Replace redis client, move expiry into creation interface
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
900d816dff
commit
ea631beeef
8 changed files with 51 additions and 80 deletions
|
@ -21,10 +21,10 @@
|
||||||
For a better setup you can choose the backend which is used to store the secrets:
|
For a better setup you can choose the backend which is used to store the secrets:
|
||||||
|
|
||||||
- `mem` - In memory storage (wiped on restart of the daemon)
|
- `mem` - In memory storage (wiped on restart of the daemon)
|
||||||
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
|
|
||||||
- `redis` - Storing the secrets in a hash under one key
|
- `redis` - Storing the secrets in a hash under one key
|
||||||
- `REDIS_URL` - Redis connection string `tcp://auth:PWD@HOST:PORT/DB`
|
- `REDIS_URL` - Redis connection string `redis://auth:PWD@HOST:PORT/DB`
|
||||||
- `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`)
|
- `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`)
|
||||||
|
- Common options
|
||||||
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
|
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
|
||||||
|
|
||||||
## Creating secrets through CLI / scripts
|
## Creating secrets through CLI / scripts
|
||||||
|
|
3
api.go
3
api.go
|
@ -4,6 +4,7 @@ import (
|
||||||
"encoding/json"
|
"encoding/json"
|
||||||
"net/http"
|
"net/http"
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gorilla/mux"
|
"github.com/gorilla/mux"
|
||||||
)
|
)
|
||||||
|
@ -53,7 +54,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
id, err := a.store.Create(secret)
|
id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
a.errorResponse(res, http.StatusInternalServerError, err.Error())
|
a.errorResponse(res, http.StatusInternalServerError, err.Error())
|
||||||
return
|
return
|
||||||
|
|
4
go.mod
4
go.mod
|
@ -8,11 +8,13 @@ require (
|
||||||
github.com/gofrs/uuid/v3 v3.1.2
|
github.com/gofrs/uuid/v3 v3.1.2
|
||||||
github.com/gorilla/mux v1.8.0
|
github.com/gorilla/mux v1.8.0
|
||||||
github.com/pkg/errors v0.9.1
|
github.com/pkg/errors v0.9.1
|
||||||
|
github.com/redis/go-redis/v9 v9.0.5
|
||||||
github.com/sirupsen/logrus v1.9.3
|
github.com/sirupsen/logrus v1.9.3
|
||||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37
|
|
||||||
)
|
)
|
||||||
|
|
||||||
require (
|
require (
|
||||||
|
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||||
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||||
github.com/spf13/pflag v1.0.5 // indirect
|
github.com/spf13/pflag v1.0.5 // indirect
|
||||||
golang.org/x/sys v0.8.0 // indirect
|
golang.org/x/sys v0.8.0 // indirect
|
||||||
gopkg.in/validator.v2 v2.0.1 // indirect
|
gopkg.in/validator.v2 v2.0.1 // indirect
|
||||||
|
|
10
go.sum
10
go.sum
|
@ -2,9 +2,15 @@ github.com/Luzifer/go_helpers/v2 v2.17.1 h1:SJjfkkJ14d1i8zpKzZ3619YSGijxp2jfc6Qk
|
||||||
github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q=
|
github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q=
|
||||||
github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o=
|
github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o=
|
||||||
github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8=
|
github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8=
|
||||||
|
github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao=
|
||||||
|
github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
|
||||||
|
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
|
||||||
|
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||||
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
|
||||||
|
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||||
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
|
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
|
||||||
github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY=
|
github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY=
|
||||||
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
|
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
|
||||||
|
