aet/opvault.js
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Refactor

Browse Source
This commit is contained in:
Alex 2023-04-28 22:56:30 -04:00
parent 43bfb6715c
commit 904b11b7b7
30 changed files with 2790 additions and 1931 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
README.md
View File

@ -25,8 +25,11 @@ pnpm run bundle
## Test
```sh
cd packages/opvault.js/src/__tests__
wget -qO- https://cache.agilebits.com/security-kb/freddy-2013-12-04.tar.gz | tar xvz
mv onepassword_data freddy-2013-12-04.opvault
# Run tests
pnpm run test
```

55
package.json
View File

@ -6,46 +6,47 @@
"private": true,
"scripts": {
"design": "marked -o design.html < design.md",
"test": "node --expose-gc node_modules/mocha/bin/_mocha test/**/*.test.ts",
"test": "rm -rf mochawesome-report; c8 -r html node --expose-gc node_modules/mocha/bin/_mocha packages/**/*.test.ts; mv coverage mochawesome-report/coverage",
"repl": "node -r ts-node/register/transpile-only src/repl.ts",
"dev": "cd packages/web && yarn dev",
"bundle": "cd packages/web && yarn bundle",
"i18n": "node packages/web/scripts/build-i18n-yml-typedef.js"
},
"devDependencies": {
"@types/chai": "^4.3.0",
"@types/chai": "^4.3.4",
"@types/chai-as-promised": "^7.1.5",
"@types/fs-extra": "^9.0.13",
"@types/fs-extra": "^11.0.1",
"@types/mocha": "github:whitecolor/mocha-types#da22474cf43f48a56c86f8c23a5a0ea36e295768",
"@types/node": "^17.0.23",
"@types/sinon": "^10.0.11",
"@types/sinon-chai": "^3.2.8",
"@types/node": "^18.16.2",
"@types/sinon": "^10.0.14",
"@types/sinon-chai": "^3.2.9",
"@types/wicg-file-system-access": "^2020.9.5",
"@typescript-eslint/eslint-plugin": "5.17.0",
"@typescript-eslint/parser": "5.17.0",
"chai": "^4.3.6",
"@typescript-eslint/eslint-plugin": "5.59.1",
"@typescript-eslint/parser": "5.59.1",
"c8": "^7.13.0",
"chai": "^4.3.7",
"chai-as-promised": "^7.1.1",
"chalk": "^4.1.2",
"eslint": "8.12.0",
"eslint-config-prettier": "8.5.0",
"eslint-import-resolver-typescript": "2.7.0",
"eslint-plugin-import": "2.25.4",
"eslint-plugin-react": "7.29.4",
"eslint-plugin-react-hooks": "4.4.0",
"fs-extra": "^10.0.1",
"marked": "^4.0.12",
"mocha": "^9.2.2",
"eslint": "8.39.0",
"eslint-config-prettier": "8.8.0",
"eslint-import-resolver-typescript": "3.5.5",
"eslint-plugin-import": "2.27.5",
"eslint-plugin-react": "7.32.2",
"eslint-plugin-react-hooks": "4.6.0",
"fs-extra": "^11.1.1",
"marked": "^4.3.0",
"mocha": "^10.2.0",
"mochawesome": "^7.1.3",
"prettier": "^2.6.2",
"react": "^17.0.2",
"react-dom": "^17.0.2",
"sass": "^1.49.11",
"sinon": "^13.0.1",
"prettier": "^2.8.8",
"react": "^18.2.0",
"react-dom": "^18.2.0",
"sass": "^1.62.1",
"sinon": "^15.0.4",
"sinon-chai": "^3.7.0",
"tslib": "^2.3.1",
"ts-node": "^10.7.0",
"tsconfig-paths": "^3.14.1",
"typescript": "^4.6.3"
"ts-node": "^10.9.1",
"tsconfig-paths": "^4.2.0",
"tslib": "^2.5.0",
"typescript": "^5.0.4"
},
"prettier": {
"arrowParens": "avoid",

6
packages/adapters/package.json
View File

@ -1,6 +0,0 @@
{
"name": "opvault-adapters",
"dependencies": {
"opvault.js": "*"
}
}

28
packages/opvault.js/package.json
View File

@ -1,23 +1,31 @@
{
"name": "opvault.js",
"main": "src/index.ts",
"version": "0.0.1",
"license": "LGPL-3.0-or-later",
"scripts": {
"build": "rollup -c; prettier --write lib >/dev/null",
"build": "rollup -c --bundleConfigAsCjs; prettier --write lib >/dev/null",
"build:docs": "typedoc --out docs src/index.ts --excludePrivate"
},
"exports": {
".": "./lib/index.js",
"./node": "./lib/node.js",
"./filePicker": "./lib/filePicker.js",
"./webkit": "./lib/webkit.js"
},
"files": [
"lib"
],
"dependencies": {
"buffer": "^6.0.3",
"tiny-invariant": "1.2.0",
"tslib": "2.3.1"
"tiny-invariant": "1.3.1",
"tslib": "2.5.0"
},
"devDependencies": {
"@rollup/plugin-json": "^4.1.0",
"@rollup/plugin-replace": "^3.0.0",
"prettier": "^2.5.1",
"rollup": "^2.61.1",
"rollup-plugin-ts": "^2.0.4",
"typedoc": "^0.22.10"
"@rollup/plugin-json": "^6.0.0",
"@rollup/plugin-replace": "^5.0.2",
"prettier": "^2.8.8",
"rollup": "^3.21.0",
"rollup-plugin-ts": "^3.2.0",
"typedoc": "^0.24.6"
}
}

5
packages/opvault.js/rollup.config.js
View File

@ -8,6 +8,9 @@ import { dependencies } from "./package.json"
export default () => ({
input: {
index: "./src/index.ts",
node: "./src/adapter/node.ts",
filePicker: "./src/adapter/showDirectoryPicker.ts",
webkit: "./src/adapter/webkitdirectory.ts",
},
external: builtinModules.concat(Object.keys(dependencies)),
output: {
@ -21,8 +24,6 @@ export default () => ({
preventAssignment: true,
values: {
"process.env.NODE_ENV": '"production"',
'require("./adapter").nodeAdapter':
'import("./adapter").then(x => x.nodeAdapter)',
},
}),
],

0
test/decrypted.json → packages/opvault.js/src/__tests__/decrypted.json
View File

