feat: additional api package stuff

packages/api/package.json

@@ -18,6 +18,7 @@
     "@movie-web/eslint-config": "workspace:^0.2.0",
     "@movie-web/prettier-config": "workspace:^0.1.0",
     "@movie-web/tsconfig": "workspace:^0.1.0",
+    "@types/node-forge": "^1.3.11",
     "eslint": "^8.56.0",
     "prettier": "^3.1.1",
     "typescript": "^5.4.3"
@@ -29,6 +30,9 @@
   },
   "prettier": "@movie-web/prettier-config",
   "dependencies": {
+    "@noble/hashes": "^1.4.0",
+    "@scure/bip39": "^1.3.0",
+    "node-forge": "^1.3.1",
     "ofetch": "^1.3.4"
   }
 }

packages/api/src/crypto.ts

@@ -0,0 +1,134 @@
+import { pbkdf2Async } from "@noble/hashes/pbkdf2";
+import { sha256 } from "@noble/hashes/sha256";
+import { generateMnemonic, validateMnemonic } from "@scure/bip39";
+import { wordlist } from "@scure/bip39/wordlists/english";
+import forge from "node-forge";
+
+interface Keys {
+  privateKey: Uint8Array;
+  publicKey: Uint8Array;
+  seed: Uint8Array;
+}
+
+async function seedFromMnemonic(mnemonic: string) {
+  return pbkdf2Async(sha256, mnemonic, "mnemonic", {
+    c: 2048,
+    dkLen: 32,
+  });
+}
+
+export function verifyValidMnemonic(mnemonic: string) {
+  return validateMnemonic(mnemonic, wordlist);
+}
+
+export async function keysFromMnemonic(mnemonic: string): Promise<Keys> {
+  const seed = await seedFromMnemonic(mnemonic);
+
+  const { privateKey, publicKey } = forge.pki.ed25519.generateKeyPair({
+    seed,
+  });
+
+  return {
+    privateKey,
+    publicKey,
+    seed,
+  };
+}
+
+export function genMnemonic(): string {
+  return generateMnemonic(wordlist);
+}
+
+// eslint-disable-next-line @typescript-eslint/require-await
+export async function signCode(
+  code: string,
+  privateKey: Uint8Array,
+): Promise<Uint8Array> {
+  return forge.pki.ed25519.sign({
+    encoding: "utf8",
+    message: code,
+    privateKey,
+  });
+}
+
+export function bytesToBase64(bytes: Uint8Array) {
+  return forge.util.encode64(String.fromCodePoint(...bytes));
+}
+
+export function bytesToBase64Url(bytes: Uint8Array): string {
+  return bytesToBase64(bytes)
+    .replace(/\//g, "_")
+    .replace(/\+/g, "-")
+    .replace(/=+$/, "");
+}
+
+export async function signChallenge(keys: Keys, challengeCode: string) {
+  const signature = await signCode(challengeCode, keys.privateKey);
+  return bytesToBase64Url(signature);
+}
+
+export function base64ToBuffer(data: string) {
+  return forge.util.binary.base64.decode(data);
+}
+
+export function base64ToStringBuffer(data: string) {
+  return forge.util.createBuffer(base64ToBuffer(data));
+}
+
+export function stringBufferToBase64(buffer: forge.util.ByteStringBuffer) {
+  return forge.util.encode64(buffer.getBytes());
+}
+
+export async function encryptData(data: string, secret: Uint8Array) {
+  if (secret.byteLength !== 32)
+    throw new Error("Secret must be at least 256-bit");
+
+  const iv = await new Promise<string>((resolve, reject) => {
+    forge.random.getBytes(16, (err, bytes) => {
+      if (err) reject(err);
+      resolve(bytes);
+    });
+  });
+
+  const cipher = forge.cipher.createCipher(
+    "AES-GCM",
+    forge.util.createBuffer(secret),
+  );
+  cipher.start({
+    iv,
+    tagLength: 128,
+  });
+  cipher.update(forge.util.createBuffer(data, "utf8"));
+  cipher.finish();
+
+  const encryptedData = cipher.output;
+  const tag = cipher.mode.tag;
+
+  return `${forge.util.encode64(iv)}.${stringBufferToBase64(
+    encryptedData,
+  )}.${stringBufferToBase64(tag)}` as const;
+}
+
+export function decryptData(data: string, secret: Uint8Array) {
+  if (secret.byteLength !== 32) throw new Error("Secret must be 256-bit");
+
+  const [iv, encryptedData, tag] = data.split(".");
+  if (!iv || !encryptedData || !tag)
+    throw new Error("Invalid encrypted data format");
+
+  const decipher = forge.cipher.createDecipher(
+    "AES-GCM",
+    forge.util.createBuffer(secret),
+  );
+  decipher.start({
+    iv: base64ToStringBuffer(iv),
+    tag: base64ToStringBuffer(tag),
+    tagLength: 128,
+  });
+  decipher.update(base64ToStringBuffer(encryptedData));
+  const pass = decipher.finish();
+
+  if (!pass) throw new Error("Error decrypting data");
+
+  return decipher.output.toString();
+}

