feat: add GH_PAT decryption mechanism

EresDevOrg · Dec 6, 2024 · 15f3b11 · 15f3b11
1 parent cde28e7
commit 15f3b11
Show file tree

Hide file tree

Showing 3 changed files with 59 additions and 0 deletions.
diff --git a/package.json b/package.json
@@ -38,6 +38,7 @@
     "@sinclair/typebox": "0.32.33",
     "@ubiquity-dao/ubiquibot-logger": "^1.3.0",
     "dotenv": "16.4.5",
+    "libsodium-wrappers": "^0.7.15",
     "typebox-validators": "0.3.5"
   },
   "devDependencies": {
@@ -50,6 +51,7 @@
     "@jest/globals": "29.7.0",
     "@mswjs/data": "0.16.1",
     "@types/jest": "^29.5.12",
+    "@types/libsodium-wrappers": "^0.7.14",
     "@types/node": "20.14.5",
     "cspell": "8.14.4",
     "eslint": "9.12.0",

diff --git a/src/helpers/keys.ts b/src/helpers/keys.ts
@@ -0,0 +1,40 @@
+import sodium from "libsodium-wrappers";
+import { Logs } from "@ubiquity-dao/ubiquibot-logger";
+
+const KEY_PREFIX = "HSK_";
+
+export async function decryptKeys(
+  cipherText: string,
+  x25519PrivateKey: string,
+  logger: Logs
+): Promise<{ privateKey: string; publicKey: string } | { privateKey: null; publicKey: null }> {
+  await sodium.ready;
+
+  let _public: null | string = null;
+  let _private: null | string = null;
+
+  _public = await getScalarKey(x25519PrivateKey);
+  if (!_public) {
+    logger.error("Public key is null");
+    return { privateKey: null, publicKey: null };
+  }
+  if (!cipherText?.length) {
+    logger.error("No cipherText was provided");
+    return { privateKey: null, publicKey: null };
+  }
+  const binaryPublic = sodium.from_base64(_public, sodium.base64_variants.URLSAFE_NO_PADDING);
+  const binaryPrivate = sodium.from_base64(x25519PrivateKey, sodium.base64_variants.URLSAFE_NO_PADDING);
+
+  const binaryCipher = sodium.from_base64(cipherText, sodium.base64_variants.URLSAFE_NO_PADDING);
+
+  const walletPrivateKey: string | null = sodium.crypto_box_seal_open(binaryCipher, binaryPublic, binaryPrivate, "text");
+  _private = walletPrivateKey?.replace(KEY_PREFIX, "");
+
+  return { privateKey: _private, publicKey: _public };
+}
+
+async function getScalarKey(x25519PrivateKey: string) {
+  await sodium.ready;
+  const binPriv = sodium.from_base64(x25519PrivateKey, sodium.base64_variants.URLSAFE_NO_PADDING);
+  return sodium.crypto_scalarmult_base(binPriv, "base64");
+}
diff --git a/yarn.lock b/yarn.lock
@@ -1910,6 +1910,11 @@
   resolved "https://registry.yarnpkg.com/@types/json-schema/-/json-schema-7.0.15.tgz#596a1747233694d50f6ad8a7869fcb6f56cf5841"
   integrity sha512-5+fP8P8MFNC+AyZCDxrB2pkZFPGzqQWUzpSeuuVLvm8VMcorNYavBqoFcxK8bQz4Qsbn4oUEEem4wDLfcysGHA==
 
+"@types/libsodium-wrappers@^0.7.14":
+  version "0.7.14"
+  resolved "https://registry.yarnpkg.com/@types/libsodium-wrappers/-/libsodium-wrappers-0.7.14.tgz#f688f8d44e46ed61c401f82ff757581655fbcc42"
+  integrity sha512-5Kv68fXuXK0iDuUir1WPGw2R9fOZUlYlSAa0ztMcL0s0BfIDTqg9GXz8K30VJpPP3sxWhbolnQma2x+/TfkzDQ==
+
 "@types/lodash@^4.14.172":
   version "4.17.4"
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.17.4.tgz#0303b64958ee070059e3a7184048a55159fe20b7"
@@ -4613,6 +4618,18 @@ levn@^0.4.1:
     prelude-ls "^1.2.1"
     type-check "~0.4.0"
 
+libsodium-wrappers@^0.7.15:
+  version "0.7.15"
+  resolved "https://registry.yarnpkg.com/libsodium-wrappers/-/libsodium-wrappers-0.7.15.tgz#53f13e483820272a3d55b23be2e34402ac988055"
+  integrity sha512-E4anqJQwcfiC6+Yrl01C1m8p99wEhLmJSs0VQqST66SbQXXBoaJY0pF4BNjRYa/sOQAxx6lXAaAFIlx+15tXJQ==
+  dependencies:
+    libsodium "^0.7.15"
+
+libsodium@^0.7.15:
+  version "0.7.15"
+  resolved "https://registry.yarnpkg.com/libsodium/-/libsodium-0.7.15.tgz#ac284e3dcb1c29ae9526c5581cdada6a072f6d20"
+  integrity sha512-sZwRknt/tUpE2AwzHq3jEyUU5uvIZHtSssktXq7owd++3CSgn8RGrv6UZJJBpP7+iBghBqe7Z06/2M31rI2NKw==
+
 lilconfig@~3.1.1:
   version "3.1.1"
   resolved "https://registry.yarnpkg.com/lilconfig/-/lilconfig-3.1.1.tgz#9d8a246fa753106cfc205fd2d77042faca56e5e3"