staticrypt/cli/index.js

#!/usr/bin/env node

'use strict';

var CryptoJS = require("crypto-js");
var FileSystem = require("fs");
const path = require("path");
const Yargs = require('yargs');

const SCRIPT_URL = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js';
const SCRIPT_TAG = '<script src="' + SCRIPT_URL + '" integrity="sha384-lp4k1VRKPU9eBnPePjnJ9M2RF3i7PC30gXs70+elCVfgwLwx1tv5+ctxdtwxqZa7" crossorigin="anonymous"></script>';

const namedArgs = Yargs
      .usage('Usage: staticrypt <filename> <passphrase> [options]')
      .demandCommand(2)
      .option('e', {
          alias: 'embed',
          type: 'boolean',
          describe: 'Whether or not to embed crypto-js in the page (or use an external CDN)',
          default: true
      })
      .option('o', {
          alias: 'output',
          type: 'string',
          describe: 'File name / path for generated encrypted file',
          default: null
      })
      .option('t', {
          alias: 'title',
          type: 'string',
          describe: "Title for output HTML page",
          default: 'Protected Page'
      })
      .option('i', {
          alias: 'instructions',
          type: 'string',
          describe: 'Special instructions to display to the user.',
          default: ''
      })
      .option('f', {
          alias: 'file-template',
          type: 'string',
          describe: 'Path to custom HTML template with password prompt.',
          default: path.join(__dirname, 'password_template.html')
      })
      .argv;

if(namedArgs._.length !== 2){
    Yargs.showHelp();
    process.exit(1);
}

const input = namedArgs._[0].toString();
const password = namedArgs._[1].toString();

try{
    var contents = FileSystem.readFileSync(input, 'utf8');
}catch(e){
    console.log("Failure: input file does not exist!");
    process.exit(1);
}

/**
 * Salt and encrypt a msg with a password.
 * Inspired by https://github.com/adonespitogo
 */
var keySize = 256;
var iterations = 1000;
function encrypt (msg, password) {
    var salt = CryptoJS.lib.WordArray.random(128/8);

    var key = CryptoJS.PBKDF2(password, salt, {
        keySize: keySize/32,
        iterations: iterations
    });

    var iv = CryptoJS.lib.WordArray.random(128/8);

    var encrypted = CryptoJS.AES.encrypt(msg, key, {
        iv: iv,
        padding: CryptoJS.pad.Pkcs7,
        mode: CryptoJS.mode.CBC
    });

    // salt, iv will be hex 32 in length
    // append them to the ciphertext for use  in decryption
    var encryptedMsg = salt.toString()+ iv.toString() + encrypted.toString();
    return encryptedMsg;
}

// encrypt input
var encrypted = encrypt(contents, password);
var hmac = CryptoJS.HmacSHA256(encrypted, CryptoJS.SHA256(password).toString()).toString();
var encryptedMessage = hmac + encrypted;

// create crypto-js tag (embedded or not)
var cryptoTag = SCRIPT_TAG;
if (namedArgs.embed) {
    try {
        var embedContents = FileSystem.readFileSync(path.join(__dirname, 'crypto-js.min.js'), 'utf8');
    } catch(e) {
        console.log("Failure: embed file does not exist!");
        process.exit(1);
    }
    cryptoTag = '<script>' + embedContents + '</script>';
}


var data = {
    title: namedArgs.title,
    instructions: namedArgs.instructions,
    encrypted: encryptedMessage,
    crypto_tag: cryptoTag,
    embed: namedArgs.embed,
    outputFilePath: namedArgs.output !== null ? namedArgs.output : input.replace(/\.html$/, '') + "_encrypted.html"
};

genFile(data);


