UNPKG

@verdaccio/signature

Version:

Verdaccio Signature Utilities

68 lines (66 loc) 3.03 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.aesDecrypt = aesDecrypt; exports.aesEncrypt = aesEncrypt; exports.defaultAlgorithm = void 0; var _debug = _interopRequireDefault(require("debug")); var _nodeCrypto = require("node:crypto"); var _config = require("@verdaccio/config"); function _interopRequireDefault(e) { return e && e.__esModule ? e : { "default": e }; } var debug = (0, _debug["default"])('verdaccio:auth:token:legacy'); var defaultAlgorithm = exports.defaultAlgorithm = process.env.VERDACCIO_LEGACY_ALGORITHM || 'aes-256-ctr'; var inputEncoding = 'utf8'; var outputEncoding = 'hex'; // Must be 256 bits (32 characters) // https://stackoverflow.com/questions/50963160/invalid-key-length-in-crypto-createcipheriv#50963356 var VERDACCIO_LEGACY_ENCRYPTION_KEY = process.env.VERDACCIO_LEGACY_ENCRYPTION_KEY; function aesEncrypt(value, key) { debug('aesEncrypt init'); // https://nodejs.org/api/crypto.html#crypto_crypto_createcipher_algorithm_password_options // https://www.grainger.xyz/posts/changing-from-cipher-to-cipheriv debug('algorithm %o', defaultAlgorithm); // IV must be a buffer of length 16 var iv = (0, _nodeCrypto.randomBytes)(16); var secretKey = VERDACCIO_LEGACY_ENCRYPTION_KEY || key; var isKeyValid = (secretKey === null || secretKey === void 0 ? void 0 : secretKey.length) === _config.TOKEN_VALID_LENGTH; if (isKeyValid === false) { throw new Error('Invalid secret key length'); } debug('length secret key %o', secretKey === null || secretKey === void 0 ? void 0 : secretKey.length); debug('is valid secret %o', isKeyValid); if (!value || !secretKey || !isKeyValid) { return; } var cipher = (0, _nodeCrypto.createCipheriv)(defaultAlgorithm, secretKey, iv); var encrypted = cipher.update(value, inputEncoding, outputEncoding); // @ts-ignore encrypted += cipher["final"](outputEncoding); var token = "".concat(iv.toString('hex'), ":").concat(encrypted.toString()); debug('legacy token generated successfully'); return Buffer.from(token).toString('base64'); } function aesDecrypt(value, key) { try { debug('aesDecrypt init'); var buff = Buffer.from(value, 'base64'); var textParts = buff.toString().split(':'); // extract the IV from the first half of the value // @ts-ignore var IV = Buffer.from(textParts.shift(), outputEncoding); // extract the encrypted text without the IV var encryptedText = Buffer.from(textParts.join(':'), outputEncoding); var secretKey = VERDACCIO_LEGACY_ENCRYPTION_KEY || key; // decipher the string var decipher = (0, _nodeCrypto.createDecipheriv)(defaultAlgorithm, secretKey, IV); // FIXME: fix type here should allow Buffer var decrypted = decipher.update(encryptedText, outputEncoding, inputEncoding); decrypted += decipher["final"](inputEncoding); debug('legacy token payload decrypted successfully'); return decrypted.toString(); } catch (_unused) { return; } } //# sourceMappingURL=signature.js.map