99
packages/opvault.js/src/__tests__/index.test.ts Normal file
View File

@ -0,0 +1,99 @@
import { resolve } from "path"
import { describe, it, beforeEach } from "mocha"
import { expect } from "chai"
import type { Vault } from "../index"
import { base64FromByteArray } from "../buffer"
import { OnePassword } from "../index"
import { adapter } from "../adapter/node"
describe("OnePassword", () => {
const freddy = resolve(__dirname, "freddy-2013-12-04.opvault")
describe("getProfileNames", () => {
it("freddy", async () => {
const instance = new OnePassword({ path: freddy, adapter })
expect(await instance.getProfileNames()).to.deep.equal(["default"])
})
it.skip("ignores faulty folders", async () => {})
})
describe("unlock", () => {
let vault: Vault
beforeEach(async () => {
vault = await new OnePassword({ path: freddy, adapter }).getProfile("default")
})
it("accepts correct password", async () => {
await expect(vault.unlock("freddy")).to.be.fulfilled
expect(vault.isLocked).to.be.false
})
it("rejects wrong password", () => {
;["Freddy", "_freddy", ""].forEach(async password => {
await expect(vault.unlock(password)).to.be.rejectedWith("Invalid password")
expect(vault.isLocked).to.be.true
})
})
})
describe("content", () => {
let vault: Vault
beforeEach(async () => {
vault = await new OnePassword({ path: freddy, adapter }).getProfile("default")
await vault.unlock("freddy")
})
it("reads notes", async () => {
const item = (await vault.getItem({
title: "A note with some attachments",
}))!
expect(item).to.exist
expect(item.uuid).to.equal("F2DB5DA3FCA64372A751E0E85C67A538")
expect(item.attachments).to.have.lengthOf(2)
expect(item.details).to.deep.equal({
notesPlain: "This note has two attachments.",
})
expect(item.overview).to.deep.equal({
title: "A note with some attachments",
ps: 0,
ainfo: "This note has two attachments.",
})
})
it("decrypts items", async () => {
const decrypted = require("./decrypted.json")
expect(vault.isLocked).to.be.false
for (const [uuid, item] of Object.entries<any>(decrypted)) {
const actual = await vault.getItem(uuid)
expect(actual).to.exist
expect(actual!.overview).to.deep.equal(item.overview)
expect(actual!.details).to.deep.equal(item.itemDetails)
expect(actual!.attachments).to.have.lengthOf(item.attachments.length)
for (const [i, attachment] of actual!.attachments.entries()) {
const expected = item.attachments[i]
await attachment.unlock()
expect(attachment.metadata).to.deep.equal(expected.metadata)
expect(base64FromByteArray(attachment.file)).to.deep.equal(expected.file)
expect(base64FromByteArray(attachment.icon)).to.deep.equal(expected.icon)
}
}
})
})
describe("lock", () => {
it("locks", async () => {
const instance = new OnePassword({ path: freddy, adapter })
const vault = await instance.getProfile("default")
await vault.unlock("freddy")
expect(vault.isLocked).to.be.false
vault.lock()
expect(vault.isLocked).to.be.true
expect(vault.getItem("F2DB5DA3FCA64372A751E0E85C67A538")).to.eventually.throw
})
})
})

43
packages/opvault.js/src/__tests__/weakMap.test.ts Normal file
View File

@ -0,0 +1,43 @@
import { describe, it } from "mocha"
import { expect } from "chai"
import { WeakValueMap } from "../weakMap"
declare const gc: () => void
describe("WeakValueMap", () => {
interface Value {
value: number
}
it("covers base use cases", () => {
const map = new WeakValueMap<string, Value>()
const object = { value: 1 }
map.set("key", object)
expect(map.get("key")!.value).to.equal(1)
expect(map.delete("key")).to.be.true
expect(!map.delete("key")).to.be.true
})
it("overrides previous value", () => {
const map = new WeakValueMap<string, Value>()
map.set("key", { value: 2 })
map.set("key", { value: 3 })
expect(map.get("key")!.value).to.equal(3)
})
it("deletes garbage collected values", done => {
const map = new WeakValueMap<string, Value>()
map.set("key", { value: 1 })
setTimeout(() => {
gc()
expect(map.has("key")).to.be.false
map.set("key", { value: 2 })
setTimeout(() => {
gc()
done()
})
})
})
})

53
packages/opvault.js/src/adapter.ts → packages/opvault.js/src/adapter/index.ts
View File

@ -1,10 +1,7 @@
import { promises as fs, existsSync } from "fs"
import { webcrypto } from "crypto"
/**
* An object that implements basic file system functionalities.
*/
export interface IFileSystem {
export interface FileSystem {
/**
* Asynchronously tests whether or not the given path exists by checking with the file system.
* @param path A path to a file or directory.
@ -15,39 +12,45 @@ export interface IFileSystem {
* Asynchronously reads the entire contents of a file.
* @param path A path to a file.
*/
readBuffer(path: string): Promise<Buffer>
readFile(path: string): Promise<Uint8Array>
/**
* Asynchronously reads the entire contents of a file.
* @param path A path to a file.
*/
readFile(path: string): Promise<string>
readTextFile(path: string): Promise<string>
/**
* Asynchronously writes data to a file, replacing the file if it already exists.
* @param path A path to a file.
* @param data The data to write.
*/
writeFile(path: string, data: string): Promise<void>
writeTextFile(path: string, data: string): Promise<void>
/**
* Asynchronous readdir(3) - read a directory.
* @param path A path to a directory.
* Reads the directory given by path and returns an async iterable of `DirEntry`.
*/
readdir(path: string): Promise<string[]>
/**
* Returns true if the path points to a directory.
*/
isDirectory(path: string): Promise<boolean>
readDir(path: string): AsyncIterable<DirEntry>
}
export interface IAdapter {
/**
* Information about a directory entry
*/
export interface DirEntry {
/** The file name of the entry. Does not include the full path. */
name: string
/** True if this is info for a regular file. */
isFile: boolean
/** True if this is info for a directory. */
isDirectory: boolean
}
export interface Adapter {
/**
* Underlying `fs` module. You can replace it with a wrapper of
* `memfs` or any object that implements `IFileSystem`.
*/
fs: IFileSystem
fs: FileSystem
/**
* `SubtleCrypto` implementation. On Node.js this is
@ -56,19 +59,3 @@ export interface IAdapter {
*/
subtle: SubtleCrypto
}
/**
* Default Node.js adapter. This can be used while using `opvault.js`
* in a Node.js environment.
*/
export const nodeAdapter: IAdapter = {
fs: {
readFile: path => fs.readFile(path, "utf-8"),
readBuffer: path => fs.readFile(path),
writeFile: fs.writeFile,
readdir: fs.readdir,
isDirectory: async path => fs.stat(path).then(x => x.isDirectory()),
exists: async path => existsSync(path),
},
subtle: (webcrypto as any).subtle,
}

31
packages/opvault.js/src/adapter/node.ts Normal file
View File

@ -0,0 +1,31 @@
import { promises as fs, existsSync } from "fs"
import { webcrypto } from "crypto"
import { join } from "path"
import type { Adapter } from "./index"
/**
* Default Node.js adapter. This can be used while using `opvault.js`
* in a Node.js environment.
*/
export const adapter: Adapter = {
fs: {
readTextFile: path => fs.readFile(path, "utf-8"),
readFile: path => fs.readFile(path),
writeTextFile: fs.writeFile,
async *readDir(path) {
const names = await fs.readdir(path)
for (const name of names) {
const fullPath = join(path, name)
const stat = await fs.stat(fullPath)
yield {
name,
isFile: stat.isFile(),
isDirectory: stat.isDirectory(),
}
}
},
exists: async path => existsSync(path),
},
subtle: (webcrypto as any).subtle,
}

42
packages/adapters/src/showDirectoryPicker.ts → packages/opvault.js/src/adapter/showDirectoryPicker.ts
View File

