28299807b6
ChatArea retry button uses setInput instead of direct sendToGateway, fix bootstrap spinner stuck for non-logged-in users, remove dead CSS (aurora-title/sidebar-open/quick-action-chips), add ai components (ReasoningBlock/StreamingText/ChatMode/ModelSelector/TaskProgress), add ClassroomPlayer + ResizableChatLayout + artifact panel Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
245 lines
5.6 KiB
TypeScript
245 lines
5.6 KiB
TypeScript
/**
|
|
* Security Module Index
|
|
*
|
|
* Central export point for all security-related functionality in ZCLAW.
|
|
*
|
|
* Modules:
|
|
* - crypto-utils: AES-256-GCM encryption, key derivation, hashing
|
|
* - secure-storage: OS keychain integration with encrypted localStorage fallback
|
|
* - api-key-storage: Secure API key management
|
|
* - encrypted-chat-storage: Encrypted chat history persistence
|
|
* - security-audit: Security event logging and reporting
|
|
* - security-utils: Input validation, XSS prevention, rate limiting
|
|
*/
|
|
|
|
import { createLogger } from './logger';
|
|
|
|
const log = createLogger('Security');
|
|
|
|
// Re-export crypto utilities
|
|
export {
|
|
// Core encryption
|
|
encrypt,
|
|
decrypt,
|
|
encryptObject,
|
|
decryptObject,
|
|
deriveKey,
|
|
generateMasterKey,
|
|
generateSalt,
|
|
|
|
// Hashing
|
|
hashSha256,
|
|
hashSha512,
|
|
|
|
// Utilities
|
|
arrayToBase64,
|
|
base64ToArray,
|
|
constantTimeEqual,
|
|
generateRandomString,
|
|
secureWipe,
|
|
clearKeyCache,
|
|
isCryptoAvailable,
|
|
isValidEncryptedData,
|
|
} from './crypto-utils';
|
|
|
|
export type { EncryptedData } from './crypto-utils';
|
|
|
|
// Re-export secure storage
|
|
export {
|
|
secureStorage,
|
|
isSecureStorageAvailable,
|
|
storeDeviceKeys,
|
|
getDeviceKeys,
|
|
deleteDeviceKeys,
|
|
hasDeviceKeys,
|
|
getDeviceKeysCreatedAt,
|
|
} from './secure-storage';
|
|
|
|
export type { Ed25519KeyPair } from './secure-storage';
|
|
|
|
// Re-export API key storage
|
|
export {
|
|
// Types
|
|
type ApiKeyType,
|
|
type ApiKeyMetadata,
|
|
|
|
// Core functions
|
|
storeApiKey,
|
|
getApiKey,
|
|
deleteApiKey,
|
|
listApiKeyMetadata,
|
|
updateApiKeyMetadata,
|
|
hasApiKey,
|
|
validateStoredApiKey,
|
|
rotateApiKey,
|
|
|
|
// Utility functions
|
|
validateApiKeyFormat,
|
|
exportApiKeyConfig,
|
|
isUsingKeychain,
|
|
generateTestApiKey,
|
|
} from './api-key-storage';
|
|
|
|
// Re-export encrypted chat storage
|
|
export {
|
|
initializeEncryptedChatStorage,
|
|
saveConversations,
|
|
loadConversations,
|
|
clearAllChatData,
|
|
exportEncryptedBackup,
|
|
importEncryptedBackup,
|
|
isEncryptedStorageActive,
|
|
getStorageStats,
|
|
rotateEncryptionKey,
|
|
} from './encrypted-chat-storage';
|
|
|
|
// Re-export security audit
|
|
export {
|
|
// Core logging
|
|
logSecurityEvent,
|
|
logAuthEvent,
|
|
logKeyEvent,
|
|
logDataEvent,
|
|
logSecurityViolation,
|
|
logDecryptionFailure,
|
|
logIntegrityFailure,
|
|
logPermissionEvent,
|
|
logSessionEvent,
|
|
logSuspiciousActivity,
|
|
logRateLimitEvent,
|
|
|
|
// Query functions
|
|
getSecurityEvents,
|
|
getSecurityEventsByType,
|
|
getSecurityEventsBySeverity,
|
|
getSecurityEventsByTimeRange,
|
|
getRecentCriticalEvents,
|
|
getSecurityEventsBySession,
|
|
|
|
// Report generation
|
|
generateSecurityAuditReport,
|
|
|
|
// Maintenance
|
|
clearSecurityAuditLog,
|
|
exportSecurityEvents,
|
|
importSecurityEvents,
|
|