packages/api/src/index.ts

@@ -1,2 +1,4 @@
 export const name = "api";
 export * from "./auth";
+export * from "./crypto";
+

packages/api/src/login.ts

@@ -0,0 +1,48 @@
+import { ofetch } from "ofetch";
+
+import type { SessionResponse } from "./auth";
+
+export interface ChallengeTokenResponse {
+  challenge: string;
+}
+
+export async function getLoginChallengeToken(
+  url: string,
+  publicKey: string,
+): Promise<ChallengeTokenResponse> {
+  return ofetch<ChallengeTokenResponse>("/auth/login/start", {
+    method: "POST",
+    body: {
+      publicKey,
+    },
+    baseURL: url,
+  });
+}
+
+export interface LoginResponse {
+  session: SessionResponse;
+  token: string;
+}
+
+export interface LoginInput {
+  publicKey: string;
+  challenge: {
+    code: string;
+    signature: string;
+  };
+  device: string;
+}
+
+export async function loginAccount(
+  url: string,
+  data: LoginInput,
+): Promise<LoginResponse> {
+  return ofetch<LoginResponse>("/auth/login/complete", {
+    method: "POST",
+    body: {
+      namespace: "movie-web",
+      ...data,
+    },
+    baseURL: url,
+  });
+}

packages/api/src/meta.ts

@@ -0,0 +1,15 @@
+import { ofetch } from "ofetch";
+
+export interface MetaResponse {
+  version: string;
+  name: string;
+  description?: string;
+  hasCaptcha: boolean;
+  captchaClientKey?: string;
+}
+
+export async function getBackendMeta(url: string): Promise<MetaResponse> {
+  return ofetch<MetaResponse>("/meta", {
+    baseURL: url,
+  });
+}

packages/api/src/sessions.ts

@@ -0,0 +1,64 @@
+import { ofetch } from "ofetch";
+
+import { getAuthHeaders } from "./auth";
+
+export interface SessionResponse {
+  id: string;
+  userId: string;
+  createdAt: string;
+  accessedAt: string;
+  device: string;
+  userAgent: string;
+}
+
+export interface SessionUpdate {
+  deviceName: string;
+}
+
+interface Account {
+  profile: {
+    colorA: string;
+    colorB: string;
+    icon: string;
+  };
+}
+
+export type AccountWithToken = Account & {
+  sessionId: string;
+  userId: string;
+  token: string;
+  seed: string;
+  deviceName: string;
+};
+
+export async function getSessions(url: string, account: AccountWithToken) {
+  return ofetch<SessionResponse[]>(`/users/${account.userId}/sessions`, {
+    headers: getAuthHeaders(account.token),
+    baseURL: url,
+  });
+}
+
+export async function updateSession(
+  url: string,
+  account: AccountWithToken,
+  update: SessionUpdate,
+) {
+  return ofetch<SessionResponse[]>(`/sessions/${account.sessionId}`, {
+    method: "PATCH",
+    headers: getAuthHeaders(account.token),
+    body: update,
+    baseURL: url,
+  });
+}
+
+export async function removeSession(
+  url: string,
+  token: string,
+  sessionId: string,
+) {
+  return ofetch<SessionResponse[]>(`/sessions/${sessionId}`, {
+    method: "DELETE",
+    headers: getAuthHeaders(token),
+    baseURL: url,
+  });
+}

packages/api/src/settings.ts

@@ -0,0 +1,39 @@
+import { ofetch } from "ofetch";
+
+import type { AccountWithToken } from "./sessions";
+import { getAuthHeaders } from "./auth";
+
+export interface SettingsInput {
+  applicationLanguage?: string;
+  applicationTheme?: string | null;
+  defaultSubtitleLanguage?: string;
+  proxyUrls?: string[] | null;
+}
+
+export interface SettingsResponse {
+  applicationTheme?: string | null;
+  applicationLanguage?: string | null;
+  defaultSubtitleLanguage?: string | null;
+  proxyUrls?: string[] | null;
+}
+
+export function updateSettings(
+  url: string,
+  account: AccountWithToken,
+  settings: SettingsInput,
+) {
+  return ofetch<SettingsResponse>(`/users/${account.userId}/settings`, {
+    method: "PUT",
+    body: settings,
+    baseURL: url,
+    headers: getAuthHeaders(account.token),
+  });
+}
+
+export function getSettings(url: string, account: AccountWithToken) {
+  return ofetch<SettingsResponse>(`/users/${account.userId}/settings`, {
+    method: "GET",
+    baseURL: url,
+    headers: getAuthHeaders(account.token),
+  });
+}