From d0e72d8b57d3c4cd2b5545c5eeef2c9c5bd96162 Mon Sep 17 00:00:00 2001 From: Andrew Seymour Date: Thu, 20 Jun 2024 23:45:45 +0100 Subject: [PATCH] feat: add encryption to the cli (#11) Co-authored-by: s1ntaxe770r <53065463+s1ntaxe770r@users.noreply.github.com> --- .gitignore | 2 -- commands/auth/init.go | 1 - go.mod | 1 + go.sum | 2 ++ pkg/client/client.go | 23 +++++++++-------------- 5 files changed, 12 insertions(+), 17 deletions(-) diff --git a/.gitignore b/.gitignore index 4dd1285..8ad5607 100644 --- a/.gitignore +++ b/.gitignore @@ -1,4 +1,2 @@ cmd/qernal cmd/.env - - diff --git a/commands/auth/init.go b/commands/auth/init.go index 57609cc..0f1ba40 100644 --- a/commands/auth/init.go +++ b/commands/auth/init.go @@ -134,7 +134,6 @@ func validatePermissions(filePath string) error { } func ValidateToken(token string) error { - pattern := `^([^@]+)@([^@]+)$` re := regexp.MustCompile(pattern) diff --git a/go.mod b/go.mod index c2bff64..4a79d9a 100644 --- a/go.mod +++ b/go.mod @@ -6,6 +6,7 @@ require ( github.com/charmbracelet/bubbles v0.18.0 github.com/charmbracelet/bubbletea v0.26.2 github.com/charmbracelet/lipgloss v0.10.0 + github.com/hashicorp/terraform-plugin-log v0.9.0 github.com/joho/godotenv v1.5.1 github.com/mitchellh/go-homedir v1.1.0 github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69 diff --git a/go.sum b/go.sum index c2869cc..4ac2e5e 100644 --- a/go.sum +++ b/go.sum @@ -64,6 +64,8 @@ github.com/pelletier/go-toml/v2 v2.1.0/go.mod h1:tJU2Z3ZkXwnxa4DPO899bsyIoywizdU github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/qernal/openapi-chaos-go-client v0.0.0-20240520132343-bbcbd803cb7c h1:N1Il9iDUoj3eo33TkeDnigONV6vq7MBenup7Ms3MOCk= +github.com/qernal/openapi-chaos-go-client v0.0.0-20240520132343-bbcbd803cb7c/go.mod h1:V03TW7A8DLMBBZz1RGvIWog7Hfla2uPbNBIcMhg8bX8= github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69 h1:URKCFmsKxioF/TPJHqMuhnitp05h0jLeiRvb7OP7MwA= github.com/qernal/openapi-chaos-go-client v0.0.0-20240529170325-1ff65532bd69/go.mod h1:V03TW7A8DLMBBZz1RGvIWog7Hfla2uPbNBIcMhg8bX8= github.com/rivo/uniseg v0.1.0/go.mod h1:J6wj4VEh+S6ZtnVlnTBMWIodfgj8LQOQFoIToxlJtxc= diff --git a/pkg/client/client.go b/pkg/client/client.go index db7cd03..4bbcaf4 100644 --- a/pkg/client/client.go +++ b/pkg/client/client.go @@ -19,8 +19,8 @@ import ( ) var ( - hostHydra = getEnv("HOST_HYDRA", "https://hydra.qernal.com") - hostChaos = getEnv("HOST_CHAOS", "https://chaos.qernal.com") + hostHydra = getEnv("HOST_HYDRA", "https://hydra.qernal.dev") + hostChaos = getEnv("HOST_CHAOS", "https://chaos.qernal.dev") ) type QernalAPIClient struct { @@ -69,6 +69,7 @@ func (qc *QernalAPIClient) FetchDek(ctx context.Context, projectID string) (*ope } return keyRes, nil } + func ParseResponseData(res *http.Response) (resData interface{}, err error) { body, err := io.ReadAll(res.Body) if err != nil { @@ -87,28 +88,22 @@ type ResponseData struct { } func EncryptLocalSecret(pk, secret string) (string, error) { - secretBytes := []byte(secret) pubKey, err := base64.StdEncoding.DecodeString(pk) if err != nil { return "", err } - // Create a slice with enough capacity for both secret and public key - privateKey := make([]byte, 0, len(secretBytes)+len(pubKey)) - privateKey = append(privateKey, secretBytes...) - privateKey = append(privateKey, pubKey...) - plaintextBytes := []byte(secret) + var pubKeyBytes [32]byte + copy(pubKeyBytes[:], pubKey) - var privateKeyArray [32]byte - copy(privateKeyArray[:], privateKey) + secretBytes := []byte(secret) - var nonce [24]byte - if _, err := io.ReadFull(rand.Reader, nonce[:]); err != nil { + var out []byte + encrypted, err := box.SealAnonymous(out, secretBytes, &pubKeyBytes, rand.Reader) + if err != nil { return "", err } - encrypted := box.Seal(nonce[:], plaintextBytes, &nonce, &privateKeyArray, new([32]byte)) - return base64.StdEncoding.EncodeToString(encrypted), nil }