spencer/envr
1
0
Fork 0
mirror of https://github.com/sbrow/envr.git synced 2026-06-27 18:48:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

Compare commits

base: spencer:zig
Branches Tags
spencer:main spencer:dev spencer:release-please--branches--dev spencer:release-please--branches--main spencer:zig spencer:release-please--branches--odin spencer:go
spencer:v0.3.0 spencer:v0.2.1 spencer:v0.2.0 spencer:v0.1.1 spencer:v0.1.0
..
compare: spencer:463bed1353c022af1bf45217d6e66c01051a3c13
Branches Tags
spencer:dev spencer:release-please--branches--dev spencer:release-please--branches--main spencer:main spencer:zig spencer:release-please--branches--odin spencer:go
spencer:v0.3.0 spencer:v0.2.1 spencer:v0.2.0 spencer:v0.1.1 spencer:v0.1.0

1 Commits
zig ... 463bed1353

Author SHA1 Message Date
Spencer Brower
463bed1353 wip: 2025-11-05 15:44:09 -05:00
136 changed files with 234 additions and 36139 deletions
Expand all files Collapse all files

3
.envrc
View File

@@ -1,4 +1 @@
use flake use flake
ROOT="/home/spencer/github.com/envr-zig"
export PATH=".:${ROOT}/deps/zig:${ROOT}/deps/zls:$PATH"

9
.gitignore vendored
View File

@@ -1,18 +1,9 @@
# dev env # dev env
.direnv .direnv
/.env
# dependencies
deps
vendor
# docs # docs
man man
# build artifacts # build artifacts
.zig-cache
builds
envr envr
envr-go
result result
zig-pkg

1
.tokeignore
View File

@@ -1 +0,0 @@
**/*_test.{odin,go}

51
CHANGELOG.md
View File

@@ -1,51 +0,0 @@
# Changelog
## [0.2.1](https://github.com/sbrow/envr/compare/v0.2.0...v0.2.1) (2026-01-12)
### Bug Fixes
* Added `add` as an alias for backup. ([cf363ab](https://github.com/sbrow/envr/commit/cf363abc4d8cec208d23c6acedbb7e0dd6900332))
## [0.2.0](https://github.com/sbrow/envr/compare/v0.1.1...v0.2.0) (2025-11-10)
### ⚠ BREAKING CHANGES
* Dir is now derived from Path rather than stored in the DB. Your DB will need to be updated.
* **scan:** The config value `scan.Exclude` is now a list rather than a string.
* **check:** Renamed the `check` command to `deps`.
* The config value `scan.Include` is now a list rather than a string.
### Features
* Added new `check` command. ([cbd74f3](https://github.com/sbrow/envr/commit/cbd74f387e2e330b2557d07dd82ba05cc91300ac))
* **config:** The default config now filters out more junk. ([15be62b](https://github.com/sbrow/envr/commit/15be62b5a2a5a735b90b074497d645c5a2cfced8))
* **init:** Added a `--force` flag for overwriting an existing config. ([169653d](https://github.com/sbrow/envr/commit/169653d7566f63730fb9da80a18330a566223be9))
* Multiple scan includes are now supported. ([4273fa5](https://github.com/sbrow/envr/commit/4273fa58956d8736271a0af66202dca481126fe4))
* **scan:** Added support for multiple exports. ([f43705c](https://github.com/sbrow/envr/commit/f43705cd53c6d87aef1f69df4e474441f25c1dc7))
* **sync:** envr can now detect if directories have moved. ([4db0a4d](https://github.com/sbrow/envr/commit/4db0a4d33d2b6a79d13b36a8e8631f895e8fef8d))
* **sync:** Now checks files for mismatched hashes before replacing. ([8074f7a](https://github.com/sbrow/envr/commit/8074f7ae6dfa54e931a198257f3f8e6d0cfe353a))
### Bug Fixes
* **check:** `fd` now correctly gets marked as found. ([17ce49c](https://github.com/sbrow/envr/commit/17ce49cd2d33942282c6f54ce819ac25978f6b7c))
### Code Refactoring
* **check:** Renamed the `check` command to `deps`. ([c9c34ce](https://github.com/sbrow/envr/commit/c9c34ce771653da214635f1df1fef1f23265c552))
* Dir is no longer stored in the database. ([0fef74a](https://github.com/sbrow/envr/commit/0fef74a9bba0fbf3c34b66c2095955e6eee7047b))
## [0.1.1](https://github.com/sbrow/envr/compare/v0.1.0...v0.1.1) (2025-11-05)
### Features
* **sync:** Results are now displayed in a table. ([42796ec](https://github.com/sbrow/envr/commit/42796ec77b1817e1b9f09068d76a7b6e30da246b))
### Bug Fixes
* **sync:** Fixed an issue where deleted folders would be restored. ([9ab72a2](https://github.com/sbrow/envr/commit/9ab72a25faf1af0eedb2f4574166c6ee47450ebb))

