[PM-5459] Move libs/exporter to libs/tools/ (#7380)

* Move libs/exporter into libs/tools/*

Migrating all files from libs/exporter over to libs/tools/export/vault-export/vault-export-core
Rename package to vault-export-core
Fix all file paths

* Update libs and tsconfig imports

* Fix client imports

* Fix eslint, jest and package-lock.json

* Update CODEOWNERS

* Add README.md to whitelist-capital-letters

* Fix vault-export-service tests not running

* Update libs/tools/export/vault-export/README.md

Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>

* Fix types imports

* Export types from vault-export-core

* Fixed content of README

---------

Co-authored-by: Daniel James Smith <djsmith85@users.noreply.github.com>
Co-authored-by: Vincent Salucci <26154748+vincentsalucci@users.noreply.github.com>

libs/tools/export/vault-export/README.md

@@ -0,0 +1,15 @@
+# Vault Export
+
+This folder contains 2 packages that can be used to export a users or an organizational vault.
+
+## vault-export-core
+
+Package name: `@bitwarden/vault-export-core`
+
+Contains all types, models, and services to export a user or organization's vault.
+
+Currently in use by the Bitwarden Web Vault, CLI, desktop app and browser extension
+
+## vault-export-ui
+
+Package name: `@bitwarden/vault-export-ui`

libs/tools/export/vault-export/vault-export-core/jest.config.js

@@ -0,0 +1,13 @@
+const { pathsToModuleNameMapper } = require("ts-jest");
+
+const { compilerOptions } = require("../../../../shared/tsconfig.libs");
+
+/** @type {import('jest').Config} */
+module.exports = {
+  testMatch: ["**/+(*.)+(spec).+(ts)"],
+  preset: "ts-jest",
+  testEnvironment: "jsdom",
+  moduleNameMapper: pathsToModuleNameMapper(compilerOptions?.paths || {}, {
+    prefix: "<rootDir>/../../../",
+  }),
+};

libs/tools/export/vault-export/vault-export-core/package.json

@@ -0,0 +1,23 @@
+{
+  "name": "@bitwarden/vault-export-core",
+  "version": "0.0.0",
+  "description": "Home for all Bitwarden vault exporters.",
+  "keywords": [
+    "bitwarden"
+  ],
+  "author": "Bitwarden Inc.",
+  "homepage": "https://bitwarden.com",
+  "repository": {
+    "type": "git",
+    "url": "https://github.com/bitwarden/clients"
+  },
+  "license": "GPL-3.0",
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "npm run clean && tsc",
+    "build:watch": "npm run clean && tsc -watch"
+  },
+  "dependencies": {
+    "@bitwarden/common": "file:../../../../common"
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/index.ts

@@ -0,0 +1,8 @@
+export * from "./types";
+
+export * from "./services/vault-export.service.abstraction";
+export * from "./services/vault-export.service";
+export * from "./services/org-vault-export.service.abstraction";
+export * from "./services/org-vault-export.service";
+export * from "./services/individual-vault-export.service.abstraction";
+export * from "./services/individual-vault-export.service";

libs/tools/export/vault-export/vault-export-core/src/services/base-vault-export.service.ts

@@ -0,0 +1,93 @@
+import { KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { KdfType } from "@bitwarden/common/platform/enums";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+
+import { BitwardenCsvExportType, BitwardenPasswordProtectedFileFormat } from "../types";
+export class BaseVaultExportService {
+  constructor(
+    protected cryptoService: CryptoService,
+    private cryptoFunctionService: CryptoFunctionService,
+    private stateService: StateService,
+  ) {}
+
+  protected async buildPasswordExport(clearText: string, password: string): Promise<string> {
+    const kdfType: KdfType = await this.stateService.getKdfType();
+    const kdfConfig: KdfConfig = await this.stateService.getKdfConfig();
+
+    const salt = Utils.fromBufferToB64(await this.cryptoFunctionService.randomBytes(16));
+    const key = await this.cryptoService.makePinKey(password, salt, kdfType, kdfConfig);
+
+    const encKeyValidation = await this.cryptoService.encrypt(Utils.newGuid(), key);
+    const encText = await this.cryptoService.encrypt(clearText, key);
+
+    const jsonDoc: BitwardenPasswordProtectedFileFormat = {
+      encrypted: true,
+      passwordProtected: true,
+      salt: salt,
+      kdfType: kdfType,
+      kdfIterations: kdfConfig.iterations,
+      kdfMemory: kdfConfig.memory,
+      kdfParallelism: kdfConfig.parallelism,
+      encKeyValidation_DO_NOT_EDIT: encKeyValidation.encryptedString,
+      data: encText.encryptedString,
+    };
+
+    return JSON.stringify(jsonDoc, null, "  ");
+  }
+
+  protected buildCommonCipher(
+    cipher: BitwardenCsvExportType,
+    c: CipherView,
+  ): BitwardenCsvExportType {
+    cipher.type = null;
+    cipher.name = c.name;
+    cipher.notes = c.notes;
+    cipher.fields = null;
+    cipher.reprompt = c.reprompt;
+    // Login props
+    cipher.login_uri = null;
+    cipher.login_username = null;
+    cipher.login_password = null;
+    cipher.login_totp = null;
+
+    if (c.fields) {
+      c.fields.forEach((f) => {
+        if (!cipher.fields) {
+          cipher.fields = "";
+        } else {
+          cipher.fields += "\n";
+        }
+
+        cipher.fields += (f.name || "") + ": " + f.value;
+      });
+    }
+
+    switch (c.type) {
+      case CipherType.Login:
+        cipher.type = "login";
+        cipher.login_username = c.login.username;
+        cipher.login_password = c.login.password;
+        cipher.login_totp = c.login.totp;
+
+        if (c.login.uris) {
+          cipher.login_uri = [];
+          c.login.uris.forEach((u) => {
+            cipher.login_uri.push(u.uri);
+          });
+        }
+        break;
+      case CipherType.SecureNote:
+        cipher.type = "note";
+        break;
+      default:
+        return;
+    }
+
+    return cipher;
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/services/export-helper.ts