@ -1,5 +1,4 @@
import { Buffer } from "buffer"
import type { IAdapter, IFileSystem } from "opvault.js/src/adapter"
import type { Adapter, DirEntry, FileSystem } from "./index"
function normalize(path: string) {
return path.replace(/^\//, "")
@ -11,7 +10,7 @@ function splitPath(path: string) {
return [segments, filename] as const
}
export class FileSystem implements IFileSystem {
class FS implements FileSystem {
constructor(private handle: FileSystemDirectoryHandle) {}
private async getDirectoryHandle(segments: string[]) {
@ -33,7 +32,7 @@ export class FileSystem implements IFileSystem {
return fileHandle
}
async readFile(path: string) {
async readTextFile(path: string) {
const handle = await this.getFileHandle(path)
const file = await handle.getFile()
return file.text()
@ -60,30 +59,20 @@ export class FileSystem implements IFileSystem {
)
}
async readBuffer(path: string): Promise<Buffer> {
async readFile(path: string): Promise<Uint8Array> {
const handle = await this.getFileHandle(path)
const file = await handle.getFile()
return Buffer.from(await file.arrayBuffer())
return new Uint8Array(await file.arrayBuffer())
}
async writeFile(path: string, data: string): Promise<void> {
async writeTextFile(path: string, data: string): Promise<void> {
const handle = await this.getFileHandle(path)
const writable = await handle.createWritable()
await writable.write(data)
await writable.close()
}
async readdir(path: string): Promise<string[]> {
const segments = normalize(path).split("/")
const dirHandle = await this.getDirectoryHandle(segments)
const keys: string[] = []
for await (const key of dirHandle.keys()) {
keys.push(key)
}
return keys
}
async isDirectory(path: string) {
private async isDirectory(path: string) {
const [segments, filename] = splitPath(path)
const dirHandle = await this.getDirectoryHandle(segments)
for await (const [key, handle] of dirHandle.entries()) {
@ -97,6 +86,19 @@ export class FileSystem implements IFileSystem {
}
return false
}
async *readDir(path: string): AsyncIterable<DirEntry> {
const segments = normalize(path).split("/")
const dirHandle = await this.getDirectoryHandle(segments)
for await (const key of dirHandle.keys()) {
const isDirectory = await this.isDirectory(`${path}/${key}`)
yield {
name: key,
isDirectory,
isFile: !isDirectory,
}
}
}
}
async function success(fn: () => Promise<any>) {
@ -111,7 +113,7 @@ async function success(fn: () => Promise<any>) {
/**
* Default Browser adapter.
*/
export const getBrowserAdapter = (handle: FileSystemDirectoryHandle): IAdapter => ({
fs: new FileSystem(handle),
export const getBrowserAdapter = (handle: FileSystemDirectoryHandle): Adapter => ({
fs: new FS(handle),
subtle: crypto.subtle,
})

38
packages/adapters/src/webkitdirectory.ts → packages/opvault.js/src/adapter/webkitdirectory.ts
View File

@ -1,7 +1,7 @@
import { Buffer } from "buffer"
import type { IAdapter, IFileSystem } from "opvault.js/src/adapter"
import type { Adapter, DirEntry, FileSystem } from "./index"
export class FileSystem implements IFileSystem {
class FS implements FileSystem {
private paths = new Set<string>()
private pathMap = new Map<string, File>()
@ -12,7 +12,7 @@ export class FileSystem implements IFileSystem {
}
}
async readFile(path: string) {
async readTextFile(path: string) {
return this.pathMap.get(path)!.text()
}
@ -20,34 +20,40 @@ export class FileSystem implements IFileSystem {
return this.pathMap.has(path)
}
async readBuffer(path: string): Promise<Buffer> {
async readFile(path: string): Promise<Buffer> {
const arrayBuffer = await this.pathMap.get(path)!.arrayBuffer()
return Buffer.from(arrayBuffer)
}
// eslint-disable-next-line class-methods-use-this
async writeFile(path: string, data: string): Promise<void> {
async writeTextFile(): Promise<void> {
throw new Error("fs.writeFile is not supported with webkitdirectory")
}
async readdir(path: string): Promise<string[]> {
const paths = [...this.paths]
return paths
.filter(_ => _.startsWith(`${path}/`))
.map(_ => _.slice(path.length + 1))
.map(_ => _.split("/")[0])
}
async isDirectory(path: string) {
private isDirectory(path: string) {
const paths = [...this.paths]
return paths.some(_ => _.startsWith(`${path}/`)) && !paths.includes(path)
}
async *readDir(path: string): AsyncIterable<DirEntry> {
for (const name of [...this.paths]
.filter(_ => _.startsWith(`${path}/`))
.map(_ => _.slice(path.length + 1))
.map(_ => _.split("/")[0])) {
const isDirectory = this.isDirectory(path)
yield {
name,
isDirectory,
isFile: !isDirectory,
}
}
}
}
/**
* Default Browser adapter.
*/
export const getBrowserAdapter = (list: FileList): IAdapter => ({
fs: new FileSystem(list),
export const getBrowserAdapter = (list: FileList): Adapter => ({
fs: new FS(list),
subtle: crypto.subtle,
})

