@light-merlin-dark/vssh
Version:
MCP-native SSH proxy for AI agents. CLI & MCP Server, plugin system, AI safety guards.
129 lines • 4.71 kB
JavaScript
;
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
var desc = Object.getOwnPropertyDescriptor(m, k);
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
desc = { enumerable: true, get: function() { return m[k]; } };
}
Object.defineProperty(o, k2, desc);
}) : (function(o, m, k, k2) {
if (k2 === undefined) k2 = k;
o[k2] = m[k];
}));
var __setModuleDefault = (this && this.__setModuleDefault) || (Object.create ? (function(o, v) {
Object.defineProperty(o, "default", { enumerable: true, value: v });
}) : function(o, v) {
o["default"] = v;
});
var __importStar = (this && this.__importStar) || (function () {
var ownKeys = function(o) {
ownKeys = Object.getOwnPropertyNames || function (o) {
var ar = [];
for (var k in o) if (Object.prototype.hasOwnProperty.call(o, k)) ar[ar.length] = k;
return ar;
};
return ownKeys(o);
};
return function (mod) {
if (mod && mod.__esModule) return mod;
var result = {};
if (mod != null) for (var k = ownKeys(mod), i = 0; i < k.length; i++) if (k[i] !== "default") __createBinding(result, mod, k[i]);
__setModuleDefault(result, mod);
return result;
};
})();
Object.defineProperty(exports, "__esModule", { value: true });
exports.encryption = exports.EncryptionService = void 0;
const crypto = __importStar(require("crypto"));
const fs = __importStar(require("fs"));
const config_1 = require("../config");
class EncryptionService {
constructor() {
this.key = null;
this.algorithm = 'aes-256-gcm';
this.keyPromise = null;
}
static getInstance() {
if (!EncryptionService.instance) {
EncryptionService.instance = new EncryptionService();
}
return EncryptionService.instance;
}
loadConfig() {
try {
if (fs.existsSync(config_1.CONFIG_PATH)) {
const configData = fs.readFileSync(config_1.CONFIG_PATH, 'utf8');
return JSON.parse(configData);
}
}
catch (error) {
// Config doesn't exist or is corrupted
}
return null;
}
saveConfig(config) {
fs.writeFileSync(config_1.CONFIG_PATH, JSON.stringify(config, null, 2), {
mode: 0o600 // Read/write for owner only
});
}
loadOrCreateKey() {
if (this.key) {
return this.key;
}
const config = this.loadConfig();
if (config?.encryptionKey) {
// Load existing key from config
this.key = Buffer.from(config.encryptionKey, 'base64');
return this.key;
}
// Generate new key silently for backward compatibility
this.key = crypto.randomBytes(32);
// Save to config if it exists
if (config) {
config.encryptionKey = this.key.toString('base64');
this.saveConfig(config);
}
return this.key;
}
encrypt(text) {
const key = this.loadOrCreateKey();
const iv = crypto.randomBytes(16);
const cipher = crypto.createCipheriv(this.algorithm, key, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
const authTag = cipher.getAuthTag();
// Combine iv, authTag, and encrypted data
return iv.toString('hex') + ':' + authTag.toString('hex') + ':' + encrypted;
}
decrypt(encryptedData) {
const key = this.loadOrCreateKey();
const parts = encryptedData.split(':');
if (parts.length !== 3) {
throw new Error('Invalid encrypted data format');
}
const iv = Buffer.from(parts[0], 'hex');
const authTag = Buffer.from(parts[1], 'hex');
const encrypted = parts[2];
const decipher = crypto.createDecipheriv(this.algorithm, key, iv);
decipher.setAuthTag(authTag);
let decrypted = decipher.update(encrypted, 'hex', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
/**
* Safely encrypt an object to JSON string
*/
encryptObject(obj) {
return this.encrypt(JSON.stringify(obj));
}
/**
* Safely decrypt a JSON string back to object
*/
decryptObject(encryptedData) {
return JSON.parse(this.decrypt(encryptedData));
}
}
exports.EncryptionService = EncryptionService;
// Export singleton instance for convenience
exports.encryption = EncryptionService.getInstance();
//# sourceMappingURL=encryption.js.map