@@ -0,0 +1,24 @@
+export class ExportHelper {
+  static getFileName(prefix: string = null, extension = "csv"): string {
+    const now = new Date();
+    const dateString =
+      now.getFullYear() +
+      "" +
+      this.padNumber(now.getMonth() + 1, 2) +
+      "" +
+      this.padNumber(now.getDate(), 2) +
+      this.padNumber(now.getHours(), 2) +
+      "" +
+      this.padNumber(now.getMinutes(), 2) +
+      this.padNumber(now.getSeconds(), 2);
+
+    return "bitwarden" + (prefix ? "_" + prefix : "") + "_export_" + dateString + "." + extension;
+  }
+
+  private static padNumber(num: number, width: number, padCharacter = "0"): string {
+    const numString = num.toString();
+    return numString.length >= width
+      ? numString
+      : new Array(width - numString.length + 1).join(padCharacter) + numString;
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.abstraction.ts

@@ -0,0 +1,6 @@
+import { ExportFormat } from "./vault-export.service.abstraction";
+
+export abstract class IndividualVaultExportServiceAbstraction {
+  getExport: (format: ExportFormat) => Promise<string>;
+  getPasswordProtectedExport: (password: string) => Promise<string>;
+}

libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.spec.ts

@@ -0,0 +1,289 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
+import { CipherWithIdExport } from "@bitwarden/common/models/export/cipher-with-ids.export";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { KdfType, PBKDF2_ITERATIONS } from "@bitwarden/common/platform/enums";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { StateService } from "@bitwarden/common/platform/services/state.service";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { Folder } from "@bitwarden/common/vault/models/domain/folder";
+import { Login } from "@bitwarden/common/vault/models/domain/login";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
+
+import { BuildTestObject, GetUniqueString } from "../../../../../../common/spec";
+
+import { IndividualVaultExportService } from "./individual-vault-export.service";
+
+const UserCipherViews = [
+  generateCipherView(false),
+  generateCipherView(false),
+  generateCipherView(true),
+];
+
+const UserCipherDomains = [
+  generateCipherDomain(false),
+  generateCipherDomain(false),
+  generateCipherDomain(true),
+];
+
+const UserFolderViews = [generateFolderView(), generateFolderView()];
+
+const UserFolders = [generateFolder(), generateFolder()];
+
+function generateCipherView(deleted: boolean) {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      notes: GetUniqueString("notes"),
+      type: CipherType.Login,
+      login: BuildTestObject<LoginView>(
+        {
+          username: GetUniqueString("username"),
+          password: GetUniqueString("password"),
+        },
+        LoginView,
+      ),
+      collectionIds: null,
+      deletedDate: deleted ? new Date() : null,
+    },
+    CipherView,
+  );
+}
+
+function generateCipherDomain(deleted: boolean) {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      notes: new EncString(GetUniqueString("notes")),
+      type: CipherType.Login,
+      login: BuildTestObject<Login>(
+        {
+          username: new EncString(GetUniqueString("username")),
+          password: new EncString(GetUniqueString("password")),
+        },
+        Login,
+      ),
+      collectionIds: null,
+      deletedDate: deleted ? new Date() : null,
+    },
+    Cipher,
+  );
+}
+
+function generateFolderView() {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      name: GetUniqueString("name"),
+      revisionDate: new Date(),
+    },
+    FolderView,
+  );
+}
+
+function generateFolder() {
+  const actual = Folder.fromJSON({
+    revisionDate: new Date("2022-08-04T01:06:40.441Z").toISOString(),
+    name: "name" as EncryptedString,
+    id: "id",
+  });
+  return actual;
+}
+
+function expectEqualCiphers(ciphers: CipherView[] | Cipher[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).items);
+  const items: CipherWithIdExport[] = [];
+  ciphers.forEach((c: CipherView | Cipher) => {
+    const item = new CipherWithIdExport();
+    item.build(c);
+    items.push(item);
+  });
+
+  expect(actual).toEqual(JSON.stringify(items));
+}
+
+function expectEqualFolderViews(folderviews: FolderView[] | Folder[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).folders);
+  const folders: FolderResponse[] = [];
+  folderviews.forEach((c) => {
+    const folder = new FolderResponse();
+    folder.id = c.id;
+    folder.name = c.name.toString();
+    folders.push(folder);
+  });
+
+  expect(actual.length).toBeGreaterThan(0);
+  expect(actual).toEqual(JSON.stringify(folders));
+}
+
+function expectEqualFolders(folders: Folder[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).folders);
+  const items: Folder[] = [];
+  folders.forEach((c) => {
+    const item = new Folder();
+    item.id = c.id;
+    item.name = c.name;
+    items.push(item);
+  });
+
+  expect(actual.length).toBeGreaterThan(0);
+  expect(actual).toEqual(JSON.stringify(items));
+}
+
+describe("VaultExportService", () => {
+  let exportService: IndividualVaultExportService;
+  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
+  let cipherService: MockProxy<CipherService>;
+  let folderService: MockProxy<FolderService>;
+  let cryptoService: MockProxy<CryptoService>;
+  let stateService: MockProxy<StateService>;
+
+  beforeEach(() => {
+    cryptoFunctionService = mock<CryptoFunctionService>();
+    cipherService = mock<CipherService>();
+    folderService = mock<FolderService>();
+    cryptoService = mock<CryptoService>();
+    stateService = mock<StateService>();
+
+    folderService.getAllDecryptedFromState.mockResolvedValue(UserFolderViews);
+    folderService.getAllFromState.mockResolvedValue(UserFolders);
+    stateService.getKdfType.mockResolvedValue(KdfType.PBKDF2_SHA256);
+    stateService.getKdfConfig.mockResolvedValue(new KdfConfig(PBKDF2_ITERATIONS.defaultValue));
+    cryptoService.encrypt.mockResolvedValue(new EncString("encrypted"));
+
+    exportService = new IndividualVaultExportService(
+      folderService,
+      cipherService,
+      cryptoService,
+      cryptoFunctionService,
+      stateService,
+    );
+  });
+
+  it("exports unencrypted user ciphers", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+
+    const actual = await exportService.getExport("json");
+
+    expectEqualCiphers(UserCipherViews.slice(0, 1), actual);
+  });
+
+  it("exports encrypted json user ciphers", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains.slice(0, 1));
+
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualCiphers(UserCipherDomains.slice(0, 1), actual);
+  });
+
+  it("does not unencrypted export trashed user items", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews);
+
+    const actual = await exportService.getExport("json");
+
+    expectEqualCiphers(UserCipherViews.slice(0, 2), actual);
+  });
+
+  it("does not encrypted export trashed user items", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains);
+
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualCiphers(UserCipherDomains.slice(0, 2), actual);
+  });
+
+  describe("password protected export", () => {
+    let exportString: string;
+    let exportObject: any;
+    let mac: MockProxy<EncString>;
+    let data: MockProxy<EncString>;
+    const password = "password";
+    const salt = "salt";
+
+    describe("export json object", () => {
+      beforeEach(async () => {
+        mac = mock<EncString>();
+        data = mock<EncString>();
+
+        mac.encryptedString = "mac" as EncryptedString;
+        data.encryptedString = "encData" as EncryptedString;
+
+        jest.spyOn(Utils, "fromBufferToB64").mockReturnValue(salt);
+        cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+      });
+
+      it("specifies it is encrypted", () => {
+        expect(exportObject.encrypted).toBe(true);
+      });
+
+      it("specifies it's password protected", () => {
+        expect(exportObject.passwordProtected).toBe(true);
+      });
+
+      it("specifies salt", () => {
+        expect(exportObject.salt).toEqual("salt");
+      });
+
+      it("specifies kdfIterations", () => {
+        expect(exportObject.kdfIterations).toEqual(PBKDF2_ITERATIONS.defaultValue);
+      });
+
+      it("has kdfType", () => {
+        expect(exportObject.kdfType).toEqual(KdfType.PBKDF2_SHA256);
+      });
+
+      it("has a mac property", async () => {
+        cryptoService.encrypt.mockResolvedValue(mac);
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+
+        expect(exportObject.encKeyValidation_DO_NOT_EDIT).toEqual(mac.encryptedString);
+      });
+
+      it("has data property", async () => {
+        cryptoService.encrypt.mockResolvedValue(data);
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+
+        expect(exportObject.data).toEqual(data.encryptedString);
+      });
+
+      it("encrypts the data property", async () => {
+        const unencrypted = await exportService.getExport();
+        expect(exportObject.data).not.toEqual(unencrypted);
+      });
+    });
+  });
+
+  it("exported unencrypted object contains folders", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+    await folderService.getAllDecryptedFromState();
+    const actual = await exportService.getExport("json");
+
+    expectEqualFolderViews(UserFolderViews, actual);
+  });
+
+  it("exported encrypted json contains folders", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains.slice(0, 1));
+    await folderService.getAllFromState();
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualFolders(UserFolders, actual);
+  });
+});
+
+export class FolderResponse {
+  id: string = null;
+  name: string = null;
+}

