Convert JS to TS (Infisical#47)

frontend/components/utilities/attemptLogin.js

@@ -54,20 +54,19 @@ const attemptLogin = async (
             await login2(email, clientProof);
           SecurityClient.setToken(token);
 
-          const privateKey = Aes256Gcm.decrypt(
-            encryptedPrivateKey,
+          const privateKey = Aes256Gcm.decrypt({
+            ciphertext: encryptedPrivateKey,
             iv,
             tag,
-            password
+            secret: password
               .slice(0, 32)
               .padStart(
                 32 + (password.slice(0, 32).length - new Blob([password]).size),
                 '0'
               )
-          );
+          });
 
           saveTokenToLocalStorage({
-            token,
             publicKey,
             encryptedPrivateKey,
             iv,
@@ -114,11 +113,8 @@ const attemptLogin = async (
                   'personal'
                 ],
                 DB_USERNAME: ['user1234', 'personal'],
-                DB_PASSWORD: ['ah8jak3hk8dhiu4dw7whxwe1l', 'personal'],
-                TWILIO_AUTH_TOKEN: [
-                  'hgSIwDAKvz8PJfkj6xkzYqzGmAP3HLuG',
-                  'shared'
-                ],
+                DB_PASSWORD: ['example_password', 'personal'],
+                TWILIO_AUTH_TOKEN: ['example_twillion_token', 'shared'],
                 WEBSITE_URL: ['http://localhost:3000', 'shared'],
                 STRIPE_SECRET_KEY: ['sk_test_7348oyho4hfq398HIUOH78', 'shared']
               },

frontend/components/utilities/cryptography/aes-256-gcm.ts

@@ -0,0 +1,82 @@
+/**
+ * @fileoverview Provides easy encryption/decryption methods using AES 256 GCM.
+ */
+
+import crypto from 'crypto';
+
+const ALGORITHM = 'aes-256-gcm';
+const BLOCK_SIZE_BYTES = 16; // 128 bit
+
+interface EncryptProps {
+  text: string;
+  secret: string;
+}
+
+interface DecryptProps {
+  ciphertext: string;
+  iv: string;
+  tag: string;
+  secret: string;
+}
+
+interface EncryptOutputProps {
+  ciphertext: string;
+  iv: string;
+  tag: string;
+}
+
+/**
+ * Provides easy encryption/decryption methods using AES 256 GCM.
+ */
+class Aes256Gcm {
+  /**
+   * No need to run the constructor. The class only has static methods.
+   */
+  constructor() {}
+
+  /**
+   * Encrypts text with AES 256 GCM.
+   * @param {object} obj
+   * @param {string} obj.text - Cleartext to encode.
+   * @param {string} obj.secret - Shared secret key, must be 32 bytes.
+   * @returns {object}
+   */
+  // { ciphertext: string; iv: string; tag: string; }
+  static encrypt({ text, secret }: EncryptProps): EncryptOutputProps {
+    const iv = crypto.randomBytes(BLOCK_SIZE_BYTES);
+    const cipher = crypto.createCipheriv(ALGORITHM, secret, iv);
+
+    let ciphertext = cipher.update(text, 'utf8', 'base64');
+    ciphertext += cipher.final('base64');
+    return {
+      ciphertext,
+      iv: iv.toString('base64'),
+      tag: cipher.getAuthTag().toString('base64')
+    };
+  }
+
+  /**
+   * Decrypts AES 256 CGM encrypted text.
+   * @param {object} obj
+   * @param {string} obj.ciphertext - Base64-encoded ciphertext.
+   * @param {string} obj.iv - The base64-encoded initialization vector.
+   * @param {string} obj.tag - The base64-encoded authentication tag generated by getAuthTag().
+   * @param {string} obj.secret - Shared secret key, must be 32 bytes.
+   * @returns {string}
+   */
+  static decrypt({ ciphertext, iv, tag, secret }: DecryptProps): string {
+    const decipher = crypto.createDecipheriv(
+      ALGORITHM,
+      secret,
+      Buffer.from(iv, 'base64')
+    );
+    decipher.setAuthTag(Buffer.from(tag, 'base64'));
+
+    let cleartext = decipher.update(ciphertext, 'base64', 'utf8');
+    cleartext += decipher.final('utf8');
+
+    return cleartext;
+  }
+}
+
+export default Aes256Gcm;

