appstore-cli
Version:
A command-line interface (CLI) to interact with the Apple App Store Connect API.
286 lines (285 loc) • 12.9 kB
JavaScript
"use strict";
var __awaiter = (this && this.__awaiter) || function (thisArg, _arguments, P, generator) {
function adopt(value) { return value instanceof P ? value : new P(function (resolve) { resolve(value); }); }
return new (P || (P = Promise))(function (resolve, reject) {
function fulfilled(value) { try { step(generator.next(value)); } catch (e) { reject(e); } }
function rejected(value) { try { step(generator["throw"](value)); } catch (e) { reject(e); } }
function step(result) { result.done ? resolve(result.value) : adopt(result.value).then(fulfilled, rejected); }
step((generator = generator.apply(thisArg, _arguments || [])).next());
});
};
var __generator = (this && this.__generator) || function (thisArg, body) {
var _ = { label: 0, sent: function() { if (t[0] & 1) throw t[1]; return t[1]; }, trys: [], ops: [] }, f, y, t, g = Object.create((typeof Iterator === "function" ? Iterator : Object).prototype);
return g.next = verb(0), g["throw"] = verb(1), g["return"] = verb(2), typeof Symbol === "function" && (g[Symbol.iterator] = function() { return this; }), g;
function verb(n) { return function (v) { return step([n, v]); }; }
function step(op) {
if (f) throw new TypeError("Generator is already executing.");
while (g && (g = 0, op[0] && (_ = 0)), _) try {
if (f = 1, y && (t = op[0] & 2 ? y["return"] : op[0] ? y["throw"] || ((t = y["return"]) && t.call(y), 0) : y.next) && !(t = t.call(y, op[1])).done) return t;
if (y = 0, t) op = [op[0] & 2, t.value];
switch (op[0]) {
case 0: case 1: t = op; break;
case 4: _.label++; return { value: op[1], done: false };
case 5: _.label++; y = op[1]; op = [0]; continue;
case 7: op = _.ops.pop(); _.trys.pop(); continue;
default:
if (!(t = _.trys, t = t.length > 0 && t[t.length - 1]) && (op[0] === 6 || op[0] === 2)) { _ = 0; continue; }
if (op[0] === 3 && (!t || (op[1] > t[0] && op[1] < t[3]))) { _.label = op[1]; break; }
if (op[0] === 6 && _.label < t[1]) { _.label = t[1]; t = op; break; }
if (t && _.label < t[2]) { _.label = t[2]; _.ops.push(op); break; }
if (t[2]) _.ops.pop();
_.trys.pop(); continue;
}
op = body.call(thisArg, _);
} catch (e) { op = [6, e]; y = 0; } finally { f = t = 0; }
if (op[0] & 5) throw op[1]; return { value: op[0] ? op[1] : void 0, done: true };
}
};
Object.defineProperty(exports, "__esModule", { value: true });
exports.storePrivateKey = storePrivateKey;
exports.retrievePrivateKey = retrievePrivateKey;
exports.deletePrivateKey = deletePrivateKey;
var keytar_1 = require("keytar");
var crypto_1 = require("crypto");
var os_1 = require("os");
// Service name for keytar
var SERVICE_NAME = 'appstore-cli';
var FALLBACK_KEY = 'appstore-cli-fallback-key';
/**
* Store a private key securely using the OS keychain
* @param keyId The key ID to associate with this private key
* @param privateKey The private key to store
*/
function storePrivateKey(keyId, privateKey) {
return __awaiter(this, void 0, void 0, function () {
var error_1;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 2, , 4]);
// Try to use keytar for secure storage
return [4 /*yield*/, keytar_1.default.setPassword(SERVICE_NAME, keyId, privateKey)];
case 1:
// Try to use keytar for secure storage
_a.sent();
return [3 /*break*/, 4];
case 2:
error_1 = _a.sent();
// If keytar fails, fall back to encrypted file storage
console.warn('Keytar failed, using fallback encryption method');
return [4 /*yield*/, storePrivateKeyFallback(keyId, privateKey)];
case 3:
_a.sent();
return [3 /*break*/, 4];
case 4: return [2 /*return*/];
}
});
});
}
/**
* Retrieve a private key from secure storage
* @param keyId The key ID associated with the private key
* @returns The private key or null if not found
*/
function retrievePrivateKey(keyId) {
return __awaiter(this, void 0, void 0, function () {
var error_2;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 2, , 4]);
return [4 /*yield*/, keytar_1.default.getPassword(SERVICE_NAME, keyId)];
case 1:
// Try to use keytar for secure storage
return [2 /*return*/, _a.sent()];
case 2:
error_2 = _a.sent();
// If keytar fails, try the fallback method
console.warn('Keytar failed, trying fallback decryption method');
return [4 /*yield*/, retrievePrivateKeyFallback(keyId)];
case 3: return [2 /*return*/, _a.sent()];
case 4: return [2 /*return*/];
}
});
});
}
/**
* Delete a private key from secure storage
* @param keyId The key ID associated with the private key
*/
function deletePrivateKey(keyId) {
return __awaiter(this, void 0, void 0, function () {
var error_3;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 2, , 4]);
// Try to use keytar for secure storage
return [4 /*yield*/, keytar_1.default.deletePassword(SERVICE_NAME, keyId)];
case 1:
// Try to use keytar for secure storage
_a.sent();
return [3 /*break*/, 4];
case 2:
error_3 = _a.sent();
// If keytar fails, try the fallback method
console.warn('Keytar failed, trying fallback deletion method');
