Merge pull request #223 from mStirner/dev

Working towards v2

Author: mStirner

.eslintrc.json

@@ -10,7 +10,8 @@
     "ignorePatterns": [
         "node_modules",
         "logs",
-        "plugins/*"
+        "plugins/*",
+        "dist"
     ],
     "extends": [
         "eslint:recommended"

.github/workflows/node-js.yml

@@ -27,7 +27,7 @@ jobs:
         strategy:
             matrix:
                 os: [ubuntu-latest]
-                node-version: [16.x, 17.x]           # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
+                node-version: [16.x, 17.x, 18.x]           # See supported Node.js release schedule at https://nodejs.org/en/about/releases/
                 mongodb-version: ["4.2", "4.4", "5.0"]
 
         steps:

Gruntfile.js

@@ -44,7 +44,7 @@ module.exports = function (grunt) {
         run: {
             install: {
                 options: {
-                    cwd: "./dist"
+                    cwd: path.join(process.cwd(), "dist")
                 },
                 cmd: "npm",
                 args: [
@@ -64,6 +64,12 @@ module.exports = function (grunt) {
             },
             folder: {
                 exec: "mkdir ./dist/logs && mkdir ./dist/plugins"
+            },
+            "scripts-mock": {
+                exec: "mkdir ./dist/scripts && echo 'exit 0' > ./dist/scripts/post-install.sh && chmod +x ./dist/scripts/post-install.sh"
+            },
+            "scripts-cleanup": {
+                exec: "rm ./dist/scripts/post-install.sh && rmdir ./dist/scripts"
             }
         },
         compress: {
@@ -99,7 +105,9 @@ module.exports = function (grunt) {
     // install npm dependencies
     grunt.registerTask("install", [
         "env:prod",
+        "run:scripts-mock",
         "run:install",
+        "run:scripts-cleanup"
     ]);
 