362
packages/opvault.js/src/buffer.ts Normal file
View File

@ -0,0 +1,362 @@
/**
* The buffer module from node.js, for the browser.
*
* @author Feross Aboukhadijeh <https://feross.org>
* @license MIT
*/
// The MIT License (MIT)
// Copyright (c) 2014 Jameson Little
const lookup: string[] = []
const revLookup: number[] = []
const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"
for (let i = 0, len = alphabet.length; i < len; ++i) {
lookup[i] = alphabet[i]
revLookup[alphabet.charCodeAt(i)] = i
}
// Support decoding URL-safe base64 strings, as Node.js does.
// See: https://en.wikipedia.org/wiki/Base64#URL_applications
revLookup[45] = 62
revLookup[95] = 63
function base64ToByteArray(b64: string): Uint8Array {
const { length } = b64
if (length % 4 > 0) {
throw new Error("Invalid string. Length must be a multiple of 4")
}
// Trim off extra bytes after placeholder bytes are found
// See: https://github.com/beatgammit/base64-js/issues/42
let validLen = b64.indexOf("=")
if (validLen === -1) validLen = length
const placeHoldersLen = validLen === length ? 0 : 4 - (validLen % 4)
const arr = new Uint8Array(((validLen + placeHoldersLen) * 3) / 4 - placeHoldersLen)
let curByte = 0
// if there are placeholders, only get up to the last complete 4 chars
const len = placeHoldersLen > 0 ? validLen - 4 : validLen
let i: number
for (i = 0; i < len; i += 4) {
const tmp =
(revLookup[b64.charCodeAt(i)] << 18) |
(revLookup[b64.charCodeAt(i + 1)] << 12) |
(revLookup[b64.charCodeAt(i + 2)] << 6) |
revLookup[b64.charCodeAt(i + 3)]
arr[curByte++] = (tmp >> 16) & 0xff
arr[curByte++] = (tmp >> 8) & 0xff
arr[curByte++] = tmp & 0xff
}
if (placeHoldersLen === 2) {
const tmp =
(revLookup[b64.charCodeAt(i)] << 2) | (revLookup[b64.charCodeAt(i + 1)] >> 4)
arr[curByte++] = tmp & 0xff
}
if (placeHoldersLen === 1) {
const tmp =
(revLookup[b64.charCodeAt(i)] << 10) |
(revLookup[b64.charCodeAt(i + 1)] << 4) |
(revLookup[b64.charCodeAt(i + 2)] >> 2)
arr[curByte++] = (tmp >> 8) & 0xff
arr[curByte++] = tmp & 0xff
}
return arr
}
const tripletToBase64 = (num: number) =>
lookup[(num >> 18) & 0x3f] +
lookup[(num >> 12) & 0x3f] +
lookup[(num >> 6) & 0x3f] +
lookup[num & 0x3f]
function encodeChunk(uint8: Uint8Array, start: number, end: number) {
const output: string[] = []
for (let i = start; i < end; i += 3) {
const tmp =
((uint8[i] << 16) & 0xff0000) +
((uint8[i + 1] << 8) & 0xff00) +
(uint8[i + 2] & 0xff)
output.push(tripletToBase64(tmp))
}
return output.join("")
}
export function base64FromByteArray(uint8: Uint8Array): string {
let tmp: number
const len = uint8.length
const extraBytes = len % 3 // if we have 1 byte left, pad 2 bytes
const parts = []
const maxChunkLength = 16383 // must be multiple of 3
// go through the array every three bytes, we'll deal with trailing stuff later
for (let i = 0, len2 = len - extraBytes; i < len2; i += maxChunkLength) {
parts.push(
encodeChunk(uint8, i, i + maxChunkLength > len2 ? len2 : i + maxChunkLength)
)
}
// pad the end with zeros, but make sure to not forget the extra bytes
if (extraBytes === 1) {
tmp = uint8[len - 1]
parts.push(lookup[tmp >> 2] + lookup[(tmp << 4) & 0x3f] + "==")
} else if (extraBytes === 2) {
tmp = (uint8[len - 2] << 8) + uint8[len - 1]
parts.push(
lookup[tmp >> 10] + lookup[(tmp >> 4) & 0x3f] + lookup[(tmp << 2) & 0x3f] + "="
)
}
return parts.join("")
}
export function fromBase64(string: string) {
const { length } = base64ToBytes(string)
let buf = new Uint8Array(length)
const actual = write(buf, string)
if (actual !== length) {
// Writing a hex string, for example, that contains invalid characters will
// cause everything after the first invalid character to be ignored. (e.g.
// 'abxxcd' will be treated as 'ab')
buf = buf.slice(0, actual)
}
return buf
}
function write(array: Uint8Array, string: string) {
const offset = 0
let { length } = array
const remaining = array.length - offset
if (length === undefined || length > remaining) length = remaining
if ((string.length > 0 && (length < 0 || offset < 0)) || offset > array.length) {
throw new RangeError("Attempt to write outside buffer bounds")
}
return blitBuffer(base64ToBytes(string), array, offset, length)
}
export function utf8Slice(array: Uint8Array, start = 0, end = array.length) {
end = Math.min(array.length, end)
const res: number[] = []
let i = start
while (i < end) {
const firstByte = array[i]
let codePoint = null
let bytesPerSequence =
firstByte > 0xef ? 4 : firstByte > 0xdf ? 3 : firstByte > 0xbf ? 2 : 1
if (i + bytesPerSequence <= end) {
let secondByte: number
let thirdByte: number
let fourthByte: number
let tempCodePoint: number
switch (bytesPerSequence) {
case 1:
if (firstByte < 0x80) {
codePoint = firstByte
}
break
case 2:
secondByte = array[i + 1]
if ((secondByte & 0xc0) === 0x80) {
tempCodePoint = ((firstByte & 0x1f) << 0x6) | (secondByte & 0x3f)
if (tempCodePoint > 0x7f) {
codePoint = tempCodePoint
}
}
break
case 3:
secondByte = array[i + 1]
thirdByte = array[i + 2]
if ((secondByte & 0xc0) === 0x80 && (thirdByte & 0xc0) === 0x80) {
tempCodePoint =
((firstByte & 0xf) << 0xc) |
((secondByte & 0x3f) << 0x6) |
(thirdByte & 0x3f)
if (
tempCodePoint > 0x7ff &&
(tempCodePoint < 0xd800 || tempCodePoint > 0xdfff)
) {
codePoint = tempCodePoint
}
}
break
case 4:
secondByte = array[i + 1]
thirdByte = array[i + 2]
fourthByte = array[i + 3]
if (
(secondByte & 0xc0) === 0x80 &&
(thirdByte & 0xc0) === 0x80 &&
(fourthByte & 0xc0) === 0x80
) {
tempCodePoint =
((firstByte & 0xf) << 0x12) |
((secondByte & 0x3f) << 0xc) |
((thirdByte & 0x3f) << 0x6) |
(fourthByte & 0x3f)
if (tempCodePoint > 0xffff && tempCodePoint < 0x110000) {
codePoint = tempCodePoint
}
}
}
}
if (codePoint === null) {
// we did not generate a valid codePoint so insert a
// replacement char (U+FFFD) and advance only 1 byte
codePoint = 0xfffd
bytesPerSequence = 1
} else if (codePoint > 0xffff) {
// encode to utf16 (surrogate pair dance)
codePoint -= 0x10000
res.push(((codePoint >>> 10) & 0x3ff) | 0xd800)
codePoint = 0xdc00 | (codePoint & 0x3ff)
}
res.push(codePoint)
i += bytesPerSequence
}
return decodeCodePointsArray(res)
}
// Based on http://stackoverflow.com/a/22747272/680742, the browser with
// the lowest limit is Chrome, with 0x10000 args.
// We go 1 magnitude less, for safety
const MAX_ARGUMENTS_LENGTH = 0x1000
function decodeCodePointsArray(codePoints: number[]) {
const len = codePoints.length
if (len <= MAX_ARGUMENTS_LENGTH) {
return String.fromCharCode(...codePoints) // avoid extra slice()
}
// Decode in chunks to avoid "call stack size exceeded".
let res = ""
let i = 0
while (i < len) {
res += String.fromCharCode(...codePoints.slice(i, (i += MAX_ARGUMENTS_LENGTH)))
}
return res
}
/*
* Need to make sure that buffer isn't trying to write out of bounds.
*/
function checkOffset(offset: number, ext: number, length: number) {
if (offset % 1 !== 0 || offset < 0) throw new RangeError("offset is not uint")
if (offset + ext > length) throw new RangeError("Trying to access beyond buffer length")
}
export function readUInt32BE(array: Uint8Array, offset: number, noAssert?: boolean) {
offset = offset >>> 0
if (!noAssert) checkOffset(offset, 4, array.length)
return (
array[offset] * 0x1000000 +
((array[offset + 1] << 16) | (array[offset + 2] << 8) | array[offset + 3])
)
}
export function readIntLE(
array: Uint8Array,
offset: number,
byteLength: number,
noAssert?: boolean
) {
offset = offset >>> 0
byteLength = byteLength >>> 0
if (!noAssert) checkOffset(offset, byteLength, array.length)
let val = array[offset]
let mul = 1
let i = 0
while (++i < byteLength && (mul *= 0x100)) {
val += array[offset + i] * mul
}
mul *= 0x80
if (val >= mul) val -= Math.pow(2, 8 * byteLength)
return val
}
function checkInt(
buf: Uint8Array,
value: number,
offset: number,
ext: number,
max: number,
min: number
) {
if (value > max || value < min) {
throw new RangeError('"value" argument is out of bounds')
}
if (offset + ext > buf.length) {
throw new RangeError("Index out of range")
}
}
export function writeUInt32BE(
array: Uint8Array,
value: number,
offset: number,
noAssert?: boolean
) {
value = +value
offset = offset >>> 0
if (!noAssert) checkInt(array, value, offset, 4, 0xffffffff, 0)
array[offset] = value >>> 24
array[offset + 1] = value >>> 16
array[offset + 2] = value >>> 8
array[offset + 3] = value & 0xff
return offset + 4
}
// HELPER FUNCTIONS
// ================
const INVALID_BASE64_RE = /[^+/0-9A-Za-z-_]/g
function base64ToBytes(str: string) {
// Node takes equal signs as end of the Base64 encoding
;[str] = str.split("=")
// Node strips out invalid characters like \n and \t from the string, base64-js does not
str = str.trim().replace(INVALID_BASE64_RE, "")
// Node converts strings with length < 2 to ''
if (str.length < 2) return new Uint8Array()
// Node allows for non-padded base64 strings (missing trailing ===), base64-js does not
while (str.length % 4 !== 0) {
str = str + "="
}
return base64ToByteArray(str)
}
function blitBuffer(
src: Uint8Array | number[],
dst: Uint8Array,
offset: number,
length: number
) {
let i: number
for (i = 0; i < length; ++i) {
if (i + offset >= dst.length || i >= src.length) break
dst[i + offset] = src[i]
}
return i
}

