spencer/envr
1
0
Fork 0
mirror of https://github.com/sbrow/envr.git synced 2026-06-27 10:38:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: spencer:f86fb76b33d11dd09ca5b3105ad3c4ac864e6cfa
Branches Tags
spencer:main spencer:dev spencer:release-please--branches--dev spencer:release-please--branches--main spencer:zig spencer:release-please--branches--odin spencer:go
spencer:v0.3.0 spencer:v0.2.1 spencer:v0.2.0 spencer:v0.1.1 spencer:v0.1.0
...
compare: spencer:0fd0968feeaa6152e480ef38c63f7bf9db520a75
Branches Tags
spencer:dev spencer:release-please--branches--dev spencer:release-please--branches--main spencer:main spencer:zig spencer:release-please--branches--odin spencer:go
spencer:v0.3.0 spencer:v0.2.1 spencer:v0.2.0 spencer:v0.1.1 spencer:v0.1.0

3 Commits
f86fb76b33 ... 0fd0968fee

Author SHA1 Message Date
Spencer Brower
0fd0968fee wip: feat: accept config in Db 2026-04-30 22:37:34 -04:00
Spencer Brower
fd0f8bba03 feat(age): accept multiple recipients. 2026-04-30 22:37:31 -04:00
Spencer Brower
6557139380 feat: Implemented basic db operation. 2026-04-30 21:03:38 -04:00
5 changed files with 318 additions and 109 deletions
Expand all files Collapse all files

12
src/config.zig → src/Config.zig
View File

@@ -1,7 +1,9 @@
const std = @import("std");
/// Keys that are available for encryption
keys: []const SSHKeyPair,
keys: []const SSHKeyPair = &.{
.from_pub_path("~/.ssh/id_ed25519.pub"),
},
/// Rules for how to match the scan command
scan: ScanConfig = .default,
@@ -12,11 +14,11 @@ pub const SSHKeyPair = struct {
/// Caller owns the returned memory
pub fn from_path(gpa: std.mem.Allocator, path: []const u8) !SSHKeyPair {
if (std.mem.eql(u8, std.fs.path.extension(path), ".pub")){
if (std.mem.eql(u8, std.fs.path.extension(path), ".pub")) {
return from_pub_path(path);
} else {
return .{
.public = try std.mem.concat(gpa, u8, &.{path, ".pub"}),
.public = try std.mem.concat(gpa, u8, &.{ path, ".pub" }),
.private = path,
};
}
@@ -27,7 +29,7 @@ pub const SSHKeyPair = struct {
return .{
.public = path,
.private = path[0..path.len - 4],
.private = path[0 .. path.len - 4],
};
}
};
@@ -119,7 +121,7 @@ test "saving to a new file upserts the file" {
var cfg: @This() = .{
.keys = &.{
.from_pub_path("~/.ssh/id_ed25519.pub"),
.from_pub_path("~/.ssh/id_ed25519.pub"),
},
};

262
src/Db.zig Normal file
View File

@@ -0,0 +1,262 @@
//! Db interacts with an age encrypted sqlite database.
//!
const std = @import("std");
const sqlite = @import("sqlite");
const age = @import("age.zig");
const Config = @import("Config.zig");
/// controls the keys and filepaths used for saving
config: Config,
/// The underlying data store.
sql_db: sqlite.Db,
/// Set to true whenever the data updates. If false when close() is called,
/// the database will be closed without saving
changed: bool = false,
/// Decrypts the database into a temporary file and opens it in memory
// FIXME: Test me with real file
pub fn open(
io: std.Io,
gpa: std.mem.Allocator,
opts: OpenOptions,
) !@This() {
// TODO: Read from config?
const db_path = try std.fs.path.join(gpa, &.{ opts.home, ".envr", "data.age" });
defer gpa.free(db_path);
var db = try new(opts.config);
if (db_exists(io, db_path)) {
// const tmp_dir = try std.Io.Dir.cwd().openDir(io, tmp, .{});
// defer tmp_dir.deleteFile(io, "envr.db");
const tmp_db_path = try std.fs.path.join(gpa, &.{ opts.tmp, "envr.db" });
defer gpa.free(tmp_db_path);
// TODO: Pass key(s) from Config
try age.decrypt(io, gpa, &.{"~/.ssh/id_ed25519"}, db_path, tmp_db_path);
try db.restore(tmp_db_path);
try std.Io.Dir.cwd().deleteFile(io, tmp_db_path);
return db;
} else {
return db;
}
}
const OpenOptions = struct {
config: Config = .{},
/// The path to the home directory
home: []const u8 = "~/",
/// The path to the /tmp directory
// FIXME: Support windows
tmp: []const u8 = "/tmp",
};
/// Create a new instance of the database in-memory
fn new(config: Config) !@This() {
var db = try sqlite.Db.init(.{
.mode = .Memory,
.open_flags = .{ .write = true, .create = true },
.threading_mode = .MultiThread,
});
try db.exec(
\\create table envr_env_files (
\\ path text primary key not null
\\, remotes text -- JSON
\\, sha256 text not null
\\, contents text not null
\\)
, .{}, .{});
return .{
.sql_db = db,
.config = config,
};
}
/// Returns true if a file exists at ~/.envr/data.age
fn db_exists(io: std.Io, path: []const u8) bool {
if (std.Io.Dir.cwd().access(io, path, .{ .read = true })) {
return true;
} else |_| {
return false;
}
}
/// Loads the unencrypted sqlite db at filepath path into the datbase
/// FIXME: Test me
fn restore(
self: *@This(),
path: []const u8,
) !void {
try self.sql_db.exec(
"ATTACH DATABASE ? AS source",
.{},
.{path},
);
defer self.sql_db.exec("DETACH DATABASE source", .{}, .{}) catch unreachable;
try self.sql_db.exec(
"INSERT INTO main.envr_env_files SELECT * FROM source.envr_env_files",
.{},
.{},
);
}
// TODO: Finish
// pub fn tmpDir(opts: std.fs.Dir.OpenDirOptions) TmpDir {
// var random_bytes: [TmpDir.random_bytes_count]u8 = undefined;
// std.crypto.random.bytes(&random_bytes);
// var sub_path: [TmpDir.sub_path_len]u8 = undefined;
// _ = std.fs.base64_encoder.encode(&sub_path, &random_bytes);
// }
//
// const TmpDir = struct {};
/// Close the database
/// FIXME: Test me with data but no changes
/// FIXME: Test me with data and changes
pub fn close(
self: *@This(),
io: std.Io,
gpa: std.mem.Allocator,
home: []const u8,
tmp: []const u8,
) !void {
defer self.sql_db.deinit();
if (self.changed) {
const tmp_db_path = try std.fs.path.join(gpa, &.{ tmp, "envr.db" });
defer gpa.free(tmp_db_path);
try self.sql_db.exec("VACUUM INTO ?", .{}, .{tmp_db_path});
const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
defer gpa.free(db_path);
// FIXME: Use real key
try age.encrypt(io, gpa, &.{"~/.ssh/id_ed25519.pub"}, tmp_db_path, db_path);
self.changed = false;
}
}
test {
std.testing.refAllDecls(@import("age.zig"));
}
test "simple database can be opened" {
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = "./fixtures/example.db" },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}
test "encrypted database can be opened" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const decrypted_path = try std.fs.path.joinZ(gpa, &.{ dir_path, "example.db" });
defer gpa.free(decrypted_path);
try age.decrypt(
io,
gpa,
&.{"./fixtures/insecure-test-key"},
"./fixtures/encrypted-example.db.age",
decrypted_path,
);
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = decrypted_path },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}
test "Closing a fresh database does not create a file" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp_dir = std.testing.tmpDir(.{});
defer tmp_dir.cleanup();
// @compileLog(@typeInfo(std.Io.File.Permissions));
try tmp_dir.dir.createDir(io, "home", .default_dir);
try tmp_dir.dir.createDir(io, "tmp", .default_dir);
const tmp_dir_path = try tmp_dir.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(tmp_dir_path);
const home = try std.fs.path.join(gpa, &.{ tmp_dir_path, "home" });
defer gpa.free(home);
const tmp = try std.fs.path.join(gpa, &.{ tmp_dir_path, "tmp" });
defer gpa.free(tmp);
var db: @This() = try .open(io, gpa, .{ .home = home, .tmp = tmp });
const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
defer gpa.free(db_path);
try std.testing.expectError(
error.FileNotFound,
tmp_dir.dir.access(io, db_path, .{ .read = true }),
);
try db.close(io, gpa, home, tmp);
try std.testing.expectError(
error.FileNotFound,
tmp_dir.dir.access(io, db_path, .{ .read = true }),
);
}
// test "Closing an unmodified database does not update the file" {}
// test "Closing a modified database does create a file" {}

74
src/age.zig
View File

@@ -1,24 +1,32 @@
const std = @import("std");
/// Returns the decrypted contents of the file.
/// Caller is responsible for freeing the memory.
/// Decrypts the file into output path
pub fn decrypt(
io: std.Io,
gpa: std.mem.Allocator,
private_key: []const u8,
private_keys: []const []const u8,
input_path: []const u8,
output_path: []const u8,
) !void {
// TODO: use raw array?
var argv: std.ArrayList([]const u8) = try .initCapacity(gpa, 2 + (2 * private_keys.len) + 3);
defer argv.deinit(gpa);
argv.appendAssumeCapacity("age");
argv.appendAssumeCapacity("-d");
for (private_keys) |key| {
argv.appendAssumeCapacity("-i");
argv.appendAssumeCapacity(key);
}
argv.appendAssumeCapacity("-o");
argv.appendAssumeCapacity(output_path);
argv.appendAssumeCapacity(input_path);
const result = try std.process.run(gpa, io, .{
.argv = &.{
"age",
"-d",
"-i",
private_key,
"-o",
output_path,
input_path,
},
.argv = argv.items,
});
defer gpa.free(result.stderr);
defer gpa.free(result.stdout);
@@ -34,25 +42,33 @@ pub fn decrypt(
}
}
/// Returns the encrypted contents of the file.
/// Caller is responsible for freeing the memory.
/// Encrypts the file into output path
pub fn encrypt(
io: std.Io,
gpa: std.mem.Allocator,
public_key: []const u8,
// TODO: Accept multiple keys
public_keys: []const []const u8,
input_path: []const u8,
output_path: []const u8,
) !void {
var argv: std.ArrayList([]const u8) = try .initCapacity(gpa, 2 + (2 * public_keys.len) + 3);
defer argv.deinit(gpa);
argv.appendAssumeCapacity("age");
argv.appendAssumeCapacity("-e");
for (public_keys) |key| {
argv.appendAssumeCapacity("-R");
argv.appendAssumeCapacity(key);
}
argv.appendAssumeCapacity("-o");
argv.appendAssumeCapacity(output_path);
argv.appendAssumeCapacity(input_path);
const result = try std.process.run(gpa, io, .{
.argv = &.{
"age",
"-e",
"-R",
public_key,
"-o",
output_path,
input_path,
},
.argv = argv.items,
});
defer gpa.free(result.stderr);
defer gpa.free(result.stdout);
@@ -84,7 +100,7 @@ test "sample file can be decrypted" {
try decrypt(
io,
gpa,
"./fixtures/insecure-test-key",
&.{"./fixtures/insecure-test-key"},
"./fixtures/hello-world.age",
output_path,
);
@@ -111,7 +127,7 @@ test "sample file can be encrypted" {
try encrypt(
io,
gpa,
"./fixtures/insecure-test-key.pub",
&.{"./fixtures/insecure-test-key.pub"},
"./fixtures/hello-world.txt",
output_path,
);
@@ -125,9 +141,13 @@ test "sample file can be encrypted" {
gpa,
.unlimited,
);
defer gpa.free(want);
const contents = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
defer gpa.free(contents);
try std.testing.expectEqualSlices(u8, want, got);
try std.testing.expectEqual(want.len, got.len);
// FIXME: Test that decrypted file contents match
// try std.testing.expectEqualSlices(u8, "Hello, World!\n", decrypted_contents);
}

76
src/db.zig
View File

@@ -1,76 +0,0 @@
const std = @import("std");
const sqlite = @import("sqlite");
const age = @import("age.zig");
test {
std.testing.refAllDecls(@import("age.zig"));
}
test "simple database can be opened" {
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = "./fixtures/example.db" },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}
test "encrypted database can be opened" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const decrypted_path = try std.fs.path.joinZ(gpa, &.{ dir_path, "example.db" });
defer gpa.free(decrypted_path);
try age.decrypt(
io,
gpa,
"./fixtures/insecure-test-key",
"./fixtures/encrypted-example.db.age",
decrypted_path,
);
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = decrypted_path },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}

3
src/root.zig
View File

@@ -57,7 +57,8 @@ pub const root: Command = .new(.{
});
test {
std.testing.refAllDecls(@import("db.zig"));
std.testing.refAllDecls(@import("Config.zig"));
std.testing.refAllDecls(@import("Db.zig"));
}
test "enum type" {