feat: Implemented basic db operation.

build.zig.zon

@@ -32,7 +32,9 @@
     // Once all dependencies are fetched, `zig build` no longer requires
     // internet connectivity.
     .dependencies = .{
+        // .age = .{ .path = "zig-vendor/age-ffi/zig" },
         .sqlite = .{ .path = "zig-vendor/zig-sqlite" },
+
         // See `zig fetch --save <url>` for a command-line interface for adding dependencies.
         //.example = .{
         //    // When updating this field to a new URL, be sure to delete the corresponding

fixtures/hello-world.age

@@ -0,0 +1,5 @@
+age-encryption.org/v1
+-> ssh-ed25519 Boe0UQ 2ngx7jSJ8/yuAzTgeiiCTYZRSkBCeJfaHTL0u7k6ziU
+0XmEy0bOTeW1MF9ev32n4xISPDl9UQNHzEB0vsZHDuU
+--- UV7IjWFCCg79Pf3T9vUWBxT4MhgeARWp6E+LK9tMy1g
+u‡No2Zÿꥡé–Ý…++˜‡°ð¾ÓYÏóíð<C3AD>y:æ@'NÍ
xP¾

fixtures/hello-world.txt

@@ -0,0 +1 @@
+Hello, World!

fixtures/insecure-test-key

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACCbll0MJper9prPwGn2wwikH3hTByL8tlzmhViuvfrryAAAAJCkxfzapMX8
+2gAAAAtzc2gtZWQyNTUxOQAAACCbll0MJper9prPwGn2wwikH3hTByL8tlzmhViuvfrryA
+AAAEDXQExhs89b3fjqJHkhuo9QX4JEjXiEC+vSnCAYc8OxcpuWXQwml6v2ms/AafbDCKQf
+eFMHIvy2XOaFWK69+uvIAAAACnNwZW5jZXJAZncBAgM=
+-----END OPENSSH PRIVATE KEY-----

fixtures/insecure-test-key.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuWXQwml6v2ms/AafbDCKQfeFMHIvy2XOaFWK69+uvI spencer@fw