62
packages/opvault.js/src/crypto.ts
View File

@ -1,19 +1,18 @@
import { Buffer } from "buffer"
import { decryptData } from "./decipher"
import type { IAdapter } from "./adapter"
import type { Adapter } from "./adapter"
import { createEventEmitter } from "./ee"
import { HMACAssertionError } from "./errors"
import type { i18n } from "./i18n"
import { HMACAssertionError, OPVaultError } from "./errors"
import type { ItemDetails, Overview, Profile } from "./types"
import { setIfAbsent } from "./util"
import type { EncryptedItem } from "./models/item"
import { fromBase64, utf8Slice } from "./buffer"
/** Encryption and MAC */
export interface Cipher {
/** Encryption key */
key: Buffer
key: Uint8Array
/** HMAC key */
hmac: Buffer
hmac: Uint8Array
}
export class Crypto {
@ -27,7 +26,7 @@ export class Crypto {
readonly onLock = createEventEmitter<void>()
constructor(private readonly i18n: i18n, adapter: IAdapter) {
constructor(adapter: Adapter) {
this.subtle = adapter.subtle
}
@ -43,7 +42,7 @@ export class Crypto {
const derivedKey = await this.subtle.deriveBits(
{
name: "PBKDF2",
salt: Buffer.from(profile.salt, "base64"),
salt: fromBase64(profile.salt),
iterations: profile.iterations,
hash: {
name: "SHA-512",
@ -53,7 +52,7 @@ export class Crypto {
64 << 3
)
const cipher = splitPlainText(Buffer.from(derivedKey))
const cipher = splitPlainText(new Uint8Array(derivedKey))
// Derive master key and overview keys
this.#master = await this.decryptKeys(profile.masterKey, cipher)
@ -73,13 +72,9 @@ export class Crypto {
this.onLock()
}
dispose() {
this.lock()
}
assertUnlocked() {
if (this.#locked) {
throw new Error(this.i18n.error.vaultIsLocked)
throw new OPVaultError("This vault is locked", "VAULT_LOCKED")
}
}
@ -102,22 +97,22 @@ export class Crypto {
decryptItemDetails = this.#createWeakCache(async (item: EncryptedItem) => {
const cipher = await this.deriveConcreteKey(item)
const detail = await this.decryptOPData(Buffer.from(item.d, "base64"), cipher)
return JSON.parse(detail.toString("utf-8")) as ItemDetails
const detail = await this.decryptOPData(fromBase64(item.d), cipher)
return JSON.parse(utf8Slice(detail)) as ItemDetails
})
decryptItemOverview = this.#createCache(
(item: EncryptedItem) => item.o,
async (o: string) => {
const overview = await this.decryptOPData(Buffer.from(o, "base64"), this.#overview)
return JSON.parse(overview.toString("utf8")) as Overview
const overview = await this.decryptOPData(fromBase64(o), this.#overview)
return JSON.parse(utf8Slice(overview)) as Overview
}
)
deriveConcreteKey = this.#createCache(
(data: { k: string }) => data.k,
async ($k: string) => {
const k = Buffer.from($k, "base64")
const k = fromBase64($k)
const data = k.slice(0, -32)
await this.assertHMac(data, this.#master.hmac, k.slice(-32))
const derivedKey = await this.decryptData(
@ -129,7 +124,7 @@ export class Crypto {
}
)
async assertHMac(data: Buffer, key: Buffer, expected: Buffer) {
async assertHMac(data: Uint8Array, key: Uint8Array, expected: Uint8Array) {
const cryptoKey = await this.subtle.importKey(
"raw",
key,
@ -148,7 +143,7 @@ export class Crypto {
}
}
async decryptOPData(cipherText: Buffer, cipher: Cipher) {
async decryptOPData(cipherText: Uint8Array, cipher: Cipher) {
const key = cipherText.slice(0, -32)
await this.assertHMac(key, cipher.hmac, cipherText.slice(-32))
@ -157,17 +152,28 @@ export class Crypto {
return plaintext.slice(-size)
}
async decryptData(key: Buffer, iv: Buffer, data: Buffer) {
this.subtle
// return createDecipheriv("aes-256-cbc", key, iv).setAutoPadding(false).update(data)
async decryptData(key: Uint8Array, iv: Uint8Array, data: Uint8Array) {
// try {
// const algorithm = { name: "AES-CBC", length: 256, iv }
// const keyCrypto = await this.subtle.importKey("raw", key, algorithm, false, [
// "decrypt",
// ])
// console.log("hi", keyCrypto)
// const decrypted = await this.subtle.decrypt(algorithm, keyCrypto, data)
// console.log("decrypted")
// return Buffer.from(decrypted)
// // return createDecipheriv("aes-256-cbc", key, iv).setAutoPadding(false).update(data)
// } catch (e) {
// console.error(e)
return decryptData(key, iv, data)
// }
}
async decryptKeys(encryptedKey: string, derived: Cipher) {
const buffer = Buffer.from(encryptedKey, "base64")
const buffer = fromBase64(encryptedKey)
const base = await this.decryptOPData(buffer, derived)
const digest = await this.subtle.digest("SHA-512", base)
return splitPlainText(Buffer.from(digest))
return splitPlainText(new Uint8Array(digest))
}
get overview() {
@ -175,11 +181,11 @@ export class Crypto {
}
}
export const splitPlainText = (derivedKey: Buffer): Cipher => ({
export const splitPlainText = (derivedKey: Uint8Array): Cipher => ({
key: derivedKey.slice(0, 32),
hmac: derivedKey.slice(32, 64),
})
function readUint16({ buffer, byteOffset, length }: Buffer) {
function readUint16({ buffer, byteOffset, length }: Uint8Array) {
return new DataView(buffer, byteOffset, length).getUint16(0, true)
}