@ -19,6 +25,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
||||||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||||
|
github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o=
|
||||||
|
github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
|
||||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||||
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||||
|
@ -26,8 +34,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
|
||||||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37 h1:xrMQUnipugHaopud+BS+tGITJvhc4lTf3b4vCzkF/no=
|
|
||||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37/go.mod h1:Ew+jSwVYyBT+GrKWGzlld2VGZqUy5cgGQATzqHpqGvg=
|
|
||||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
|
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
|
||||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||||
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
|
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
|
||||||
|
|
1
main.go
1
main.go
|
@ -22,6 +22,7 @@ var (
|
||||||
cfg struct {
|
cfg struct {
|
||||||
Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
|
Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
|
||||||
LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
|
LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
|
||||||
|
SecretExpiry int64 `flag:"secret-expiry" default:"0" description:"Maximum expiry of the stored secrets in seconds"`
|
||||||
StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
|
StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
|
||||||
VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"`
|
VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"`
|
||||||
}
|
}
|
||||||
|
|
|
@ -3,12 +3,13 @@ package main
|
||||||
import (
|
import (
|
||||||
"errors"
|
"errors"
|
||||||
"fmt"
|
"fmt"
|
||||||
|
"time"
|
||||||
)
|
)
|
||||||
|
|
||||||
var errSecretNotFound = errors.New("Secret not found")
|
var errSecretNotFound = errors.New("Secret not found")
|
||||||
|
|
||||||
type storage interface {
|
type storage interface {
|
||||||
Create(secret string) (string, error)
|
Create(secret string, expireIn time.Duration) (string, error)
|
||||||
ReadAndDestroy(id string) (string, error)
|
ReadAndDestroy(id string) (string, error)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,8 +1,6 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"os"
|
|
||||||
"strconv"
|
|
||||||
"time"
|
"time"
|
||||||
|
|
||||||
"github.com/gofrs/uuid/v3"
|
"github.com/gofrs/uuid/v3"
|
||||||
|
@ -23,10 +21,10 @@ func newStorageMem() storage {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storageMem) Create(secret string) (string, error) {
|
func (s storageMem) Create(secret string, expireIn time.Duration) (string, error) {
|
||||||
id := uuid.Must(uuid.NewV4()).String()
|
id := uuid.Must(uuid.NewV4()).String()
|
||||||
s.store[id] = memStorageSecret{
|
s.store[id] = memStorageSecret{
|
||||||
Expiry: s.expiry(),
|
Expiry: time.Now().Add(expireIn),
|
||||||
Secret: secret,
|
Secret: secret,
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -47,17 +45,3 @@ func (s storageMem) ReadAndDestroy(id string) (string, error) {
|
||||||
|
|
||||||
return secret.Secret, nil
|
return secret.Secret, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storageMem) expiry() time.Time {
|
|
||||||
exp := os.Getenv("SECRET_EXPIRY")
|
|
||||||
if exp == "" {
|
|
||||||
return time.Time{}
|
|
||||||
}
|
|
||||||
|
|
||||||
e, err := strconv.ParseInt(exp, 10, 64)
|
|
||||||
if err != nil {
|
|
||||||
return time.Time{}
|
|
||||||
}
|
|
||||||
|
|
||||||
return time.Now().Add(time.Duration(e) * time.Second)
|
|
||||||
}
|
|
||||||
|
|
|
@ -1,17 +1,21 @@
|
||||||
package main
|
package main
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"context"
|
||||||
"fmt"
|
"fmt"
|
||||||
"os"
|
"os"
|
||||||
"strconv"
|
|
||||||
"strings"
|
"strings"
|
||||||
|
"time"
|
||||||
|
|
||||||
"github.com/gofrs/uuid/v3"
|
"github.com/gofrs/uuid/v3"
|
||||||
"github.com/xuyu/goredis"
|
"github.com/pkg/errors"
|
||||||
|