     grunt.registerTask("bundle", [

components/endpoints/class.command.js

@@ -19,13 +19,13 @@ const { interfaces } = require("../../system/shared.js");
  * @property {String} alias Machine friendly name, e.g.: `POWER_ON`
  * @property {String} [identifier=null] Simple/custom identifiert for custom command handler
  * @property {String} payload The payload to send over the device interface
- * @property {String} [description=""] Command description, displayed on the frontend
+ * @property {String} [description=null] Command description, displayed on the frontend
  * @property {Array} params Possible parameter for the command
  * @property {String} params[].key Custom key
- * @property {Any} params[].value Value to set
- * @property {String} params[].default Default thing if nothing is send from client
- * @property {String} params[].min Min value if param type is a number
- * @property {String} params[].max Max value if param type is a number
+ * @property {String} params[].type Type of value: "string", "number" or "boolean"
+ * @property {String|Number|Boolean} params[].value Value to set
+ * @property {Number} [params[].min=0] Min value if param type is a number (`type=number`)
+ * @property {Number} [params[].max=100] Max value if param type is a number (`type=number`)
  * 
  * @example 
  * ```json
@@ -223,13 +223,29 @@ module.exports = class Command {
             identifier: Joi.string().allow(null).default(null),   // NOTE: move to endpoint schema?               // Thing api provides you, like light id or some custom thing for you
             payload: Joi.string().allow(null).default(null),
             description: Joi.string().allow(null).default(null),
-            params: Joi.array().items({
-                key: Joi.string().required(),
-                value: Joi.any(),
-                default: Joi.string(),
-                min: Joi.number(),
-                max: Joi.number()
-            })
+            params: Joi.array().items(Joi.object({
+                type: Joi.string().valid("number", "string", "boolean").required(),
+                key: Joi.string().required()
+            }).when(".type", {
+                switch: [{
+                    is: "number",
+                    then: Joi.object({
+                        value: Joi.number().default(null).allow(null),
+                        min: Joi.number().default(0),
+                        max: Joi.number().default(100)
+                    })
+                }, {
+                    is: "string",
+                    then: Joi.object({
+                        value: Joi.string().default(null).allow(null)
+                    })
+                }, {
+                    is: "boolean",
+                    then: Joi.object({
+                        value: Joi.boolean().default(null).allow(null)
+                    })
+                }]
+            }))
         });
     }
 

components/plugins/index.js

@@ -44,7 +44,7 @@ class C_PLUGINS extends COMPONENT {
             //runlevel: Joi.number().min(0).max(2).default(0),
             autostart: Joi.boolean().default(true),
             enabled: Joi.boolean().default(true),
-            intents: Joi.array().items("devices", "endpoints", "plugins", "rooms", "ssdp", "store", "users", "vault",).required()
+            intents: Joi.array().items("devices", "endpoints", "plugins", "rooms", "ssdp", "store", "users", "vault").required()
         }, module);
 
         this.hooks.post("add", (data, next) => {

components/vault/class.secret.js

@@ -1,7 +1,9 @@
-const crypto = require("crypto");
 const mongodb = require("mongodb");
 const Joi = require("joi");
 
+const encrypt = require("./encrypt.js");
+const decrypt = require("./decrypt.js");
+
 // https://stackoverflow.com/a/53573115/5781499
 // https://www.tutorialspoint.com/encrypt-and-decrypt-data-in-nodejs
 // https://stackoverflow.com/q/70093261/5781499
@@ -31,6 +33,11 @@ class Secret {
         Object.defineProperty(this, "value", {
             set(value) {
 
+                // check if value is allready encrypted
+                if (value?.split(":")?.length === 1) {
+                    value = encrypt(value);
+                }
+
                 // ignore usless set
                 // related to #219
                 if (value == obj.value) {
@@ -45,6 +52,7 @@ class Secret {
             get() {
                 return obj.value;
             },
+            // NOTE: Make value field not enumarble?
             configurable: false
         });
 
@@ -80,20 +88,7 @@ class Secret {
      * @returns {String} Ecnrypted string
      */
     encrypt(text) {
-
-        let iv = crypto.randomBytes(Number(process.env.VAULT_IV_BYTE_LEN));
-        let salt = crypto.randomBytes(Number(process.env.VAULT_SALT_BYTE_LEN));
-        let key = crypto.scryptSync(process.env.VAULT_MASTER_PASSWORD, salt, Number(process.env.VAULT_KEY_BYTE_LEN));
-
-        let cipher = crypto.createCipheriv(process.env.VAULT_BLOCK_CIPHER, key, iv, {
-            authTagLength: Number(process.env.VAULT_AUTH_TAG_BYTE_LEN)
-        });
-
-        let encrypted = cipher.update(text, "utf8", "hex");
-        encrypted += cipher.final("hex");
-