92
Makefile
View File

@@ -1,92 +0,0 @@
# Makefile for envr - Environment file manager
# Builds release artifacts for GitHub releases
APP_NAME := envr
VERSION := $(shell grep 'version = ' flake.nix | head -1 | sed 's/.*version = "\(.*\)";/\1/')
BUILD_DIR := builds
LDFLAGS := -X github.com/sbrow/envr/cmd.version=v$(VERSION) -s -w
# Binary names
LINUX_AMD64_BIN := $(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-amd64
LINUX_ARM64_BIN := $(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-arm64
DARWIN_ARM64_BIN := $(BUILD_DIR)/$(APP_NAME)-$(VERSION)-darwin-arm64
.PHONY: all clean cleanall build-linux build-darwin compress release help
# Default target
all: release clean
# Create build directory
$(BUILD_DIR):
@mkdir -p $(BUILD_DIR)
# Build Linux AMD64
$(LINUX_AMD64_BIN): $(BUILD_DIR)
@echo "Building for Linux AMD64..."
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o $(LINUX_AMD64_BIN) .
@echo "Built $(LINUX_AMD64_BIN)"
# Build Linux ARM64
$(LINUX_ARM64_BIN): $(BUILD_DIR)
@echo "Building for Linux ARM64..."
GOOS=linux GOARCH=arm64 CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o $(LINUX_ARM64_BIN) .
@echo "Built $(LINUX_ARM64_BIN)"
# Build Darwin ARM64 (Mac)
$(DARWIN_ARM64_BIN): $(BUILD_DIR)
@echo "Building for Darwin ARM64..."
GOOS=darwin GOARCH=arm64 CGO_ENABLED=0 go build -ldflags "$(LDFLAGS)" -o $(DARWIN_ARM64_BIN) .
@echo "Built $(DARWIN_ARM64_BIN)"
# Build all binaries
build-linux: $(LINUX_AMD64_BIN) $(LINUX_ARM64_BIN)
build-darwin: $(DARWIN_ARM64_BIN)
# Compress Linux artifacts with gzip
$(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-amd64.tar.gz: $(LINUX_AMD64_BIN)
@echo "Compressing Linux AMD64 artifact..."
cd $(BUILD_DIR) && tar -czf $(APP_NAME)-$(VERSION)-linux-amd64.tar.gz --transform 's|.*|$(APP_NAME)|' $(shell basename $(LINUX_AMD64_BIN))
$(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-arm64.tar.gz: $(LINUX_ARM64_BIN)
@echo "Compressing Linux ARM64 artifact..."
cd $(BUILD_DIR) && tar -czf $(APP_NAME)-$(VERSION)-linux-arm64.tar.gz --transform 's|.*|$(APP_NAME)|' $(shell basename $(LINUX_ARM64_BIN))
# Compress Darwin artifacts with zip
$(BUILD_DIR)/$(APP_NAME)-$(VERSION)-darwin-arm64.zip: $(DARWIN_ARM64_BIN)
@echo "Compressing Darwin ARM64 artifact..."
cd $(BUILD_DIR) && cp $(shell basename $(DARWIN_ARM64_BIN)) $(APP_NAME) && zip $(APP_NAME)-$(VERSION)-darwin-arm64.zip $(APP_NAME) && rm $(APP_NAME)
# Compress all artifacts
compress: $(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-amd64.tar.gz \
$(BUILD_DIR)/$(APP_NAME)-$(VERSION)-linux-arm64.tar.gz \
$(BUILD_DIR)/$(APP_NAME)-$(VERSION)-darwin-arm64.zip
# Build and compress all release artifacts
release: build-linux build-darwin compress
@echo "Release artifacts created:"
@ls -la $(BUILD_DIR)/*.tar.gz $(BUILD_DIR)/*.zip 2>/dev/null || echo "No compressed artifacts found"
# Clean binary files only
clean:
@echo "Cleaning binary files..."
@rm -f $(LINUX_AMD64_BIN) $(LINUX_ARM64_BIN) $(DARWIN_ARM64_BIN)
# Clean everything in build directory
cleanall:
@echo "Cleaning build directory..."
@rm -rf $(BUILD_DIR)
# Show available targets
help:
@echo "Available targets:"
@echo " all - Build all release artifacts (default)"
@echo " release - Build and compress all release artifacts"
@echo " build-linux - Build Linux binaries only"
@echo " build-darwin - Build Darwin binaries only"
@echo " compress - Compress all built binaries"
@echo " clean - Remove binary files only"
@echo " cleanall - Remove entire build directory"
@echo " help - Show this help message"
@echo ""
@echo "Release artifacts will be created in $(BUILD_DIR)/"
@echo "Version: $(VERSION)"