verifyAuditLogIntegrity,
|
|
|
|
// Session management
|
|
getCurrentSessionId,
|
|
setCurrentSessionId,
|
|
setAuditEnabled,
|
|
isAuditEnabledState,
|
|
initializeSecurityAudit,
|
|
shutdownSecurityAudit,
|
|
} from './security-audit';
|
|
|
|
export type {
|
|
SecurityEventType,
|
|
SecurityEventSeverity,
|
|
SecurityEvent,
|
|
SecurityAuditReport,
|
|
} from './security-audit';
|
|
|
|
// Re-export security utilities
|
|
export {
|
|
// HTML sanitization
|
|
escapeHtml,
|
|
unescapeHtml,
|
|
sanitizeHtml,
|
|
|
|
// URL validation
|
|
validateUrl,
|
|
isSafeRedirectUrl,
|
|
|
|
// Path validation
|
|
validatePath,
|
|
|
|
// Input validation
|
|
isValidEmail,
|
|
isValidUsername,
|
|
validatePasswordStrength,
|
|
sanitizeFilename,
|
|
sanitizeJson,
|
|
|
|
// Rate limiting
|
|
isRateLimited,
|
|
resetRateLimit,
|
|
getRemainingAttempts,
|
|
|
|
// CSP helpers
|
|
generateCspNonce,
|
|
buildCspHeader,
|
|
DEFAULT_CSP_DIRECTIVES,
|
|
|
|
// Security checks
|
|
checkSecurityHeaders,
|
|
|
|
// Random generation
|
|
generateSecureToken,
|
|
generateSecureId,
|
|
} from './security-utils';
|
|
|
|
// ============================================================================
|
|
// Security Initialization
|
|
// ============================================================================
|
|
|
|
/**
|
|
* Initialize all security modules
|
|
* Call this during application startup
|
|
*/
|
|
export async function initializeSecurity(sessionId?: string): Promise<void> {
|
|
// Initialize security audit first
|
|
const { initializeSecurityAudit } = await import('./security-audit');
|
|
initializeSecurityAudit(sessionId);
|
|
|
|
// Initialize encrypted chat storage
|
|
const { initializeEncryptedChatStorage } = await import('./encrypted-chat-storage');
|
|
await initializeEncryptedChatStorage();
|
|
|
|
log.debug('All security modules initialized');
|
|
}
|
|
|
|
/**
|
|
* Shutdown all security modules
|
|
* Call this during application shutdown
|
|
*/
|
|
export async function shutdownSecurity(): Promise<void> {
|
|
const { shutdownSecurityAudit } = await import('./security-audit');
|
|
shutdownSecurityAudit();
|
|
|
|
const { clearKeyCache } = await import('./crypto-utils');
|
|
clearKeyCache();
|
|
|
|
log.debug('All security modules shut down');
|
|
}
|
|
|
|
/**
|
|
* Get a comprehensive security status report
|
|
*/
|
|
export async function getSecurityStatus(): Promise<{
|
|
auditEnabled: boolean;
|
|
keychainAvailable: boolean;
|
|
chatStorageInitialized: boolean;
|
|
storedApiKeys: number;
|
|
recentEvents: number;
|
|
criticalEvents: number;
|
|
}> {
|
|
const { isAuditEnabledState, getSecurityEventsBySeverity } = await import('./security-audit');
|
|
const { isSecureStorageAvailable } = await import('./secure-storage');
|
|
const { isEncryptedStorageActive: isChatStorageInitialized } = await import('./encrypted-chat-storage');
|
|
const { listApiKeyMetadata } = await import('./api-key-storage');
|
|
|
|
const criticalEvents = getSecurityEventsBySeverity('critical').length;
|
|
const errorEvents = getSecurityEventsBySeverity('error').length;
|
|
|
|
return {
|
|
auditEnabled: isAuditEnabledState(),
|
|
keychainAvailable: await isSecureStorageAvailable(),
|
|
chatStorageInitialized: await isChatStorageInitialized(),
|
|
storedApiKeys: (await listApiKeyMetadata()).length,
|
|
recentEvents: criticalEvents + errorEvents,
|
|
criticalEvents,
|
|
};
|
|
}
|