diff --git a/README.md b/README.md index 95f11f2..5ffe694 100644 --- a/README.md +++ b/README.md @@ -21,10 +21,10 @@ For a better setup you can choose the backend which is used to store the secrets: - `mem` - In memory storage (wiped on restart of the daemon) - - `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry) - `redis` - Storing the secrets in a hash under one key - - `REDIS_URL` - Redis connection string `tcp://auth:PWD@HOST:PORT/DB` + - `REDIS_URL` - Redis connection string `redis://auth:PWD@HOST:PORT/DB` - `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`) +- Common options - `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry) ## Creating secrets through CLI / scripts diff --git a/api.go b/api.go index 7be4417..a9f3106 100644 --- a/api.go +++ b/api.go @@ -4,6 +4,7 @@ import ( "encoding/json" "net/http" "strings" + "time" "github.com/gorilla/mux" ) @@ -53,7 +54,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) { return } - id, err := a.store.Create(secret) + id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second) if err != nil { a.errorResponse(res, http.StatusInternalServerError, err.Error()) return diff --git a/go.mod b/go.mod index 9271a23..03323ab 100644 --- a/go.mod +++ b/go.mod @@ -8,11 +8,13 @@ require ( github.com/gofrs/uuid/v3 v3.1.2 github.com/gorilla/mux v1.8.0 github.com/pkg/errors v0.9.1 + github.com/redis/go-redis/v9 v9.0.5 github.com/sirupsen/logrus v1.9.3 - github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37 ) require ( + github.com/cespare/xxhash/v2 v2.2.0 // indirect + github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect github.com/spf13/pflag v1.0.5 // indirect golang.org/x/sys v0.8.0 // indirect gopkg.in/validator.v2 v2.0.1 // indirect diff --git a/go.sum b/go.sum index 697b6ec..8fc3444 100644 --- a/go.sum +++ b/go.sum @@ -2,9 +2,15 @@ github.com/Luzifer/go_helpers/v2 v2.17.1 h1:SJjfkkJ14d1i8zpKzZ3619YSGijxp2jfc6Qk github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q= github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o= github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8= +github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao= +github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y= +github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44= +github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78= +github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY= github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI= @@ -19,6 +25,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= +github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o= +github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= @@ -26,8 +34,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= -github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37 h1:xrMQUnipugHaopud+BS+tGITJvhc4lTf3b4vCzkF/no= -github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37/go.mod h1:Ew+jSwVYyBT+GrKWGzlld2VGZqUy5cgGQATzqHpqGvg= golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= diff --git a/main.go b/main.go index c4454f1..1d1063b 100644 --- a/main.go +++ b/main.go @@ -22,6 +22,7 @@ var ( cfg struct { Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"` LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"` + SecretExpiry int64 `flag:"secret-expiry" default:"0" description:"Maximum expiry of the stored secrets in seconds"` StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"` VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"` } diff --git a/storage.go b/storage.go index 722b9a4..0f70d5f 100644 --- a/storage.go +++ b/storage.go @@ -3,12 +3,13 @@ package main import ( "errors" "fmt" + "time" ) var errSecretNotFound = errors.New("Secret not found") type storage interface { - Create(secret string) (string, error) + Create(secret string, expireIn time.Duration) (string, error) ReadAndDestroy(id string) (string, error) } diff --git a/storage_mem.go