19
README.md
View File

@@ -3,10 +3,6 @@
Have you ever wanted to back up all your .env files in case your hard drive gets Have you ever wanted to back up all your .env files in case your hard drive gets
nuked? `envr` makes it easier. nuked? `envr` makes it easier.
> [!CAUTION]
> The Zig community is quite anti-AI. Please read the [AI Disclaimer](#ai-disclaimer)
> before wasting your time.
`envr` is a binary application that tracks your `.env` files `envr` is a binary application that tracks your `.env` files
in an encyrpted sqlite database. Changes can be effortlessly synced with in an encyrpted sqlite database. Changes can be effortlessly synced with
`envr sync`, and restored with `envr restore`. `envr sync`, and restored with `envr restore`.
@@ -23,11 +19,10 @@ be run on a cron.
- 🔍 **Smart Scanning**: Automatically discover and import `.env` files in your - 🔍 **Smart Scanning**: Automatically discover and import `.env` files in your
home directory. home directory.
-**Interactive CLI**: User-friendly prompts for file selection and management. -**Interactive CLI**: User-friendly prompts for file selection and management.
- 🗂️ **Rename Detection**: Automatically finds and updates renamed/moved
repositories.
## TODOS ## TODOS
- [x] Rename Detection: automatically update moved files.
- [ ] 🗂️ **Rename Detection**: Automatically handle renamed repositories.
- [ ] Allow use of keys from `ssh-agent` - [ ] Allow use of keys from `ssh-agent`
- [x] Allow configuration of ssh key. - [x] Allow configuration of ssh key.
- [x] Allow multiple ssh keys. - [x] Allow multiple ssh keys.
@@ -136,13 +131,3 @@ This project is licensed under the [MIT License](./LICENSE).
For issues, feature requests, or questions, please For issues, feature requests, or questions, please
[open an issue](https://github.com/sbrow/envr/issues). [open an issue](https://github.com/sbrow/envr/issues).
## AI Disclaimer
Unless noted here, you can be assured that I have personally written and reviewed
every line of code in this software.
- Many compiler errors that couldn't be solved with a quick google search were
solved by passing errors to AI and transcribing the suggestions.
- The "Pre-Zig" version of this readme was written by AI and then edited by me.
- The Go code was mostly written using opencode, and manually tested by me.

69
TODOS.md
View File

@@ -1,69 +0,0 @@
# TODO
Note: These todos can wait until all the subcommands have been ported.
## HIGH
1. [x] **table.odin:74-89** — Hand-rolled JSON output doesn't escape `"`, `\`, newlines. Reimplements `json.marshal` which is already imported in `cmd_list.odin`. Replace with `json.marshal`.
2. **db.odin:380-383, 405, 446**`sqlite.bind_text` return values overwritten but never checked. A failed bind means `sqlite.step` operates on unbound params.
3. **config.odin:52-54**`os.user_home_dir` error silently ignored. If it fails, `home` is `""` and all paths become relative (`".envr"` instead of `"~/.envr"`).
30. **cmd_sync.odin:46-50, 64-68** — Double `db_insert` when `BackedUp`: first insert on line 48, then `db_update_required` is also true for `BackedUp` so second insert runs on line 65. Redundant and wasteful.
## MEDIUM
4. **db.odin:29-35**`make_temp_path` never calls `strings.builder_destroy`. Leaks builder buffer every call.
5. **db.odin:324-327** — Map iteration (`remote_set`) is non-deterministic. Same file can produce different JSON on each backup, causing spurious DB diffs. Sort remotes before storing.
6. **db.odin:470-473**`string_to_cstring` allocates via `strings.clone_to_cstring` and never frees. Called dozens of times across db operations.
7. **db.odin:470, 462** — Both `string_to_cstring` and `cstring_to_string` ignore allocation errors. A nil cstring gets passed to SQLite (UB).
8. **db.odin:135, 250** — String interpolation into SQL (`VACUUM INTO '%s'`, `ATTACH DATABASE '%s'`). Currently safe because input is controlled, but fragile.
9. **features.odin:30-41**`find_binary` uses `strings.join` instead of `filepath.join`, uses `os.stat` instead of checking executability, hardcodes `:` as PATH separator (wrong on Windows).
10. **cmd_restore.odin:20-30 & cmd_remove.odin:19-29** — Identical path-resolution block copy-pasted. `is_abs` guard is redundant since `filepath.abs` is a no-op on absolute paths. Extract a helper.
11. **cmd_restore.odin:44**`os.mkdir_all` error silently discarded. Subsequent write failure will be confusing.
12. **cmd_edit_config.odin:27**`$EDITOR` used as single binary name. Breaks for multi-word values like `"code -w"`. Needs `strings.fields()`.
33. **config.odin:178**`search_paths` silently ignores `os.user_home_dir` error. If home is empty, `~` isn't expanded. Same class of bug as issue 3.
35. **prompt.odin:124**`make([dynamic]bool, len(options))` creates N zero-initialized elements. Works because `false` is the default, but same footgun as original issue 1. Should be `make([dynamic]bool, 0, len(options))`.
## LOW
14. [x] **db.odin:338-341** — Unnecessary `strings.clone` before `filepath.dir` (which already returns a slice into the input).
15. **db.odin:115**`json.unmarshal_string` error not checked. Malformed JSON silently produces empty/partial data.
16. **db.odin:352-353**`hex.encode` error ignored. `string(hex_bytes)` aliases the byte slice.
18. **config.odin:51-60**`envr_dir` recomputes home dir on every call. Could cache.
37. **cmd_sync.odin:80, cmd_list.odin:33, cmd_deps.odin:9**`make([]string, 2)` for table rows never freed. Leaks per row. Defer to memory pass.
## REFACTOR
20. **cmd_list.odin** — Non-TTY branch builds `ListEntry` structs and marshals JSON separately. Now that `render_json_rows` (issue 1) accepts an `io.Writer` and uses `json.marshal`, unify both branches to use it. Note: will change JSON keys from `"directory"/"path"` to `"Directory"/"Path"`.
21. Check for prealloc opportunities. i.e. `make([dynamic]string)` -> `make([dynamic]string, 5)`.
22. Replace is_tty with terminal.is_terminal
23. Add a text filter to the multi_select.
24. Create backup / fallback fd.
25. Add tests for untested commands.
26. Add a global --config -c flag to use an alternate config.
27. version --long Odin only prints version; Go also prints commit hash and build date
28. 2 scan tests silently skip Low When fd isn't installed, tests pass without actually testing anything. These should use #assert to be sure that fd is in path.

