UNPKG

manifest

Version:

Self-hosted Manifest LLM router with embedded server, SQLite database, and dashboard

72 lines 2.61 kB
"use strict"; Object.defineProperty(exports, "__esModule", { value: true }); exports.getEncryptionSecret = getEncryptionSecret; exports.encrypt = encrypt; exports.decrypt = decrypt; exports.isEncrypted = isEncrypted; const crypto_1 = require("crypto"); const ALGORITHM = 'aes-256-gcm'; const IV_LENGTH = 16; const SALT_LENGTH = 16; const KEY_LENGTH = 32; function deriveKey(secret, salt) { return (0, crypto_1.scryptSync)(secret, salt, KEY_LENGTH); } function getEncryptionSecret() { const key = process.env['MANIFEST_ENCRYPTION_KEY'] || process.env['BETTER_AUTH_SECRET']; if (key && key.length >= 32) { return key; } if (process.env['MANIFEST_MODE'] === 'local') { const { getLocalAuthSecret } = require('../../common/constants/local-mode.constants'); return getLocalAuthSecret(); } throw new Error('Encryption secret required. Set MANIFEST_ENCRYPTION_KEY or BETTER_AUTH_SECRET (>=32 chars).'); } function encrypt(plaintext, secret) { const salt = (0, crypto_1.randomBytes)(SALT_LENGTH); const key = deriveKey(secret, salt); const iv = (0, crypto_1.randomBytes)(IV_LENGTH); const cipher = (0, crypto_1.createCipheriv)(ALGORITHM, key, iv); const encrypted = Buffer.concat([cipher.update(plaintext, 'utf8'), cipher.final()]); const tag = cipher.getAuthTag(); return [ salt.toString('base64'), iv.toString('base64'), tag.toString('base64'), encrypted.toString('base64'), ].join(':'); } function decrypt(ciphertext, secret) { const parts = ciphertext.split(':'); if (parts.length !== 4) { throw new Error('Invalid ciphertext format'); } const [saltB64, ivB64, tagB64, encryptedB64] = parts; const salt = Buffer.from(saltB64, 'base64'); const iv = Buffer.from(ivB64, 'base64'); const tag = Buffer.from(tagB64, 'base64'); const encrypted = Buffer.from(encryptedB64, 'base64'); const key = deriveKey(secret, salt); const decipher = (0, crypto_1.createDecipheriv)(ALGORITHM, key, iv); decipher.setAuthTag(tag); const decrypted = Buffer.concat([decipher.update(encrypted), decipher.final()]); return decrypted.toString('utf8'); } function isEncrypted(value) { const parts = value.split(':'); if (parts.length !== 4) return false; try { for (const part of parts) { const buf = Buffer.from(part, 'base64'); if (buf.toString('base64') !== part) return false; } return true; } catch { return false; } } //# sourceMappingURL=crypto.util.js.map