/**
 * Fill the template with provided data and writes it to output file.
 *
 * @param data
 */
function genFile(data){
    try{
        var templateContents = FileSystem.readFileSync(namedArgs.f, 'utf8');
    }catch(e){
        console.log("Failure: could not read template!");
        process.exit(1);
    }

    var renderedTemplate = render(templateContents, data);

    try{
        FileSystem.writeFileSync(data.outputFilePath, renderedTemplate);
    }catch(e){
        console.log("Failure: could not generate output file!");
        process.exit(1);
    }
}

/**
 * Replace the placeholder tags (between '{tag}') in 'tpl' string with provided data.
 *
 * @param tpl
 * @param data
 * @returns string
 */
function render(tpl, data){
    return tpl.replace(/{(.*?)}/g, function (_, key) {
        return data && data[key] || '';
    });
}
Made runnable via command line `staticrypt`. 2017-12-15 21:37:02 +00:00			`#!/usr/bin/env node`

Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`'use strict';`

Added argument parsing and file reading. 2017-12-14 22:00:11 +00:00			`var CryptoJS = require("crypto-js");`
			`var FileSystem = require("fs");`
fixes robinmoisson/staticrypt#104 2018-01-17 11:31:57 +00:00			`const path = require("path");`
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`const Yargs = require('yargs');`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00
			`const SCRIPT_URL = 'https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.9-1/crypto-js.min.js';`
			`const SCRIPT_TAG = '<script src="' + SCRIPT_URL + '" integrity="sha384-lp4k1VRKPU9eBnPePjnJ9M2RF3i7PC30gXs70+elCVfgwLwx1tv5+ctxdtwxqZa7" crossorigin="anonymous"></script>';`
Added argument parsing and file reading. 2017-12-14 22:00:11 +00:00
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`const namedArgs = Yargs`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`.usage('Usage: staticrypt <filename> <passphrase> [options]')`
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`.demandCommand(2)`
Made final argument parsing changes. 2017-12-27 20:21:49 +00:00			`.option('e', {`
			`alias: 'embed',`
			`type: 'boolean',`
			`describe: 'Whether or not to embed crypto-js in the page (or use an external CDN)',`
CLI: change embed default to true + bump minor 2018-02-19 18:42:25 +00:00			`default: true`
Made final argument parsing changes. 2017-12-27 20:21:49 +00:00			`})`
			`.option('o', {`
			`alias: 'output',`
			`type: 'string',`
			`describe: 'File name / path for generated encrypted file',`
			`default: null`
			`})`
			`.option('t', {`
			`alias: 'title',`
			`type: 'string',`
			`describe: "Title for output HTML page",`
			`default: 'Protected Page'`
			`})`
			`.option('i', {`
			`alias: 'instructions',`
			`type: 'string',`
			`describe: 'Special instructions to display to the user.',`
refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`default: ''`
Made final argument parsing changes. 2017-12-27 20:21:49 +00:00			`})`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`.option('f', {`
			`alias: 'file-template',`
			`type: 'string',`
			`describe: 'Path to custom HTML template with password prompt.',`
use path everywhere + increment npm patch version 2018-01-17 18:51:12 +00:00			`default: path.join(__dirname, 'password_template.html')`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`})`
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`.argv;`

refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`if(namedArgs._.length !== 2){`
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`Yargs.showHelp();`
			`process.exit(1);`
			`}`

Made final argument parsing changes. 2017-12-27 20:21:49 +00:00			`const input = namedArgs._[0].toString();`
			`const password = namedArgs._[1].toString();`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00
Added argument parsing and file reading. 2017-12-14 22:00:11 +00:00			`try{`
Refactored to use yargs. 2017-12-27 03:35:24 +00:00			`var contents = FileSystem.readFileSync(input, 'utf8');`
Added argument parsing and file reading. 2017-12-14 22:00:11 +00:00			`}catch(e){`
Code cleanup. 2017-12-15 21:26:20 +00:00			`console.log("Failure: input file does not exist!");`
Added argument parsing and file reading. 2017-12-14 22:00:11 +00:00			`process.exit(1);`
			`}`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00
add salt and key derivation, close #113 2019-06-28 14:23:13 +00:00			`/**`
			`* Salt and encrypt a msg with a password.`
			`* Inspired by https://github.com/adonespitogo`
			`*/`
			`var keySize = 256;`
			`var iterations = 1000;`
			`function encrypt (msg, password) {`
			`var salt = CryptoJS.lib.WordArray.random(128/8);`