92
WINDOWS.md
View File

@@ -1,92 +0,0 @@
# Windows Compatibility Guide
This document outlines Windows compatibility issues and solutions for the envr project.
## Critical Issues
### 1. Path Handling Bug (MUST FIX)
**File:** `app/env_file.go:209`
**Issue:** Uses `path.Join` instead of `filepath.Join`, which won't work correctly on Windows due to different path separators.
**Current code:**
```go
f.Path = path.Join(newDir, path.Base(f.Path))
```
**Fixed code:**
```go
f.Path = filepath.Join(newDir, filepath.Base(f.Path))
```
## External Dependencies
The application relies on external tools that need to be installed separately on Windows:
### Required Tools
1. **fd** - Fast file finder
- Install via: `winget install sharkdp.fd` or `choco install fd`
- Alternative: `scoop install fd`
2. **git** - Version control system
- Install via: `winget install Git.Git` or download from git-scm.com
- Usually already available on most development machines
## Minor Compatibility Notes
### File Permissions
- Unix file permissions (`0755`, `0644`) are used throughout the codebase
- These are safely ignored on Windows - no changes needed
### Editor Configuration
**File:** `cmd/edit_config.go:20-24`
**Issue:** Relies on `$EDITOR` environment variable which is less common on Windows.
**Current behavior:** Fails if `$EDITOR` is not set
**Recommended improvement:** Add fallback detection for Windows editors:
```go
editor := os.Getenv("EDITOR")
if editor == "" {
if runtime.GOOS == "windows" {
editor = "notepad.exe" // or "code.exe" for VS Code
} else {
fmt.Println("Error: $EDITOR environment variable is not set")
return
}
}
```
## Installation Instructions for Windows
1. Install required dependencies:
```powershell
winget install sharkdp.fd
winget install Git.Git
```
2. Fix the path handling bug in `app/env_file.go:209`
3. Build and run as normal:
```powershell
go build
.\envr.exe init
```
## Testing on Windows
After applying the critical path fix, the core functionality should work correctly on Windows. The application has been designed with cross-platform compatibility in mind, using:
- `filepath` package for path operations (mostly)
- `os.UserHomeDir()` for home directory detection
- Standard Go file operations
## Summary
- **1 critical bug** must be fixed for Windows compatibility
- **2 external tools** need to be installed
- **1 minor enhancement** recommended for better Windows UX
- Overall architecture is Windows-compatible

