c6a8bcecf37d82f6629300a6d668c9fe0f8088be15d1e30bc5b9adbb30a86584.json raw

   1  {"ast":null,"code":"import _asyncToGenerator from \"/home/mleku/src/orly.dev/next/signer/node_modules/@babel/runtime/helpers/esm/asyncToGenerator.js\";\nimport { Buffer } from 'buffer';\nimport { CryptoHelper } from '../../helpers/crypto-helper';\nimport { isV2Context } from './encryption-context';\n/**\n * Service responsible for encrypting and decrypting data.\n * Abstracts away vault version differences (v1 PBKDF2 vs v2 Argon2id).\n *\n * This is an infrastructure service - it knows nothing about domain concepts,\n * only about cryptographic operations.\n */\nexport class EncryptionService {\n  context;\n  constructor(context) {\n    this.context = context;\n  }\n  /**\n   * Encrypt a string value.\n   */\n  encryptString(value) {\n    var _this = this;\n    return _asyncToGenerator(function* () {\n      if (isV2Context(_this.context)) {\n        return _this.encryptWithKeyV2(value);\n      }\n      return CryptoHelper.encrypt(value, _this.context.iv, _this.context.password);\n    })();\n  }\n  /**\n   * Encrypt a number value (converts to string first).\n   */\n  encryptNumber(value) {\n    var _this2 = this;\n    return _asyncToGenerator(function* () {\n      return _this2.encryptString(value.toString());\n    })();\n  }\n  /**\n   * Encrypt a boolean value (converts to string first).\n   */\n  encryptBoolean(value) {\n    var _this3 = this;\n    return _asyncToGenerator(function* () {\n      return _this3.encryptString(value.toString());\n    })();\n  }\n  /**\n   * Decrypt a value to string.\n   */\n  decryptString(encrypted) {\n    var _this4 = this;\n    return _asyncToGenerator(function* () {\n      if (isV2Context(_this4.context)) {\n        return _this4.decryptWithKeyV2(encrypted);\n      }\n      return CryptoHelper.decrypt(encrypted, _this4.context.iv, _this4.context.password);\n    })();\n  }\n  /**\n   * Decrypt a value to number.\n   */\n  decryptNumber(encrypted) {\n    var _this5 = this;\n    return _asyncToGenerator(function* () {\n      const decrypted = yield _this5.decryptString(encrypted);\n      return parseInt(decrypted, 10);\n    })();\n  }\n  /**\n   * Decrypt a value to boolean.\n   */\n  decryptBoolean(encrypted) {\n    var _this6 = this;\n    return _asyncToGenerator(function* () {\n      const decrypted = yield _this6.decryptString(encrypted);\n      return decrypted === 'true';\n    })();\n  }\n  /**\n   * Get the encryption context (for serialization or passing to other services).\n   */\n  getContext() {\n    return this.context;\n  }\n  // ─────────────────────────────────────────────────────────────────────────\n  // V2 encryption/decryption using pre-derived Argon2id key\n  // ─────────────────────────────────────────────────────────────────────────\n  encryptWithKeyV2(text) {\n    var _this7 = this;\n    return _asyncToGenerator(function* () {\n      if (!isV2Context(_this7.context)) {\n        throw new Error('V2 encryption requires keyBase64');\n      }\n      const keyBytes = Buffer.from(_this7.context.keyBase64, 'base64');\n      const iv = Buffer.from(_this7.context.iv, 'base64');\n      const key = yield crypto.subtle.importKey('raw', keyBytes, {\n        name: 'AES-GCM'\n      }, false, ['encrypt']);\n      const cipherText = yield crypto.subtle.encrypt({\n        name: 'AES-GCM',\n        iv\n      }, key, new TextEncoder().encode(text));\n      return Buffer.from(cipherText).toString('base64');\n    })();\n  }\n  decryptWithKeyV2(encryptedBase64) {\n    var _this8 = this;\n    return _asyncToGenerator(function* () {\n      if (!isV2Context(_this8.context)) {\n        throw new Error('V2 decryption requires keyBase64');\n      }\n      const keyBytes = Buffer.from(_this8.context.keyBase64, 'base64');\n      const iv = Buffer.from(_this8.context.iv, 'base64');\n      const cipherText = Buffer.from(encryptedBase64, 'base64');\n      const key = yield crypto.subtle.importKey('raw', keyBytes, {\n        name: 'AES-GCM'\n      }, false, ['decrypt']);\n      const decrypted = yield crypto.subtle.decrypt({\n        name: 'AES-GCM',\n        iv\n      }, key, cipherText);\n      return new TextDecoder().decode(decrypted);\n    })();\n  }\n}\n/**\n * Factory function to create an EncryptionService from session data.\n */\nexport function createEncryptionService(params) {\n  if (params.vaultKey) {\n    return new EncryptionService({\n      version: 2,\n      iv: params.iv,\n      keyBase64: params.vaultKey\n    });\n  }\n  if (params.vaultPassword) {\n    return new EncryptionService({\n      version: 1,\n      iv: params.iv,\n      password: params.vaultPassword\n    });\n  }\n  throw new Error('Either vaultPassword or vaultKey must be provided');\n}","map":null,"metadata":{},"sourceType":"module","externalDependencies":[]}