flake.nix

@@ -99,8 +99,9 @@
                 cobra-cli
 
                 # Build tools
-                zip
+                age
                 unstable.cargo
+                zip
 
                 opencode
 

src/Db.zig

@@ -0,0 +1,242 @@
+const std = @import("std");
+const sqlite = @import("sqlite");
+
+const age = @import("age.zig");
+
+/// The underlying data store.
+sql_db: sqlite.Db,
+
+/// Set to true whenever the data updates. If false when close() is called,
+/// the database will be closed without saving
+changed: bool = false,
+
+/// Decrypts the database into a temporary file and opens it in memory
+// FIXME: Test me with real file
+pub fn open(
+    io: std.Io,
+    gpa: std.mem.Allocator,
+    /// The path to the home directory
+    home: []const u8,
+    /// The path to the /tmp directory
+    tmp: []const u8,
+) !@This() {
+    // TODO: Check if database already exists
+    const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
+    defer gpa.free(db_path);
+
+    var db = try new();
+
+    if (db_exists(io, db_path)) {
+        // const tmp_dir = try std.Io.Dir.cwd().openDir(io, tmp, .{});
+        // defer tmp_dir.deleteFile(io, "envr.db");
+
+        const tmp_db_path = try std.fs.path.join(gpa, &.{ tmp, "envr.db" });
+        defer gpa.free(tmp_db_path);
+
+        // TODO: Fix key
+        try age.decrypt(io, gpa, "~/.ssh/id_ed25519", db_path, tmp_db_path);
+
+        try db.restore(tmp_db_path);
+        try std.Io.Dir.cwd().deleteFile(io, tmp_db_path);
+
+        return db;
+    } else {
+        return db;
+    }
+}
+
+/// Create a new instance of the database in-memory
+fn new() !@This() {
+    var db = try sqlite.Db.init(.{
+        .mode = .Memory,
+        .open_flags = .{ .write = true, .create = true },
+        .threading_mode = .MultiThread,
+    });
+
+    try db.exec(
+        \\create table envr_env_files (
+        \\  path text primary key not null
+        \\, remotes text -- JSON
+        \\, sha256 text not null
+        \\, contents text not null
+        \\)
+    , .{}, .{});
+
+    return .{ .sql_db = db };
+}
+
+/// Returns true if a file exists at ~/.envr/data.age
+fn db_exists(io: std.Io, path: []const u8) bool {
+    if (std.Io.Dir.cwd().access(io, path, .{ .read = true })) {
+        return true;
+    } else |_| {
+        return false;
+    }
+}
+
+/// Loads the unencrypted sqlite db at filepath path into the datbase
+/// FIXME: Test me
+fn restore(
+    self: *@This(),
+    path: []const u8,
+) !void {
+    try self.sql_db.exec(
+        "ATTACH DATABASE ? AS source",
+        .{},
+        .{path},
+    );
+    defer self.sql_db.exec("DETACH DATABASE source", .{}, .{}) catch unreachable;
+
+    try self.sql_db.exec(
+        "INSERT INTO main.envr_env_files SELECT * FROM source.envr_env_files",
+        .{},
+        .{},
+    );
+}
+
+// TODO: Finish
+// pub fn tmpDir(opts: std.fs.Dir.OpenDirOptions) TmpDir {
+//     var random_bytes: [TmpDir.random_bytes_count]u8 = undefined;
+//     std.crypto.random.bytes(&random_bytes);
+//     var sub_path: [TmpDir.sub_path_len]u8 = undefined;
+//     _ = std.fs.base64_encoder.encode(&sub_path, &random_bytes);
+// }
+//
+// const TmpDir = struct {};
+
+/// Close the database
+/// FIXME: Test me with data but no changes
+/// FIXME: Test me with data and changes
+pub fn close(
+    self: *@This(),
+    io: std.Io,
+    gpa: std.mem.Allocator,
+    home: []const u8,
+    tmp: []const u8,
+) !void {
+    defer self.sql_db.deinit();
+
+    if (self.changed) {
+        const tmp_db_path = try std.fs.path.join(gpa, &.{ tmp, "envr.db" });
+        defer gpa.free(tmp_db_path);
+
+        try self.sql_db.exec("VACUUM INTO ?", .{}, .{tmp_db_path});
+
+        const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
+        defer gpa.free(db_path);
+
+        // FIXME: Use real key
+        try age.encrypt(io, gpa, "~/.ssh/id_ed25519.pub", tmp_db_path, db_path);
+
+        self.changed = false;
+    }
+}
+
+test {
+    std.testing.refAllDecls(@import("age.zig"));
+}
+
+test "simple database can be opened" {
+    var db = try sqlite.Db.init(.{
+        .mode = sqlite.Db.Mode{ .File = "./fixtures/example.db" },
+        .open_flags = .{
+            .write = false,
+            .create = false,
+        },
+        .threading_mode = .MultiThread,
+    });
+
+    var stmt = try db.prepare("SELECT * FROM hello");
+    defer stmt.deinit();
+
+    const alloc = std.testing.allocator;
+
+    if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
+        defer alloc.free(got.text);
+
+        try std.testing.expectEqualSlices(u8, "world!", got.text);
+    } else {
+        return error.TestUnexpectedResult;
+    }
+}
+
+test "encrypted database can be opened" {
+    const io = std.testing.io;
+    const gpa = std.testing.allocator;
+
+    var tmp = std.testing.tmpDir(.{});
+    defer tmp.cleanup();
+
+    const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
+    defer gpa.free(dir_path);
+
+    const decrypted_path = try std.fs.path.joinZ(gpa, &.{ dir_path, "example.db" });
+    defer gpa.free(decrypted_path);
+
+    try age.decrypt(
+        io,
+        gpa,
+        "./fixtures/insecure-test-key",
+        "./fixtures/encrypted-example.db.age",
+        decrypted_path,
+    );
+
+    var db = try sqlite.Db.init(.{
+        .mode = sqlite.Db.Mode{ .File = decrypted_path },
+        .open_flags = .{
+            .write = false,
+            .create = false,
+        },
+        .threading_mode = .MultiThread,
+    });
+
+    var stmt = try db.prepare("SELECT * FROM hello");
+    defer stmt.deinit();
+
+    const alloc = std.testing.allocator;
+
+    if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
+        defer alloc.free(got.text);
+
+        try std.testing.expectEqualSlices(u8, "world!", got.text);
+    } else {
+        return error.TestUnexpectedResult;
+    }
+}
+
+test "Closing a fresh database does not create a file" {
+    const io = std.testing.io;
+    const gpa = std.testing.allocator;
+
+    var tmp_dir = std.testing.tmpDir(.{});
+    defer tmp_dir.cleanup();
+
+    // @compileLog(@typeInfo(std.Io.File.Permissions));
+    try tmp_dir.dir.createDir(io, "home", .default_dir);
+    try tmp_dir.dir.createDir(io, "tmp", .default_dir);
+
+    const tmp_dir_path = try tmp_dir.dir.realPathFileAlloc(io, ".", gpa);
+    defer gpa.free(tmp_dir_path);
+
+    const home = try std.fs.path.join(gpa, &.{ tmp_dir_path, "home" });
+    defer gpa.free(home);
+    const tmp = try std.fs.path.join(gpa, &.{ tmp_dir_path, "tmp" });
+    defer gpa.free(tmp);
+
+    var db: @This() = try .open(io, gpa, home, tmp);
+
+    const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
+    defer gpa.free(db_path);
+
+    try std.testing.expectError(
+        error.FileNotFound,
+        tmp_dir.dir.access(io, db_path, .{ .read = true }),
+    );
+
+    try db.close(io, gpa, home, tmp);
+
+    try std.testing.expectError(
+        error.FileNotFound,
+        tmp_dir.dir.access(io, db_path, .{ .read = true }),
+    );
+}