187
app/config.go
View File

@@ -6,7 +6,6 @@ import (
"fmt" "fmt"
"os" "os"
"os/exec" "os/exec"
"path"
"path/filepath" "path/filepath"
"strings" "strings"
@@ -19,20 +18,19 @@ type Config struct {
ScanConfig scanConfig `json:"scan"` ScanConfig scanConfig `json:"scan"`
} }
// Used by age to encrypt and decrypt the database.
type SshKeyPair struct { type SshKeyPair struct {
Private string `json:"private"` // Path to the private key file Private string `json:"private"` // Path to the private key file
Public string `json:"public"` // Path to the public key file Public string `json:"public"` // Path to the public key file
} }
type scanConfig struct { type scanConfig struct {
// TODO: Support multiple matchers Matcher string `json:"matcher"`
Matcher string `json:"matcher"` Exclude string `json:"exclude"`
Exclude []string `json:"exclude"` Include string `json:"include"`
Include []string `json:"include"`
} }
// Create a fresh config with sensible defaults. // Create a fresh config with sensible defaults.
// TODO: fd '\.env' -HI ~/ -E '*\.envrc' -E '\.env\.example' -E '\.local/' -E 'vendor' -E 'node_modules'
func NewConfig(privateKeyPaths []string) Config { func NewConfig(privateKeyPaths []string) Config {
var keys = []SshKeyPair{} var keys = []SshKeyPair{}
@@ -49,13 +47,8 @@ func NewConfig(privateKeyPaths []string) Config {
Keys: keys, Keys: keys,
ScanConfig: scanConfig{ ScanConfig: scanConfig{
Matcher: "\\.env", Matcher: "\\.env",
Exclude: []string{ Exclude: "*.envrc",
"*\\.envrc", Include: "~",
"\\.local",
"node_modules",
"vendor",
},
Include: []string{"~"},
}, },
} }
} }
@@ -115,101 +108,77 @@ func (c *Config) Save() error {
return os.WriteFile(configPath, data, 0644) return os.WriteFile(configPath, data, 0644)
} }
// buildFdArgs builds the fd command arguments with multiple exclude patterns
func (c Config) buildFdArgs(searchPath string, includeIgnored bool) []string {
args := []string{"-a", c.ScanConfig.Matcher}
// Add exclude patterns
for _, exclude := range c.ScanConfig.Exclude {
args = append(args, "-E", exclude)
}
if includeIgnored {
args = append(args, "-HI")
} else {
args = append(args, "-H")
}
args = append(args, searchPath)
return args
}
// Use fd to find all ignored .env files that match the config's parameters // Use fd to find all ignored .env files that match the config's parameters
func (c Config) scan() (paths []string, err error) { func (c Config) scan() (paths []string, err error) {
searchPaths, err := c.searchPaths() searchPath, err := c.searchPath()
if err != nil { if err != nil {
return []string{}, err return []string{}, err
} }
for _, searchPath := range searchPaths { // Find all files (including ignored ones)
// Find all files (including ignored ones) fmt.Printf("Searching for all files in \"%s\"...\n", searchPath)
fmt.Printf("Searching for all files in \"%s\"...\n", searchPath) allCmd := exec.Command("fd", "-a", c.ScanConfig.Matcher, "-E", c.ScanConfig.Exclude, "-HI", searchPath)
allCmd := exec.Command("fd", c.buildFdArgs(searchPath, true)...) allOutput, err := allCmd.Output()
allOutput, err := allCmd.Output()
if err != nil {
return paths, err
}
allFiles := strings.Split(strings.TrimSpace(string(allOutput)), "\n")
if len(allFiles) == 1 && allFiles[0] == "" {
allFiles = []string{}
}
// Find unignored files
fmt.Printf("Search for unignored fies in \"%s\"...\n", searchPath)
unignoredCmd := exec.Command("fd", c.buildFdArgs(searchPath, false)...)
unignoredOutput, err := unignoredCmd.Output()
if err != nil {
return []string{}, err
}
unignoredFiles := strings.Split(strings.TrimSpace(string(unignoredOutput)), "\n")
if len(unignoredFiles) == 1 && unignoredFiles[0] == "" {
unignoredFiles = []string{}
}
// Create a map for faster lookup
unignoredMap := make(map[string]bool)
for _, file := range unignoredFiles {
unignoredMap[file] = true
}
// Filter to get only ignored files
var ignoredFiles []string
for _, file := range allFiles {
if !unignoredMap[file] {
ignoredFiles = append(ignoredFiles, file)
}
}
paths = append(paths, ignoredFiles...)
}
return paths, nil
}
func (c Config) searchPaths() (paths []string, err error) {
homeDir, err := os.UserHomeDir()
if err != nil { if err != nil {
return paths, err return []string{}, err
} }
includes := c.ScanConfig.Include allFiles := strings.Split(strings.TrimSpace(string(allOutput)), "\n")
if len(allFiles) == 1 && allFiles[0] == "" {
allFiles = []string{}
}
for _, include := range includes { // Find unignored files
path := strings.Replace(include, "~", homeDir, 1) fmt.Printf("Search for unignored fies in \"%s\"...\n", searchPath)
absPath, err := filepath.Abs(path) unignoredCmd := exec.Command("fd", "-a", c.ScanConfig.Matcher, "-E", c.ScanConfig.Exclude, "-H", searchPath)
if err != nil { unignoredOutput, err := unignoredCmd.Output()
return paths, err if err != nil {
return []string{}, err
}
unignoredFiles := strings.Split(strings.TrimSpace(string(unignoredOutput)), "\n")
if len(unignoredFiles) == 1 && unignoredFiles[0] == "" {
unignoredFiles = []string{}
}
// Create a map for faster lookup
unignoredMap := make(map[string]bool)
for _, file := range unignoredFiles {
unignoredMap[file] = true
}
// Filter to get only ignored files
var ignoredFiles []string
for _, file := range allFiles {
if !unignoredMap[file] {
ignoredFiles = append(ignoredFiles, file)
} }
paths = append(paths, absPath)
} }
return paths, nil return ignoredFiles, nil
} }
func (s SshKeyPair) identity() (age.Identity, error) { func (c Config) searchPath() (path string, err error) {
include := c.ScanConfig.Include
if include == "~" {
homeDir, err := os.UserHomeDir()
if err != nil {
return "", err
}
return homeDir, nil
}
absPath, err := filepath.Abs(include)
if err != nil {
return "", err
}
return absPath, nil
}
// TODO: Should this be private?
func (s SshKeyPair) Identity() (age.Identity, error) {
sshKey, err := os.ReadFile(s.Private) sshKey, err := os.ReadFile(s.Private)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to read SSH key: %w", err) return nil, fmt.Errorf("failed to read SSH key: %w", err)
@@ -223,7 +192,8 @@ func (s SshKeyPair) identity() (age.Identity, error) {
return id, nil return id, nil
} }
func (s SshKeyPair) recipient() (age.Recipient, error) { // TODO: Should this be private?
func (s SshKeyPair) Recipient() (age.Recipient, error) {
sshKey, err := os.ReadFile(s.Public) sshKey, err := os.ReadFile(s.Public)
if err != nil { if err != nil {
return nil, fmt.Errorf("failed to read SSH key: %w", err) return nil, fmt.Errorf("failed to read SSH key: %w", err)
@@ -236,32 +206,3 @@ func (s SshKeyPair) recipient() (age.Recipient, error) {
return id, nil return id, nil
} }
// Use fd to find all git roots in the config's search paths
func (c Config) findGitRoots() (paths []string, err error) {
searchPaths, err := c.searchPaths()
if err != nil {
return []string{}, err
}
for _, searchPath := range searchPaths {
allCmd := exec.Command("fd", "-H", "-t", "d", "^\\.git$", searchPath)
allOutput, err := allCmd.Output()
if err != nil {
return paths, err
}
allFiles := strings.Split(strings.TrimSpace(string(allOutput)), "\n")
if len(allFiles) == 1 && allFiles[0] == "" {
allFiles = []string{}
}
for i, file := range allFiles {
allFiles[i] = path.Dir(path.Clean(file))
}
paths = append(paths, allFiles...)
}
return paths, nil
}

