTarget.write(binaryData);
       }
+      partSpinner.succeed && partSpinner.succeed(`Part ${i + 1} decoded`);
     }
+  } else {
+    // Single file
+    spinner.text = 'Decoding...';
+    const binaryData = Buffer.from(encryptedContent, 'base64');
-    // Decompress if needed
-    let fileBuffer;
-    if (isCompressed) {
-      spinner.text = 'Decompressing...';
-      const compressedBuffer = Buffer.from(finalBase64, 'base64');
-      fileBuffer = await decompress(compressedBuffer);
-      spinner.succeed && spinner.succeed(`Decompressed: ${formatBytes(compressedBuffer.length)} → ${formatBytes(fileBuffer.length)}`);
+    if (isEncrypted) {
+      const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+      const decipher = createDecryptStream(options.password, iv, salt, authTag);
+      try {
+        const decrypted = Buffer.concat([decipher.update(binaryData), decipher.final()]);
+        writeTarget.write(decrypted);
+      } catch (error) {
+        throw new Error('Decryption failed: Invalid password or corrupted data');
+      }
     } else {
-      fileBuffer = Buffer.from(finalBase64, 'base64');
+      writeTarget.write(binaryData);
     }
+  }
-    // Verify integrity if content hash is available
-    if (metadata.contentHash) {
-      spinner.text = 'Verifying integrity...';
-      const actualHash = generateContentHash(fileBuffer);
+  // End the pipeline and wait for it to finish
+  writeTarget.end();
+  await finished(outputStream);
-      if (actualHash !== metadata.contentHash) {
-        throw new Error('Integrity check failed! The file may be corrupted or tampered with.');
-      }
-      spinner.succeed && spinner.succeed('Integrity verified (SHA-256 match)');
+  // Verify integrity
+  if (metadata.contentHash) {
+    spinner.text = 'Verifying integrity...';
+    const actualHash = hashStream.digest;
+    if (actualHash !== metadata.contentHash) {
+      // Clean up the output file on integrity failure
+      try { fs.unlinkSync(outputPath); } catch { /* ignore */ }
+      throw new Error('Integrity check failed! The file may be corrupted or tampered with.');
     }
+    spinner.succeed && spinner.succeed('Integrity verified (SHA-256 match)');
+  }
-    // Write to file
-    spinner.text = 'Writing output file...';
+  spinner.succeed && spinner.succeed('Decoding complete!');
-    // Ensure output directory exists
-    const outputDir = path.dirname(outputPath);
-    if (!fs.existsSync(outputDir)) {
-      fs.mkdirSync(outputDir, { recursive: true });
+  if (!quiet) {
+    const outputSize = fs.statSync(outputPath).size;
+    console.log();
+    console.log(chalk.green.bold('✓ File decoded successfully!'));
+    console.log(chalk.cyan(`  Original: ${metadata.originalFilename}`));
+    console.log(chalk.cyan(`  Output: ${outputPath}`));
+    console.log(chalk.cyan(`  Size: ${formatBytes(outputSize)}`));
+    if (hasMultipleParts) {
+      console.log(chalk.cyan(`  Parts merged: ${totalPartsFound}`));
     }
+  }
+}
-    fs.writeFileSync(outputPath, fileBuffer);
+/**
+ * Legacy v3 in-memory decode — shared encryption across all parts
+ */
+async function decodeLegacy(inputFile, format, metadata, encryptedContent, encryptionMeta, isEncrypted, isCompressed, options, outputPath, spinner, quiet) {
+  let finalBase64;
-    spinner.succeed && spinner.succeed('Decoding complete!');
+  if (isMultiPart(metadata)) {
+    spinner.start && (spinner.text = `Multi-part file detected (${metadata.totalParts} parts)`);
-    if (!quiet) {
-      console.log();
-      console.log(chalk.green.bold('✓ File decoded successfully!'));
-      console.log(chalk.cyan(`  Original: ${metadata.originalFilename}`));
-      console.log(chalk.cyan(`  Output: ${outputPath}`));
-      console.log(chalk.cyan(`  Size: ${formatBytes(fileBuffer.length)}`));
