encryption if key passed

Author: poulphunter

package-lock.json

@@ -18,6 +18,7 @@
     "@types/hast": "^3.0.4",
     "@vscode/markdown-it-katex": "^1.1.1",
     "autoprefixer": "^10.4.20",
+    "buffer": "^6.0.3",
     "daisyui": "^4.12.14",
     "dexie": "^4.0.11",
     "dexie-export-import": "^4.1.4",
@@ -26,6 +27,7 @@
     "i18next-browser-languagedetector": "^8.0.4",
     "i18next-http-backend": "^3.0.2",
     "katex": "^0.16.15",
+    "node-forge": "^1.3.1",
     "postcss": "^8.4.49",
     "react": "^18.3.1",
     "react-dom": "^18.3.1",
@@ -46,9 +48,11 @@
   "devDependencies": {
     "@eslint/js": "^9.17.0",
     "@types/markdown-it": "^14.1.2",
-    "@types/node": "^22.13.1",
+    "@types/node": "^22.17.0",
+    "@types/node-forge": "^1.3.13",
     "@types/react": "^18.3.18",
     "@types/react-dom": "^18.3.5",
+    "@types/react-router": "^5.1.20",
     "@vitejs/plugin-react": "^4.3.4",
     "eslint": "^9.17.0",
     "eslint-plugin-react-hooks": "^5.0.0",

package.json

@@ -21,6 +21,11 @@ export const BASE_URL:string =
   parseHashParams(window.location.hash)['h'] ??
   parseHashParams(window.location.hash)['host'] ??
   new URL('.', document.baseURI).href.toString().replace(/\/$/, '');
+
+export const ENCRYPT_KEY:string =
+  parseHashParams(window.location.hash)['k'] ??
+  parseHashParams(window.location.hash)['key'] ??
+  '';
 export const INIT_MESSAGE:string =
   parseHashParams(window.location.hash)['m'] ??
   parseHashParams(window.location.hash)['message'] ??

src/Config.ts

@@ -0,0 +1,95 @@
+'use strict';
+'use strict';
+
+import forge from 'node-forge';
+import { Buffer } from 'buffer';
+import { ENCRYPT_KEY } from './Config.ts';
+
+export class Crypt {
+  key = ENCRYPT_KEY;
+
+  stringToHex(str: string): string {
+    let hex = '';
+    for (let i = 0; i < str.length; i++) {
+      // Get the ASCII value of the character
+      const asciiValue = str.charCodeAt(i);
+
+      // Convert the ASCII value to a hexadecimal string and pad with leading zeros if necessary
+      const hexValue = asciiValue.toString(16).padStart(2, '0');
+
+      // Append the hexadecimal value to the result string
+      hex += hexValue;
+    }
+    return hex.toLowerCase(); // Convert to uppercase for consistency
+  }
+
+  hexToString(hexString: string): string {
+    let str = '';
+    for (let i = 0; i < hexString.length; i += 2) {
+      // Get the hexadecimal pair
+      const hexPair = hexString.substring(i, i + 2);
+
+      // Convert the hexadecimal pair to a decimal number
+      const decimalValue = parseInt(hexPair, 16);
+
+      // Convert the decimal number to a character
+      const char = String.fromCharCode(decimalValue);
+
+      // Append the character to the result string
+      str += char;
+    }
+    return str;
+  }
+
+  encrypt(data: string): string {
+    try {
+      const key = forge.util.createBuffer(Buffer.from(this.key, 'hex'));
+      const iv = forge.random.getBytesSync(16);
+      const cipher = forge.cipher.createCipher('AES-GCM', key);
+      cipher.start({
+        iv: iv, // should be a 12-byte binary-encoded string or byte buffer
+        // additionalData: "binary-encoded string", // optional
+        tagLength: 128, // optional, defaults to 128 bits
+      });
+      cipher.update(forge.util.createBuffer(forge.util.encodeUtf8(data)));
+      cipher.finish();
+      const encrypted = cipher.output;
+      const tag = cipher.mode.tag;
+      const ivh = this.stringToHex(iv);
+      return ivh + tag.toHex() + encrypted.toHex();
+    } catch (err) {
+      console.log(err);
+    }
+    return '';
+  }
+
+  decrypt(data: string): string {
+    try {
+      const key = forge.util.createBuffer(Buffer.from(this.key, 'hex'));
+      const ivh = data.substring(0, 32);
+      const iv = this.hexToString(ivh);
+      data = data.substring(32);
+      const tagh = data.substring(0, 32);
+      const tag = forge.util.createBuffer(Buffer.from(tagh, 'hex'));
+      data = data.substring(32);
+      const data2 = forge.util.createBuffer(Buffer.from(data, 'hex'));
+
+      const decipher = forge.cipher.createDecipher('AES-GCM', key);
+      decipher.start({
+        iv: iv,
+        // additionalData: "binary-encoded string", // optional
+        tagLength: 128, // optional, defaults to 128 bits
+        tag: tag, // authentication tag from encryption
+      });
+      decipher.update(data2);
+      const pass = decipher.finish();
+      // pass is false if there was a failure (eg: authentication tag didn't match)
+      if (pass) {
+        return forge.util.decodeUtf8(decipher.output.data);
+      }
+    } catch (err) {
+      console.log(err);
+    }
+    return '';
+  }
+}

src/crypt.ts

@@ -26,13 +26,15 @@ import {
   BASE_URL,
   CONFIG_DEFAULT,
   CONFIG_DEFAULT_KEY,
+  ENCRYPT_KEY,
   isDev,
   PROMPT_JSON,
 } from '../Config';
 import { matchPath, useLocation, useNavigate } from 'react-router';
 import useStateCallback from './UseStateCallback.tsx';
 import { useTranslation } from 'react-i18next';
 import i18next from 'i18next';
+import { Crypt } from '../crypt';
 
 type languageOption = { language: string; code: string };
 
@@ -405,7 +407,7 @@ export const AppContextProvider = ({
         'Content-Type': 'application/json',
         ...(config.apiKey ? { Authorization: `Bearer ${config.apiKey}` } : {}),
       },
-      body: JSON.stringify(params),
+      body: ENCRYPT_KEY===''?JSON.stringify(params):JSON.stringify({message:new Crypt().encrypt(JSON.stringify(params))}),
       signal: abortController.signal,
     });
     if (fetchResponse.status !== 200) {

src/utils/app.context.tsx

@@ -4,6 +4,8 @@ import { APIMessage, Message } from './types';
 
 // ponyfill for missing ReadableStream asyncIterator on Safari
 import { asyncIterator } from '@sec-ant/readable-stream/ponyfill/asyncIterator';
+import { ENCRYPT_KEY } from '../Config.ts';
+import { Crypt } from '../crypt.ts';
 
 // eslint-disable-next-line @typescript-eslint/no-explicit-any
 export const isString = (x: any) => !!x.toLowerCase;
@@ -21,11 +23,17 @@ export async function* getSSEStreamAsync(fetchResponse: Response) {
     .pipeThrough(new TextLineStream());
   // @ts-expect-error asyncIterator complains about type, but it should work
   for await (const line of asyncIterator(lines)) {
-    if (line.startsWith('data:') && !line.endsWith('[DONE]')) {
-      const data = JSON.parse(line.slice(5));
+    let line2=line;
+    if (ENCRYPT_KEY!=='')
+    {
+      line2=new Crypt().decrypt(line2.replaceAll('"',''));
+      line2=line2.replaceAll("\n",'');
+    }
+    if (line2.startsWith('data:') && !line2.endsWith('[DONE]')) {
+      const data = JSON.parse(line2.slice(5));
       yield data;
-    } else if (line.startsWith('error:')) {
-      const data = JSON.parse(line.slice(6));
+    } else if (line2.startsWith('error:')) {
+      const data = JSON.parse(line2.slice(6));
       throw new Error(data.message || 'Unknown error');
     }
   }