81
packages/opvault.js/src/decipher.ts
View File

@ -7,11 +7,12 @@
* | MIT | Crypto-js | (c) 2009-2013 Jeff Mott. |
* | MIT | browserify-aes | (c) 2014-2017 browserify-aes contributors |
*/
import { Buffer } from "buffer"
import invariant from "tiny-invariant"
import { readUInt32BE, writeUInt32BE } from "./buffer"
function bufferXor(a: Buffer, b: Buffer) {
function bufferXor(a: Uint8Array, b: Uint8Array) {
const length = Math.min(a.length, b.length)
const buffer = Buffer.alloc(length)
const buffer = new Uint8Array(length)
for (let i = 0; i < length; ++i) {
buffer[i] = a[i] ^ b[i]
@ -20,12 +21,12 @@ function bufferXor(a: Buffer, b: Buffer) {
return buffer
}
function toUInt32Array(buf: Buffer) {
function toUInt32Array(buf: Uint8Array) {
const len = (buf.length / 4) | 0
const out: number[] = new Array(len)
for (let i = 0; i < len; i++) {
out[i] = buf.readUInt32BE(i * 4)
out[i] = readUInt32BE(buf, i * 4)
}
return out
@ -177,7 +178,7 @@ class AES {
private nRounds!: number
private invKeySchedule!: number[]
constructor(key: Buffer) {
constructor(key: Uint8Array) {
this.key = toUInt32Array(key)
this.reset()
}
@ -236,7 +237,7 @@ class AES {
this.invKeySchedule = invKeySchedule
}
decryptBlock(buffer: Buffer) {
decryptBlock(buffer: Uint8Array) {
const M = toUInt32Array(buffer)
// swap
@ -246,11 +247,11 @@ class AES {
const out = cryptBlock(M, this.invKeySchedule, G.invSubMix, G.invSBox, this.nRounds)
const buf = Buffer.allocUnsafe(16)
buf.writeUInt32BE(out[0], 0)
buf.writeUInt32BE(out[3], 4)
buf.writeUInt32BE(out[2], 8)
buf.writeUInt32BE(out[1], 12)
const buf = new Uint8Array(16)
writeUInt32BE(buf, out[0], 0)
writeUInt32BE(buf, out[3], 4)
writeUInt32BE(buf, out[2], 8)
writeUInt32BE(buf, out[1], 12)
return buf
}
@ -258,44 +259,42 @@ class AES {
static keySize = 256 / 8
}
function splitter() {
let cache = Buffer.allocUnsafe(0)
return {
add(data: Buffer) {
cache = Buffer.concat([cache, data])
return this
},
get() {
if (cache.length >= 16) {
const out = cache.slice(0, 16)
cache = cache.slice(16)
return out
}
return null
},
const splitter = (data: Uint8Array) => () => {
if (data.length >= 16) {
const out = data.slice(0, 16)
data = data.slice(16)
return out
}
return null
}
// AES-256-CBC
// == createDecipheriv("aes-256-cbc", key, iv).setAutoPadding(false).update(data)
export function decryptData(key: Buffer, iv: Buffer, data: Buffer) {
if (iv.length !== 16) {
throw new TypeError(`invalid iv length ${iv.length}`)
}
if (key.length !== 32) {
throw new TypeError(`invalid key length ${key.length}`)
}
export function decryptData(key: Uint8Array, iv: Uint8Array, data: Uint8Array) {
invariant(iv.length === 16, `invalid iv length ${iv.length}`)
invariant(key.length === 32, `invalid key length ${key.length}`)
const cipher = new AES(key)
let prev = Buffer.from(iv)
const cache = splitter().add(data)
let chunk: Buffer | null
const res: Buffer[] = []
while ((chunk = cache.get())) {
let prev = iv
const readChunk = splitter(data)
let chunk: Uint8Array | null
const res: Uint8Array[] = []
let totalLength = 0
while ((chunk = readChunk())) {
const pad = prev
prev = chunk
const out = cipher.decryptBlock(chunk)
res.push(bufferXor(out, pad))
const array = bufferXor(out, pad)
res.push(array)
totalLength += array.length
}
return Buffer.concat(res)
const result = new Uint8Array(totalLength)
let offset = 0
for (const array of res) {
result.set(array, offset)
offset += array.length
}
return result
}

3
packages/opvault.js/src/ee.ts
View File

@ -9,9 +9,6 @@ export function createEventEmitter<T = void>() {
function emitter(value: T | EventListener) {
if (typeof value === "function") {
listeners.add(value as EventListener)
return () => {
listeners.delete(value as EventListener)
}
} else {
listeners.forEach(fn => fn(value))
}

8
packages/opvault.js/src/errors.ts
View File

@ -1,6 +1,10 @@
export abstract class OPVaultError extends Error {}
export class OPVaultError extends Error {
constructor(message?: string, readonly code?: string) {
super(message)
}
}
export class AssertionError extends OPVaultError {}
class AssertionError extends OPVaultError {}
export class HMACAssertionError extends AssertionError {}

49
packages/opvault.js/src/fs.ts
View File

@ -1,12 +1,12 @@
import { resolve, extname, basename } from "path"
import invariant from "tiny-invariant"
import type { IFileSystem } from "./adapter"
import type { FileSystem } from "./adapter"
import { once } from "./util"
export type OnePasswordFileManager = ReturnType<typeof OnePasswordFileManager>
export async function OnePasswordFileManager(
fs: IFileSystem,
fs: FileSystem,
path: string,
profileName: string
) {
@ -18,49 +18,48 @@ export async function OnePasswordFileManager(
const result = {
getProfile() {
return fs.readFile(abs("profile.js"))
return fs.readTextFile(abs("profile.js"))
},
getFolders() {
return fs.readFile(abs("folders.js"))
return fs.readTextFile(abs("folders.js"))
},
async getAttachments() {
const files = await fs.readdir(root)
return files
.filter(name => extname(name) === ".attachment")
.map(name => {
const sep = name.indexOf("_")
const path = resolve(root, name)
const [itemUUID, fileUUID] = [
name.slice(0, sep),
basename(name.slice(sep + 1), extname(name)),
]
return {
itemUUID,
fileUUID,
getFile: once(() => fs.readBuffer(path)),
}
})
async *getAttachments() {
for await (const { name } of fs.readDir(root)) {
if (extname(name) !== ".attachment") continue
const sep = name.indexOf("_")
const path = resolve(root, name)
const [itemUUID, fileUUID] = [
name.slice(0, sep),
basename(name.slice(sep + 1), extname(name)),
]
yield {
itemUUID,
fileUUID,
getFile: once(() => fs.readFile(path)),
}
}
},
async getBand(name: string) {
const path = abs(`band_${name}.js`)
if (await fs.exists(path)) {
return await fs.readFile(path)
return await fs.readTextFile(path)
}
},
async setProfile(profile: string) {
await fs.writeFile("profile.js", profile)
await fs.writeTextFile("profile.js", profile)
},
async setFolders(folders: string) {
await fs.writeFile("folders.js", folders)
await fs.writeTextFile("folders.js", folders)
},
async setBand(name: string, band: string) {
await fs.writeFile(`band_${name}.js`, band)
await fs.writeTextFile(`band_${name}.js`, band)
},
}
return result

25
packages/opvault.js/src/i18n/index.ts
View File

@ -1,25 +0,0 @@
import json from "./res.json"
const [locale] = Intl.DateTimeFormat().resolvedOptions().locale.split("-")
const mapValue = <T, R>(
object: Record<string, T>,
fn: (value: T, key: string) => R
): Record<string, R> => {
const res = Object.create(null)
Object.entries(object).forEach(([key, value]) => {
res[key] = fn(value, key)
})
return res
}
type json = typeof json
export type i18n = {
[K in keyof json]: {
[L in keyof json[K]]: string
}
}
export const i18n: i18n = mapValue(json, dict =>
mapValue(dict, (value: any) => value[locale] ?? value.en)
) as any

16
packages/opvault.js/src/i18n/res.json
View File

@ -1,16 +0,0 @@
{
"error": {
"invalidPassword": {
"en": "Invalid password",
"fr": "Mot de passe invalide"
},
"vaultIsLocked": {
"en": "This vault is locked",
"fr": "Ce coffre est verrouillé."
},
"cannotDecryptOverviewItem": {
"en": "Failed to decrypt overview item",
"fr": "Impossible de déchiffrer cet aperçu"
}
}
}