101
app/db.go
View File

@@ -1,6 +1,5 @@
package app package app
// TODO: app/db.go should be reviewed.
import ( import (
"database/sql" "database/sql"
"encoding/json" "encoding/json"
@@ -14,12 +13,19 @@ import (
_ "modernc.org/sqlite" _ "modernc.org/sqlite"
) )
// CloseMode determines whether or not the in-memory DB should be saved to disk
// before closing the connection.
type CloseMode int
const (
ReadOnly CloseMode = iota
Write
)
type Db struct { type Db struct {
db *sql.DB db *sql.DB
cfg Config cfg Config
features *AvailableFeatures features *AvailableFeatures
// If true, the database will be saved to disk before closing
changed bool
} }
func Open() (*Db, error) { func Open() (*Db, error) {
@@ -31,7 +37,7 @@ func Open() (*Db, error) {
if _, err := os.Stat("/home/spencer/.envr/data.age"); err != nil { if _, err := os.Stat("/home/spencer/.envr/data.age"); err != nil {
// Create a new DB // Create a new DB
db, err := newDb() db, err := newDb()
return &Db{db, *cfg, nil, true}, err return &Db{db, *cfg, nil}, err
} else { } else {
// Open the existing DB // Open the existing DB
tmpFile, err := os.CreateTemp("", "envr-*.db") tmpFile, err := os.CreateTemp("", "envr-*.db")
@@ -53,7 +59,7 @@ func Open() (*Db, error) {
restoreDB(tmpFile.Name(), memDb) restoreDB(tmpFile.Name(), memDb)
return &Db{memDb, *cfg, nil, false}, nil return &Db{memDb, *cfg, nil}, nil
} }
} }
@@ -66,6 +72,7 @@ func newDb() (*sql.DB, error) {
} else { } else {
_, err := db.Exec(`create table envr_env_files ( _, err := db.Exec(`create table envr_env_files (
path text primary key not null path text primary key not null
, dir text not null
, remotes text -- JSON , remotes text -- JSON
, sha256 text not null , sha256 text not null
, contents text not null , contents text not null
@@ -101,7 +108,7 @@ func decryptDb(tmpFilePath string, keys []SshKeyPair) error {
identities := make([]age.Identity, 0, len(keys)) identities := make([]age.Identity, 0, len(keys))
for _, key := range keys { for _, key := range keys {
id, err := key.identity() id, err := key.Identity()
if err != nil { if err != nil {
return err return err
@@ -143,7 +150,7 @@ func restoreDB(path string, destDB *sql.DB) error {
// Returns all the EnvFiles present in the database. // Returns all the EnvFiles present in the database.
func (db *Db) List() (results []EnvFile, err error) { func (db *Db) List() (results []EnvFile, err error) {
rows, err := db.db.Query("select path, remotes, sha256, contents from envr_env_files") rows, err := db.db.Query("select * from envr_env_files")
if err != nil { if err != nil {
return nil, err return nil, err
@@ -152,18 +159,14 @@ func (db *Db) List() (results []EnvFile, err error) {
for rows.Next() { for rows.Next() {
var envFile EnvFile var envFile EnvFile
var remotesJson []byte var remotesJSON string
err := rows.Scan(&envFile.Path, &remotesJson, &envFile.Sha256, &envFile.contents)
err := rows.Scan(&envFile.Path, &envFile.Dir, &remotesJSON, &envFile.Sha256, &envFile.contents)
if err != nil { if err != nil {
return nil, err return nil, err
} }
// Populate Dir from Path // TODO: unmarshal remotesJSON into envFile.remotes
envFile.Dir = filepath.Dir(envFile.Path)
if err := json.Unmarshal(remotesJson, &envFile.Remotes); err != nil {
return nil, err
}
results = append(results, envFile) results = append(results, envFile)
} }
@@ -175,10 +178,10 @@ func (db *Db) List() (results []EnvFile, err error) {
return results, nil return results, nil
} }
func (db *Db) Close() error { func (db *Db) Close(mode CloseMode) error {
defer db.db.Close() defer db.db.Close()
if db.changed { if mode == Write {
// Create tmp file // Create tmp file
tmpFile, err := os.CreateTemp("", "envr-*.db") tmpFile, err := os.CreateTemp("", "envr-*.db")
if err != nil { if err != nil {
@@ -194,8 +197,6 @@ func (db *Db) Close() error {
if err := encryptDb(tmpFile.Name(), db.cfg.Keys); err != nil { if err := encryptDb(tmpFile.Name(), db.cfg.Keys); err != nil {
