Replace redis client, move expiry into creation interface

Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
Knut Ahlers 2023-06-10 01:36:01 +02:00
parent 900d816dff
commit ea631beeef
Signed by: luzifer
GPG key ID: D91C3E91E4CAD6F5
8 changed files with 51 additions and 80 deletions

View file

@ -21,10 +21,10 @@
For a better setup you can choose the backend which is used to store the secrets: For a better setup you can choose the backend which is used to store the secrets:
- `mem` - In memory storage (wiped on restart of the daemon) - `mem` - In memory storage (wiped on restart of the daemon)
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
- `redis` - Storing the secrets in a hash under one key - `redis` - Storing the secrets in a hash under one key
- `REDIS_URL` - Redis connection string `tcp://auth:PWD@HOST:PORT/DB` - `REDIS_URL` - Redis connection string `redis://auth:PWD@HOST:PORT/DB`
- `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`) - `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`)
- Common options
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry) - `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
## Creating secrets through CLI / scripts ## Creating secrets through CLI / scripts

3
api.go
View file

@ -4,6 +4,7 @@ import (
"encoding/json" "encoding/json"
"net/http" "net/http"
"strings" "strings"
"time"
"github.com/gorilla/mux" "github.com/gorilla/mux"
) )
@ -53,7 +54,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
return return
} }
id, err := a.store.Create(secret) id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
if err != nil { if err != nil {
a.errorResponse(res, http.StatusInternalServerError, err.Error()) a.errorResponse(res, http.StatusInternalServerError, err.Error())
return return

4
go.mod
View file

@ -8,11 +8,13 @@ require (
github.com/gofrs/uuid/v3 v3.1.2 github.com/gofrs/uuid/v3 v3.1.2
github.com/gorilla/mux v1.8.0 github.com/gorilla/mux v1.8.0
github.com/pkg/errors v0.9.1 github.com/pkg/errors v0.9.1
github.com/redis/go-redis/v9 v9.0.5
github.com/sirupsen/logrus v1.9.3 github.com/sirupsen/logrus v1.9.3
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37
) )
require ( require (
github.com/cespare/xxhash/v2 v2.2.0 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/spf13/pflag v1.0.5 // indirect github.com/spf13/pflag v1.0.5 // indirect
golang.org/x/sys v0.8.0 // indirect golang.org/x/sys v0.8.0 // indirect
gopkg.in/validator.v2 v2.0.1 // indirect gopkg.in/validator.v2 v2.0.1 // indirect

10
go.sum
View file

@ -2,9 +2,15 @@ github.com/Luzifer/go_helpers/v2 v2.17.1 h1:SJjfkkJ14d1i8zpKzZ3619YSGijxp2jfc6Qk
github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q= github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q=
github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o= github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o=
github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8= github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8=
github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao=
github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4= github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY= github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY=
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI= github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
@ -19,6 +25,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0= github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o=
github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ= github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ= github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA= github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
@ -26,8 +34,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY= github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37 h1:xrMQUnipugHaopud+BS+tGITJvhc4lTf3b4vCzkF/no=
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37/go.mod h1:Ew+jSwVYyBT+GrKWGzlld2VGZqUy5cgGQATzqHpqGvg=
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew= golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU= golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=

View file

@ -22,6 +22,7 @@ var (
cfg struct { cfg struct {
Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"` Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"` LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
SecretExpiry int64 `flag:"secret-expiry" default:"0" description:"Maximum expiry of the stored secrets in seconds"`
StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"` StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"` VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"`
} }

View file

@ -3,12 +3,13 @@ package main
import ( import (
"errors" "errors"
"fmt" "fmt"
"time"
) )
var errSecretNotFound = errors.New("Secret not found") var errSecretNotFound = errors.New("Secret not found")
type storage interface { type storage interface {
Create(secret string) (string, error) Create(secret string, expireIn time.Duration) (string, error)
ReadAndDestroy(id string) (string, error) ReadAndDestroy(id string) (string, error)
} }

