stegdoc 4.0.0 → 5.0.1

package/src/commands/verify.js

@@ -1,204 +1,207 @@
-const path = require('path');
-const chalk = require('chalk');
-const ora = require('ora');
-const { readDocxBase64 } = require('../lib/docx-handler');
-const { readXlsxBase64 } = require('../lib/xlsx-handler');
-const { validateMetadata, isMultiPart, isStreamingFormat } = require('../lib/metadata');
-const { detectFormat, formatBytes } = require('../lib/utils');
-const { decrypt, unpackEncryptionMeta, createDecryptStream } = require('../lib/crypto');
-const { extractContent, findMultiPartFiles } = require('../lib/file-utils');
-
-/**
- * Verify that a file can be decoded without actually writing output
- * @param {string} inputFile - Path to input file
- * @param {object} options - Command options
- * @param {string} options.password - Decryption password (if encrypted)
- */
-async function verifyCommand(inputFile, options) {
-  const spinner = ora('Verifying file...').start();
-  const issues = [];
-
-  try {
-    // Detect format from extension
-    const format = detectFormat(inputFile);
-    if (!format) {
-      throw new Error('Unknown file format. Supported formats: .xlsx, .docx');
-    }
-
-    spinner.text = `Reading ${format.toUpperCase()} file...`;
-
-    // Read file
-    let readResult;
-    if (format === 'xlsx') {
-      readResult = await readXlsxBase64(inputFile);
-    } else {
-      readResult = await readDocxBase64(inputFile);
-    }
-
-    const { encryptedContent, encryptionMeta, metadata } = extractContent(readResult, format);
-
-    // Validate metadata
-    try {
-      validateMetadata(metadata);
-      spinner.succeed('Metadata valid');
-    } catch (e) {
-      issues.push(`Metadata: ${e.message}`);
-      spinner.warn('Metadata issues found');
-    }
-
-    const isEncrypted = metadata.encrypted || (encryptionMeta && encryptionMeta.length > 0);
-    const isV4 = isStreamingFormat(metadata);
-
-    // Check multi-part
-    if (isMultiPart(metadata)) {
-      spinner.text = 'Checking multi-part files...';
-
-      const inputDir = path.dirname(inputFile);
-      const allParts = findMultiPartFiles(inputDir, metadata.hash, format);
-
-      if (allParts.length !== metadata.totalParts) {
-        const missing = [];
-        const foundParts = new Set(allParts.map(p => p.partNumber));
-
-        for (let i = 1; i <= metadata.totalParts; i++) {
-          if (!foundParts.has(i)) {
-            missing.push(i);
-          }
-        }
-
-        issues.push(`Missing parts: ${missing.join(', ')}`);
-        spinner.warn(`Found ${allParts.length}/${metadata.totalParts} parts`);
-      } else {
-        spinner.succeed(`All ${metadata.totalParts} parts found`);
-      }
-    }
-
-    // Check password for encrypted files
-    if (isEncrypted) {
-      if (!options.password) {
-        issues.push('File is encrypted but no password provided');
-        spinner.warn('Encryption check skipped (no password)');
-      } else {
-        spinner.text = 'Verifying decryption...';
-
-        try {
-          if (isV4) {
-            // v4: per-part encryption — verify each part independently
-            await verifyV4Encryption(inputFile, format, metadata, encryptionMeta, options.password, spinner);
-          } else {
-            // v3: shared encryption — merge all parts then decrypt
-            await verifyV3Encryption(inputFile, format, metadata, encryptedContent, encryptionMeta, options.password, spinner);
-          }
-          spinner.succeed('Decryption password valid');
-        } catch (e) {
-          issues.push('Decryption failed - wrong password or corrupted data');
-          spinner.fail('Decryption check failed');
-        }
-      }
-    }
-
-    // Summary
-    console.log();
-
-    if (issues.length === 0) {
-      console.log(chalk.green.bold('✓ File verification passed!'));
-      console.log(chalk.cyan(`  Original file: ${metadata.originalFilename}`));
-      console.log(chalk.cyan(`  Size: ${formatBytes(metadata.originalSize)}`));
-      console.log(chalk.cyan(`  Encrypted: ${isEncrypted ? 'Yes' : 'No'}`));