			`var key = CryptoJS.PBKDF2(password, salt, {`
			`keySize: keySize/32,`
			`iterations: iterations`
			`});`

			`var iv = CryptoJS.lib.WordArray.random(128/8);`

			`var encrypted = CryptoJS.AES.encrypt(msg, key, {`
			`iv: iv,`
			`padding: CryptoJS.pad.Pkcs7,`
			`mode: CryptoJS.mode.CBC`
			`});`

			`// salt, iv will be hex 32 in length`
			`// append them to the ciphertext for use in decryption`
			`var encryptedMsg = salt.toString()+ iv.toString() + encrypted.toString();`
			`return encryptedMsg;`
			`}`

refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`// encrypt input`
add salt and key derivation, close #113 2019-06-28 14:23:13 +00:00			`var encrypted = encrypt(contents, password);`
			`var hmac = CryptoJS.HmacSHA256(encrypted, CryptoJS.SHA256(password).toString()).toString();`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`var encryptedMessage = hmac + encrypted;`

refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`// create crypto-js tag (embedded or not)`
			`var cryptoTag = SCRIPT_TAG;`
			`if (namedArgs.embed) {`
			`try {`
fixes robinmoisson/staticrypt#104 2018-01-17 11:31:57 +00:00			`var embedContents = FileSystem.readFileSync(path.join(__dirname, 'crypto-js.min.js'), 'utf8');`
refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`} catch(e) {`
Made embed work without internet and fixed naming. 2017-12-19 01:32:27 +00:00			`console.log("Failure: embed file does not exist!");`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`process.exit(1);`
Made embed work without internet and fixed naming. 2017-12-19 01:32:27 +00:00			`}`
refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`cryptoTag = '<script>' + embedContents + '</script>';`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`}`

refactor cli argument parsing 2017-12-28 11:32:27 +00:00
			`var data = {`
			`title: namedArgs.title,`
			`instructions: namedArgs.instructions,`
			`encrypted: encryptedMessage,`
			`crypto_tag: cryptoTag,`
			`embed: namedArgs.embed,`
			`outputFilePath: namedArgs.output !== null ? namedArgs.output : input.replace(/\.html$/, '') + "_encrypted.html"`
			`};`

			`genFile(data);`


			`/**`
			`* Fill the template with provided data and writes it to output file.`
			`*`
			`* @param data`
			`*/`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`function genFile(data){`
			`try{`
add option to use custom password template file, close #102 2018-01-12 23:06:16 +00:00			`var templateContents = FileSystem.readFileSync(namedArgs.f, 'utf8');`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`}catch(e){`
			`console.log("Failure: could not read template!");`
			`process.exit(1);`
			`}`

			`var renderedTemplate = render(templateContents, data);`

			`try{`
			`FileSystem.writeFileSync(data.outputFilePath, renderedTemplate);`
			`}catch(e){`
			`console.log("Failure: could not generate output file!");`
			`process.exit(1);`
			`}`
			`}`

refactor cli argument parsing 2017-12-28 11:32:27 +00:00			`/**`
			`* Replace the placeholder tags (between '{tag}') in 'tpl' string with provided data.`
			`*`
			`* @param tpl`
			`* @param data`
			`* @returns string`
			`*/`
Fully working encryption via command line. 2017-12-14 22:38:34 +00:00			`function render(tpl, data){`
			`return tpl.replace(/{(.*?)}/g, function (_, key) {`
			`return data && data[key] \|\| '';`
			`});`
			`}`