UNPKG

@cosmstack/repoeject

Version:

Interactive CLI tool to safely find and delete old or inactive GitHub repositories. Clean up your GitHub profile by removing abandoned projects, old experiments, and unused forks.

78 lines 2.87 kB
"use strict"; var __importDefault = (this && this.__importDefault) || function (mod) { return (mod && mod.__esModule) ? mod : { "default": mod }; }; Object.defineProperty(exports, "__esModule", { value: true }); exports.encrypt = encrypt; exports.decrypt = decrypt; exports.isTokenExpired = isTokenExpired; exports.needsRefresh = needsRefresh; const node_crypto_1 = __importDefault(require("node:crypto")); const node_fs_1 = __importDefault(require("node:fs")); const config_1 = require("../config"); const KEY_DIR = config_1.config.store.keyDir; const MASTER_KEY_FILE = config_1.config.store.keyFile; const ENCRYPTION_ALGORITHM = config_1.config.security.encryptionAlgorithm; function generateKey() { return node_crypto_1.default.randomBytes(32); } function ensureKeyDir() { if (!node_fs_1.default.existsSync(KEY_DIR)) { node_fs_1.default.mkdirSync(KEY_DIR, { recursive: true, mode: 0o700 }); } } function getMasterKey() { ensureKeyDir(); try { if (node_fs_1.default.existsSync(MASTER_KEY_FILE)) { return node_fs_1.default.readFileSync(MASTER_KEY_FILE); } } catch (error) { console.warn("Failed to read master key, generating new one"); } const masterKey = generateKey(); node_fs_1.default.writeFileSync(MASTER_KEY_FILE, masterKey, { mode: 0o600 }); return masterKey; } function encrypt(data) { const masterKey = getMasterKey(); const iv = node_crypto_1.default.randomBytes(12); const cipher = node_crypto_1.default.createCipheriv(ENCRYPTION_ALGORITHM, masterKey, iv); const encrypted = Buffer.concat([ cipher.update(JSON.stringify(data), "utf8"), cipher.final(), ]); return { iv: iv.toString("base64"), encryptedData: encrypted.toString("base64"), authTag: cipher.getAuthTag().toString("base64"), createdAt: Date.now(), }; } function decrypt(encryptedData) { const masterKey = getMasterKey(); const decipher = node_crypto_1.default.createDecipheriv(ENCRYPTION_ALGORITHM, masterKey, Buffer.from(encryptedData.iv, "base64")); decipher.setAuthTag(Buffer.from(encryptedData.authTag, "base64")); try { const decrypted = Buffer.concat([ decipher.update(Buffer.from(encryptedData.encryptedData, "base64")), decipher.final(), ]); return JSON.parse(decrypted.toString("utf8")); } catch (error) { throw new Error("Failed to decrypt token. Please authenticate again."); } } function isTokenExpired(tokenData) { if (!tokenData.expiresAt) return false; return Date.now() >= tokenData.expiresAt; } function needsRefresh(tokenData) { if (!tokenData.expiresAt || !tokenData.refreshToken) return false; return Date.now() >= tokenData.expiresAt - 60 * 60 * 1000; } //# sourceMappingURL=security.js.map