-      console.log(chalk.cyan(`  Compressed: ${metadata.compressed ? 'Yes' : 'No'}`));
-      console.log(chalk.cyan(`  Format version: ${isV4 ? 'v4 (streaming)' : 'v3 (legacy)'}`));
-
-      if (isMultiPart(metadata)) {
-        console.log(chalk.cyan(`  Parts: ${metadata.totalParts}`));
-      }
-
-      console.log();
-      console.log(chalk.green('File is ready to decode.'));
-    } else {
-      console.log(chalk.yellow.bold('⚠ Verification completed with issues:'));
-      console.log();
-
-      for (const issue of issues) {
-        console.log(chalk.yellow(`  • ${issue}`));
-      }
-
-      console.log();
-
-      // Determine if still decodable
-      const hasBlockingIssue = issues.some(i =>
-        i.includes('Missing parts') ||
-        i.includes('Decryption failed') ||
-        i.includes('Metadata')
-      );
-
-      if (hasBlockingIssue) {
-        console.log(chalk.red('File cannot be decoded until issues are resolved.'));
-        process.exit(1);
-      } else {
-        console.log(chalk.yellow('File may still be decodable. Run decode to attempt.'));
-      }
-    }
-
-  } catch (error) {
-    spinner.fail('Verification failed');
-    console.error(chalk.red(`Error: ${error.message}`));
-    process.exit(1);
-  }
-}
-
-/**
- * Verify v4 per-part encryption by decrypting the first part
- */
-async function verifyV4Encryption(inputFile, format, metadata, encryptionMeta, password, spinner) {
-  // For v4, each part has its own encryption metadata
-  // Verify by decrypting the first part's content
-  const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
-
-  // Read the first part's content
-  let readResult;
-  if (format === 'xlsx') {
-    readResult = await readXlsxBase64(inputFile);
-  } else {
-    readResult = await readDocxBase64(inputFile);
-  }
-
-  const { encryptedContent } = extractContent(readResult, format);
-  const binaryData = Buffer.from(encryptedContent, 'base64');
-
-  const decipher = createDecryptStream(password, iv, salt, authTag);
-  decipher.update(binaryData);
-  decipher.final(); // Throws on wrong password
-}
-
-/**
- * Verify v3 shared encryption by merging all parts and decrypting
- */
-async function verifyV3Encryption(inputFile, format, metadata, encryptedContent, encryptionMeta, password, spinner) {
-  const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
-
-  let fullContent = encryptedContent;
-
-  if (isMultiPart(metadata)) {
-    const inputDir = path.dirname(inputFile);
-    const allParts = findMultiPartFiles(inputDir, metadata.hash, format);
-
-    if (allParts.length === metadata.totalParts) {
-      const contentParts = [];
-      for (const part of allParts) {
-        let partResult;
-        if (format === 'xlsx') {
-          partResult = await readXlsxBase64(part.path);
-        } else {
-          partResult = await readDocxBase64(part.path);
-        }
-        const { encryptedContent: partContent } = extractContent(partResult, format);
-        contentParts.push(partContent);
-      }
-      fullContent = contentParts.join('');
-    }
-  }
-
-  decrypt(fullContent, password, iv, salt, authTag);
-}
-
-module.exports = verifyCommand;
+const path = require('path');
+const chalk = require('chalk');
+const ora = require('ora');
+const { readDocxBase64 } = require('../lib/docx-handler');
+const { readXlsxBase64 } = require('../lib/xlsx-handler');
+const { validateMetadata, isMultiPart, isStreamingFormat, isLogEmbedFormat } = require('../lib/metadata');
+const { detectFormat, formatBytes } = require('../lib/utils');
+const { decrypt, unpackEncryptionMeta, createDecryptStream } = require('../lib/crypto');
+const { extractContent, findMultiPartFiles } = require('../lib/file-utils');
+
+/**
+ * Verify that a file can be decoded without actually writing output
+ */
+async function verifyCommand(inputFile, options) {
+  const spinner = ora('Verifying file...').start();
+  const issues = [];
+
+  try {
+    const format = detectFormat(inputFile);
+    if (!format) {
+      throw new Error('Unknown file format. Supported formats: .xlsx, .docx');
+    }
+
+    spinner.text = `Reading ${format.toUpperCase()} file...`;
+
