UNPKG

@naturalcycles/nodejs-lib

Version:

Standard library for Node.js

github.com/NaturalCycles/js-libs

NaturalCycles/js-libs

69 lines (56 loc) 3.64 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
import fs, { globSync } from 'node:fs' import path from 'node:path' import { _assert } from '@naturalcycles/js-lib/error/assert.js' import { dimGrey, yellow } from '../colors/colors.js' import { fs2 } from '../fs/fs2.js' import { decryptObject, decryptRandomIVBuffer } from '../security/crypto.util.js' export interface DecryptCLIOptions { dir: string[] file?: string encKeyBuffer: Buffer del?: boolean jsonMode?: boolean } // Debug it like this: // pn tsx scripts/./src/bin/secrets-encrypt.ts --file ./src/test/secrets2.plain.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A== // pn tsx scripts/./src/bin/secrets-decrypt.ts --file ./src/test/secrets2.json --jsonMode --encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A== // pn tsx scripts/./src/bin/secrets-encrypt.ts --file ./src/test/secrets.json -encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A== // pn tsx scripts/./src/bin/secrets-decrypt.ts --file ./src/test/secrets.json.enc -encKey MPd/30v0Zcce4I5mfwF4NSXrpTYD9OO4/fIqw6rjNiWp2b1GN9Xm8nQZqr7c9kKSsATqtwe0HkJFDUGzDSow44GDgDICgB1u1rGa5eNqtxnOVGRR+lIinCvN/1OnpjzeoJy2bStXPj1DKx8anMqgA8SoOZdlWRNSkEeZlolru8Ey0ujZo22dfwMyRIEniLcqvBm/iMiAkV82fn/TxYw05GarAoJcrfPeDBvuOXsARnMCyX18qTFL0iojxeTU8JHxr8TX3eXDq9cJJmridEKlwRIAzADwtetI4ttlP8lwJj1pmgsBIN3iqYssZYCkZ3HMV6BoEc7LTI5z/45rKrAT1A== /** * Decrypts all files in given directory (*.enc), saves decrypted versions without ending `.enc`. * Using provided encKey. */ export function secretsDecrypt( dir: string[], file: string | undefined, encKeyBuffer: Buffer, del = false, jsonMode = false, ): void { // If `file` is provided - only this one file is used const patterns = file ? [file] : dir.map(d => `${d}/**/*.enc`) const filenames = globSync(patterns) filenames.forEach(filename => { let plainFilename: string if (jsonMode) { _assert(filename.endsWith('.json'), `${path.basename(filename)} MUST end with '.json'`) _assert( !filename.endsWith('.plain.json'), `${path.basename(filename)} MUST NOT end with '.plain.json'`, ) plainFilename = filename.replace('.json', '.plain.json') const json = decryptObject(fs2.readJson(filename), encKeyBuffer) fs2.writeJson(plainFilename, json, { spaces: 2 }) } else { const enc = fs.readFileSync(filename) const plain = decryptRandomIVBuffer(enc, encKeyBuffer) plainFilename = filename.slice(0, filename.length - '.enc'.length) fs.writeFileSync(plainFilename, plain) } if (del) { fs.unlinkSync(filename) } console.log(` ${path.basename(filename)} > ${path.basename(plainFilename)}`) }) console.log(`decrypted ${yellow(filenames.length)} files in ${dimGrey(dir.join(' '))}`) }