src/age.zig

@@ -0,0 +1,137 @@
+const std = @import("std");
+
+/// Returns the decrypted contents of the file.
+/// Caller is responsible for freeing the memory.
+pub fn decrypt(
+    io: std.Io,
+    gpa: std.mem.Allocator,
+    private_key: []const u8,
+    input_path: []const u8,
+    output_path: []const u8,
+) !void {
+    const result = try std.process.run(gpa, io, .{
+        .argv = &.{
+            "age",
+            "-d",
+            "-i",
+            private_key,
+            "-o",
+            output_path,
+            input_path,
+        },
+    });
+    defer gpa.free(result.stderr);
+    defer gpa.free(result.stdout);
+
+    if (result.stdout.len > 0) {
+        std.debug.print("stdout: \"{s}\"\n", .{result.stdout});
+        unreachable;
+    }
+
+    if (result.stderr.len > 0) {
+        std.debug.print("stderr: \"{s}\"\n", .{result.stderr});
+        unreachable;
+    }
+}
+
+/// Returns the encrypted contents of the file.
+/// Caller is responsible for freeing the memory.
+pub fn encrypt(
+    io: std.Io,
+    gpa: std.mem.Allocator,
+    public_key: []const u8,
+    input_path: []const u8,
+    output_path: []const u8,
+) !void {
+    const result = try std.process.run(gpa, io, .{
+        .argv = &.{
+            "age",
+            "-e",
+            "-R",
+            public_key,
+            "-o",
+            output_path,
+            input_path,
+        },
+    });
+    defer gpa.free(result.stderr);
+    defer gpa.free(result.stdout);
+
+    if (result.stdout.len > 0) {
+        std.debug.print("stdout: \"{s}\"\n", .{result.stdout});
+        unreachable;
+    }
+
+    if (result.stderr.len > 0) {
+        std.debug.print("stderr: \"{s}\"\n", .{result.stderr});
+        unreachable;
+    }
+}
+
+test "sample file can be decrypted" {
+    const io = std.testing.io;
+    const gpa = std.testing.allocator;
+
+    var tmp = std.testing.tmpDir(.{});
+    defer tmp.cleanup();
+
+    const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
+    defer gpa.free(dir_path);
+
+    const output_path = try std.fs.path.join(gpa, &.{ dir_path, "got.txt" });
+    defer gpa.free(output_path);
+
+    try decrypt(
+        io,
+        gpa,
+        "./fixtures/insecure-test-key",
+        "./fixtures/hello-world.age",
+        output_path,
+    );
+
+    const contents = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
+    defer gpa.free(contents);
+
+    try std.testing.expectEqualSlices(u8, "Hello, World!\n", contents);
+}
+
+test "sample file can be encrypted" {
+    const io = std.testing.io;
+    const gpa = std.testing.allocator;
+
+    var tmp = std.testing.tmpDir(.{});
+    defer tmp.cleanup();
+
+    const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
+    defer gpa.free(dir_path);
+
+    const output_path = try std.fs.path.join(gpa, &.{ dir_path, "hello-world.age" });
+    defer gpa.free(output_path);
+
+    try encrypt(
+        io,
+        gpa,
+        "./fixtures/insecure-test-key.pub",
+        "./fixtures/hello-world.txt",
+        output_path,
+    );
+
+    const got = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
+    defer gpa.free(got);
+
+    const want = try std.Io.Dir.cwd().readFileAlloc(
+        io,
+        "./fixtures/hello-world.age",
+        gpa,
+        .unlimited,
+    );
+    defer gpa.free(want);
+
+    const contents = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
+    defer gpa.free(contents);
+
+    try std.testing.expectEqual(want.len, got.len);
+
+    // FIXME: Test that decrypted file contents match
+    // try std.testing.expectEqualSlices(u8, "Hello, World!\n", decrypted_contents);
+}