+    let readResult;
+    if (format === 'xlsx') {
+      readResult = await readXlsxBase64(inputFile);
+    } else {
+      readResult = await readDocxBase64(inputFile);
+    }
+
+    const extracted = extractContent(readResult, format);
+    const metadata = extracted.metadata;
+    const encryptionMeta = extracted.encryptionMeta;
+
+    try {
+      validateMetadata(metadata);
+      spinner.succeed('Metadata valid');
+    } catch (e) {
+      issues.push(`Metadata: ${e.message}`);
+      spinner.warn('Metadata issues found');
+    }
+
+    const isEncrypted = metadata.encrypted || (encryptionMeta && encryptionMeta.length > 0);
+    const isV5 = isLogEmbedFormat(metadata);
+    const isV4 = !isV5 && isStreamingFormat(metadata);
+
+    // Check multi-part
+    const hasMultipleParts = isMultiPart(metadata) || metadata.partNumber !== null;
+    if (hasMultipleParts) {
+      spinner.text = 'Checking multi-part files...';
+      const inputDir = path.dirname(inputFile);
+      const allParts = findMultiPartFiles(inputDir, metadata.hash, format);
+      const totalParts = metadata.totalParts || allParts.length;
+
+      if (metadata.totalParts !== null && allParts.length !== metadata.totalParts) {
+        const missing = [];
+        const foundParts = new Set(allParts.map(p => p.partNumber));
+        for (let i = 1; i <= metadata.totalParts; i++) {
+          if (!foundParts.has(i)) missing.push(i);
+        }
+        issues.push(`Missing parts: ${missing.join(', ')}`);
+        spinner.warn(`Found ${allParts.length}/${metadata.totalParts} parts`);
+      } else {
+        spinner.succeed(`All ${totalParts} parts found`);
+      }
+    }
+
+    // Check password for encrypted files
+    if (isEncrypted) {
+      if (!options.password) {
+        issues.push('File is encrypted but no password provided');
+        spinner.warn('Encryption check skipped (no password)');
+      } else {
+        spinner.text = 'Verifying decryption...';
+        try {
+          if (isV5) {
+            await verifyV5Encryption(extracted, options.password);
+          } else if (isV4) {
+            await verifyV4Encryption(inputFile, format, encryptionMeta, options.password);
+          } else {
+            await verifyV3Encryption(inputFile, format, metadata, extracted.encryptedContent, encryptionMeta, options.password);
+          }
+          spinner.succeed('Decryption password valid');
+        } catch (e) {
+          issues.push('Decryption failed - wrong password or corrupted data');
+          spinner.fail('Decryption check failed');
+        }
+      }
+    }
+
+    // Summary
+    console.log();
+
+    if (issues.length === 0) {
+      console.log(chalk.green.bold('✓ File verification passed!'));
+      console.log(chalk.cyan(`  Original file: ${metadata.originalFilename}`));
+      console.log(chalk.cyan(`  Size: ${formatBytes(metadata.originalSize)}`));
+      console.log(chalk.cyan(`  Encrypted: ${isEncrypted ? 'Yes' : 'No'}`));
+      console.log(chalk.cyan(`  Compressed: ${metadata.compressed ? 'Yes' : 'No'}`));
+
+      let versionStr = 'v3 (legacy)';
+      if (isV5) versionStr = 'v5 (log-embed)';
+      else if (isV4) versionStr = 'v4 (streaming)';
+      console.log(chalk.cyan(`  Format version: ${versionStr}`));
+
+      if (hasMultipleParts) {
+        const totalParts = metadata.totalParts || 'unknown';
+        console.log(chalk.cyan(`  Parts: ${totalParts}`));
+      }
+
+      console.log();
+      console.log(chalk.green('File is ready to decode.'));
+    } else {
+      console.log(chalk.yellow.bold('⚠ Verification completed with issues:'));
+      console.log();
+      for (const issue of issues) {
+        console.log(chalk.yellow(`  • ${issue}`));
+      }
+      console.log();
+
+      const hasBlockingIssue = issues.some(i =>
+        i.includes('Missing parts') ||
+        i.includes('Decryption failed') ||
+        i.includes('Metadata')
+      );
+
+      if (hasBlockingIssue) {
+        console.log(chalk.red('File cannot be decoded until issues are resolved.'));
+        process.exit(1);
+      } else {
+        console.log(chalk.yellow('File may still be decodable. Run decode to attempt.'));