frontend/components/utilities/cryptography/changePassword.js

@@ -1,11 +1,11 @@
-import changePassword2 from "~/pages/api/auth/ChangePassword2";
-import SRP1 from "~/pages/api/auth/SRP1";
+import changePassword2 from '~/pages/api/auth/ChangePassword2';
+import SRP1 from '~/pages/api/auth/SRP1';
 
-import Aes256Gcm from "./aes-256-gcm";
+import Aes256Gcm from './aes-256-gcm';
 
-const nacl = require("tweetnacl");
-nacl.util = require("tweetnacl-util");
-const jsrp = require("jsrp");
+const nacl = require('tweetnacl');
+nacl.util = require('tweetnacl-util');
+const jsrp = require('jsrp');
 const clientOldPassword = new jsrp.client();
 const clientNewPassword = new jsrp.client();
 
@@ -34,21 +34,21 @@ const changePassword = async (
     clientOldPassword.init(
       {
         username: email,
-        password: currentPassword,
+        password: currentPassword
       },
       async () => {
         const clientPublicKey = clientOldPassword.getPublicKey();
 
         let serverPublicKey, salt;
         try {
           const res = await SRP1({
-            clientPublicKey: clientPublicKey,
+            clientPublicKey: clientPublicKey
           });
           serverPublicKey = res.serverPublicKey;
           salt = res.salt;
         } catch (err) {
           setCurrentPasswordError(true);
-          console.log("Wrong current password", err, 1);
+          console.log('Wrong current password', err, 1);
         }
 
         clientOldPassword.setSalt(salt);
@@ -58,27 +58,27 @@ const changePassword = async (
         clientNewPassword.init(
           {
             username: email,
-            password: newPassword,
+            password: newPassword
           },
           async () => {
             clientNewPassword.createVerifier(async (err, result) => {
               // The Blob part here is needed to account for symbols that count as 2+ bytes (e.g., é, å, ø)
-              let { ciphertext, iv, tag } = Aes256Gcm.encrypt(
-                localStorage.getItem("PRIVATE_KEY"),
-                newPassword
+              const { ciphertext, iv, tag } = Aes256Gcm.encrypt({
+                text: localStorage.getItem('PRIVATE_KEY'),
+                secret: newPassword
                   .slice(0, 32)
                   .padStart(
                     32 +
                       (newPassword.slice(0, 32).length -
                         new Blob([newPassword]).size),
-                    "0"
+                    '0'
                   )
-              );
+              });
 
               if (ciphertext) {
-                localStorage.setItem("encryptedPrivateKey", ciphertext);
-                localStorage.setItem("iv", iv);
-                localStorage.setItem("tag", tag);
+                localStorage.setItem('encryptedPrivateKey', ciphertext);
+                localStorage.setItem('iv', iv);
+                localStorage.setItem('tag', tag);
 
                 let res;
                 try {
@@ -88,14 +88,14 @@ const changePassword = async (
                     tag,
                     salt: result.salt,
                     verifier: result.verifier,
-                    clientProof,
+                    clientProof
                   });
                   if (res.status == 400) {
                     setCurrentPasswordError(true);
                   } else if (res.status == 200) {
                     setPasswordChanged(true);
-                    setCurrentPassword("");
-                    setNewPassword("");
+                    setCurrentPassword('');
+                    setNewPassword('');
                   }
                 } catch (err) {
                   setCurrentPasswordError(true);
@@ -108,7 +108,7 @@ const changePassword = async (
       }
     );
   } catch (error) {
-    console.log("Something went wrong during changing the password");
+    console.log('Something went wrong during changing the password');
   }
   return true;
 };