@verdaccio/signature
Version:
Verdaccio Signature Utilities
68 lines (66 loc) • 3.03 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", {
value: true
});
exports.aesDecrypt = aesDecrypt;
exports.aesEncrypt = aesEncrypt;
exports.defaultAlgorithm = void 0;
var _debug = _interopRequireDefault(require("debug"));
var _nodeCrypto = require("node:crypto");
var _config = require("@verdaccio/config");
function _interopRequireDefault(e) { return e && e.__esModule ? e : { "default": e }; }
var debug = (0, _debug["default"])('verdaccio:auth:token:legacy');
var defaultAlgorithm = exports.defaultAlgorithm = process.env.VERDACCIO_LEGACY_ALGORITHM || 'aes-256-ctr';
var inputEncoding = 'utf8';
var outputEncoding = 'hex';
// Must be 256 bits (32 characters)
// https://stackoverflow.com/questions/50963160/invalid-key-length-in-crypto-createcipheriv#50963356
var VERDACCIO_LEGACY_ENCRYPTION_KEY = process.env.VERDACCIO_LEGACY_ENCRYPTION_KEY;
function aesEncrypt(value, key) {
debug('aesEncrypt init');
// https://nodejs.org/api/crypto.html#crypto_crypto_createcipher_algorithm_password_options
// https://www.grainger.xyz/posts/changing-from-cipher-to-cipheriv
debug('algorithm %o', defaultAlgorithm);
// IV must be a buffer of length 16
var iv = (0, _nodeCrypto.randomBytes)(16);
var secretKey = VERDACCIO_LEGACY_ENCRYPTION_KEY || key;
var isKeyValid = (secretKey === null || secretKey === void 0 ? void 0 : secretKey.length) === _config.TOKEN_VALID_LENGTH;
if (isKeyValid === false) {
throw new Error('Invalid secret key length');
}
debug('length secret key %o', secretKey === null || secretKey === void 0 ? void 0 : secretKey.length);
debug('is valid secret %o', isKeyValid);
if (!value || !secretKey || !isKeyValid) {
return;
}
var cipher = (0, _nodeCrypto.createCipheriv)(defaultAlgorithm, secretKey, iv);
var encrypted = cipher.update(value, inputEncoding, outputEncoding);
// @ts-ignore
encrypted += cipher["final"](outputEncoding);
var token = "".concat(iv.toString('hex'), ":").concat(encrypted.toString());
debug('legacy token generated successfully');
return Buffer.from(token).toString('base64');
}
function aesDecrypt(value, key) {
try {
debug('aesDecrypt init');
var buff = Buffer.from(value, 'base64');
var textParts = buff.toString().split(':');
// extract the IV from the first half of the value
// @ts-ignore
var IV = Buffer.from(textParts.shift(), outputEncoding);
// extract the encrypted text without the IV
var encryptedText = Buffer.from(textParts.join(':'), outputEncoding);
var secretKey = VERDACCIO_LEGACY_ENCRYPTION_KEY || key;
// decipher the string
var decipher = (0, _nodeCrypto.createDecipheriv)(defaultAlgorithm, secretKey, IV);
// FIXME: fix type here should allow Buffer
var decrypted = decipher.update(encryptedText, outputEncoding, inputEncoding);
decrypted += decipher["final"](inputEncoding);
debug('legacy token payload decrypted successfully');
return decrypted.toString();
} catch (_unused) {
return;
}
}
//# sourceMappingURL=signature.js.map