libs/tools/export/vault-export/vault-export-core/src/services/individual-vault-export.service.ts

@@ -0,0 +1,185 @@
+import * as papa from "papaparse";
+
+import { CipherWithIdExport, FolderWithIdExport } from "@bitwarden/common/models/export";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { Folder } from "@bitwarden/common/vault/models/domain/folder";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+
+import {
+  BitwardenCsvIndividualExportType,
+  BitwardenEncryptedIndividualJsonExport,
+  BitwardenUnEncryptedIndividualJsonExport,
+} from "../types";
+
+import { BaseVaultExportService } from "./base-vault-export.service";
+import { IndividualVaultExportServiceAbstraction } from "./individual-vault-export.service.abstraction";
+import { ExportFormat } from "./vault-export.service.abstraction";
+
+export class IndividualVaultExportService
+  extends BaseVaultExportService
+  implements IndividualVaultExportServiceAbstraction
+{
+  constructor(
+    private folderService: FolderService,
+    private cipherService: CipherService,
+    cryptoService: CryptoService,
+    cryptoFunctionService: CryptoFunctionService,
+    stateService: StateService,
+  ) {
+    super(cryptoService, cryptoFunctionService, stateService);
+  }
+
+  async getExport(format: ExportFormat = "csv"): Promise<string> {
+    if (format === "encrypted_json") {
+      return this.getEncryptedExport();
+    }
+    return this.getDecryptedExport(format);
+  }
+
+  async getPasswordProtectedExport(password: string): Promise<string> {
+    const clearText = await this.getExport("json");
+    return this.buildPasswordExport(clearText, password);
+  }
+
+  private async getDecryptedExport(format: "json" | "csv"): Promise<string> {
+    let decFolders: FolderView[] = [];
+    let decCiphers: CipherView[] = [];
+    const promises = [];
+
+    promises.push(
+      this.folderService.getAllDecryptedFromState().then((folders) => {
+        decFolders = folders;
+      }),
+    );
+
+    promises.push(
+      this.cipherService.getAllDecrypted().then((ciphers) => {
+        decCiphers = ciphers.filter((f) => f.deletedDate == null);
+      }),
+    );
+
+    await Promise.all(promises);
+
+    if (format === "csv") {
+      return this.buildCsvExport(decFolders, decCiphers);
+    }
+
+    return this.buildJsonExport(decFolders, decCiphers);
+  }
+
+  private async getEncryptedExport(): Promise<string> {
+    let folders: Folder[] = [];
+    let ciphers: Cipher[] = [];
+    const promises = [];
+
+    promises.push(
+      this.folderService.getAllFromState().then((f) => {
+        folders = f;
+      }),
+    );
+
+    promises.push(
+      this.cipherService.getAll().then((c) => {
+        ciphers = c.filter((f) => f.deletedDate == null);
+      }),
+    );
+
+    await Promise.all(promises);
+
+    const encKeyValidation = await this.cryptoService.encrypt(Utils.newGuid());
+
+    const jsonDoc: BitwardenEncryptedIndividualJsonExport = {
+      encrypted: true,
+      encKeyValidation_DO_NOT_EDIT: encKeyValidation.encryptedString,
+      folders: [],
+      items: [],
+    };
+
+    folders.forEach((f) => {
+      if (f.id == null) {
+        return;
+      }
+      const folder = new FolderWithIdExport();
+      folder.build(f);
+      jsonDoc.folders.push(folder);
+    });
+
+    ciphers.forEach((c) => {
+      if (c.organizationId != null) {
+        return;
+      }
+      const cipher = new CipherWithIdExport();
+      cipher.build(c);
+      cipher.collectionIds = null;
+      jsonDoc.items.push(cipher);
+    });
+
+    return JSON.stringify(jsonDoc, null, "  ");
+  }
+
+  private buildCsvExport(decFolders: FolderView[], decCiphers: CipherView[]): string {
+    const foldersMap = new Map<string, FolderView>();
+    decFolders.forEach((f) => {
+      if (f.id != null) {
+        foldersMap.set(f.id, f);
+      }
+    });
+
+    const exportCiphers: BitwardenCsvIndividualExportType[] = [];
+    decCiphers.forEach((c) => {
+      // only export logins and secure notes
+      if (c.type !== CipherType.Login && c.type !== CipherType.SecureNote) {
+        return;
+      }
+      if (c.organizationId != null) {
+        return;
+      }
+
+      const cipher = {} as BitwardenCsvIndividualExportType;
+      cipher.folder =
+        c.folderId != null && foldersMap.has(c.folderId) ? foldersMap.get(c.folderId).name : null;
+      cipher.favorite = c.favorite ? 1 : null;
+      this.buildCommonCipher(cipher, c);
+      exportCiphers.push(cipher);
+    });
+
+    return papa.unparse(exportCiphers);
+  }
+
+  private buildJsonExport(decFolders: FolderView[], decCiphers: CipherView[]): string {
+    const jsonDoc: BitwardenUnEncryptedIndividualJsonExport = {
+      encrypted: false,
+      folders: [],
+      items: [],
+    };
+
+    decFolders.forEach((f) => {
+      if (f.id == null) {
+        return;
+      }
+      const folder = new FolderWithIdExport();
+      folder.build(f);
+      jsonDoc.folders.push(folder);
+    });
+
+    decCiphers.forEach((c) => {
+      if (c.organizationId != null) {
+        return;
+      }
+      const cipher = new CipherWithIdExport();
+      cipher.build(c);
+      cipher.collectionIds = null;
+      jsonDoc.items.push(cipher);
+    });
+
+    return JSON.stringify(jsonDoc, null, "  ");
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.abstraction.ts

@@ -0,0 +1,14 @@
+import { ExportFormat } from "./vault-export.service.abstraction";
+
+export abstract class OrganizationVaultExportServiceAbstraction {
+  getPasswordProtectedExport: (
+    organizationId: string,
+    password: string,
+    onlyManagedCollections: boolean,
+  ) => Promise<string>;
+  getOrganizationExport: (
+    organizationId: string,
+    format: ExportFormat,
+    onlyManagedCollections: boolean,
+  ) => Promise<string>;
+}

libs/tools/export/vault-export/vault-export-core/src/services/org-vault-export.service.ts

