bitwarden-browser/src/services/nodeEnvSecureStorage.service.ts

import { CryptoService } from 'jslib/abstractions/crypto.service';
import { LogService } from 'jslib/abstractions/log.service';
import { StorageService } from 'jslib/abstractions/storage.service';
import { SymmetricCryptoKey } from 'jslib/models/domain/symmetricCryptoKey';

import { Utils } from 'jslib/misc/utils';

export class NodeEnvSecureStorageService implements StorageService {
    constructor(private storageService: StorageService, private logService: LogService,
        private cryptoService: () => CryptoService) { }

    async get<T>(key: string): Promise<T> {
        const value = await this.storageService.get<string>(this.makeProtectedStorageKey(key));
        if (value == null) {
            return null;
        }
        const obj = await this.decrypt(value);
        return obj as any;
    }

    async save(key: string, obj: any): Promise<any> {
        if (typeof (obj) !== 'string') {
            throw new Error('Only string storage is allowed.');
        }
        const protectedObj = await this.encrypt(obj);
        await this.storageService.save(this.makeProtectedStorageKey(key), protectedObj);
    }

    remove(key: string): Promise<any> {
        return this.storageService.remove(this.makeProtectedStorageKey(key));
    }

    private async encrypt(plainValue: string): Promise<string> {
        const sessionKey = this.getSessionKey();
        if (sessionKey == null) {
            throw new Error('No session key available.');
        }
        const encValue = await this.cryptoService().encryptToBytes(
            Utils.fromB64ToArray(plainValue).buffer, sessionKey);
        if (encValue == null) {
            throw new Error('Value didn\'t encrypt.');
        }

        return Utils.fromBufferToB64(encValue.buffer);
    }

    private async decrypt(encValue: string): Promise<string> {
        try {
            const sessionKey = this.getSessionKey();
            if (sessionKey == null) {
                return null;
            }

            const decValue = await this.cryptoService().decryptFromBytes(
                Utils.fromB64ToArray(encValue).buffer, sessionKey);
            if (decValue == null) {
                this.logService.info('Failed to decrypt.');
                return null;
            }

            return Utils.fromBufferToB64(decValue);
        } catch (e) {
            this.logService.info('Decrypt error.');
            return null;
        }
    }

    private getSessionKey() {
        try {
            if (process.env.BW_SESSION != null) {
                const sessionBuffer = Utils.fromB64ToArray(process.env.BW_SESSION).buffer;
                if (sessionBuffer != null) {
                    const sessionKey = new SymmetricCryptoKey(sessionBuffer);
                    if (sessionBuffer != null) {
                        return sessionKey;
                    }
                }
            }
        } catch (e) {
            this.logService.info('Session key is invalid.');
        }

        return null;
    }

    private makeProtectedStorageKey(key: string) {
        return '__PROTECTED__' + key;
    }
}
secure storage with env session key 2018-05-16 03:11:58 +02:00			`import { CryptoService } from 'jslib/abstractions/crypto.service';`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`import { LogService } from 'jslib/abstractions/log.service';`
secure storage with env session key 2018-05-16 03:11:58 +02:00			`import { StorageService } from 'jslib/abstractions/storage.service';`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`import { SymmetricCryptoKey } from 'jslib/models/domain/symmetricCryptoKey';`
secure storage with env session key 2018-05-16 03:11:58 +02:00
			`import { Utils } from 'jslib/misc/utils';`

			`export class NodeEnvSecureStorageService implements StorageService {`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`constructor(private storageService: StorageService, private logService: LogService,`
			`private cryptoService: () => CryptoService) { }`
secure storage with env session key 2018-05-16 03:11:58 +02:00
			`async get<T>(key: string): Promise<T> {`
			`const value = await this.storageService.get<string>(this.makeProtectedStorageKey(key));`
			`if (value == null) {`
			`return null;`
			`}`
			`const obj = await this.decrypt(value);`
			`return obj as any;`
			`}`

			`async save(key: string, obj: any): Promise<any> {`
			`if (typeof (obj) !== 'string') {`
			`throw new Error('Only string storage is allowed.');`
			`}`
			`const protectedObj = await this.encrypt(obj);`
			`await this.storageService.save(this.makeProtectedStorageKey(key), protectedObj);`
			`}`

			`remove(key: string): Promise<any> {`
			`return this.storageService.remove(this.makeProtectedStorageKey(key));`
			`}`

			`private async encrypt(plainValue: string): Promise<string> {`
			`const sessionKey = this.getSessionKey();`
			`if (sessionKey == null) {`
			`throw new Error('No session key available.');`
			`}`
			`const encValue = await this.cryptoService().encryptToBytes(`
			`Utils.fromB64ToArray(plainValue).buffer, sessionKey);`
			`if (encValue == null) {`
			`throw new Error('Value didn\'t encrypt.');`
			`}`

Update jslib (#288) * Update jslib * Convert NodeSecureStorage CipherArrayBuffer to string 2021-04-14 18:44:57 +02:00			`return Utils.fromBufferToB64(encValue.buffer);`
secure storage with env session key 2018-05-16 03:11:58 +02:00			`}`

			`private async decrypt(encValue: string): Promise<string> {`
			`try {`
			`const sessionKey = this.getSessionKey();`
			`if (sessionKey == null) {`
			`return null;`
			`}`

			`const decValue = await this.cryptoService().decryptFromBytes(`
			`Utils.fromB64ToArray(encValue).buffer, sessionKey);`
			`if (decValue == null) {`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`this.logService.info('Failed to decrypt.');`
secure storage with env session key 2018-05-16 03:11:58 +02:00			`return null;`
			`}`

			`return Utils.fromBufferToB64(decValue);`
			`} catch (e) {`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`this.logService.info('Decrypt error.');`
secure storage with env session key 2018-05-16 03:11:58 +02:00			`return null;`
			`}`
			`}`

			`private getSessionKey() {`
			`try {`
			`if (process.env.BW_SESSION != null) {`
			`const sessionBuffer = Utils.fromB64ToArray(process.env.BW_SESSION).buffer;`
			`if (sessionBuffer != null) {`
			`const sessionKey = new SymmetricCryptoKey(sessionBuffer);`
			`if (sessionBuffer != null) {`
			`return sessionKey;`
			`}`
			`}`
			`}`
			`} catch (e) {`
Response option outputs only json on stdout (#197) * Use logService for console logging * jslib signature updates * Use most specific import path * Include new jslib dependency * Update jslib Co-authored-by: Matt Gibson <mdgibson@Matts-MBP.lan> 2020-12-14 18:29:17 +01:00			`this.logService.info('Session key is invalid.');`
secure storage with env session key 2018-05-16 03:11:58 +02:00			`}`

			`return null;`
			`}`

			`private makeProtectedStorageKey(key: string) {`
			`return '__PROTECTED__' + key;`
			`}`
			`}`