ab6d83160325dfda42e1f6dbab6a4df6aabe54dd24b6717e72cafd95543b88a6.json raw
1 {"ast":null,"code":"import _asyncToGenerator from \"/home/mleku/src/orly.dev/next/signer/node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js\";\nimport { CryptoHelper, generateSalt, generateIV, deriveKeyArgon2 } from '@common';\nimport { Buffer } from 'buffer';\nimport { decryptCashuMints, encryptCashuMint } from './cashu';\nimport { decryptIdentities, encryptIdentity } from './identity';\nimport { decryptNwcConnections, encryptNwcConnection } from './nwc';\nimport { decryptPermissions } from './permission';\nimport { decryptRelays, encryptRelay } from './relay';\nexport const createNewVault = /*#__PURE__*/function () {\n var _ref = _asyncToGenerator(function* (password) {\n this.assureIsInitialized();\n const vaultHash = yield CryptoHelper.hash(password);\n // v2: Generate random salt and derive key with Argon2id\n const salt = generateSalt();\n const iv = generateIV();\n const saltBytes = Buffer.from(salt, 'base64');\n const keyBytes = yield deriveKeyArgon2(password, saltBytes);\n const vaultKey = Buffer.from(keyBytes).toString('base64');\n const sessionData = {\n iv,\n salt,\n vaultKey,\n // v2: Store pre-derived key instead of password\n identities: [],\n permissions: [],\n relays: [],\n nwcConnections: [],\n cashuMints: [],\n selectedIdentityId: null\n };\n yield this.getBrowserSessionHandler().saveFullData(sessionData);\n this.getBrowserSessionHandler().setFullData(sessionData);\n const syncData = {\n version: this.latestVersion,\n salt,\n // v2: Random salt for Argon2id\n iv,\n vaultHash,\n identities: [],\n permissions: [],\n relays: [],\n nwcConnections: [],\n cashuMints: [],\n selectedIdentityId: null\n };\n yield this.getBrowserSyncHandler().saveAndSetFullData(syncData);\n });\n return function createNewVault(_x) {\n return _ref.apply(this, arguments);\n };\n}();\nexport const unlockVault = /*#__PURE__*/function () {\n var _ref2 = _asyncToGenerator(function* (password) {\n this.assureIsInitialized();\n // console.log('[vault] Starting unlock...');\n let browserSessionData = this.getBrowserSessionHandler().browserSessionData;\n if (browserSessionData) {\n throw new Error('Browser session data is available. Should only happen when the vault is unlocked');\n }\n const browserSyncData = this.getBrowserSyncHandler().browserSyncData;\n if (!browserSyncData) {\n throw new Error('Browser sync data is not available. Should have been loaded before.');\n }\n // console.log('[vault] Checking password hash...');\n const passwordHash = yield CryptoHelper.hash(password);\n if (passwordHash !== browserSyncData.vaultHash) {\n throw new Error('Invalid password.');\n }\n // console.log('[vault] Password hash verified');\n // Detect vault version\n const isV2 = !!browserSyncData.salt;\n // console.log('[vault] Vault version:', isV2 ? 'v2' : 'v1');\n let withLockedVault;\n let vaultKey;\n let vaultPassword;\n if (isV2) {\n // v2: Derive key with Argon2id (~3 seconds)\n // console.log('[vault] Deriving key with Argon2id...');\n const saltBytes = Buffer.from(browserSyncData.salt, 'base64');\n const keyBytes = yield deriveKeyArgon2(password, saltBytes);\n // console.log('[vault] Key derived, length:', keyBytes.length);\n vaultKey = Buffer.from(keyBytes).toString('base64');\n withLockedVault = {\n iv: browserSyncData.iv,\n keyBase64: vaultKey\n };\n } else {\n // v1: Use password with PBKDF2\n vaultPassword = password;\n withLockedVault = {\n iv: browserSyncData.iv,\n password\n };\n }\n // Decrypt the data\n // console.log('[vault] Decrypting identities...');\n const decryptedIdentities = yield decryptIdentities.call(this, browserSyncData.identities, withLockedVault);\n // console.log('[vault] Decrypted', decryptedIdentities.length, 'identities');\n // console.log('[vault] Decrypting permissions...');\n const decryptedPermissions = yield decryptPermissions.call(this, browserSyncData.permissions, withLockedVault);\n // console.log('[vault] Decrypted', decryptedPermissions.length, 'permissions');\n // console.log('[vault] Decrypting relays...');\n const decryptedRelays = yield decryptRelays.call(this, browserSyncData.relays, withLockedVault);\n // console.log('[vault] Decrypted', decryptedRelays.length, 'relays');\n // console.log('[vault] Decrypting NWC connections...');\n const decryptedNwcConnections = yield decryptNwcConnections.call(this, browserSyncData.nwcConnections ?? [], withLockedVault);\n // console.log('[vault] Decrypted', decryptedNwcConnections.length, 'NWC connections');\n // console.log('[vault] Decrypting Cashu mints...');\n const decryptedCashuMints = yield decryptCashuMints.call(this, browserSyncData.cashuMints ?? [], withLockedVault);\n // console.log('[vault] Decrypted', decryptedCashuMints.length, 'Cashu mints');\n // console.log('[vault] Decrypting selectedIdentityId...');\n let decryptedSelectedIdentityId = null;\n if (browserSyncData.selectedIdentityId !