@@ -0,0 +1,304 @@
+import * as papa from "papaparse";
+
+import { ApiService } from "@bitwarden/common/abstractions/api.service";
+import { CipherWithIdExport, CollectionWithIdExport } from "@bitwarden/common/models/export";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { StateService } from "@bitwarden/common/platform/abstractions/state.service";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { CollectionService } from "@bitwarden/common/vault/abstractions/collection.service";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { CipherData } from "@bitwarden/common/vault/models/data/cipher.data";
+import { CollectionData } from "@bitwarden/common/vault/models/data/collection.data";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { Collection } from "@bitwarden/common/vault/models/domain/collection";
+import { CollectionDetailsResponse } from "@bitwarden/common/vault/models/response/collection.response";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { CollectionView } from "@bitwarden/common/vault/models/view/collection.view";
+
+import {
+  BitwardenCsvOrgExportType,
+  BitwardenEncryptedOrgJsonExport,
+  BitwardenUnEncryptedOrgJsonExport,
+} from "../types";
+
+import { BaseVaultExportService } from "./base-vault-export.service";
+import { OrganizationVaultExportServiceAbstraction } from "./org-vault-export.service.abstraction";
+import { ExportFormat } from "./vault-export.service.abstraction";
+
+export class OrganizationVaultExportService
+  extends BaseVaultExportService
+  implements OrganizationVaultExportServiceAbstraction
+{
+  constructor(
+    private cipherService: CipherService,
+    private apiService: ApiService,
+    cryptoService: CryptoService,
+    cryptoFunctionService: CryptoFunctionService,
+    stateService: StateService,
+    private collectionService: CollectionService,
+  ) {
+    super(cryptoService, cryptoFunctionService, stateService);
+  }
+
+  async getPasswordProtectedExport(
+    organizationId: string,
+    password: string,
+    onlyManagedCollections: boolean,
+  ): Promise<string> {
+    const clearText = await this.getOrganizationExport(
+      organizationId,
+      "json",
+      onlyManagedCollections,
+    );
+
+    return this.buildPasswordExport(clearText, password);
+  }
+
+  async getOrganizationExport(
+    organizationId: string,
+    format: ExportFormat = "csv",
+    onlyManagedCollections: boolean,
+  ): Promise<string> {
+    if (Utils.isNullOrWhitespace(organizationId)) {
+      throw new Error("OrganizationId must be set");
+    }
+
+    if (format === "encrypted_json") {
+      return onlyManagedCollections
+        ? this.getEncryptedManagedExport(organizationId)
+        : this.getOrganizationEncryptedExport(organizationId);
+    }
+
+    return onlyManagedCollections
+      ? this.getDecryptedManagedExport(organizationId, format)
+      : this.getOrganizationDecryptedExport(organizationId, format);
+  }
+
+  private async getOrganizationDecryptedExport(
+    organizationId: string,
+    format: "json" | "csv",
+  ): Promise<string> {
+    const decCollections: CollectionView[] = [];
+    const decCiphers: CipherView[] = [];
+    const promises = [];
+
+    promises.push(
+      this.apiService.getOrganizationExport(organizationId).then((exportData) => {
+        const exportPromises: any = [];
+        if (exportData != null) {
+          if (exportData.collections != null && exportData.collections.length > 0) {
+            exportData.collections.forEach((c) => {
+              const collection = new Collection(new CollectionData(c as CollectionDetailsResponse));
+              exportPromises.push(
+                collection.decrypt().then((decCol) => {
+                  decCollections.push(decCol);
+                }),
+              );
+            });
+          }
+          if (exportData.ciphers != null && exportData.ciphers.length > 0) {
+            exportData.ciphers
+              .filter((c) => c.deletedDate === null)
+              .forEach(async (c) => {
+                const cipher = new Cipher(new CipherData(c));
+                exportPromises.push(
+                  this.cipherService
+                    .getKeyForCipherKeyDecryption(cipher)
+                    .then((key) => cipher.decrypt(key))
+                    .then((decCipher) => {
+                      decCiphers.push(decCipher);
+                    }),
+                );
+              });
+          }
+        }
+        return Promise.all(exportPromises);
+      }),
+    );
+
+    await Promise.all(promises);
+
+    if (format === "csv") {
+      return this.buildCsvExport(decCollections, decCiphers);
+    }
+    return this.buildJsonExport(decCollections, decCiphers);
+  }
+
+  private async getOrganizationEncryptedExport(organizationId: string): Promise<string> {
+    const collections: Collection[] = [];
+    const ciphers: Cipher[] = [];
+    const promises = [];
+
+    promises.push(
+      this.apiService.getCollections(organizationId).then((c) => {
+        if (c != null && c.data != null && c.data.length > 0) {
+          c.data.forEach((r) => {
+            const collection = new Collection(new CollectionData(r as CollectionDetailsResponse));
