restic: use repository-file if the repository flag contains a password

creativeprojects · Mar 9, 2024 · fc5d88c · fc5d88c
1 parent 71ce2d0
commit fc5d88c
Showing 1 changed file with 38 additions and 0 deletions.
diff --git a/config/profile.go b/config/profile.go
@@ -2,6 +2,7 @@ package config
 
 import (
 	"fmt"
+	"github.com/creativeprojects/resticprofile/util/templates"
 	"os"
 	"path/filepath"
 	"reflect"
@@ -146,6 +147,10 @@ func (i *InitSection) getCommandFlags(profile *Profile) (flags *shell.Args) {
 		"from-key-hint":         "key-hint2",
 	}
 
+	// Handle confidential repo in flags
+	restore := profile.replaceWithRepositoryFile(&i.FromRepository, &i.FromRepositoryFile, "-from")
+	defer restore()
+
 	flags = profile.GetCommonFlags()
 	addArgsFromStruct(flags, i)
 	addArgsFromOtherFlags(flags, profile, i)
@@ -376,6 +381,10 @@ func (s *CopySection) getCommandFlags(profile *Profile) (flags *shell.Args) {
 		constants.ParameterKeyHint:         s.KeyHint,
 	}
 
+	// Handle confidential repo in flags
+	restore := profile.replaceWithRepositoryFile(&s.Repository, &s.RepositoryFile, "-to")
+	defer restore()
+
 	flags = profile.GetCommonFlags()
 	addArgsFromStruct(flags, s)
 	addArgsFromOtherFlags(flags, profile, s)
@@ -718,8 +727,37 @@ func (p *Profile) allFlagsSections() (sections []map[string]any) {
 	return
 }
 
+func (p Profile) replaceWithRepositoryFile(repository *ConfidentialValue, repositoryFile *string, suffix string) (restore func()) {
+
+	// TODO: Needs p.config.mustGetGlobal() from ft/unified-schedule with a new parameter to toggle the feature
+	// TODO: Requires templates.PrivateTempFile and it should only apply if file is private (can be read by current user only)
+
+	origRepo, origFile := *repository, *repositoryFile
+	restore = func() {
+		*repository = origRepo
+		*repositoryFile = origFile
+	}
+
+	if repository.IsConfidential() && len(*repositoryFile) == 0 {
+		file := templates.TempFile(fmt.Sprintf("%s%s-repo.txt", p.Name, suffix))
+
+		if err := os.WriteFile(file, []byte(origRepo.Value()), 0600); err == nil {
+			clog.Debugf(`replaced plain "repository" argument with "repository-file" (%s) to avoid password leak`, file)
+			*repository = NewConfidentialValue("")
+			*repositoryFile = file
+		} else {
+			clog.Debugf(`failed writing %s: %s`, file, err.Error())
+		}
+	}
+	return
+}
+
 // GetCommonFlags returns the flags common to all commands
 func (p *Profile) GetCommonFlags() (flags *shell.Args) {
+	// Handle confidential repo in flags
+	restore := p.replaceWithRepositoryFile(&p.Repository, &p.RepositoryFile, "")
+	defer restore()
+
 	// Flags from the profile fields
 	flags = shell.NewArgs().SetLegacyArg(p.legacyArg)
 	addArgsFromStruct(flags, p)