src/db.zig

@@ -1,26 +0,0 @@
-const std = @import("std");
-const sqlite = @import("sqlite");
-
-test "simple database can be opened" {
-    var db = try sqlite.Db.init(.{
-        .mode = sqlite.Db.Mode{ .File = "./fixtures/example.db" },
-        .open_flags = .{
-            .write = false,
-            .create = false,
-        },
-        .threading_mode = .MultiThread,
-    });
-
-    var stmt = try db.prepare("SELECT * FROM hello");
-    defer stmt.deinit();
-
-    const alloc = std.testing.allocator;
-
-    if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
-        defer alloc.free(got.text);
-
-        try std.testing.expectEqualSlices(u8, "world!", got.text);
-    } else {
-        return error.TestUnexpectedResult;
-    }
-}

src/root.zig

@@ -57,7 +57,8 @@ pub const root: Command = .new(.{
 });
 
 test {
-    std.testing.refAllDecls(@import("db.zig"));
+    std.testing.refAllDecls(@import("Config.zig"));
+    std.testing.refAllDecls(@import("Db.zig"));
 }
 
 test "enum type" {

zig-vendor/age-ffi/zig/build.zig

@@ -25,9 +25,8 @@ pub fn build(b: *std.Build) void {
     // Link the Rust static library
     // Assumes the library has been built with: cargo build --release
     example.root_module.addLibraryPath(b.path("../target/release"));
-    example.root_module.linkSystemLibrary("age_ffi", .{});
-
-    // example.root_module.linkLibC();
+    example.root_module.linkSystemLibrary("age_ffi", .{ .needed = true });
+    // example.linkLibC();
 
     // Install the example
     b.installArtifact(example);
@@ -80,7 +79,7 @@ pub fn build(b: *std.Build) void {
 
     tests.root_module.addImport("age", age_module);
     tests.root_module.addLibraryPath(b.path("../target/release"));
-    tests.root_module.linkSystemLibrary("age_ffi", .{});
+    tests.root_module.linkSystemLibrary("age_ffi", .{ .needed = true });
     // tests.linkLibC();
     tests.step.dependOn(&cargo_build.step);
 

zig-vendor/age-ffi/zig/build.zig.zon

@@ -0,0 +1,9 @@
+.{
+    .name = .age,
+    .version = "0.1.0",
+    .fingerprint = 0xa13010b27f1528d3,
+    .minimum_zig_version = "0.14.0",
+    .paths = .{
+        "zig",
+    },
+}