return err return err
} }
db.changed = false
} }
return nil return nil
@@ -241,7 +242,7 @@ func encryptDb(tmpFilePath string, keys []SshKeyPair) error {
recipients := make([]age.Recipient, 0, len(keys)) recipients := make([]age.Recipient, 0, len(keys))
for _, key := range keys { for _, key := range keys {
recipient, err := key.recipient() recipient, err := key.Recipient()
if err != nil { if err != nil {
return err return err
@@ -277,16 +278,14 @@ func (db *Db) Insert(file EnvFile) error {
// Insert into database // Insert into database
_, err = db.db.Exec(` _, err = db.db.Exec(`
INSERT OR REPLACE INTO envr_env_files (path, remotes, sha256, contents) INSERT OR REPLACE INTO envr_env_files (path, dir, remotes, sha256, contents)
VALUES (?, ?, ?, ?) VALUES (?, ?, ?, ?, ?)
`, file.Path, string(remotesJSON), file.Sha256, file.contents) `, file.Path, file.Dir, string(remotesJSON), file.Sha256, file.contents)
if err != nil { if err != nil {
return fmt.Errorf("failed to insert env file: %w", err) return fmt.Errorf("failed to insert env file: %w", err)
} }
db.changed = true
return nil return nil
} }
@@ -294,15 +293,12 @@ func (db *Db) Insert(file EnvFile) error {
func (db *Db) Fetch(path string) (envFile EnvFile, err error) { func (db *Db) Fetch(path string) (envFile EnvFile, err error) {
var remotesJSON string var remotesJSON string
row := db.db.QueryRow("SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?", path) row := db.db.QueryRow("SELECT path, dir, remotes, sha256, contents FROM envr_env_files WHERE path = ?", path)
err = row.Scan(&envFile.Path, &remotesJSON, &envFile.Sha256, &envFile.contents) err = row.Scan(&envFile.Path, &envFile.Dir, &remotesJSON, &envFile.Sha256, &envFile.contents)
if err != nil { if err != nil {
return EnvFile{}, fmt.Errorf("failed to fetch env file: %w", err) return EnvFile{}, fmt.Errorf("failed to fetch env file: %w", err)
} }
// Populate Dir from Path
envFile.Dir = filepath.Dir(envFile.Path)
if err = json.Unmarshal([]byte(remotesJSON), &envFile.Remotes); err != nil { if err = json.Unmarshal([]byte(remotesJSON), &envFile.Remotes); err != nil {
return EnvFile{}, fmt.Errorf("failed to unmarshal remotes: %w", err) return EnvFile{}, fmt.Errorf("failed to unmarshal remotes: %w", err)
} }
@@ -326,21 +322,12 @@ func (db *Db) Delete(path string) error {
return fmt.Errorf("no file found with path: %s", path) return fmt.Errorf("no file found with path: %s", path)
} }
db.changed = true
return nil return nil
} }
// Finds .env files in the filesystem that aren't present in the database. // Finds .env files in the filesystem that aren't present in the database.
// path overrides the already configured func (db *Db) Scan() ([]string, error) {
func (db *Db) Scan(paths []string) ([]string, error) { all_paths, err := db.cfg.scan()
cfg := db.cfg
if paths != nil {
cfg.ScanConfig.Include = paths
}
all_paths, err := cfg.scan()
if err != nil { if err != nil {
return []string{}, err return []string{}, err
} }
@@ -387,35 +374,3 @@ func (db *Db) CanScan() error {
return nil return nil
} }
} }
// If true, [Db.Insert] should be called on the [EnvFile] that generated
// the given result
func (db Db) UpdateRequired(status EnvFileSyncResult) bool {
return status&(BackedUp|DirUpdated) != 0
}
func (db *Db) Sync(file *EnvFile) (result EnvFileSyncResult, err error) {
// TODO: This results in findMovedDirs being called multiple times.
return file.sync(TrustFilesystem, db)
}
// Looks for git directories that share one or more git remotes with
// the given file.
func (db Db) findMovedDirs(file *EnvFile) (movedDirs []string, err error) {
if err = db.Features().validateFeatures(Fd, Git); err != nil {
return movedDirs, err
}
gitRoots, err := db.cfg.findGitRoots()
if err != nil {
return movedDirs, err
} else {
for _, dir := range gitRoots {
if file.sharesRemote(getGitRemotes(dir)) {
movedDirs = append(movedDirs, dir)
}
}
return movedDirs, nil
}
}

