|
| 1 | +const crypto = require('crypto'); |
| 2 | +const base64url = require('base64url'); |
| 3 | +const fs = require('fs'); |
| 4 | +const { SecretsManagerClient, CreateSecretCommand, PutSecretValueCommand } = require('@aws-sdk/client-secrets-manager'); |
| 5 | + |
| 6 | +// Set up AWS SDK client |
| 7 | +const client = new SecretsManagerClient({ region: 'us-east-1' }); // Change region if needed |
| 8 | + |
| 9 | +// Create size byte hex salt |
| 10 | +function genSalt(size = 16) { |
| 11 | + const buffer = crypto.randomBytes(size); |
| 12 | + return buffer.toString('hex'); |
| 13 | +} |
| 14 | + |
| 15 | +// Create 32 byte b64 password |
| 16 | +function genPass(size = 32) { |
| 17 | + const buffer = crypto.randomBytes(size); |
| 18 | + return base64url.fromBase64(buffer.toString('base64')); |
| 19 | +} |
| 20 | + |
| 21 | +function genUser() { |
| 22 | + return 'user_' + Math.round(Math.random() * 1000); |
| 23 | +} |
| 24 | + |
| 25 | +function genHash(password, salt) { |
| 26 | + const hash = crypto |
| 27 | + .createHmac('sha256', salt) |
| 28 | + .update(password) |
| 29 | + .digest('hex'); |
| 30 | + return hash; |
| 31 | +} |
| 32 | + |
| 33 | +function genRpcAuth(username = genUser(), password = genPass(), salt = genSalt()) { |
| 34 | + const hash = genHash(password, salt); |
| 35 | + return { username, password, salt, hash }; |
| 36 | +} |
| 37 | + |
| 38 | +function writeRpcAuthToConf(rpcauthStr) { |
| 39 | + const confPath = 'lib/bitcoin.conf'; |
| 40 | + try { |
| 41 | + fs.writeFileSync(confPath, rpcauthStr + '\n', { flag: 'a' }); |
| 42 | + console.log(`Successfully wrote to ${confPath}`); |
| 43 | + } catch (error) { |
| 44 | + console.error(`Error writing to ${confPath}:`, error); |
| 45 | + } |
| 46 | +} |
| 47 | + |
| 48 | +async function storeCredentialsInAWS(username, password) { |
| 49 | + const secretName = 'bitcoin_rpc_credentials'; |
| 50 | + const secretValue = `${username}:${password}`; |
| 51 | + |
| 52 | + try { |
| 53 | + const createCommand = new CreateSecretCommand({ |
| 54 | + Name: secretName, |
| 55 | + SecretString: secretValue, |
| 56 | + }); |
| 57 | + await client.send(createCommand); |
| 58 | + console.log(`Successfully stored credentials in AWS Secrets Manager: ${secretName}`); |
| 59 | + } catch (error) { |
| 60 | + if (error.name === 'ResourceExistsException') { |
| 61 | + const updateCommand = new PutSecretValueCommand({ |
| 62 | + SecretId: secretName, |
| 63 | + SecretString: secretValue, |
| 64 | + }); |
| 65 | + await client.send(updateCommand); |
| 66 | + console.log(`Successfully updated existing secret in AWS Secrets Manager: ${secretName}`); |
| 67 | + } else { |
| 68 | + console.error(`Error storing credentials in AWS Secrets Manager:`, error); |
| 69 | + } |
| 70 | + } |
| 71 | +} |
| 72 | + |
| 73 | +async function genRpcAuthStr(username, password, salt) { |
| 74 | + const rpcauth = genRpcAuth(username, password, salt); |
| 75 | + const str = `rpcauth=${rpcauth.username}:${rpcauth.salt}$${rpcauth.hash}`; |
| 76 | + const strEscapeCharacter = `${rpcauth.username}:${rpcauth.salt}\\$${rpcauth.hash}`; |
| 77 | + console.log(`Username: ${rpcauth.username}`); |
| 78 | + console.log("Password generated securely and stored in Secrets Manager"); |
| 79 | + console.log(`rpcauth string with escape character: ${strEscapeCharacter}`); // Print the rpcauth string |
| 80 | + |
| 81 | + // Write to bitcoin.conf |
| 82 | + writeRpcAuthToConf(str); |
| 83 | + |
| 84 | + // Store in AWS Secrets Manager |
| 85 | + await storeCredentialsInAWS(rpcauth.username, rpcauth.password); |
| 86 | + |
| 87 | + return str; |
| 88 | +} |
| 89 | + |
| 90 | +// Example usage |
| 91 | +genRpcAuthStr(); |
| 92 | + |
| 93 | +module.exports = { |
| 94 | + genSalt, |
| 95 | + genPass, |
| 96 | + genUser, |
| 97 | + genHash, |
| 98 | + genRpcAuth, |
| 99 | + genRpcAuthStr, |
| 100 | +}; |
0 commit comments