-        return this.value = `${iv.toString("hex")}:${salt.toString("hex")}:${encrypted}`;
-
+        this.value = encrypt(text);
     }
 
 
@@ -104,21 +99,7 @@ class Secret {
      * @returns {String} Decrypted string
      */
     decrypt() {
-
-        let [ivs, salts, data] = this.value.split(":");
-        let iv = Buffer.from(ivs, "hex");
-        let salt = Buffer.from(salts, "hex");
-        let key = crypto.scryptSync(process.env.VAULT_MASTER_PASSWORD, salt, Number(process.env.VAULT_KEY_BYTE_LEN));
-
-        let decipher = crypto.createDecipheriv(process.env.VAULT_BLOCK_CIPHER, key, iv, {
-            authTagLength: Number(process.env.VAULT_AUTH_TAG_BYTE_LEN)
-        });
-
-        let decrypted = decipher.update(data, "hex", "utf8");
-        decrypted += decipher.final("utf8");
-
-        return decrypted.toString();
-
+        return decrypt(this.value);
     }
 
 }

components/vault/decrypt.js

@@ -0,0 +1,30 @@
+const crypto = require("crypto");
+
+/**
+ * @function decrypt
+ * Interal function that handels the decryption
+ * 
+ * @internal
+ * 
+ * @param {String} value Encrypted string
+ * @returns {String} Decrypted string
+ */
+function decrypt(value) {
+
+    let [ivs, salts, data] = value.split(":");
+    let iv = Buffer.from(ivs, "hex");
+    let salt = Buffer.from(salts, "hex");
+    let key = crypto.scryptSync(process.env.VAULT_MASTER_PASSWORD, salt, Number(process.env.VAULT_KEY_BYTE_LEN));
+
+    let decipher = crypto.createDecipheriv(process.env.VAULT_BLOCK_CIPHER, key, iv, {
+        authTagLength: Number(process.env.VAULT_AUTH_TAG_BYTE_LEN)
+    });
+
+    let decrypted = decipher.update(data, "hex", "utf8");
+    decrypted += decipher.final("utf8");
+
+    return decrypted.toString();
+
+}
+
+module.exports = decrypt;

components/vault/encrypt.js

@@ -0,0 +1,29 @@
+const crypto = require("crypto");
+
+/**
+ * @function encrypt
+ * Interal function that handels the encrpytion
+ * 
+ * @internal
+ * 
+ * @param {String} value Vanilla string
+ * @returns {String} Encrypted string
+ */
+function encrypt(text) {
+
+    let iv = crypto.randomBytes(Number(process.env.VAULT_IV_BYTE_LEN));
+    let salt = crypto.randomBytes(Number(process.env.VAULT_SALT_BYTE_LEN));
+    let key = crypto.scryptSync(process.env.VAULT_MASTER_PASSWORD, salt, Number(process.env.VAULT_KEY_BYTE_LEN));
+
+    let cipher = crypto.createCipheriv(process.env.VAULT_BLOCK_CIPHER, key, iv, {
+        authTagLength: Number(process.env.VAULT_AUTH_TAG_BYTE_LEN)
+    });
+
+    let encrypted = cipher.update(text, "utf8", "hex");
+    encrypted += cipher.final("hex");
+
+    return `${iv.toString("hex")}:${salt.toString("hex")}:${encrypted}`;
+
+}
+
+module.exports = encrypt;

components/vault/index.js

@@ -8,6 +8,8 @@ const COMPONENT = require("../../system/component/class.component.js");
 const Vault = require("./class.vault.js");
 const Secret = require("./class.secret.js");
 
+const encrypt = require("./encrypt.js");
+
 /**
  * @description
  * Vault component to handle secrets, credentials & tokens.<br />
@@ -42,10 +44,54 @@ class C_VAULT extends COMPONENT {
             secrets: Joi.array().items(Secret.schema()).default([])
         }, module);
 
+        this.hooks.pre("add", (data, next) => {
+            try {
+
+                if (data?.secrets) {
+                    data.secrets = data.secrets.map((secret) => {
+
+                        if (secret.value) {
+                            secret.value = encrypt(secret.value);
+                        }
+
+                        return secret;
+
+                    });
+                }
+
+                next(null);
+
+            } catch (err) {
+                next(err);
+            }
+        });
+
         this.hooks.post("add", (data, next) => {
             next(null, new Vault(data, this));
         });
 
+        /*
+        // investigation of #208
+        this.hooks.post("update", (data, next) => {
+
+            console.log("update post:", data);
+
+            let valid = data.secrets.every((secret) => {
+                return secret instanceof Secret;
+            });
+
+            console.log("Secrets instances valid:", valid, data.secrets)
+
+            if (!valid) {
+                //_merge(item, new Vault(data, this));
+                //Object.assign(data, new Vault(data, this));
+            }
+
+            next(null);
+
+        });
+        */
+
     }
 
 }

system/component/class.component.js

@@ -162,7 +162,7 @@ module.exports = class COMPONENT extends COMMON {
 
                         // trigger update event
                         // TODO trigger update event, so changes can be detect via websockets /events API?
-                        this.events.emit("update", [target]);
+                        this.events.emit("update", target);
 
                     } else if (event.operationType === "update") {
 
@@ -211,7 +211,7 @@ module.exports = class COMPONENT extends COMMON {
 
                             // trigger update event
                             // TODO trigger update event, so changes can be detect via websockets /events API?
-                            this.events.emit("update", [target]);
+                            this.events.emit("update", target);
 
                         });