48
packages/opvault.js/src/index.ts
View File

@ -1,7 +1,6 @@
import { resolve } from "path"
import { Vault } from "./models/vault"
import type { IAdapter } from "./adapter"
import { asyncMap } from "./util"
import type { Adapter } from "./adapter"
export type { Vault } from "./models/vault"
export type { Item } from "./models/item"
@ -9,6 +8,8 @@ export type { Attachment, AttachmentMetadata } from "./models/attachment"
export type { ItemField, ItemSection } from "./types"
export { Category, FieldType } from "./models"
export type { Adapter as IAdapter } from "./adapter/index"
interface IOptions {
/**
* Path to `.opvault` directory
@ -18,22 +19,33 @@ interface IOptions {
/**
* Adapter used to interact with the file system and cryptography modules
*/
adapter?: IAdapter | Promise<IAdapter>
adapter: Adapter | Promise<Adapter>
}
/**
* OnePassword instance
* @example
* ```ts
* import { OnePassword } from "opvault.js"
* import { adapter } from "opvault.js/src/adapter/node"
*
* const op = new OnePassword({
* path: "/path/to/1password/vault",
* adapter,
* })
*
* const profileNames = await op.getProfileNames()
* const vault = await op.getProfile(profileNames[0])
* const item = await vault.getItemByTitle("My Login")
* ```
*/
export class OnePassword {
readonly #path: string
readonly #adapter: IAdapter | Promise<IAdapter>
readonly #adapter: Adapter | Promise<Adapter>
constructor({
path,
adapter = process.browser ? null! : require("./adapter").nodeAdapter,
}: IOptions) {
this.#adapter = adapter
this.#path = path
constructor(options: IOptions) {
this.#adapter = options.adapter
this.#path = options.path
}
/**
@ -41,17 +53,15 @@ export class OnePassword {
*/
async getProfileNames() {
const { fs } = await this.#adapter
const children = await fs.readdir(this.#path)
const profiles: string[] = []
await asyncMap(children, async child => {
const fullPath = resolve(this.#path, child)
if (
(await fs.isDirectory(fullPath)) &&
(await fs.exists(resolve(fullPath, "profile.js")))
) {
profiles.push(child)
for await (const { name, isDirectory } of fs.readDir(this.#path)) {
const fullPath = resolve(this.#path, name)
if (isDirectory && (await fs.exists(resolve(fullPath, "profile.js")))) {
profiles.push(name)
}
})
}
return profiles
}

29
packages/opvault.js/src/models/attachment.ts
View File

@ -1,6 +1,6 @@
import { Buffer } from "buffer"
import type { Crypto } from "../crypto"
import { invariant } from "../errors"
import { fromBase64, readIntLE, utf8Slice } from "../buffer"
type integer = number
@ -21,22 +21,22 @@ export interface AttachmentMetadata {
export class Attachment {
#k: string
#crypto: Crypto
#buffer: Buffer
#buffer: Uint8Array
#icon?: Buffer // png buffer
#file?: Buffer
#icon?: Uint8Array // png buffer
#file?: Uint8Array
#metadata?: AttachmentMetadata
private metadataSize: number
private iconSize: number
constructor(crypto: Crypto, k: string, buffer: Buffer) {
constructor(crypto: Crypto, k: string, buffer: Uint8Array) {
this.#buffer = buffer
this.#validate()
this.#crypto = crypto
this.#k = k
this.metadataSize = buffer.readIntLE(8, 2)
this.iconSize = buffer.readIntLE(12, 3)
this.metadataSize = readIntLE(buffer, 8, 2)
this.iconSize = readIntLE(buffer, 12, 3)
crypto.onLock(() => {
this.#lock()
@ -49,13 +49,13 @@ export class Attachment {
#validate() {
const file = this.#buffer
invariant(
file.slice(0, 6).toString("utf-8") === "OPCLDA",
utf8Slice(file.slice(0, 6)) === "OPCLDA",
"Attachment must start with OPCLDA"
)
// @TODO: Re-enable this
false &&
invariant(
file.readIntLE(7, 1) === 1,
readIntLE(file, 7, 1) === 1,
"The version for this attachment file format is not supported."
)
}
@ -86,14 +86,11 @@ export class Attachment {
cipher
)
const metadata = JSON.parse(buffer.slice(16, 16 + metadataSize).toString("utf-8"))
const metadata = JSON.parse(utf8Slice(buffer.slice(16, 16 + metadataSize)))
metadata.overview = JSON.parse(
(
await crypto.decryptOPData(
Buffer.from(metadata.overview, "base64"),
crypto.overview
)
).toString()
utf8Slice(
await crypto.decryptOPData(fromBase64(metadata.overview), crypto.overview)
)
)
this.#metadata = metadata
}

2
packages/opvault.js/src/models/item.ts
View File

@ -93,7 +93,7 @@ export class Item {
}
/** @internal */
addAttachment(buffer: Buffer) {
addAttachment(buffer: Uint8Array) {
this.attachments.push(new Attachment(this.#crypto, this.#data.k, buffer))
}
}

28
packages/opvault.js/src/models/vault.ts
View File

@ -1,7 +1,6 @@
import type { IAdapter } from "../adapter"
import { HMACAssertionError, invariant } from "../errors"
import type { Adapter } from "../adapter"
import { HMACAssertionError, OPVaultError, invariant } from "../errors"
import { OnePasswordFileManager } from "../fs"
import { i18n } from "../i18n"
import type { EncryptedItem } from "./item"
import { Crypto } from "../crypto"
import { Item } from "./item"
@ -21,7 +20,7 @@ export class Vault {
#itemsMap = new WeakValueMap<string, Item>()
#crypto: Crypto
readonly onLock = createEventEmitter<void>()
readonly #onLock = createEventEmitter<void>()
private constructor(
profile: Profile,
@ -41,8 +40,8 @@ export class Vault {
* Create a new OnePassword Vault instance and read all bands.
* @internal
*/
static async of(path: string, profileName = "default", adapter: IAdapter) {
const crypto = new Crypto(i18n, adapter)
static async of(path: string, profileName = "default", adapter: Adapter) {
const crypto = new Crypto(adapter)
const files = await OnePasswordFileManager(adapter.fs, path, profileName)
const profile = JSON.parse(
stripText(await files.getProfile(), /^var profile\s*=/, ";")
@ -66,8 +65,7 @@ export class Vault {
}
}
const attachments = await files.getAttachments()
for (const att of attachments) {
for await (const att of files.getAttachments()) {
const file = itemsMap.get(att.itemUUID)
invariant(file, `Item ${att.itemUUID} of attachment does not exist`)
file.addAttachment(await att.getFile())
@ -76,6 +74,9 @@ export class Vault {
return new Vault(profile, bands, crypto, itemsMap)
}
/**
* Returns the overview of an item given the `uuid`.
*/
getOverview(uuid: string) {
this.#crypto.assertUnlocked()
return this.#items.find(x => x.uuid === uuid)?.overview
@ -102,7 +103,7 @@ export class Vault {
await this.#crypto.unlock(this.#profile, masterPassword)
} catch (e) {
if (e instanceof HMACAssertionError) {
throw new Error(i18n.error.invalidPassword)
throw new OPVaultError("Invalid password", "INVALID_PASSWORD")
}
throw e
}
@ -114,7 +115,7 @@ export class Vault {
*/
lock() {
this.#crypto.lock()
this.onLock()
this.#onLock()
return this
}
@ -122,7 +123,14 @@ export class Vault {
return this.#crypto.locked
}
/**
* Returns the item with the given `uuid`
*/
getItem(uuid: string): Promise<Item | undefined>
/**
* Returns the first item with the given title
*/
getItem(filter: { title: string }): Promise<Item | undefined>
async getItem(filter: any) {

