-
Notifications
You must be signed in to change notification settings - Fork 273
Expand file tree
/
Copy pathindex.ts
More file actions
95 lines (70 loc) · 2.99 KB
/
index.ts
File metadata and controls
95 lines (70 loc) · 2.99 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
import crypto from 'crypto';
import fs from 'fs';
import { SOURCEBOT_ENCRYPTION_KEY } from './environment';
const algorithm = 'aes-256-cbc';
const ivLength = 16; // 16 bytes for CBC
const publicKeyCache = new Map<string, string>();
const generateIV = (): Buffer => {
return crypto.randomBytes(ivLength);
};
export function encrypt(text: string): { iv: string; encryptedData: string } {
if (!SOURCEBOT_ENCRYPTION_KEY) {
throw new Error('Encryption key is not set');
}
const encryptionKey = Buffer.from(SOURCEBOT_ENCRYPTION_KEY, 'ascii');
const iv = generateIV();
const cipher = crypto.createCipheriv(algorithm, encryptionKey, iv);
let encrypted = cipher.update(text, 'utf8', 'hex');
encrypted += cipher.final('hex');
return { iv: iv.toString('hex'), encryptedData: encrypted };
}
export function hashSecret(text: string): string {
if (!SOURCEBOT_ENCRYPTION_KEY) {
throw new Error('Encryption key is not set');
}
return crypto.createHmac('sha256', SOURCEBOT_ENCRYPTION_KEY).update(text).digest('hex');
}
export function generateApiKey(): { key: string; hash: string } {
if (!SOURCEBOT_ENCRYPTION_KEY) {
throw new Error('Encryption key is not set');
}
const secret = crypto.randomBytes(32).toString('hex');
const hash = hashSecret(secret);
return {
key: `sourcebot-${secret}`,
hash,
};
}
export function decrypt(iv: string, encryptedText: string): string {
if (!SOURCEBOT_ENCRYPTION_KEY) {
throw new Error('Encryption key is not set');
}
const encryptionKey = Buffer.from(SOURCEBOT_ENCRYPTION_KEY, 'ascii');
const ivBuffer = Buffer.from(iv, 'hex');
const encryptedBuffer = Buffer.from(encryptedText, 'hex');
const decipher = crypto.createDecipheriv(algorithm, encryptionKey, ivBuffer);
let decrypted = decipher.update(encryptedBuffer, undefined, 'utf8');
decrypted += decipher.final('utf8');
return decrypted;
}
export function verifySignature(data: string, signature: string, publicKeyPath: string): boolean {
try {
let publicKey = publicKeyCache.get(publicKeyPath);
if (!publicKey) {
if (!fs.existsSync(publicKeyPath)) {
throw new Error(`Public key file not found at: ${publicKeyPath}`);
}
publicKey = fs.readFileSync(publicKeyPath, 'utf8');
publicKeyCache.set(publicKeyPath, publicKey);
}
// Convert base64url signature to base64 if needed
const base64Signature = signature.replace(/-/g, '+').replace(/_/g, '/');
const paddedSignature = base64Signature + '='.repeat((4 - base64Signature.length % 4) % 4);
const signatureBuffer = Buffer.from(paddedSignature, 'base64');
return crypto.verify(null, Buffer.from(data, 'utf8'), publicKey, signatureBuffer);
} catch (error) {
console.error('Error verifying signature:', error);
return false;
}
}
export { getTokenFromConfig } from './tokenUtils.js';