== null) {\n if (isV2) {\n decryptedSelectedIdentityId = yield this.decryptWithLockedVaultV2(browserSyncData.selectedIdentityId, 'string', browserSyncData.iv, vaultKey);\n } else {\n decryptedSelectedIdentityId = yield this.decryptWithLockedVault(browserSyncData.selectedIdentityId, 'string', browserSyncData.iv, password);\n }\n }\n // console.log('[vault] selectedIdentityId:', decryptedSelectedIdentityId);\n browserSessionData = {\n vaultPassword: isV2 ? undefined : vaultPassword,\n vaultKey: isV2 ? vaultKey : undefined,\n iv: browserSyncData.iv,\n salt: browserSyncData.salt,\n permissions: decryptedPermissions,\n identities: decryptedIdentities,\n selectedIdentityId: decryptedSelectedIdentityId,\n relays: decryptedRelays,\n nwcConnections: decryptedNwcConnections,\n cashuMints: decryptedCashuMints\n };\n // console.log('[vault] Saving session data...');\n yield this.getBrowserSessionHandler().saveFullData(browserSessionData);\n this.getBrowserSessionHandler().setFullData(browserSessionData);\n // console.log('[vault] Session data saved');\n // Auto-migrate v1 to v2 after successful unlock\n if (!isV2) {\n // console.log('[vault] Migrating v1 to v2...');\n yield migrateVaultV1ToV2.call(this, password);\n // console.log('[vault] Migration complete');\n }\n // console.log('[vault] Unlock complete!');\n });\n return function unlockVault(_x2) {\n return _ref2.apply(this, arguments);\n };\n}();\n/**\n * Migrate a v1 vault (PBKDF2) to v2 (Argon2id)\n * Called automatically after successful v1 unlock\n */\nfunction migrateVaultV1ToV2(_x3) {\n return _migrateVaultV1ToV.apply(this, arguments);\n}\nfunction _migrateVaultV1ToV() {\n _migrateVaultV1ToV = _asyncToGenerator(function* (password) {\n const browserSyncData = this.getBrowserSyncHandler().browserSyncData;\n const browserSessionData = this.getBrowserSessionHandler().browserSessionData;\n if (!browserSyncData || !browserSessionData) {\n throw new Error('Cannot migrate: data not available');\n }\n // Generate new salt and derive Argon2id key\n const newSalt = generateSalt();\n const newIv = generateIV();\n const saltBytes = Buffer.from(newSalt, 'base64');\n const keyBytes = yield deriveKeyArgon2(password, saltBytes);\n const vaultKey = Buffer.from(keyBytes).toString('base64');\n // Update session data with new v2 credentials\n browserSessionData.salt = newSalt;\n browserSessionData.iv = newIv;\n browserSessionData.vaultKey = vaultKey;\n browserSessionData.vaultPassword = undefined; // Remove v1 password\n // Re-encrypt all data with new v2 key\n const encryptedIdentities = [];\n for (const identity of browserSessionData.identities) {\n const encrypted = yield encryptIdentity.call(this, identity);\n encryptedIdentities.push(encrypted);\n }\n const encryptedRelays = [];\n for (const relay of browserSessionData.relays) {\n const encrypted = yield encryptRelay.call(this, relay);\n encryptedRelays.push(encrypted);\n }\n // For permissions, we need to re-encrypt them too\n const encryptedPermissions = [];\n for (const permission of browserSessionData.permissions) {\n const encryptedPermission = {\n id: yield this.encrypt(permission.id),\n identityId: yield this.encrypt(permission.identityId),\n host: yield this.encrypt(permission.host),\n method: yield this.encrypt(permission.method),\n methodPolicy: yield this.encrypt(permission.methodPolicy),\n kind: permission.kind !