Replace redis client, move expiry into creation interface
Signed-off-by: Knut Ahlers <knut@ahlers.me>
This commit is contained in:
parent
900d816dff
commit
ea631beeef
GPG key ID:
D91C3E91E4CAD6F5
8 changed files with 51 additions and 80 deletions
|
|
@ -21,10 +21,10 @@
|
|||
For a better setup you can choose the backend which is used to store the secrets:
|
||||
|
||||
- `mem` - In memory storage (wiped on restart of the daemon)
|
||||
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
|
||||
- `redis` - Storing the secrets in a hash under one key
|
||||
- `REDIS_URL` - Redis connection string `tcp://auth:PWD@HOST:PORT/DB`
|
||||
- `REDIS_URL` - Redis connection string `redis://auth:PWD@HOST:PORT/DB`
|
||||
- `REDIS_KEY` - Key prefix to store the keys under (Default `io.luzifer.ots`)
|
||||
- Common options
|
||||
- `SECRET_EXPIRY` - Expiry of the keys in seconds (Default `0` = no expiry)
|
||||
|
||||
## Creating secrets through CLI / scripts
|
||||
|
|
|
|||
3
api.go
3
api.go
|
|
@ -4,6 +4,7 @@ import (
|
|||
"encoding/json"
|
||||
"net/http"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gorilla/mux"
|
||||
)
|
||||
|
|
@ -53,7 +54,7 @@ func (a apiServer) handleCreate(res http.ResponseWriter, r *http.Request) {
|
|||
return
|
||||
}
|
||||
|
||||
id, err := a.store.Create(secret)
|
||||
id, err := a.store.Create(secret, time.Duration(cfg.SecretExpiry)*time.Second)
|
||||
if err != nil {
|
||||
a.errorResponse(res, http.StatusInternalServerError, err.Error())
|
||||
return
|
||||
|
|
|
|||
4
go.mod
4
go.mod
|
|
@ -8,11 +8,13 @@ require (
|
|||
github.com/gofrs/uuid/v3 v3.1.2
|
||||
github.com/gorilla/mux v1.8.0
|
||||
github.com/pkg/errors v0.9.1
|
||||
github.com/redis/go-redis/v9 v9.0.5
|
||||
github.com/sirupsen/logrus v1.9.3
|
||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37
|
||||
)
|
||||
|
||||
require (
|
||||
github.com/cespare/xxhash/v2 v2.2.0 // indirect
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
|
||||
github.com/spf13/pflag v1.0.5 // indirect
|
||||
golang.org/x/sys v0.8.0 // indirect
|
||||
gopkg.in/validator.v2 v2.0.1 // indirect
|
||||
|
|
|
|||
10
go.sum
10
go.sum
|
|
@ -2,9 +2,15 @@ github.com/Luzifer/go_helpers/v2 v2.17.1 h1:SJjfkkJ14d1i8zpKzZ3619YSGijxp2jfc6Qk
|
|||
github.com/Luzifer/go_helpers/v2 v2.17.1/go.mod h1:C5EkTBawA4sJt0CHoAoblgGPwTjW9blXZ/Et6RiEu6Q=
|
||||
github.com/Luzifer/rconfig/v2 v2.4.0 h1:MAdymTlExAZ8mx5VG8xOFAtFQSpWBipKYQHPOmYTn9o=
|
||||
github.com/Luzifer/rconfig/v2 v2.4.0/go.mod h1:hWF3ZVSusbYlg5bEvCwalEyUSY+0JPJWUiIu7rBmav8=
|
||||
github.com/bsm/ginkgo/v2 v2.7.0 h1:ItPMPH90RbmZJt5GtkcNvIRuGEdwlBItdNVoyzaNQao=
|
||||
github.com/bsm/gomega v1.26.0 h1:LhQm+AFcgV2M0WyKroMASzAzCAJVpAxQXv4SaI9a69Y=
|
||||
github.com/cespare/xxhash/v2 v2.2.0 h1:DC2CZ1Ep5Y4k3ZQ899DldepgrayRUGE6BBZ/cd9Cj44=
|
||||
github.com/cespare/xxhash/v2 v2.2.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs=
|
||||
github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
|
||||
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f h1:lO4WD4F/rVNCu3HqELle0jiPLLBs70cWOduZpkS1E78=
|
||||
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f/go.mod h1:cuUVRXasLTGF7a8hSLbxyZXjz+1KgoB3wDUb6vlszIc=
|
||||
github.com/fsnotify/fsnotify v1.4.9 h1:hsms1Qyu0jgnwNXIxa+/V/PDsU6CfLf6CNO8H7IWoS4=
|
||||
github.com/gofrs/uuid/v3 v3.1.2 h1:V3IBv1oU82x6YIr5txe3azVHgmOKYdyKQTowm9moBlY=
|
||||
github.com/gofrs/uuid/v3 v3.1.2/go.mod h1:xPwMqoocQ1L5G6pXX5BcE7N5jlzn2o19oqAKxwZW/kI=
|
||||
|
|
@ -19,6 +25,8 @@ github.com/pkg/errors v0.9.1 h1:FEBLx1zS214owpjy7qsBeixbURkuhQAwrK5UwLGTwt4=
|
|||
github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINEl0=
