Add server side generation to publish

signalhub · May 5, 2024 · 624b69c · 624b69c
1 parent 3a72c4b
commit 624b69c
Show file tree

Hide file tree

Showing 6 changed files with 73 additions and 25 deletions.
diff --git a/.gitignore b/.gitignore
@@ -38,4 +38,5 @@ testem.log
 .DS_Store
 Thumbs.db
 
-.nx/cache
+.nx/cache
+/src/.env
diff --git a/nx.json b/nx.json
@@ -18,7 +18,7 @@
       "inputs": ["production", "^production"]
     },
     "@nx/vite:test": {
-      "cache": true,
+      "cache": false,
       "inputs": ["default", "^production"]
     }
   },

diff --git a/package.json b/package.json
@@ -4,7 +4,8 @@
   "license": "MIT",
   "scripts": {
     "build": "nx build",
-    "test": "nx test"
+    "test": "nx test",
+    "generate-key": "cd src/utils && node generate-key.js --secret \"my-secret-key\" --output \"/Users/anton.zaloev/projects/signalhub/tokenized-auth/src/.env\""
   },
   "dependencies": {
     "tslib": "^2.3.0"

diff --git a/project.json b/project.json
@@ -14,7 +14,7 @@
         "outputPath": "dist/tokenized-auth",
         "main": "./src/index.ts",
         "tsConfig": "./tsconfig.lib.json",
-        "assets": ["*.md"]
+        "assets": ["*.md", "src/utils/generate-key.js"]
       }
     },
     "lint": {

diff --git a/src/utils/generate-key.js b/src/utils/generate-key.js
@@ -0,0 +1,67 @@
+const crypto = require('crypto').webcrypto;
+const fs = require('fs');
+const path = require('path');
+
+const generateEncryptionSecretKey = async (secret, salt) => {
+  const encoder = new TextEncoder();
+  const secretKey = await crypto.subtle.importKey(
+    'raw',
+    encoder.encode(secret),
+    { name: 'PBKDF2' },
+    false,
+    ['deriveKey']
+  );
+
+  return await crypto.subtle.deriveKey(
+    {
+      name: 'PBKDF2',
+      salt: salt,
+      iterations: 100000,
+      hash: 'SHA-256',
+    },
+    secretKey,
+    { name: 'AES-GCM', length: 256 },
+    true,
+    ['encrypt', 'decrypt']
+  );
+};
+
+const encryptSecretKey = async (secret, salt) => {
+  const key = await generateEncryptionSecretKey(secret, salt);
+  const exportedKey = await crypto.subtle.exportKey('raw', key);
+  const exportedKeyBuffer = Buffer.from(exportedKey);
+  return exportedKeyBuffer.toString('base64');
+};
+
+const generateEnvFile = async (secret, envFilePath) => {
+  const salt = crypto.getRandomValues(new Uint8Array(16));
+
+  const encryptionKey = await encryptSecretKey(secret, salt);
+
+  const envContent = `ENCRYPTION_KEY=${encryptionKey}\n`;
+
+  fs.writeFileSync(envFilePath, envContent);
+  console.log(`Encryption key generated and saved to ${envFilePath}.`);
+};
+
+const getArgFromArgs = (argName) => {
+  const argIndex = process.argv.indexOf(argName);
+  if (argIndex !== -1 && argIndex + 1 < process.argv.length) {
+    return process.argv[argIndex + 1];
+  }
+  return null;
+};
+
+const secret = getArgFromArgs('--secret');
+const envFilePath = getArgFromArgs('--output') || '.env';
+
+if (secret) {
+  generateEnvFile(secret, path.resolve(envFilePath)).then();
+} else {
+  console.error('Please provide a secret key using the --secret argument.');
+  process.exit(1);
+}
+
+module.exports = {
+  generateEnvFile,
+};
diff --git a/src/utils/generateKey.js b/src/utils/generateKey.js