UNPKG

@cmmv/vault

Version:

Module for CMMV to store encrypted data

cmmv.io

cmmvio/cmmv

78 lines (77 loc) 3.63 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.VaultService = void 0; const tslib_1 = require("tslib"); const uuid_1 = require("uuid"); const elliptic_1 = require("elliptic"); const ec = new elliptic_1.ec('secp256k1'); const core_1 = require("@cmmv/core"); const repository_1 = require("@cmmv/repository"); const encryptor_1 = require("@cmmv/encryptor"); const http_1 = require("@cmmv/http"); let VaultService = class VaultService extends core_1.AbstractService { async createKeys() { const recipientKeyPair = ec.genKeyPair(); const recipientPrivateKey = recipientKeyPair.getPrivate('hex', false); const recipientPublicKey = recipientKeyPair.getPublic('hex', false); return { namespace: (0, uuid_1.v4)(), privateKey: recipientPrivateKey, publicKey: recipientPublicKey, }; } async insert(key, payload) { const VaultSecretEntity = repository_1.Repository.getEntity('VaultEntity'); const namespace = core_1.Config.get('vault.namespace'); const publicKey = core_1.Config.get('vault.publicKey'); if (!publicKey || (publicKey.length !== 130 && publicKey.length !== 66)) throw new http_1.HttpException('Invalid public key format: ' + publicKey, http_1.HttpStatus.FORBIDDEN); const encryptedData = typeof payload === 'string' ? encryptor_1.Encryptor.encryptPayload(publicKey, payload) : encryptor_1.Encryptor.encryptPayload(publicKey, JSON.stringify(payload)); const result = await repository_1.Repository.insert(VaultSecretEntity, { key: (0, uuid_1.v5)(key, namespace), payload: encryptedData.payload, iv: encryptedData.iv, tag: encryptedData.authTag, ephemeral: encryptedData.ephemeralPublicKey, }); return result; } async get(key) { const VaultSecretEntity = repository_1.Repository.getEntity('VaultEntity'); const namespace = core_1.Config.get('vault.namespace'); const privateKey = core_1.Config.get('vault.privateKey'); const keyHash = (0, uuid_1.v5)(key, namespace); if (!privateKey || privateKey.length !== 64) throw new http_1.HttpException('Invalid private key format: ' + privateKey, http_1.HttpStatus.FORBIDDEN); const registy = await repository_1.Repository.findBy(VaultSecretEntity, { key: keyHash, }); if (!registy) throw new http_1.HttpException(`Key '${key}' not exists`, http_1.HttpStatus.FORBIDDEN); const decryptedPayload = encryptor_1.Encryptor.decryptPayload(privateKey, { encrypted: registy.payload, iv: registy.iv, authTag: registy.tag, }, registy.ephemeral); return (0, core_1.isJSON)(decryptedPayload) ? JSON.parse(decryptedPayload) : decryptedPayload; } async remove(key) { const VaultSecretEntity = repository_1.Repository.getEntity('VaultEntity'); const namespace = core_1.Config.get('vault.namespace'); const keyHash = (0, uuid_1.v5)(key, namespace); const affected = await repository_1.Repository.delete(VaultSecretEntity, { key: keyHash, }); if (affected <= 0) throw new http_1.HttpException(`Key '${key}' not exists`, http_1.HttpStatus.FORBIDDEN); return { success: affected > 0 }; } }; exports.VaultService = VaultService; exports.VaultService = VaultService = tslib_1.__decorate([ (0, core_1.Service)('vault') ], VaultService);