|
||||
github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
|
||||
github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
|
||||
github.com/redis/go-redis/v9 v9.0.5 h1:CuQcn5HIEeK7BgElubPP8CGtE0KakrnbBSTLjathl5o=
|
||||
github.com/redis/go-redis/v9 v9.0.5/go.mod h1:WqMKv5vnQbRuZstUwxQI195wHy+t4PuXDOjzMvcuQHk=
|
||||
github.com/sirupsen/logrus v1.9.3 h1:dueUQJ1C2q9oE3F7wvmSGAaVtTmUizReu6fjN8uqzbQ=
|
||||
github.com/sirupsen/logrus v1.9.3/go.mod h1:naHLuLoDiP4jHNo9R0sCBMtWGeIprob74mVsIT4qYEQ=
|
||||
github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
|
||||
|
|
@ -26,8 +34,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An
|
|||
github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
|
||||
github.com/stretchr/testify v1.7.0 h1:nwc3DEeHmmLAfoZucVR881uASk0Mfjw8xYJ99tb5CcY=
|
||||
github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
|
||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37 h1:xrMQUnipugHaopud+BS+tGITJvhc4lTf3b4vCzkF/no=
|
||||
github.com/xuyu/goredis v0.0.0-20160929021245-89fbe9474b37/go.mod h1:Ew+jSwVYyBT+GrKWGzlld2VGZqUy5cgGQATzqHpqGvg=
|
||||
golang.org/x/net v0.0.0-20210119194325-5f4716e94777 h1:003p0dJM77cxMSyCPFphvZf/Y5/NXf5fzg6ufd1/Oew=
|
||||
golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
|
||||
golang.org/x/sys v0.8.0 h1:EBmGv8NaZBZTWvrbjNoL6HVt+IVy3QDQpJs7VRIw3tU=
|
||||
|
|
|
|||
1
main.go
1
main.go
|
|
@ -22,6 +22,7 @@ var (
|
|||
cfg struct {
|
||||
Listen string `flag:"listen" default:":3000" description:"IP/Port to listen on"`
|
||||
LogLevel string `flag:"log-level" default:"info" description:"Set log level (debug, info, warning, error)"`
|
||||
SecretExpiry int64 `flag:"secret-expiry" default:"0" description:"Maximum expiry of the stored secrets in seconds"`
|
||||
StorageType string `flag:"storage-type" default:"mem" description:"Storage to use for putting secrets to" validate:"nonzero"`
|
||||
VersionAndExit bool `flag:"version" default:"false" description:"Print version information and exit"`
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3,12 +3,13 @@ package main
|
|||
import (
|
||||
"errors"
|
||||
"fmt"
|
||||
"time"
|
||||
)
|
||||
|
||||
var errSecretNotFound = errors.New("Secret not found")
|
||||
|
||||
type storage interface {
|
||||
Create(secret string) (string, error)
|
||||
Create(secret string, expireIn time.Duration) (string, error)
|
||||
ReadAndDestroy(id string) (string, error)
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -1,8 +1,6 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"os"
|
||||
"strconv"
|
||||
"time"
|
||||
|
||||
"github.com/gofrs/uuid/v3"
|
||||
|
|
@ -23,10 +21,10 @@ func newStorageMem() storage {
|
|||
}
|
||||
}
|
||||
|
||||
func (s storageMem) Create(secret string) (string, error) {
|
||||
func (s storageMem) Create(secret string, expireIn time.Duration) (string, error) {
|
||||
id := uuid.Must(uuid.NewV4()).String()
|
||||
s.store[id] = memStorageSecret{
|
||||
Expiry: s.expiry(),
|
||||
Expiry: time.Now().Add(expireIn),
|
||||
Secret: secret,
|
||||
}
|
||||
|
||||
|
|
@ -47,17 +45,3 @@ func (s storageMem) ReadAndDestroy(id string) (string, error) {
|
|||
|
||||
return secret.Secret, nil
|
||||
}
|
||||
|
||||
func (s storageMem) expiry() time.Time {
|
||||
exp := os.Getenv("SECRET_EXPIRY")
|
||||
if exp == "" {
|
||||
return time.Time{}
|
||||
}
|
||||
|
||||
e, err := strconv.ParseInt(exp, 10, 64)
|
||||
if err != nil {
|
||||
return time.Time{}
|
||||
}
|
||||
|
||||
return time.Now().Add(time.Duration(e) * time.Second)
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,17 +1,21 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"context"