redis "github.com/redis/go-redis/v9"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
const redisDefaultPrefix = "io.luzifer.ots"
|
||||||
|
|
||||||
type storageRedis struct {
|
type storageRedis struct {
|
||||||
conn *goredis.Redis
|
conn *redis.Client
|
||||||
}
|
}
|
||||||
|
|
||||||
func newStorageRedis() (storage, error) {
|
func newStorageRedis() (storage, error) {
|
||||||
|
@ -19,76 +23,48 @@ func newStorageRedis() (storage, error) {
|
||||||
return nil, fmt.Errorf("REDIS_URL environment variable not set")
|
return nil, fmt.Errorf("REDIS_URL environment variable not set")
|
||||||
}
|
}
|
||||||
|
|
||||||
c, err := goredis.DialURL(os.Getenv("REDIS_URL"))
|
// We replace the old URI format
|
||||||
|
// tcp://auth:password@127.0.0.1:6379/0
|
||||||
|
// with the new one
|
||||||
|
// redis://<user>:<password>@<host>:<port>/<db_number>
|
||||||
|
// in order to maintain backwards compatibility
|
||||||
|
opt, err := redis.ParseURL(strings.Replace(os.Getenv("REDIS_URL"), "tcp://", "redis://", 1))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, errors.Wrap(err, "parsing REDIS_URL")
|
||||||
}
|
}
|
||||||
|
|
||||||
s := &storageRedis{
|
s := &storageRedis{
|
||||||
conn: c,
|
conn: redis.NewClient(opt),
|
||||||
}
|
}
|
||||||
|
|
||||||
return s, nil
|
return s, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storageRedis) redisExpiry() int {
|
func (s storageRedis) Create(secret string, expireIn time.Duration) (string, error) {
|
||||||
var expStr string
|
|
||||||
for _, eVar := range []string{"SECRET_EXPIRY", "REDIS_EXPIRY"} {
|
|
||||||
if v := os.Getenv(eVar); v != "" {
|
|
||||||
expStr = v
|
|
||||||
break
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if expStr == "" {
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
e, err := strconv.Atoi(expStr)
|
|
||||||
if err != nil {
|
|
||||||
return 0
|
|
||||||
}
|
|
||||||
|
|
||||||
return e
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s storageRedis) redisKey() string {
|
|
||||||
key := os.Getenv("REDIS_KEY")
|
|
||||||
if key == "" {
|
|
||||||
key = "io.luzifer.ots"
|
|
||||||
}
|
|
||||||
|
|
||||||
return key
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s storageRedis) Create(secret string) (string, error) {
|
|
||||||
id := uuid.Must(uuid.NewV4()).String()
|
id := uuid.Must(uuid.NewV4()).String()
|
||||||
err := s.writeKey(id, secret)
|
err := s.conn.SetEx(context.Background(), s.redisKey(id), secret, expireIn).Err()
|
||||||
|
|
||||||
return id, err
|
return id, errors.Wrap(err, "writing redis key")
|
||||||
}
|
}
|
||||||
|
|
||||||
func (s storageRedis) ReadAndDestroy(id string) (string, error) {
|
func (s storageRedis) ReadAndDestroy(id string) (string, error) {
|
||||||
secret, err := s.conn.Get(strings.Join([]string{s.redisKey(), id}, ":"))
|
secret, err := s.conn.Get(context.Background(), s.redisKey(id)).Result()
|
||||||
if err != nil {
|
if err != nil {
|
||||||
|
if errors.Is(err, redis.Nil) {
|
||||||
|
return "", errSecretNotFound
|
||||||
|
}
|
||||||
return "", err
|
return "", err
|
||||||
}
|
}
|
||||||
|
|
||||||
if secret == nil {
|
err = s.conn.Del(context.Background(), s.redisKey(id)).Err()
|
||||||
return "", errSecretNotFound
|
return string(secret), errors.Wrap(err, "deleting key")
|
||||||
|
}
|
||||||
|
|
||||||
|
func (s storageRedis) redisKey(id string) string {
|
||||||
|
prefix := redisDefaultPrefix
|
||||||
|
if prfx := os.Getenv("REDIS_KEY"); prfx != "" {
|
||||||
|
prefix = prfx
|
||||||
}
|
}
|
||||||
|
|
||||||
_, err = s.conn.Del(strings.Join([]string{s.redisKey(), id}, ":"))
|
return strings.Join([]string{prefix, id}, ":")
|
||||||
return string(secret), err
|
|
||||||
}
|
|
||||||
|
|
||||||
func (s storageRedis) writeKey(id, value string) error {
|
|
||||||
return s.conn.Set(
|
|
||||||
strings.Join([]string{s.redisKey(), id}, ":"), // Key
|
|
||||||
value, // Secret
|
|
||||||
s.redisExpiry(), // Expiry in seconds
|
|
||||||
0, // Expiry milliseconds
|
|
||||||
false, // MustExist
|
|
||||||
true, // MustNotExist
|
|
||||||
)
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue