@evervault/sdk
Advanced tools
Comparing version 3.14.1 to 4.0.0
@@ -12,11 +12,7 @@ const { version } = require('../package.json'); | ||
module.exports = (apikey) => ({ | ||
module.exports = () => ({ | ||
http: { | ||
baseUrl: process.env.EV_API_URL || DEFAULT_API_URL, | ||
functionRunUrl: process.env.EV_CAGE_RUN_URL || DEFAULT_FUNCTION_RUN_URL, | ||
headers: { | ||
'API-KEY': apikey, | ||
'user-agent': `evervault-node/${version}`, | ||
}, | ||
responseType: 'json', | ||
userAgent: `evervault-node/${version}`, | ||
tunnelHostname: process.env.EV_TUNNEL_HOSTNAME || DEFAULT_TUNNEL_HOSTNAME, | ||
@@ -23,0 +19,0 @@ certHostname: process.env.EV_CERT_HOSTNAME || DEFAULT_CA_HOSTNAME, |
@@ -1,18 +0,44 @@ | ||
const { errors } = require('../utils'); | ||
const { errors, Datatypes } = require('../utils'); | ||
const phin = require('phin'); | ||
module.exports = (config) => { | ||
const request = (method, path, headers = {}, data = undefined) => { | ||
module.exports = (appUuid, apiKey, config) => { | ||
const request = ( | ||
method, | ||
path, | ||
additionalHeaders = {}, | ||
data = undefined, | ||
basicAuth = false, | ||
parse = 'json' | ||
) => { | ||
const headers = { | ||
'user-agent': config.userAgent, | ||
...additionalHeaders, | ||
}; | ||
if (basicAuth) { | ||
headers['authorization'] = `Basic ${Buffer.from( | ||
`${appUuid}:${apiKey}` | ||
).toString('base64')}`; | ||
} else { | ||
headers['api-key'] = apiKey; | ||
} | ||
return phin({ | ||
url: path.startsWith('https://') ? path : `${config.baseUrl}/${path}`, | ||
method, | ||
headers: { ...config.headers, ...headers }, | ||
headers, | ||
data, | ||
parse: config.responseType, | ||
parse, | ||
}); | ||
}; | ||
const get = (path, headers) => request('GET', path, headers); | ||
const post = (path, data, headers = { 'Content-Type': 'application/json' }) => | ||
request('POST', path, headers, data); | ||
const post = ( | ||
path, | ||
data, | ||
headers = { 'Content-Type': 'application/json' }, | ||
basicAuth = false, | ||
parse = 'json' | ||
) => request('POST', path, headers, data, basicAuth, parse); | ||
const getCageKey = async () => { | ||
@@ -155,2 +181,33 @@ const getCagesKeyCallback = async () => { | ||
const decrypt = async (encryptedData) => { | ||
let contentType; | ||
let data; | ||
if (Buffer.isBuffer(encryptedData)) { | ||
contentType = 'application/octet-stream'; | ||
data = encryptedData; | ||
} else { | ||
contentType = 'application/json'; | ||
data = { | ||
data: encryptedData, | ||
}; | ||
} | ||
const response = await post( | ||
`${config.baseUrl}/decrypt`, | ||
data, | ||
{ | ||
'Content-Type': contentType, | ||
}, | ||
true, | ||
'none' | ||
); | ||
if (response.statusCode >= 200 && response.statusCode < 300) { | ||
if (contentType === 'application/json') { | ||
const { data } = JSON.parse(response.body); | ||
return data; | ||
} | ||
return response.body; | ||
} | ||
throw errors.mapApiResponseToError(response); | ||
}; | ||
return { | ||
@@ -163,3 +220,4 @@ getCageKey, | ||
getRelayOutboundConfig, | ||
decrypt, | ||
}; | ||
}; |
declare module "@evervault/sdk" { | ||
export default class Evervault { | ||
constructor(apiKey: string) | ||
constructor(appId: string, apiKey: string) | ||
encrypt: (data: any) => Promise<any>; | ||
decrypt: (encryptedData: any) => Promise<any>; | ||
run: <T>(functionName: string, data: object, options?: { async?: boolean, version?: string }) => Promise<{ result: T, runId: string, appUuid: string }>; | ||
@@ -6,0 +7,0 @@ createRunToken: (functionName: string, data: object) => Promise<{ token: string }>; |
@@ -26,7 +26,15 @@ const crypto = require('crypto'); | ||
constructor(apiKey, options = {}) { | ||
if (!Datatypes.isString(apiKey)) { | ||
throw new errors.InitializationError('API key must be a string'); | ||
constructor(appId, apiKey, options = {}) { | ||
if ( | ||
appId === '' || | ||
!Datatypes.isString(appId) || | ||
!appId.startsWith('app_') | ||
) { | ||
throw new errors.InitializationError( | ||
'The provided App ID is invalid. The App ID can be retrieved in the Evervault dashboard (App Settings).' | ||
); | ||
} | ||
validationHelper.validateApiKey(appId, apiKey); | ||
if (apiKey.startsWith('pk:')) { | ||
@@ -50,6 +58,7 @@ this.defineHiddenProperty( | ||
this.retry = options.retry; | ||
this.http = Http(this.config.http); | ||
this.http = Http(appId, apiKey, this.config.http); | ||
this.crypto = Crypto(this.config.encryption[curve], this.http); | ||
this.httpsHelper = httpsHelper; | ||
this.apiKey = apiKey; | ||
this.appId = appId; | ||
@@ -281,2 +290,11 @@ this.defineHiddenProperty( | ||
/** | ||
* | ||
* @param {any} encryptedData | ||
* @returns {Promise<any>} | ||
*/ | ||
async decrypt(encryptedData) { | ||
return this.http.decrypt(encryptedData); | ||
} | ||
/** | ||