+      }
+    }
+
+  } catch (error) {
+    spinner.fail('Verification failed');
+    console.error(chalk.red(`Error: ${error.message}`));
+    process.exit(1);
+  }
+}
+
+/**
+ * Verify v5 log-embed encryption
+ */
+async function verifyV5Encryption(extracted, password) {
+  const { payloadBuffer, encryptionMeta } = extracted;
+  const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+  const decipher = createDecryptStream(password, iv, salt, authTag);
+  decipher.update(payloadBuffer);
+  decipher.final();
+}
+
+/**
+ * Verify v4 per-part encryption
+ */
+async function verifyV4Encryption(inputFile, format, encryptionMeta, password) {
+  const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+
+  let readResult;
+  if (format === 'xlsx') {
+    readResult = await readXlsxBase64(inputFile);
+  } else {
+    readResult = await readDocxBase64(inputFile);
+  }
+
+  const { encryptedContent } = extractContent(readResult, format);
+  const binaryData = Buffer.from(encryptedContent, 'base64');
+
+  const decipher = createDecryptStream(password, iv, salt, authTag);
+  decipher.update(binaryData);
+  decipher.final();
+}
+
+/**
+ * Verify v3 shared encryption
+ */
+async function verifyV3Encryption(inputFile, format, metadata, encryptedContent, encryptionMeta, password) {
+  const { iv, salt, authTag } = unpackEncryptionMeta(encryptionMeta);
+
+  let fullContent = encryptedContent;
+
+  if (isMultiPart(metadata)) {
+    const inputDir = path.dirname(inputFile);
+    const allParts = findMultiPartFiles(inputDir, metadata.hash, format);
+
+    if (allParts.length === metadata.totalParts) {
+      const contentParts = [];
+      for (const part of allParts) {
+        let partResult;
+        if (format === 'xlsx') {
+          partResult = await readXlsxBase64(part.path);
+        } else {
+          partResult = await readDocxBase64(part.path);
+        }
+        const { encryptedContent: partContent } = extractContent(partResult, format);
+        contentParts.push(partContent);
+      }
+      fullContent = contentParts.join('');
+    }
+  }
+
+  decrypt(fullContent, password, iv, salt, authTag);
+}
+
+module.exports = verifyCommand;

package/src/index.js

@@ -1,87 +1,89 @@
-#!/usr/bin/env node
-
-const { program } = require('commander');
-const chalk = require('chalk');
-const encodeCommand = require('./commands/encode');
-const decodeCommand = require('./commands/decode');
-const infoCommand = require('./commands/info');
-const verifyCommand = require('./commands/verify');
-
-// CLI Configuration
-program
-  .name('stegdoc')
-  .description('CLI tool to encode files into Office documents with AES-256 encryption')
-  .version('3.0.2');
-
-// Encode command
-program
-  .command('encode <file>')
-  .description('Encode a file into XLSX/DOCX format with compression and optional encryption')
-  .option('-o, --output-dir <dir>', 'Output directory for files', process.cwd())
-  .option('-s, --chunk-size <size>', 'Maximum size per output file (e.g., "5MB", "25MB")', '5MB')
-  .option('-f, --format <format>', 'Output format: xlsx (default) or docx', 'xlsx')
-  .option('-p, --password <password>', 'Encryption password (optional, but recommended)')
-  .option('--force', 'Overwrite existing files without asking')
-  .option('-q, --quiet', 'Minimal output (for scripting)')
-  .option('-y, --yes', 'Skip interactive prompts, use defaults')
-  .action(async (file, options) => {
-    try {
-      await encodeCommand(file, options);
-    } catch (error) {
-      console.error(chalk.red(`Error: ${error.message}`));
-      process.exit(1);
-    }
-  });
-
-// Decode command
-program
-  .command('decode <file>')
-  .description('Decode and decrypt an XLSX/DOCX file back to original format')
-  .option('-o, --output <path>', 'Output file path (defaults to original filename)')
-  .option('-p, --password <password>', 'Decryption password (required for encrypted files)')
-  .option('--force', 'Overwrite existing files without asking')
-  .option('-q, --quiet', 'Minimal output (for scripting)')
-  .option('-y, --yes', 'Skip interactive prompts, fail if password needed')