+            collections.push(collection);
+          });
+        }
+      }),
+    );
+
+    promises.push(
+      this.apiService.getCiphersOrganization(organizationId).then((c) => {
+        if (c != null && c.data != null && c.data.length > 0) {
+          c.data
+            .filter((item) => item.deletedDate === null)
+            .forEach((item) => {
+              const cipher = new Cipher(new CipherData(item));
+              ciphers.push(cipher);
+            });
+        }
+      }),
+    );
+
+    await Promise.all(promises);
+
+    return this.BuildEncryptedExport(organizationId, collections, ciphers);
+  }
+
+  private async getDecryptedManagedExport(
+    organizationId: string,
+    format: "json" | "csv",
+  ): Promise<string> {
+    let decCiphers: CipherView[] = [];
+    let allDecCiphers: CipherView[] = [];
+    let decCollections: CollectionView[] = [];
+    const promises = [];
+
+    promises.push(
+      this.collectionService.getAllDecrypted().then(async (collections) => {
+        decCollections = collections.filter((c) => c.organizationId == organizationId && c.manage);
+      }),
+    );
+
+    promises.push(
+      this.cipherService.getAllDecrypted().then((ciphers) => {
+        allDecCiphers = ciphers;
+      }),
+    );
+    await Promise.all(promises);
+
+    decCiphers = allDecCiphers.filter(
+      (f) =>
+        f.deletedDate == null &&
+        f.organizationId == organizationId &&
+        decCollections.some((dC) => f.collectionIds.some((cId) => dC.id === cId)),
+    );
+
+    if (format === "csv") {
+      return this.buildCsvExport(decCollections, decCiphers);
+    }
+    return this.buildJsonExport(decCollections, decCiphers);
+  }
+
+  private async getEncryptedManagedExport(organizationId: string): Promise<string> {
+    let encCiphers: Cipher[] = [];
+    let allCiphers: Cipher[] = [];
+    let encCollections: Collection[] = [];
+    const promises = [];
+
+    promises.push(
+      this.collectionService.getAll().then((collections) => {
+        encCollections = collections.filter((c) => c.organizationId == organizationId && c.manage);
+      }),
+    );
+
+    promises.push(
+      this.cipherService.getAll().then((ciphers) => {
+        allCiphers = ciphers;
+      }),
+    );
+
+    await Promise.all(promises);
+
+    encCiphers = allCiphers.filter(
+      (f) =>
+        f.deletedDate == null &&
+        f.organizationId == organizationId &&
+        encCollections.some((eC) => f.collectionIds.some((cId) => eC.id === cId)),
+    );
+
+    return this.BuildEncryptedExport(organizationId, encCollections, encCiphers);
+  }
+
+  private async BuildEncryptedExport(
+    organizationId: string,
+    collections: Collection[],
+    ciphers: Cipher[],
+  ): Promise<string> {
+    const orgKey = await this.cryptoService.getOrgKey(organizationId);
+    const encKeyValidation = await this.cryptoService.encrypt(Utils.newGuid(), orgKey);
+
+    const jsonDoc: BitwardenEncryptedOrgJsonExport = {
+      encrypted: true,
+      encKeyValidation_DO_NOT_EDIT: encKeyValidation.encryptedString,
+      collections: [],
+      items: [],
+    };
+
+    collections.forEach((c) => {
+      const collection = new CollectionWithIdExport();
+      collection.build(c);
+      jsonDoc.collections.push(collection);
+    });
+
+    ciphers.forEach((c) => {
+      const cipher = new CipherWithIdExport();
+      cipher.build(c);
+      jsonDoc.items.push(cipher);
+    });
+    return JSON.stringify(jsonDoc, null, "  ");
+  }
+
+  private buildCsvExport(decCollections: CollectionView[], decCiphers: CipherView[]): string {
+    const collectionsMap = new Map<string, CollectionView>();
+    decCollections.forEach((c) => {
+      collectionsMap.set(c.id, c);
+    });
+
+    const exportCiphers: BitwardenCsvOrgExportType[] = [];
+    decCiphers.forEach((c) => {
+      // only export logins and secure notes
+      if (c.type !== CipherType.Login && c.type !== CipherType.SecureNote) {
+        return;
+      }
+
+      const cipher = {} as BitwardenCsvOrgExportType;
+      cipher.collections = [];
+      if (c.collectionIds != null) {
+        cipher.collections = c.collectionIds
+          .filter((id) => collectionsMap.has(id))
+          .map((id) => collectionsMap.get(id).name);
+      }
+      this.buildCommonCipher(cipher, c);
+      exportCiphers.push(cipher);
+    });
+
+    return papa.unparse(exportCiphers);
+  }
+
+  private buildJsonExport(decCollections: CollectionView[], decCiphers: CipherView[]): string {
+    const jsonDoc: BitwardenUnEncryptedOrgJsonExport = {
+      encrypted: false,
+      collections: [],
+      items: [],
+    };
+
+    decCollections.forEach((c) => {
+      const collection = new CollectionWithIdExport();
+      collection.build(c);
+      jsonDoc.collections.push(collection);
+    });
+
+    decCiphers.forEach((c) => {
+      const cipher = new CipherWithIdExport();
+      cipher.build(c);
+      jsonDoc.items.push(cipher);
+    });
+    return JSON.stringify(jsonDoc, null, "  ");
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/services/vault-export.service.abstraction.ts

@@ -0,0 +1,13 @@
+export const EXPORT_FORMATS = ["csv", "json", "encrypted_json"] as const;
+export type ExportFormat = (typeof EXPORT_FORMATS)[number];
+
+export abstract class VaultExportServiceAbstraction {
+  getExport: (format: ExportFormat, password: string) => Promise<string>;
+  getOrganizationExport: (
+    organizationId: string,
+    format: ExportFormat,
+    password: string,
+    onlyManagedCollections?: boolean,
+  ) => Promise<string>;
+  getFileName: (prefix?: string, extension?: string) => string;
+}

libs/tools/export/vault-export/vault-export-core/src/services/vault-export.service.spec.ts

@@ -0,0 +1,289 @@
+import { mock, MockProxy } from "jest-mock-extended";
+
+import { KdfConfig } from "@bitwarden/common/auth/models/domain/kdf-config";
+import { CipherWithIdExport } from "@bitwarden/common/models/export/cipher-with-ids.export";
+import { CryptoFunctionService } from "@bitwarden/common/platform/abstractions/crypto-function.service";
+import { CryptoService } from "@bitwarden/common/platform/abstractions/crypto.service";
+import { KdfType, PBKDF2_ITERATIONS } from "@bitwarden/common/platform/enums";
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+import { EncryptedString, EncString } from "@bitwarden/common/platform/models/domain/enc-string";
+import { StateService } from "@bitwarden/common/platform/services/state.service";
+import { CipherService } from "@bitwarden/common/vault/abstractions/cipher.service";
+import { FolderService } from "@bitwarden/common/vault/abstractions/folder/folder.service.abstraction";
+import { CipherType } from "@bitwarden/common/vault/enums";
+import { Cipher } from "@bitwarden/common/vault/models/domain/cipher";
+import { Folder } from "@bitwarden/common/vault/models/domain/folder";
+import { Login } from "@bitwarden/common/vault/models/domain/login";
+import { CipherView } from "@bitwarden/common/vault/models/view/cipher.view";
+import { FolderView } from "@bitwarden/common/vault/models/view/folder.view";
+import { LoginView } from "@bitwarden/common/vault/models/view/login.view";
+
+import { BuildTestObject, GetUniqueString } from "../../../../../../common/spec";
+
+import { IndividualVaultExportService } from "./individual-vault-export.service";
+
+const UserCipherViews = [
+  generateCipherView(false),
+  generateCipherView(false),
+  generateCipherView(true),
+];
+
+const UserCipherDomains = [
+  generateCipherDomain(false),
+  generateCipherDomain(false),
+  generateCipherDomain(true),
+];
+
+const UserFolderViews = [generateFolderView(), generateFolderView()];
+
+const UserFolders = [generateFolder(), generateFolder()];
+
+function generateCipherView(deleted: boolean) {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      notes: GetUniqueString("notes"),
+      type: CipherType.Login,
+      login: BuildTestObject<LoginView>(
+        {
+          username: GetUniqueString("username"),
+          password: GetUniqueString("password"),
+        },
+        LoginView,
+      ),
+      collectionIds: null,
+      deletedDate: deleted ? new Date() : null,
+    },
+    CipherView,
+  );
+}
+
+function generateCipherDomain(deleted: boolean) {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      notes: new EncString(GetUniqueString("notes")),
+      type: CipherType.Login,
+      login: BuildTestObject<Login>(
+        {
+          username: new EncString(GetUniqueString("username")),
+          password: new EncString(GetUniqueString("password")),
+        },
+        Login,
+      ),
+      collectionIds: null,
+      deletedDate: deleted ? new Date() : null,
+    },
+    Cipher,
+  );
+}
+
+function generateFolderView() {
+  return BuildTestObject(
+    {
+      id: GetUniqueString("id"),
+      name: GetUniqueString("name"),
+      revisionDate: new Date(),
+    },
+    FolderView,
+  );
+}
+
+function generateFolder() {
+  const actual = Folder.fromJSON({
+    revisionDate: new Date("2022-08-04T01:06:40.441Z").toISOString(),
+    name: "name" as EncryptedString,
+    id: "id",
+  });
+  return actual;
+}
+
+function expectEqualCiphers(ciphers: CipherView[] | Cipher[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).items);
+  const items: CipherWithIdExport[] = [];
+  ciphers.forEach((c: CipherView | Cipher) => {
+    const item = new CipherWithIdExport();
+    item.build(c);
+    items.push(item);
+  });
+
+  expect(actual).toEqual(JSON.stringify(items));
+}
+
+function expectEqualFolderViews(folderviews: FolderView[] | Folder[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).folders);
+  const folders: FolderResponse[] = [];
+  folderviews.forEach((c) => {
+    const folder = new FolderResponse();
+    folder.id = c.id;
+    folder.name = c.name.toString();
+    folders.push(folder);
+  });
+
+  expect(actual.length).toBeGreaterThan(0);
+  expect(actual).toEqual(JSON.stringify(folders));
+}
+
+function expectEqualFolders(folders: Folder[], jsonResult: string) {
+  const actual = JSON.stringify(JSON.parse(jsonResult).folders);
+  const items: Folder[] = [];
+  folders.forEach((c) => {
+    const item = new Folder();
+    item.id = c.id;