-      if (isMultiPart(metadata)) {
-        console.log(chalk.cyan(`  Parts merged: ${metadata.totalParts}`));
-      }
+    // Find all parts
+    const inputDir = path.dirname(inputFile);
+    const allParts = findMultiPartFiles(inputDir, metadata.hash, format, metadata.totalParts);
+    if (allParts.length !== metadata.totalParts) {
+      throw new Error(
+        `Missing parts! Found ${allParts.length} of ${metadata.totalParts} parts. ` +
+        `Make sure all parts are in the same directory.`
+      );
+    }
+    spinner.succeed && spinner.succeed(`Found all ${metadata.totalParts} parts`);
+    // Read all parts
+    const chunks = [];
+    for (let i = 0; i < allParts.length; i++) {
+      const partSpinner = quiet ? spinner : ora(`Reading part ${i + 1} of ${metadata.totalParts}...`).start();
+      const partResult = await readFile(allParts[i].path, format);
+      const { encryptedContent: partContent } = extractContent(partResult, format);
+      chunks.push(partContent);
+      partSpinner.succeed && partSpinner.succeed(`Part ${i + 1} read`);
+    }
+    // Merge chunks
+    spinner.text = 'Merging parts...';
+    const mergedContent = mergeBase64Chunks(chunks);
+    spinner.succeed && spinner.succeed('Parts merged successfully');
+    // Decrypt if needed
+    if (isEncrypted) {
+      spinner.text = 'Decrypting content...';
+      const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+      finalBase64 = decrypt(mergedContent, options.password, iv, salt, authTag);
+      spinner.succeed && spinner.succeed('Content decrypted');
+    } else {
+      finalBase64 = mergedContent;
+    }
+  } else {
+    // Single file - Decrypt if needed
+    if (isEncrypted) {
+      spinner.text = 'Decrypting content...';
+      const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+      finalBase64 = decrypt(encryptedContent, options.password, iv, salt, authTag);
+      spinner.succeed && spinner.succeed('Content decrypted');
+    } else {
+      finalBase64 = encryptedContent;
+    }
+  }
+  // Decompress if needed
+  let fileBuffer;
+  if (isCompressed) {
+    spinner.text = 'Decompressing...';
+    const compressedBuffer = Buffer.from(finalBase64, 'base64');
+    fileBuffer = await decompress(compressedBuffer);
+    spinner.succeed && spinner.succeed(`Decompressed: ${formatBytes(compressedBuffer.length)} → ${formatBytes(fileBuffer.length)}`);
+  } else {
+    fileBuffer = Buffer.from(finalBase64, 'base64');
+  }
+  // Verify integrity if content hash is available
+  if (metadata.contentHash) {
+    spinner.text = 'Verifying integrity...';
+    const actualHash = generateContentHash(fileBuffer);
+    if (actualHash !== metadata.contentHash) {
+      throw new Error('Integrity check failed! The file may be corrupted or tampered with.');
+    }
+    spinner.succeed && spinner.succeed('Integrity verified (SHA-256 match)');
+  }
+  // Write to file
+  spinner.text = 'Writing output file...';
+  const outputDir = path.dirname(outputPath);
+  if (!fs.existsSync(outputDir)) {
+    fs.mkdirSync(outputDir, { recursive: true });
+  }
+  fs.writeFileSync(outputPath, fileBuffer);
+  spinner.succeed && spinner.succeed('Decoding complete!');
+  if (!quiet) {
+    console.log();
+    console.log(chalk.green.bold('✓ File decoded successfully!'));
+    console.log(chalk.cyan(`  Original: ${metadata.originalFilename}`));
+    console.log(chalk.cyan(`  Output: ${outputPath}`));
+    console.log(chalk.cyan(`  Size: ${formatBytes(fileBuffer.length)}`));
+    if (isMultiPart(metadata)) {
+      console.log(chalk.cyan(`  Parts merged: ${metadata.totalParts}`));
     }
-  } catch (error) {
-    spinner.fail && spinner.fail('Decoding failed');
-    console.error(chalk.red(`Error: ${error.message}`));
-    process.exit(1);
   }
 }