-  .action(async (file, options) => {
-    try {
-      await decodeCommand(file, options);
-    } catch (error) {
-      console.error(chalk.red(`Error: ${error.message}`));
-      process.exit(1);
-    }
-  });
-
-// Info command
-program
-  .command('info <file>')
-  .description('Show information about an encoded file without decoding')
-  .action(async (file, options) => {
-    try {
-      await infoCommand(file, options);
-    } catch (error) {
-      console.error(chalk.red(`Error: ${error.message}`));
-      process.exit(1);
-    }
-  });
-
-// Verify command
-program
-  .command('verify <file>')
-  .description('Verify that a file can be decoded without actually decoding')
-  .option('-p, --password <password>', 'Password to verify (optional)')
-  .action(async (file, options) => {
-    try {
-      await verifyCommand(file, options);
-    } catch (error) {
-      console.error(chalk.red(`Error: ${error.message}`));
-      process.exit(1);
-    }
-  });
-
-// Show help by default if no command is provided
-if (!process.argv.slice(2).length) {
-  program.outputHelp();
-}
-
-// Parse arguments
-program.parse(process.argv);
+#!/usr/bin/env node
+
+const { program } = require('commander');
+const chalk = require('chalk');
+const encodeCommand = require('./commands/encode');
+const decodeCommand = require('./commands/decode');
+const infoCommand = require('./commands/info');
+const verifyCommand = require('./commands/verify');
+
+// CLI Configuration
+program
+  .name('stegdoc')
+  .description('CLI tool to encode files into Office documents with AES-256 encryption')
+  .version('5.0.0');
+
+// Encode command
+program
+  .command('encode <file>')
+  .description('Encode a file into XLSX/DOCX format with compression and optional encryption')
+  .option('-o, --output-dir <dir>', 'Output directory for files', process.cwd())
+  .option('-s, --chunk-size <size>', 'Maximum size per output file (e.g., "5MB", "25MB")', '5MB')
+  .option('-f, --format <format>', 'Output format: xlsx (default) or docx', 'xlsx')
+  .option('-p, --password <password>', 'Encryption password (optional, but recommended)')
+  .option('--force', 'Overwrite existing files without asking')
+  .option('--legacy', 'Use v4 format (hidden sheet + gzip) for backward compatibility')
+  .option('--no-limit', 'Bypass DOCX 1 MB size limit (large files will produce huge documents)')
+  .option('-q, --quiet', 'Minimal output (for scripting)')
+  .option('-y, --yes', 'Skip interactive prompts, use defaults')
+  .action(async (file, options) => {
+    try {
+      await encodeCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Decode command
+program
+  .command('decode <file>')
+  .description('Decode and decrypt an XLSX/DOCX file back to original format')
+  .option('-o, --output <path>', 'Output file path (defaults to original filename)')
+  .option('-p, --password <password>', 'Decryption password (required for encrypted files)')
+  .option('--force', 'Overwrite existing files without asking')
+  .option('-q, --quiet', 'Minimal output (for scripting)')
+  .option('-y, --yes', 'Skip interactive prompts, fail if password needed')
+  .action(async (file, options) => {
+    try {
+      await decodeCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Info command
+program
+  .command('info <file>')
+  .description('Show information about an encoded file without decoding')
+  .action(async (file, options) => {
+    try {
+      await infoCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Verify command
+program
+  .command('verify <file>')
+  .description('Verify that a file can be decoded without actually decoding')
+  .option('-p, --password <password>', 'Password to verify (optional)')
+  .action(async (file, options) => {
+    try {
+      await verifyCommand(file, options);
+    } catch (error) {
+      console.error(chalk.red(`Error: ${error.message}`));
+      process.exit(1);
+    }
+  });
+
+// Show help by default if no command is provided
+if (!process.argv.slice(2).length) {
+  program.outputHelp();
+}
+
+// Parse arguments
+program.parse(process.argv);