== undefined ? yield this.encrypt(permission.kind.toString()) : undefined\n };\n encryptedPermissions.push(encryptedPermission);\n }\n // Re-encrypt NWC connections\n const encryptedNwcConnections = [];\n for (const nwcConnection of browserSessionData.nwcConnections ?? []) {\n const encrypted = yield encryptNwcConnection.call(this, nwcConnection);\n encryptedNwcConnections.push(encrypted);\n }\n // Re-encrypt Cashu mints\n const encryptedCashuMints = [];\n for (const cashuMint of browserSessionData.cashuMints ?? []) {\n const encrypted = yield encryptCashuMint.call(this, cashuMint);\n encryptedCashuMints.push(encrypted);\n }\n const encryptedSelectedIdentityId = browserSessionData.selectedIdentityId ? yield this.encrypt(browserSessionData.selectedIdentityId) : null;\n // Update sync data with v2 format\n const migratedSyncData = {\n version: this.latestVersion,\n salt: newSalt,\n iv: newIv,\n vaultHash: browserSyncData.vaultHash,\n // Keep same password hash\n identities: encryptedIdentities,\n permissions: encryptedPermissions,\n relays: encryptedRelays,\n nwcConnections: encryptedNwcConnections,\n cashuMints: encryptedCashuMints,\n selectedIdentityId: encryptedSelectedIdentityId\n };\n // Save migrated data\n yield this.getBrowserSyncHandler().saveAndSetFullData(migratedSyncData);\n yield this.getBrowserSessionHandler().saveFullData(browserSessionData);\n console.log('Vault migrated from v1 (PBKDF2) to v2 (Argon2id)');\n });\n return _migrateVaultV1ToV.apply(this, arguments);\n}\nexport const changePassword = /*#__PURE__*/function () {\n var _ref3 = _asyncToGenerator(function* (newPassword) {\n this.assureIsInitialized();\n const browserSyncData = this.getBrowserSyncHandler().browserSyncData;\n const browserSessionData = this.getBrowserSessionHandler().browserSessionData;\n if (!browserSyncData || !browserSessionData) {\n throw new Error('Vault must be unlocked to change password');\n }\n const newVaultHash = yield CryptoHelper.hash(newPassword);\n const newSalt = generateSalt();\n const newIv = generateIV();\n const saltBytes = Buffer.from(newSalt, 'base64');\n const keyBytes = yield deriveKeyArgon2(newPassword, saltBytes);\n const vaultKey = Buffer.from(keyBytes).toString('base64');\n // Update session with new credentials so encrypt() uses them\n browserSessionData.salt = newSalt;\n browserSessionData.iv = newIv;\n browserSessionData.vaultKey = vaultKey;\n browserSessionData.vaultPassword = undefined;\n // Re-encrypt everything with the new key\n const encryptedIdentities = [];\n for (const identity of browserSessionData.identities) {\n encryptedIdentities.push(yield encryptIdentity.call(this, identity));\n }\n const encryptedRelays = [];\n for (const relay of browserSessionData.relays) {\n encryptedRelays.push(yield encryptRelay.call(this, relay));\n }\n const encryptedPermissions = [];\n for (const permission of browserSessionData.permissions) {\n encryptedPermissions.push({\n id: yield this.encrypt(permission.id),\n identityId: yield this.encrypt(permission.identityId),\n host: yield this.encrypt(permission.host),\n method: yield this.encrypt(permission.method),\n methodPolicy: yield this.encrypt(permission.methodPolicy),\n kind: permission.kind !== undefined ? yield this.encrypt(permission.kind.toString()) : undefined\n });\n }\n const encryptedNwcConnections = [];\n for (const nwc of browserSessionData.nwcConnections ?? []) {\n encryptedNwcConnections.push(yield encryptNwcConnection.call(this, nwc));\n }\n const encryptedCashuMints = [];\n for (const cashuMint of browserSessionData.cashuMints ?? []) {\n encryptedCashuMints.push(yield encryptCashuMint.call(this, cashuMint));\n }\n const encryptedSelectedIdentityId = browserSessionData.selectedIdentityId ? yield this.encrypt(browserSessionData.selectedIdentityId) : null;\n const newSyncData = {\n version: this.latestVersion,\n salt: newSalt,\n iv: newIv,\n vaultHash: newVaultHash,\n identities: encryptedIdentities,\n permissions: encryptedPermissions,\n relays: encryptedRelays,\n nwcConnections: encryptedNwcConnections,\n cashuMints: encryptedCashuMints,\n selectedIdentityId: encryptedSelectedIdentityId\n };\n yield this.getBrowserSyncHandler().saveAndSetFullData(newSyncData);\n yield this.getBrowserSessionHandler().saveFullData(browserSessionData);\n });\n return function changePassword(_x4) {\n return _ref3.apply(this, arguments);\n };\n}();\nexport const deleteVault = /*#__PURE__*/function () {\n var _ref4 = _asyncToGenerator(function* (doNotSetIsInitializedToFalse) {\n this.assureIsInitialized();\n const syncFlow = this.getSignerMetaHandler().signerMetaData?.syncFlow;\n if (typeof syncFlow === 'undefined') {\n throw new Error('Sync flow is not set.');\n }\n yield this.getBrowserSyncHandler().clearData();\n yield this.getBrowserSessionHandler().clearData();\n if (!doNotSetIsInitializedToFalse) {\n this.isInitialized = false;\n }\n });\n return function deleteVault(_x5) {\n return _ref4.apply(this, arguments);\n };\n}();","map":null,"metadata":{},"sourceType":"module","externalDependencies":[]}