View file

@ -1,8 +1,6 @@
package main package main
import ( import (
"os"
"strconv"
"time" "time"
"github.com/gofrs/uuid/v3" "github.com/gofrs/uuid/v3"
@ -23,10 +21,10 @@ func newStorageMem() storage {
} }
} }
func (s storageMem) Create(secret string) (string, error) { func (s storageMem) Create(secret string, expireIn time.Duration) (string, error) {
id := uuid.Must(uuid.NewV4()).String() id := uuid.Must(uuid.NewV4()).String()
s.store[id] = memStorageSecret{ s.store[id] = memStorageSecret{
Expiry: s.expiry(), Expiry: time.Now().Add(expireIn),
Secret: secret, Secret: secret,
} }
@ -47,17 +45,3 @@ func (s storageMem) ReadAndDestroy(id string) (string, error) {
return secret.Secret, nil return secret.Secret, nil
} }
func (s storageMem) expiry() time.Time {
exp := os.Getenv("SECRET_EXPIRY")
if exp == "" {
return time.Time{}
}
e, err := strconv.ParseInt(exp, 10, 64)
if err != nil {
return time.Time{}
}
return time.Now().Add(time.Duration(e) * time.Second)
}

View file

@ -1,17 +1,21 @@
package main package main
import ( import (
"context"
"fmt" "fmt"
"os" "os"
"strconv"
"strings" "strings"
"time"
"github.com/gofrs/uuid/v3" "github.com/gofrs/uuid/v3"
"github.com/xuyu/goredis" "github.com/pkg/errors"
redis "github.com/redis/go-redis/v9"
) )
const redisDefaultPrefix = "io.luzifer.ots"
type storageRedis struct { type storageRedis struct {
conn *goredis.Redis conn *redis.Client
} }
func newStorageRedis() (storage, error) { func newStorageRedis() (storage, error) {
@ -19,76 +23,48 @@ func newStorageRedis() (storage, error) {
return nil, fmt.Errorf("REDIS_URL environment variable not set") return nil, fmt.Errorf("REDIS_URL environment variable not set")
} }
c, err := goredis.DialURL(os.Getenv("REDIS_URL")) // We replace the old URI format
// tcp://auth:password@127.0.0.1:6379/0
// with the new one
// redis://<user>:<password>@<host>:<port>/<db_number>
// in order to maintain backwards compatibility
opt, err := redis.ParseURL(strings.Replace(os.Getenv("REDIS_URL"), "tcp://", "redis://", 1))
if err != nil { if err != nil {
return nil, err return nil, errors.Wrap(err, "parsing REDIS_URL")
} }
s := &storageRedis{ s := &storageRedis{
conn: c, conn: redis.NewClient(opt),
} }
return s, nil return s, nil
} }
func (s storageRedis) redisExpiry() int { func (s storageRedis) Create(secret string, expireIn time.Duration) (string, error) {
var expStr string
for _, eVar := range []string{"SECRET_EXPIRY", "REDIS_EXPIRY"} {
if v := os.Getenv(eVar); v != "" {
expStr = v
break
}
}
if expStr == "" {
return 0
}
e, err := strconv.Atoi(expStr)
if err != nil {
return 0
}
return e
}
func (s storageRedis) redisKey() string {
key := os.Getenv("REDIS_KEY")
if key == "" {
key = "io.luzifer.ots"
}
return key
}
func (s storageRedis) Create(secret string) (string, error) {
id := uuid.Must(uuid.NewV4()).String() id := uuid.Must(uuid.NewV4()).String()
err := s.writeKey(id, secret) err := s.conn.SetEx(context.Background(), s.redisKey(id), secret, expireIn).Err()
return id, err return id, errors.Wrap(err, "writing redis key")
} }
func (s storageRedis) ReadAndDestroy(id string) (string, error) { func (s storageRedis) ReadAndDestroy(id string) (string, error) {
secret, err := s.conn.Get(strings.Join([]string{s.redisKey(), id}, ":")) secret, err := s.conn.Get(context.Background(), s.redisKey(id)).Result()
if err != nil { if err != nil {
if errors.Is(err, redis.Nil) {
return "", errSecretNotFound
}
return "", err return "", err
} }
if secret == nil { err = s.conn.Del(context.Background(), s.redisKey(id)).Err()
return "", errSecretNotFound return string(secret), errors.Wrap(err, "deleting key")
}
func (s storageRedis) redisKey(id string) string {
prefix := redisDefaultPrefix
if prfx := os.Getenv("REDIS_KEY"); prfx != "" {
prefix = prfx
} }
_, err = s.conn.Del(strings.Join([]string{s.redisKey(), id}, ":")) return strings.Join([]string{prefix, id}, ":")
return string(secret), err
}
func (s storageRedis) writeKey(id, value string) error {
return s.conn.Set(
strings.Join([]string{s.redisKey(), id}, ":"), // Key
value, // Secret
s.redisExpiry(), // Expiry in seconds
0, // Expiry milliseconds
false, // MustExist
true, // MustNotExist
)
} }