return [4 /*yield*/, deletePrivateKeyFallback(keyId)];
case 3:
_a.sent();
return [3 /*break*/, 4];
case 4: return [2 /*return*/];
}
});
});
}
/**
* Fallback method to store private key using file encryption
* @param keyId The key ID to associate with this private key
* @param privateKey The private key to store
*/
function storePrivateKeyFallback(keyId, privateKey) {
return __awaiter(this, void 0, void 0, function () {
var encryptionKey, encryptedKey, fs, path, configDir, fallbackFile;
return __generator(this, function (_a) {
switch (_a.label) {
case 0: return [4 /*yield*/, generateMachineKey()];
case 1:
encryptionKey = _a.sent();
encryptedKey = encryptString(privateKey, encryptionKey);
return [4 /*yield*/, Promise.resolve().then(function () { return require('fs'); })];
case 2:
fs = _a.sent();
return [4 /*yield*/, Promise.resolve().then(function () { return require('path'); })];
case 3:
path = _a.sent();
configDir = path.join(os_1.default.homedir(), '.appstore-cli');
if (!fs.existsSync(configDir)) {
fs.mkdirSync(configDir);
}
fallbackFile = path.join(configDir, "key-".concat(keyId, ".enc"));
fs.writeFileSync(fallbackFile, encryptedKey);
return [2 /*return*/];
}
});
});
}
/**
* Fallback method to retrieve private key using file decryption
* @param keyId The key ID associated with the private key
* @returns The private key or null if not found
*/
function retrievePrivateKeyFallback(keyId) {
return __awaiter(this, void 0, void 0, function () {
var fs, path, configDir, fallbackFile, encryptedKey, decryptionKey, error_4;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 4, , 5]);
return [4 /*yield*/, Promise.resolve().then(function () { return require('fs'); })];
case 1:
fs = _a.sent();
return [4 /*yield*/, Promise.resolve().then(function () { return require('path'); })];
case 2:
path = _a.sent();
configDir = path.join(os_1.default.homedir(), '.appstore-cli');
fallbackFile = path.join(configDir, "key-".concat(keyId, ".enc"));
if (!fs.existsSync(fallbackFile)) {
return [2 /*return*/, null];
}
encryptedKey = fs.readFileSync(fallbackFile, 'utf8');
return [4 /*yield*/, generateMachineKey()];
case 3:
decryptionKey = _a.sent();
// Decrypt the private key
return [2 /*return*/, decryptString(encryptedKey, decryptionKey)];
case 4:
error_4 = _a.sent();
console.error('Error retrieving private key from fallback storage:', error_4);
return [2 /*return*/, null];
case 5: return [2 /*return*/];
}
});
});
}
/**
* Fallback method to delete private key file
* @param keyId The key ID associated with the private key
*/
function deletePrivateKeyFallback(keyId) {
return __awaiter(this, void 0, void 0, function () {
var fs, path, configDir, fallbackFile, error_5;
return __generator(this, function (_a) {
switch (_a.label) {
case 0:
_a.trys.push([0, 3, , 4]);
return [4 /*yield*/, Promise.resolve().then(function () { return require('fs'); })];
case 1:
fs = _a.sent();
return [4 /*yield*/, Promise.resolve().then(function () { return require('path'); })];
case 2:
path = _a.sent();
configDir = path.join(os_1.default.homedir(), '.appstore-cli');
fallbackFile = path.join(configDir, "key-".concat(keyId, ".enc"));
if (fs.existsSync(fallbackFile)) {
fs.unlinkSync(fallbackFile);
}
return [3 /*break*/, 4];
case 3:
error_5 = _a.sent();
console.error('Error deleting private key from fallback storage:', error_5);
return [3 /*break*/, 4];
case 4: return [2 /*return*/];
}
});
});
}
/**
* Generate a machine-specific key for encryption
* @returns A promise that resolves to a machine-specific key
*/
function generateMachineKey() {
return __awaiter(this, void 0, void 0, function () {
var machineId;
return __generator(this, function (_a) {
machineId = os_1.default.hostname() + os_1.default.platform() + os_1.default.arch();
// Create a hash of the machine information
return [2 /*return*/, crypto_1.default.createHash('sha256').update(machineId).digest()];
});
});
}
/**
* Encrypt a string using AES-256-CBC
* @param text The text to encrypt
* @param key The encryption key
* @returns The encrypted text as a base64 string
*/
function encryptString(text, key) {
// Generate a random initialization vector
var iv = crypto_1.default.randomBytes(16);
// Create cipher
var cipher = crypto_1.default.createCipheriv('aes-256-cbc', key, iv);
// Encrypt the text
var encrypted = cipher.update(text, 'utf8', 'base64');
encrypted += cipher.final('base64');
// Return iv + encrypted text as base64
return iv.toString('base64') + ':' + encrypted;
}
/**
* Decrypt a string using AES-256-CBC
* @param encryptedText The encrypted text as a base64 string
* @param key The decryption key
* @returns The decrypted text
*/
function decryptString(encryptedText, key) {
// Split the iv and encrypted text
var parts = encryptedText.split(':');
var iv = Buffer.from(parts[0], 'base64');
var encrypted = parts[1];
// Create decipher
var decipher = crypto_1.default.createDecipheriv('aes-256-cbc', key, iv);
// Decrypt the text
var decrypted = decipher.update(encrypted, 'base64', 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}