chore: add internal package called @unkey/vault (#2279)

* chore: add internal package called @unkey/vault * fix: lint --------- Co-authored-by: chronark <[email protected]>
unkeyed · Oct 28, 2024 · 26b587a · 26b587a
1 parent eb15536
commit 26b587a
Show file tree

Hide file tree

Showing 4 changed files with 131 additions and 0 deletions.
diff --git a/apps/dashboard/package.json b/apps/dashboard/package.json
@@ -54,6 +54,7 @@
     "@unkey/rbac": "workspace:^",
     "@unkey/resend": "workspace:^",
     "@unkey/schema": "workspace:^",
+    "@unkey/vault": "workspace:^",
     "@unkey/vercel": "workspace:^",
     "@upstash/ratelimit": "^2.0.1",
     "@upstash/redis": "^1.31.3",

diff --git a/internal/vault/package.json b/internal/vault/package.json
@@ -0,0 +1,14 @@
+{
+  "name": "@unkey/vault",
+  "version": "1.0.0",
+  "description": "",
+  "main": "src/index.ts",
+  "types": "src/index.ts",
+  "keywords": [],
+  "author": "",
+  "devDependencies": {
+    "@types/node": "^20.14.9",
+    "@unkey/tsconfig": "workspace:*",
+    "typescript": "^5.5.3"
+  }
+}
diff --git a/internal/vault/src/index.ts b/internal/vault/src/index.ts
@@ -0,0 +1,101 @@
+export type EncryptRequest = {
+  keyring: string;
+  data: string;
+};
+
+export type EncryptResponse = {
+  encrypted: string;
+  keyId: string;
+};
+
+export type EncryptBulkRequest = {
+  keyring: string;
+  data: string[];
+};
+
+export type EncryptBulkResponse = {
+  encrypted: EncryptResponse[];
+};
+
+export type DecryptRequest = {
+  keyring: string;
+  encrypted: string;
+};
+
+export type DecryptResponse = {
+  plaintext: string;
+};
+
+export type RequestContext = {
+  requestId: string;
+};
+
+export class Vault {
+  private readonly baseUrl: string;
+  private readonly token: string;
+
+  constructor(baseUrl: string, token: string) {
+    this.baseUrl = baseUrl;
+    this.token = token;
+  }
+
+  public async encrypt(c: RequestContext, req: EncryptRequest): Promise<EncryptResponse> {
+    const url = `${this.baseUrl}/vault.v1.VaultService/Encrypt`;
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.token}`,
+        "Unkey-Request-Id": c.requestId,
+      },
+      body: JSON.stringify(req),
+    });
+
+    if (!res.ok) {
+      throw new Error(`Unable to encrypt, fetch error: ${await res.text()}`);
+    }
+
+    return res.json();
+  }
+
+  public async encryptBulk(
+    c: RequestContext,
+    req: EncryptBulkRequest,
+  ): Promise<EncryptBulkResponse> {
+    const url = `${this.baseUrl}/vault.v1.VaultService/EncryptBulk`;
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.token}`,
+        "Unkey-Request-Id": c.requestId,
+      },
+      body: JSON.stringify(req),
+    });
+
+    if (!res.ok) {
+      throw new Error(`Unable to encryptBulk, fetch error: ${await res.text()}`);
+    }
+
+    return res.json();
+  }
+
+  public async decrypt(c: RequestContext, req: DecryptRequest): Promise<DecryptResponse> {
+    const url = `${this.baseUrl}/vault.v1.VaultService/Decrypt`;
+    const res = await fetch(url, {
+      method: "POST",
+      headers: {
+        "Content-Type": "application/json",
+        Authorization: `Bearer ${this.token}`,
+        "Unkey-Request-Id": c.requestId,
+      },
+      body: JSON.stringify(req),
+    });
+
+    if (!res.ok) {
+      throw new Error(`Unable to decrypt, fetch error: ${await res.text()}`);
+    }
+
+    return res.json();
+  }
+}
diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml