Merge branch 'main' into impoHashFix

.github/workflows/greetings.yml

@@ -1,6 +1,10 @@
 name: Greetings
 
-on: [pull_request_target, issues]
+on: 
+  pull_request_target:
+    types: [opened, synchronized, reopened, closed]
+  issues:
+    types: [opened]
 
 jobs:
   greeting:
@@ -9,8 +13,26 @@ jobs:
       issues: write
       pull-requests: write
     steps:
-      - uses: actions/first-interaction@v1
+      - name: Greet on new issue
+        if: github.event_name == 'issues'
+        uses: actions/first-interaction@v1
         with:
-          repo-token: ${{ secrets.GITHUB_TOKEN }}
           issue-message: "👋 Thank you for raising an issue! We appreciate your effort in helping us improve. Our team will review it shortly. Stay tuned!"
-          pr-message: " 🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer will review it as soon as possible. We appreciate your support in making this project better"
+
+      - name: Greet on new pull request
+        if: github.event_name == 'pull_request'
+        uses: actions/first-interaction@v1
+        with:
+          pr-message: "🎉 Thank you for your contribution! Your pull request has been submitted successfully. A maintainer will review it as soon as possible. We appreciate your support in making this project better."
+
+      - name: Congratulate on merged pull request
+        if: github.event_name == 'pull_request' && github.event.action == 'closed' && github.event.pull_request.merged == true
+        run: |
+          echo "Congratulations to @${{ github.event.pull_request.user.login }} for merging your pull request! 🎉"
+          echo "If you enjoyed contributing, please consider giving us a star on GitHub and following us for updates!"
+          # Post a comment on the PR
+          curl -X POST \
+            -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" \
+            -H "Accept: application/vnd.github.v3+json" \
+            https://api.github.com/repos/${{ github.repository }}/issues/${{ github.event.pull_request.number }}/comments \
+            -d "{\"body\": \"Congratulations @${{ github.event.pull_request.user.login }} for merging your pull request! 🎉 If you enjoyed contributing, please consider giving us a star on GitHub and following us for updates!\"}"

LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2024 Adarsh
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

backend/.env

@@ -1,2 +1,5 @@
 MONGO_URI = mongodb://localhost:27017
-DB_NAME = passop
+DB_NAME = passop
+# Encryption and Decryption keys
+# Must be 256 bits (32 bytes)
+ENCRYPTION_KEY = thisisaverysecureencryptionkey!! 

backend/server.js

@@ -4,9 +4,10 @@ const { MongoClient, ObjectId } = require("mongodb");
 const bodyParser = require("body-parser");
 const cors = require("cors");
 const crypto = require("crypto");
+dotenv.config();
 
 // Encryption and Decryption keys
-const ENCRYPTION_KEY = crypto.randomBytes(32); // Must be 256 bits (32 bytes)
+const ENCRYPTION_KEY = Buffer.from(process.env.ENCRYPTION_KEY, 'utf-8');
 const IV_LENGTH = 16; // For AES, this is always 16
 
 // Encrypt a password
@@ -22,7 +23,6 @@ const encrypt = (text) => {
   return iv.toString("hex") + ":" + encrypted; // Store IV with the encrypted password
 };
 
-// Decrypt function
 const decrypt = (text) => {
   const [iv, encryptedData] = text.split(":");
   const ivBuffer = Buffer.from(iv, "hex");
@@ -33,13 +33,12 @@ const decrypt = (text) => {
     ivBuffer
   );
   let decrypted = decipher.update(encryptedData, "hex", "utf-8");
+
   decrypted += decipher.final("utf-8");
 
   return decrypted;
 };
 
-dotenv.config();
-
 // Connecting to the MongoDB Client
 const url = process.env.MONGO_URI;
 const client = new MongoClient(url);
@@ -61,21 +60,46 @@ const port = process.env.PORT || 3000; // Use port from environment variables or
 
 // Middleware
 app.use(bodyParser.json());
-app.use(cors());
+app.use(cors({ origin: 'chrome-extension://your-extension-id' })); // Replace with your actual extension ID
 
 // Get all the passwords
 app.get("/", async (req, res) => {
   try {
     const db = client.db(dbName);
     const collection = db.collection("passwords");
     const passwords = await collection.find({}).toArray();
-    res.status(200).json(passwords);
+    const decryptedPassword = passwords.map((item) => {
+      const [iv, encryptedData] = item.password.split(':');
+      return { ...item, password: decrypt({ iv, encryptedData }) };
+    });
+    res.status(200).json(decryptedPassword);
   } catch (error) {
     console.error("Error fetching passwords:", error);
     res.status(500).json({ success: false, message: "Internal Server Error" });
   }
 });
 
+// Get a password by id
+app.get("/:id", async (req, res) => {
+  try {
+    const { id } = req.params;
+    const db = client.db(dbName);
+    const collection = db.collection("passwords");
+    const item = await collection.findOne({ _id: new ObjectId(id) });
+
+    if (!item) {
+      return res.status(404).json({ success: false, message: "Password not found" });
+    }
+
+    const [iv, encryptedData] = item.password.split(':');
+    const decryptedPassword = decrypt({ iv, encryptedData });
+    res.status(200).json({ ...item, password: decryptedPassword });
+  } catch (error) {
+    console.error("Error fetching password:", error);
+    res.status(500).json({ success: false, message: "Internal Server Error" });
+  }
+});
+
 // Save a password
 app.post("/", async (req, res) => {
   try {