* @param {String} functionName | ||
@@ -283,0 +301,0 @@ * @param {Object} payload |
@@ -46,2 +46,7 @@ class EvervaultError extends Error { | ||
} | ||
if (statusCode === 403) { | ||
return new ApiKeyError( | ||
'The API key provided does not have the required permissions.' | ||
); | ||
} | ||
if (statusCode === 422) { | ||
@@ -48,0 +53,0 @@ return new DecryptError(body.message || 'Unable to decrypt data.'); |
@@ -0,4 +1,27 @@ | ||
const crypto = require('crypto'); | ||
const errors = require('./errors'); | ||
const Datatypes = require('./datatypes'); | ||
const validateApiKey = (appUuid, apiKey) => { | ||
if (apiKey === '' || !Datatypes.isString(apiKey)) { | ||
throw new errors.InitializationError( | ||
'The API key must be a string and cannot be empty.' | ||
); | ||
} | ||
if (apiKey.startsWith('ev:key')) { | ||
// Scoped API key | ||
const appUuidHash = crypto | ||
.createHash('sha512') | ||
.update(appUuid) | ||
.digest('base64') | ||
.slice(0, 6); | ||
const appUuidHashFromApiKey = apiKey.split(':')[4]; | ||
if (appUuidHash !== appUuidHashFromApiKey) { | ||
throw new errors.InitializationError( | ||
`The API key is not valid for app ${appUuid}. Make sure to use an API key belonging to the app ${appUuid}.` | ||
); | ||
} | ||
} | ||
}; | ||
const validatePayload = (payload) => { | ||
@@ -43,2 +66,3 @@ if ( | ||
module.exports = { | ||
validateApiKey, | ||
validatePayload, | ||
@@ -45,0 +69,0 @@ validateFunctionName, |
{ | ||
"name": "@evervault/sdk", | ||
"version": "3.14.1", | ||
"version": "4.0.0", | ||
"description": "Node.js SDK for Evervault", | ||
@@ -5,0 +5,0 @@ "main": "lib/index.js", |
@@ -34,4 +34,4 @@ [![Evervault](https://evervault.com/evervault.svg)](https://evervault.com/) | ||
// Initialize the client with your team's api key | ||
const evervaultClient = new Evervault('<API-KEY>'); | ||
// Initialize the client with your App ID and API Key | ||
const evervaultClient = new Evervault('<API-KEY>', '<APP_ID>'); | ||
@@ -48,9 +48,11 @@ // Encrypt your sensitive data | ||
// Decrypt the data | ||
const decrypted = await evervaultClient.decrypt(encrypted); | ||
// Enable the Cages beta client | ||
await evervaultClient.enableCagesBeta({ 'my-cage': { pcr8: '...' } }); | ||
// This connection will be attested by the Cages beta client | ||
const response = await axios.post( | ||
'https://my-cage.my-app.cages.evervault.com', | ||
encrypted | ||
); | ||
); // This connection will be attested by the Cages beta client | ||
``` | ||
@@ -60,19 +62,33 @@ | ||
The Evervault Node.js SDK exposes four functions. | ||
The Evervault Node.js SDK exposes six functions. | ||
### evervault.encrypt() | ||
`evervault.encrypt()`encrypts data for use in your [Functions](https://docs.evervault.com/tutorial). To encrypt data at the server, simply pass an object or string into the evervault.encrypt() function. Store the encrypted data in your database as normal. | ||
`evervault.encrypt()` encrypts data. To encrypt data at the server, simply pass a string, boolean, number, array, object or buffer into the `evervault.encrypt()` function. Store the encrypted data in your database as normal. | ||
```javascript | ||
async evervault.encrypt(data: Object | String); | ||
async evervault.encrypt(data: string | boolean | number | Array | Object | Buffer); | ||
``` | ||
| Parameter | Type | Description | | ||
| --------- | ---------------- | --------------------- | | ||
| data | Object or String | Data to be encrypted. | | ||
| Parameter | Type | Description | | ||
| --------- | ------------------------------------------------ | --------------------- | | ||
| data | String, Boolean, Number, Array, Object or String | Data to be encrypted. | | ||
### evervault.decrypt() | ||
`evervault.decrypt()` decrypts data previously encrypted with the `encrypt()` function or through Evervault's Relay (Evervault's encryption proxy). | ||
An API Key with the `decrypt` permission must be used to perform this operation. | ||
```javascript | ||
async evervault.decrypt(encrypted: string | Array | Object | Buffer); | ||
``` | ||
| Parameter | Type | Description | | ||
| -------------- | --------------------------------| --------------------- | | ||
| encrypted | String, Array, Object or Buffer | Data to be decrypted. | | ||
### evervault.run() | ||
`evervault.run()` invokes a Function with a given payload. | ||
An API Key with the `run function` permission must be used to perform this operation. | ||
@@ -101,2 +117,3 @@ ```javascript | ||
`evervault.createRunToken()` creates a single use, time bound token for invoking a Function. | ||
An API Key with the `create a run token` permission must be used to perform this operation. | ||
@@ -103,0 +120,0 @@ ```javascript |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
65874
1837
169