|
||||
"fmt"
|
||||
"os"
|
||||
"strconv"
|
||||
"strings"
|
||||
"time"
|
||||
|
||||
"github.com/gofrs/uuid/v3"
|
||||
"github.com/xuyu/goredis"
|
||||
"github.com/pkg/errors"
|
||||
redis "github.com/redis/go-redis/v9"
|
||||
)
|
||||
|
||||
const redisDefaultPrefix = "io.luzifer.ots"
|
||||
|
||||
type storageRedis struct {
|
||||
conn *goredis.Redis
|
||||
conn *redis.Client
|
||||
}
|
||||
|
||||
func newStorageRedis() (storage, error) {
|
||||
|
|
@ -19,76 +23,48 @@ func newStorageRedis() (storage, error) {
|
|||
return nil, fmt.Errorf("REDIS_URL environment variable not set")
|
||||
}
|
||||
|
||||
c, err := goredis.DialURL(os.Getenv("REDIS_URL"))
|
||||
// We replace the old URI format
|
||||
// tcp://auth:password@127.0.0.1:6379/0
|
||||
// with the new one
|
||||
// redis://<user>:<password>@<host>:<port>/<db_number>
|
||||
// in order to maintain backwards compatibility
|
||||
opt, err := redis.ParseURL(strings.Replace(os.Getenv("REDIS_URL"), "tcp://", "redis://", 1))
|
||||
if err != nil {
|
||||
return nil, err
|
||||
return nil, errors.Wrap(err, "parsing REDIS_URL")
|
||||
}
|
||||
|
||||
s := &storageRedis{
|
||||
conn: c,
|
||||
conn: redis.NewClient(opt),
|
||||
}
|
||||
|
||||
return s, nil
|
||||
}
|
||||
|
||||
func (s storageRedis) redisExpiry() int {
|
||||
var expStr string
|
||||
for _, eVar := range []string{"SECRET_EXPIRY", "REDIS_EXPIRY"} {
|
||||
if v := os.Getenv(eVar); v != "" {
|
||||
expStr = v
|
||||
break
|
||||
}
|
||||
}
|
||||
|
||||
if expStr == "" {
|
||||
return 0
|
||||
}
|
||||
|
||||
e, err := strconv.Atoi(expStr)
|
||||
if err != nil {
|
||||
return 0
|
||||
}
|
||||
|
||||
return e
|
||||
}
|
||||
|
||||
func (s storageRedis) redisKey() string {
|
||||
key := os.Getenv("REDIS_KEY")
|
||||
if key == "" {
|
||||
key = "io.luzifer.ots"
|
||||
}
|
||||
|
||||
return key
|
||||
}
|
||||
|
||||
func (s storageRedis) Create(secret string) (string, error) {
|
||||
func (s storageRedis) Create(secret string, expireIn time.Duration) (string, error) {
|
||||
id := uuid.Must(uuid.NewV4()).String()
|
||||
err := s.writeKey(id, secret)
|
||||
err := s.conn.SetEx(context.Background(), s.redisKey(id), secret, expireIn).Err()
|
||||
|
||||
return id, err
|
||||
return id, errors.Wrap(err, "writing redis key")
|
||||
}
|
||||
|
||||
func (s storageRedis) ReadAndDestroy(id string) (string, error) {
|
||||
secret, err := s.conn.Get(strings.Join([]string{s.redisKey(), id}, ":"))
|
||||
secret, err := s.conn.Get(context.Background(), s.redisKey(id)).Result()
|
||||
if err != nil {
|
||||
if errors.Is(err, redis.Nil) {
|
||||
return "", errSecretNotFound
|
||||
}
|
||||
return "", err
|
||||
}
|
||||
|
||||
if secret == nil {
|
||||
return "", errSecretNotFound
|
||||
err = s.conn.Del(context.Background(), s.redisKey(id)).Err()
|
||||
return string(secret), errors.Wrap(err, "deleting key")
|
||||
}
|
||||
|
||||
func (s storageRedis) redisKey(id string) string {
|
||||
prefix := redisDefaultPrefix
|
||||
if prfx := os.Getenv("REDIS_KEY"); prfx != "" {
|
||||
prefix = prfx
|
||||
}
|
||||
|
||||
_, err = s.conn.Del(strings.Join([]string{s.redisKey(), id}, ":"))
|
||||
return string(secret), err
|
||||
}
|
||||
|
||||
func (s storageRedis) writeKey(id, value string) error {
|
||||
return s.conn.Set(
|
||||
strings.Join([]string{s.redisKey(), id}, ":"), // Key
|
||||
value, // Secret
|
||||
s.redisExpiry(), // Expiry in seconds
|
||||
0, // Expiry milliseconds
|
||||
false, // MustExist
|
||||
true, // MustNotExist
|
||||
)
|
||||
return strings.Join([]string{prefix, id}, ":")
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in a new issue