b/storage_mem.go index 07c1c75..165b856 100644 --- a/storage_mem.go +++ b/storage_mem.go @@ -1,8 +1,6 @@ package main import ( - "os" - "strconv" "time" "github.com/gofrs/uuid/v3" @@ -23,10 +21,10 @@ func newStorageMem() storage { } } -func (s storageMem) Create(secret string) (string, error) { +func (s storageMem) Create(secret string, expireIn time.Duration) (string, error) { id := uuid.Must(uuid.NewV4()).String() s.store[id] = memStorageSecret{ - Expiry: s.expiry(), + Expiry: time.Now().Add(expireIn), Secret: secret, } @@ -47,17 +45,3 @@ func (s storageMem) ReadAndDestroy(id string) (string, error) { return secret.Secret, nil } - -func (s storageMem) expiry() time.Time { - exp := os.Getenv("SECRET_EXPIRY") - if exp == "" { - return time.Time{} - } - - e, err := strconv.ParseInt(exp, 10, 64) - if err != nil { - return time.Time{} - } - - return time.Now().Add(time.Duration(e) * time.Second) -} diff --git a/storage_redis.go b/storage_redis.go index 0ba62f6..4168000 100644 --- a/storage_redis.go +++ b/storage_redis.go @@ -1,17 +1,21 @@ package main import ( + "context" "fmt" "os" - "strconv" "strings" + "time" "github.com/gofrs/uuid/v3" - "github.com/xuyu/goredis" + "github.com/pkg/errors" + redis "github.com/redis/go-redis/v9" ) +const redisDefaultPrefix = "io.luzifer.ots" + type storageRedis struct { - conn *goredis.Redis + conn *redis.Client } func newStorageRedis() (storage, error) { @@ -19,76 +23,48 @@ func newStorageRedis() (storage, error) { return nil, fmt.Errorf("REDIS_URL environment variable not set") } - c, err := goredis.DialURL(os.Getenv("REDIS_URL")) + // We replace the old URI format + // tcp://auth:password@127.0.0.1:6379/0 + // with the new one + // redis://:@:/ + // in order to maintain backwards compatibility + opt, err := redis.ParseURL(strings.Replace(os.Getenv("REDIS_URL"), "tcp://", "redis://", 1)) if err != nil { - return nil, err + return nil, errors.Wrap(err, "parsing REDIS_URL") } s := &storageRedis{ - conn: c, + conn: redis.NewClient(opt), } return s, nil } -func (s storageRedis) redisExpiry() int { - var expStr string - for _, eVar := range []string{"SECRET_EXPIRY", "REDIS_EXPIRY"} { - if v := os.Getenv(eVar); v != "" { - expStr = v - break - } - } - - if expStr == "" { - return 0 - } - - e, err := strconv.Atoi(expStr) - if err != nil { - return 0 - } - - return e -} - -func (s storageRedis) redisKey() string { - key := os.Getenv("REDIS_KEY") - if key == "" { - key = "io.luzifer.ots" - } - - return key -} - -func (s storageRedis) Create(secret string) (string, error) { +func (s storageRedis) Create(secret string, expireIn time.Duration) (string, error) { id := uuid.Must(uuid.NewV4()).String() - err := s.writeKey(id, secret) + err := s.conn.SetEx(context.Background(), s.redisKey(id), secret, expireIn).Err() - return id, err + return id, errors.Wrap(err, "writing redis key") } func (s storageRedis) ReadAndDestroy(id string) (string, error) { - secret, err := s.conn.Get(strings.Join([]string{s.redisKey(), id}, ":")) + secret, err := s.conn.Get(context.Background(), s.redisKey(id)).Result() if err != nil { + if errors.Is(err, redis.Nil) { + return "", errSecretNotFound + } return "", err } - if secret == nil { - return "", errSecretNotFound + err = s.conn.Del(context.Background(), s.redisKey(id)).Err() + return string(secret), errors.Wrap(err, "deleting key") +} + +func (s storageRedis) redisKey(id string) string { + prefix := redisDefaultPrefix + if prfx := os.Getenv("REDIS_KEY"); prfx != "" { + prefix = prfx } - _, err = s.conn.Del(strings.Join([]string{s.redisKey(), id}, ":")) - return string(secret), err -} - -func (s storageRedis) writeKey(id, value string) error { - return s.conn.Set( - strings.Join([]string{s.redisKey(), id}, ":"), // Key - value, // Secret - s.redisExpiry(), // Expiry in seconds - 0, // Expiry milliseconds - false, // MustExist - true, // MustNotExist - ) + return strings.Join([]string{prefix, id}, ":") }