9
packages/web/src/electron/ipc-types.d.ts vendored
View File

@ -1,9 +1,10 @@
import type { DirEntry } from "opvault.js/src/adapter"
export interface IPC {
showDirectoryPicker(): Promise<string | undefined>
pathExists(path: string): Promise<boolean>
readdir(path: string): Promise<string[]>
readBuffer(path: string): Promise<Uint8Array>
readFile(path: string): Promise<string>
readDir(path: string): Promise<DirEntry[]>
readFile(path: string): Promise<Uint8Array>
readTextFile(path: string): Promise<string>
writeFile(path: string, data: string): Promise<void>
isDirectory(path: string): Promise<boolean>
}

19
packages/web/src/electron/ipc.ts
View File

@ -1,5 +1,7 @@
import fs, { promises } from "fs"
import { ipcMain, dialog } from "electron"
import { adapter } from "opvault.js/src/adapter/node"
import type { DirEntry } from "opvault.js/src/adapter"
import type { IPC } from "./ipc-types"
registerService({
@ -15,11 +17,11 @@ registerService({
return fs.existsSync(path)
},
async readBuffer(_, path) {
async readFile(_, path) {
return promises.readFile(path)
},
async readFile(_, path) {
async readTextFile(_, path) {
return promises.readFile(path, "utf-8")
},
@ -27,13 +29,12 @@ registerService({
await promises.writeFile(path, content)
},
async readdir(_, path) {
return promises.readdir(path)
},
async isDirectory(_, path) {
const stats = await promises.stat(path)
return stats.isDirectory()
async readDir(_, path) {
const entries: DirEntry[] = []
for await (const dirent of adapter.fs.readDir(path)) {
entries.push(dirent)
}
return entries
},
})

14
packages/web/src/utils/ipc-adapter.ts
View File

@ -1,5 +1,4 @@
import { Buffer } from "buffer"
import type { IAdapter } from "opvault.js/src/adapters"
import type { Adapter } from "opvault.js/src/adapter"
import type { IPC } from "../electron/ipc-types"
import { memoize } from "./memoize"
@ -9,14 +8,15 @@ export async function openDirectory() {
return ipc.showDirectoryPicker()
}
export const electronAdapter: IAdapter = {
export const electronAdapter: Adapter = {
fs: {
exists: path => ipc.pathExists(path),
readBuffer: path => ipc.readBuffer(path).then(Buffer.from),
readFile: path => ipc.readFile(path),
readdir: path => ipc.readdir(path),
writeFile: (path, data) => ipc.writeFile(path, data),
isDirectory: path => ipc.isDirectory(path),
readTextFile: path => ipc.readTextFile(path),
async *readDir(path) {
yield* await ipc.readDir(path)
},
writeTextFile: (path, data) => ipc.writeFile(path, data),
},
subtle: crypto.subtle,
}

3416
pnpm-lock.yaml generated
View File

File diff suppressed because it is too large Load Diff

104
test/profile.test.ts
View File

@ -1,104 +0,0 @@
import { resolve } from "path";
import { describe, it, beforeEach } from "mocha";
import { expect } from "chai";
import type { Vault } from "../packages/opvault.js/src/index";
import { OnePassword } from "../packages/opvault.js/src/index";
describe("OnePassword", () => {
const freddy = resolve(__dirname, "../freddy-2013-12-04.opvault");
describe("getProfileNames", () => {
it("freddy", async () => {
const instance = new OnePassword({ path: freddy });
expect(await instance.getProfileNames()).to.deep.equal(["default"]);
});
it.skip("ignores faulty folders", async () => {});
});
describe("unlock", () => {
let vault: Vault;
beforeEach(async () => {
vault = await new OnePassword({ path: freddy }).getProfile("default");
});
it("accepts correct password", async () => {
await expect(vault.unlock("freddy")).to.be.fulfilled;
expect(vault.isLocked).to.be.false;
});
it("rejects wrong password", () => {
["Freddy", "_freddy", ""].forEach(async (password) => {
await expect(vault.unlock(password)).to.be.rejectedWith(
"Invalid password"
);
expect(vault.isLocked).to.be.true;
});
});
});
describe("content", () => {
let vault: Vault;
beforeEach(async () => {
vault = await new OnePassword({ path: freddy }).getProfile("default");
await vault.unlock("freddy");
});
it("reads notes", async () => {
const item = (await vault.getItem({
title: "A note with some attachments",
}))!;
expect(item).to.exist;
expect(item.uuid).to.equal("F2DB5DA3FCA64372A751E0E85C67A538");
expect(item.attachments).to.have.lengthOf(2);
expect(item.details).to.deep.equal({
notesPlain: "This note has two attachments.",
});
expect(item.overview).to.deep.equal({
title: "A note with some attachments",
ps: 0,
ainfo: "This note has two attachments.",
});
});
it("decrypts items", async () => {
const decrypted = require("./decrypted.json");
expect(vault.isLocked).to.be.false;
for (const [uuid, item] of Object.entries<any>(decrypted)) {
const actual = await vault.getItem(uuid);
expect(actual).to.exist;
expect(actual!.overview).to.deep.equal(item.overview);
expect(actual!.details).to.deep.equal(item.itemDetails);
expect(actual!.attachments).to.have.lengthOf(item.attachments.length);
for (const [i, attachment] of actual!.attachments.entries()) {
const expected = item.attachments[i];
await attachment.unlock();
expect(attachment.metadata).to.deep.equal(expected.metadata);
expect(attachment.file.toString("base64")).to.deep.equal(
expected.file
);
expect(attachment.icon.toString("base64")).to.deep.equal(
expected.icon
);
}
}
});
});
describe("lock", () => {
it("locks", async () => {
const instance = new OnePassword({ path: freddy });
const vault = await instance.getProfile("default");
await vault.unlock("freddy");
expect(vault.isLocked).to.be.false;
vault.lock();
expect(vault.isLocked).to.be.true;
expect(vault.getItem("F2DB5DA3FCA64372A751E0E85C67A538")).to.eventually
.throw;
});
});
});

43
test/weakMap.test.ts
View File

@ -1,43 +0,0 @@
import { describe, it } from "mocha";
import { expect } from "chai";
import { WeakValueMap } from "../packages/opvault.js/src/weakMap";
declare const gc: () => void;
describe("WeakValueMap", () => {
interface Value {
value: number;
}
it("covers base use cases", () => {
const map = new WeakValueMap<string, Value>();
const object = { value: 1 };
map.set("key", object);
expect(map.get("key")!.value).to.equal(1);
expect(map.delete("key")).to.be.true;
expect(!map.delete("key")).to.be.true;
});
it("overrides previous value", () => {
const map = new WeakValueMap<string, Value>();
map.set("key", { value: 2 });
map.set("key", { value: 3 });
expect(map.get("key")!.value).to.equal(3);
});
it("deletes garbage collected values", (done) => {
const map = new WeakValueMap<string, Value>();
map.set("key", { value: 1 });
setTimeout(() => {
gc();
expect(map.has("key")).to.be.false;
map.set("key", { value: 2 });
setTimeout(() => {
gc();
done();
});
});
});
});