+    item.name = c.name;
+    items.push(item);
+  });
+
+  expect(actual.length).toBeGreaterThan(0);
+  expect(actual).toEqual(JSON.stringify(items));
+}
+
+describe("VaultExportService", () => {
+  let exportService: IndividualVaultExportService;
+  let cryptoFunctionService: MockProxy<CryptoFunctionService>;
+  let cipherService: MockProxy<CipherService>;
+  let folderService: MockProxy<FolderService>;
+  let cryptoService: MockProxy<CryptoService>;
+  let stateService: MockProxy<StateService>;
+
+  beforeEach(() => {
+    cryptoFunctionService = mock<CryptoFunctionService>();
+    cipherService = mock<CipherService>();
+    folderService = mock<FolderService>();
+    cryptoService = mock<CryptoService>();
+    stateService = mock<StateService>();
+
+    folderService.getAllDecryptedFromState.mockResolvedValue(UserFolderViews);
+    folderService.getAllFromState.mockResolvedValue(UserFolders);
+    stateService.getKdfType.mockResolvedValue(KdfType.PBKDF2_SHA256);
+    stateService.getKdfConfig.mockResolvedValue(new KdfConfig(PBKDF2_ITERATIONS.defaultValue));
+    cryptoService.encrypt.mockResolvedValue(new EncString("encrypted"));
+
+    exportService = new IndividualVaultExportService(
+      folderService,
+      cipherService,
+      cryptoService,
+      cryptoFunctionService,
+      stateService,
+    );
+  });
+
+  it("exports unencrypted user ciphers", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+
+    const actual = await exportService.getExport("json");
+
+    expectEqualCiphers(UserCipherViews.slice(0, 1), actual);
+  });
+
+  it("exports encrypted json user ciphers", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains.slice(0, 1));
+
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualCiphers(UserCipherDomains.slice(0, 1), actual);
+  });
+
+  it("does not unencrypted export trashed user items", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews);
+
+    const actual = await exportService.getExport("json");
+
+    expectEqualCiphers(UserCipherViews.slice(0, 2), actual);
+  });
+
+  it("does not encrypted export trashed user items", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains);
+
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualCiphers(UserCipherDomains.slice(0, 2), actual);
+  });
+
+  describe("password protected export", () => {
+    let exportString: string;
+    let exportObject: any;
+    let mac: MockProxy<EncString>;
+    let data: MockProxy<EncString>;
+    const password = "password";
+    const salt = "salt";
+
+    describe("export json object", () => {
+      beforeEach(async () => {
+        mac = mock<EncString>();
+        data = mock<EncString>();
+
+        mac.encryptedString = "mac" as EncryptedString;
+        data.encryptedString = "encData" as EncryptedString;
+
+        jest.spyOn(Utils, "fromBufferToB64").mockReturnValue(salt);
+        cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+      });
+
+      it("specifies it is encrypted", () => {
+        expect(exportObject.encrypted).toBe(true);
+      });
+
+      it("specifies it's password protected", () => {
+        expect(exportObject.passwordProtected).toBe(true);
+      });
+
+      it("specifies salt", () => {
+        expect(exportObject.salt).toEqual("salt");
+      });
+
+      it("specifies kdfIterations", () => {
+        expect(exportObject.kdfIterations).toEqual(PBKDF2_ITERATIONS.defaultValue);
+      });
+
+      it("has kdfType", () => {
+        expect(exportObject.kdfType).toEqual(KdfType.PBKDF2_SHA256);
+      });
+
+      it("has a mac property", async () => {
+        cryptoService.encrypt.mockResolvedValue(mac);
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+
+        expect(exportObject.encKeyValidation_DO_NOT_EDIT).toEqual(mac.encryptedString);
+      });
+
+      it("has data property", async () => {
+        cryptoService.encrypt.mockResolvedValue(data);
+        exportString = await exportService.getPasswordProtectedExport(password);
+        exportObject = JSON.parse(exportString);
+
+        expect(exportObject.data).toEqual(data.encryptedString);
+      });
+
+      it("encrypts the data property", async () => {
+        const unencrypted = await exportService.getExport();
+        expect(exportObject.data).not.toEqual(unencrypted);
+      });
+    });
+  });
+
+  it("exported unencrypted object contains folders", async () => {
+    cipherService.getAllDecrypted.mockResolvedValue(UserCipherViews.slice(0, 1));
+    await folderService.getAllDecryptedFromState();
+    const actual = await exportService.getExport("json");
+
+    expectEqualFolderViews(UserFolderViews, actual);
+  });
+
+  it("exported encrypted json contains folders", async () => {
+    cipherService.getAll.mockResolvedValue(UserCipherDomains.slice(0, 1));
+    await folderService.getAllFromState();
+    const actual = await exportService.getExport("encrypted_json");
+
+    expectEqualFolders(UserFolders, actual);
+  });
+});
+
+export class FolderResponse {
+  id: string = null;
+  name: string = null;
+}

libs/tools/export/vault-export/vault-export-core/src/services/vault-export.service.ts

@@ -0,0 +1,53 @@
+import { Utils } from "@bitwarden/common/platform/misc/utils";
+
+import { ExportHelper } from "./export-helper";
+import { IndividualVaultExportServiceAbstraction } from "./individual-vault-export.service.abstraction";
+import { OrganizationVaultExportServiceAbstraction } from "./org-vault-export.service.abstraction";
+import { ExportFormat, VaultExportServiceAbstraction } from "./vault-export.service.abstraction";
+
+export class VaultExportService implements VaultExportServiceAbstraction {
+  constructor(
+    private individualVaultExportService: IndividualVaultExportServiceAbstraction,
+    private organizationVaultExportService: OrganizationVaultExportServiceAbstraction,
+  ) {}
+
+  async getExport(format: ExportFormat = "csv", password: string): Promise<string> {
+    if (!Utils.isNullOrWhitespace(password)) {
+      if (format == "csv") {
+        throw new Error("CSV does not support password protected export");
+      }
+
+      return this.individualVaultExportService.getPasswordProtectedExport(password);
+    }
+    return this.individualVaultExportService.getExport(format);
+  }
+
+  async getOrganizationExport(
+    organizationId: string,
+    format: ExportFormat,
+    password: string,
+    onlyManagedCollections = false,
+  ): Promise<string> {
+    if (!Utils.isNullOrWhitespace(password)) {
+      if (format == "csv") {
+        throw new Error("CSV does not support password protected export");
+      }
+
+      return this.organizationVaultExportService.getPasswordProtectedExport(
+        organizationId,
+        password,
+        onlyManagedCollections,
+      );
+    }
+
+    return this.organizationVaultExportService.getOrganizationExport(
+      organizationId,
+      format,
+      onlyManagedCollections,
+    );
+  }
+
+  getFileName(prefix: string = null, extension = "csv"): string {
+    return ExportHelper.getFileName(prefix, extension);
+  }
+}

libs/tools/export/vault-export/vault-export-core/src/types/bitwarden-csv-export-type.ts

@@ -0,0 +1,23 @@
+import { CipherRepromptType } from "@bitwarden/common/vault/enums/cipher-reprompt-type";
+
+export type BitwardenCsvExportType = {
+  type: string;
+  name: string;
+  notes: string;
+  fields: string;
+  reprompt: CipherRepromptType;
+  // Login props
+  login_uri: string[];
+  login_username: string;
+  login_password: string;
+  login_totp: string;
+  favorite: number | null;
+};
+
+export type BitwardenCsvIndividualExportType = BitwardenCsvExportType & {
+  folder: string | null;
+};
+
+export type BitwardenCsvOrgExportType = BitwardenCsvExportType & {
+  collections: string[] | null;
+};

libs/tools/export/vault-export/vault-export-core/src/types/bitwarden-json-export-types.ts

@@ -0,0 +1,51 @@
+import {
+  CipherWithIdExport,
+  CollectionWithIdExport,
+  FolderWithIdExport,
+} from "@bitwarden/common/models/export";
+
+// Base
+export type BitwardenJsonExport = {
+  encrypted: boolean;
+  items: CipherWithIdExport[];
+};
+
+// Decrypted
+export type BitwardenUnEncryptedJsonExport = BitwardenJsonExport & {
+  encrypted: false;
+};
+
+export type BitwardenUnEncryptedIndividualJsonExport = BitwardenUnEncryptedJsonExport & {
+  folders: FolderWithIdExport[];
+};
+
+export type BitwardenUnEncryptedOrgJsonExport = BitwardenUnEncryptedJsonExport & {
+  collections: CollectionWithIdExport[];
+};
+
+// Account-encrypted
+export type BitwardenEncryptedJsonExport = BitwardenJsonExport & {
+  encrypted: true;
+  encKeyValidation_DO_NOT_EDIT: string;
+};
+
+export type BitwardenEncryptedIndividualJsonExport = BitwardenEncryptedJsonExport & {
+  folders: FolderWithIdExport[];
+};
+
+export type BitwardenEncryptedOrgJsonExport = BitwardenEncryptedJsonExport & {
+  collections: CollectionWithIdExport[];
+};
+
+// Password-protected
+export type BitwardenPasswordProtectedFileFormat = {
+  encrypted: boolean;
+  passwordProtected: boolean;
+  salt: string;
+  kdfIterations: number;
+  kdfMemory?: number;
+  kdfParallelism?: number;
+  kdfType: number;
+  encKeyValidation_DO_NOT_EDIT: string;
+  data: string;
+};

libs/tools/export/vault-export/vault-export-core/src/types/index.ts

@@ -0,0 +1,2 @@
+export * from "./bitwarden-csv-export-type";
+export * from "./bitwarden-json-export-types";

libs/tools/export/vault-export/vault-export-core/tsconfig.json

@@ -0,0 +1,5 @@
+{
+  "extends": "../../../../shared/tsconfig.libs",
+  "include": ["src"],
+  "exclude": ["node_modules", "dist"]
+}

libs/tools/export/vault-export/vault-export-core/tsconfig.spec.json

@@ -0,0 +1,3 @@
+{
+  "extends": "./tsconfig.json"
+}