feat: add vault operations module
Bridges WASM crypto with git host API for encrypt/decrypt of entries and manifest, plus search, group filtering, and URL-based lookup. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
adlee-was-taken
135
extension/src/service-worker/vault.ts
Normal file
135
extension/src/service-worker/vault.ts
Normal file
@@ -0,0 +1,135 @@
|
||||
/// Vault operations module.
|
||||
///
|
||||
/// Bridges the WASM crypto functions with the git host API to provide
|
||||
/// high-level vault operations: fetch/decrypt manifest, fetch/decrypt entries,
|
||||
/// encrypt/write entries, search, and URL matching.
|
||||
|
||||
import type { GitHost } from './git-host';
|
||||
import type { Entry, Manifest, ManifestEntry } from '../shared/types';
|
||||
|
||||
// WASM module reference — set once during init.
|
||||
let wasm: typeof import('idfoto-wasm') | null = null;
|
||||
|
||||
/// Store the WASM module reference after dynamic import.
|
||||
export function setWasm(w: typeof import('idfoto-wasm')): void {
|
||||
wasm = w;
|
||||
}
|
||||
|
||||
function requireWasm(): NonNullable<typeof wasm> {
|
||||
if (!wasm) throw new Error('WASM module not initialized');
|
||||
return wasm;
|
||||
}
|
||||
|
||||
/// Vault metadata: salt and KDF params stored unencrypted in the repo.
|
||||
export interface VaultMeta {
|
||||
salt: Uint8Array;
|
||||
paramsJson: string;
|
||||
}
|
||||
|
||||
/// Read the vault salt and KDF params from the git repo.
|
||||
export async function fetchVaultMeta(git: GitHost): Promise<VaultMeta> {
|
||||
const saltBytes = await git.readFile('salt');
|
||||
const paramsRaw = await git.readFile('params.json');
|
||||
const paramsJson = new TextDecoder().decode(paramsRaw);
|
||||
return { salt: saltBytes, paramsJson };
|
||||
}
|
||||
|
||||
/// Fetch and decrypt the manifest from the git repo.
|
||||
export async function fetchAndDecryptManifest(
|
||||
git: GitHost,
|
||||
masterKey: Uint8Array,
|
||||
): Promise<Manifest> {
|
||||
const w = requireWasm();
|
||||
const ciphertext = await git.readFile('manifest.enc');
|
||||
const json = w.decrypt_manifest(ciphertext, masterKey);
|
||||
return JSON.parse(json) as Manifest;
|
||||
}
|
||||
|
||||
/// Fetch and decrypt a single entry from the git repo.
|
||||
export async function fetchAndDecryptEntry(
|
||||
git: GitHost,
|
||||
masterKey: Uint8Array,
|
||||
id: string,
|
||||
): Promise<Entry> {
|
||||
const w = requireWasm();
|
||||
const ciphertext = await git.readFile(`entries/${id}.enc`);
|
||||
const json = w.decrypt_entry(ciphertext, masterKey);
|
||||
return JSON.parse(json) as Entry;
|
||||
}
|
||||
|
||||
/// Encrypt an entry and write it to the git repo.
|
||||
export async function encryptAndWriteEntry(
|
||||
git: GitHost,
|
||||
masterKey: Uint8Array,
|
||||
id: string,
|
||||
entry: Entry,
|
||||
message: string,
|
||||
): Promise<void> {
|
||||
const w = requireWasm();
|
||||
const entryJson = JSON.stringify(entry);
|
||||
const ciphertext = w.encrypt_entry(entryJson, masterKey);
|
||||
await git.writeFile(`entries/${id}.enc`, ciphertext, message);
|
||||
}
|
||||
|
||||
/// Encrypt the manifest and write it to the git repo.
|
||||
export async function encryptAndWriteManifest(
|
||||
git: GitHost,
|
||||
masterKey: Uint8Array,
|
||||
manifest: Manifest,
|
||||
message: string,
|
||||
): Promise<void> {
|
||||
const w = requireWasm();
|
||||
const manifestJson = JSON.stringify(manifest);
|
||||
const ciphertext = w.encrypt_manifest(manifestJson, masterKey);
|
||||
await git.writeFile('manifest.enc', ciphertext, message);
|
||||
}
|
||||
|
||||
/// Filter manifest entries by group (case-insensitive). If no group given, returns all.
|
||||
export function listEntries(
|
||||
manifest: Manifest,
|
||||
group?: string,
|
||||
): Array<[string, ManifestEntry]> {
|
||||
const entries = Object.entries(manifest.entries);
|
||||
if (!group) return entries;
|
||||
const g = group.toLowerCase();
|
||||
return entries.filter(([, e]) =>
|
||||
e.group?.toLowerCase() === g
|
||||
);
|
||||
}
|
||||
|
||||
/// Case-insensitive substring search on name, url, and username.
|
||||
export function searchEntries(
|
||||
manifest: Manifest,
|
||||
query: string,
|
||||
): Array<[string, ManifestEntry]> {
|
||||
const q = query.toLowerCase();
|
||||
return Object.entries(manifest.entries).filter(([, e]) => {
|
||||
if (e.name.toLowerCase().includes(q)) return true;
|
||||
if (e.url?.toLowerCase().includes(q)) return true;
|
||||
if (e.username?.toLowerCase().includes(q)) return true;
|
||||
return false;
|
||||
});
|
||||
}
|
||||
|
||||
/// Find entries whose URL matches the given page URL by hostname.
|
||||
export function findByUrl(
|
||||
manifest: Manifest,
|
||||
url: string,
|
||||
): Array<[string, ManifestEntry]> {
|
||||
let hostname: string;
|
||||
try {
|
||||
hostname = new URL(url).hostname;
|
||||
} catch {
|
||||
return [];
|
||||
}
|
||||
|
||||
return Object.entries(manifest.entries).filter(([, e]) => {
|
||||
if (!e.url) return false;
|
||||
try {
|
||||
const entryHost = new URL(e.url).hostname;
|
||||
return entryHost === hostname;
|
||||
} catch {
|
||||
return false;
|
||||
}
|
||||
});
|
||||
}
|
||||
Reference in New Issue
Block a user