177
app/env_file.go
View File

@@ -2,19 +2,15 @@ package app
import ( import (
"crypto/sha256" "crypto/sha256"
"errors"
"fmt" "fmt"
"os" "os"
"os/exec" "os/exec"
"path"
"path/filepath" "path/filepath"
"strings" "strings"
) )
type EnvFile struct { type EnvFile struct {
// TODO: Should use FileName in the struct and derive from the path. Path string
Path string
// Dir is derived from Path, and is not stored in the database.
Dir string Dir string
Remotes []string // []string Remotes []string // []string
Sha256 string Sha256 string
@@ -25,30 +21,16 @@ type EnvFile struct {
type EnvFileSyncResult int type EnvFileSyncResult int
const ( const (
// The filesystem contents matches the struct
// no further action is required.
Noop EnvFileSyncResult = 0
// The directory changed, but the file contents matched.
// The database must be updated.
DirUpdated EnvFileSyncResult = 1
// The filesystem has been restored to match the struct
// no further action is required.
Restored EnvFileSyncResult = 1 << 1
// The filesystem has been restored to match the struct.
// The directory changed, so the database must be updated
RestoredAndDirUpdated EnvFileSyncResult = Restored | DirUpdated
// The struct has been updated from the filesystem // The struct has been updated from the filesystem
// and should be updated in the database. // and should be updated in the database.
BackedUp EnvFileSyncResult = 1 << 2 Updated EnvFileSyncResult = iota
Error EnvFileSyncResult = 1 << 3 // The filesystem has been restored to match the struct
) // no further action is required.
Restored
// Determines the source of truth when calling [EnvFile.Sync] or [EnvFile.Restore] Error
type syncDirection int // The filesystem contents matches the struct
// no further action is required.
const ( Noop
TrustDatabase syncDirection = iota
TrustFilesystem
) )
func NewEnvFile(path string) EnvFile { func NewEnvFile(path string) EnvFile {
@@ -113,119 +95,62 @@ func getGitRemotes(dir string) []string {
return remotes return remotes
} }
// Reconcile the state of the database with the state of the filesystem, using // Install the file into the file system
// dir to determine which side to use a the source of truth. func (file EnvFile) Restore() error {
func (f *EnvFile) sync(dir syncDirection, db *Db) (result EnvFileSyncResult, err error) { // TODO: Handle restores more cleanly
if result != Noop { // Ensure the directory exists
panic("Invalid state") if _, err := os.Stat(file.Dir); err != nil {
return fmt.Errorf("directory missing")
} }
if _, err := os.Stat(f.Dir); err != nil { // Check if file already exists
// Directory doesn't exist if _, err := os.Stat(file.Path); err == nil {
return fmt.Errorf("file already exists: %s", file.Path)
var movedDirs []string
if db != nil {
movedDirs, err = db.findMovedDirs(f)
}
if err != nil {
return Error, err
} else {
switch len(movedDirs) {
case 0:
return Error, fmt.Errorf("directory missing")
case 1:
f.updateDir(movedDirs[0])
result |= DirUpdated
default:
return Error, fmt.Errorf("multiple directories found")
}
}
} }
if _, err := os.Stat(f.Path); err != nil { // Write the contents to the file
if errors.Is(err, os.ErrNotExist) { if err := os.WriteFile(file.Path, []byte(file.contents), 0644); err != nil {
if err := os.WriteFile(f.Path, []byte(f.contents), 0644); err != nil { return fmt.Errorf("failed to write file: %w", err)
return Error, fmt.Errorf("failed to write file: %w", err)
}
return result | Restored, nil
} else {
return Error, err
}
} else {
// File exists, check its hash
contents, err := os.ReadFile(f.Path)
if err != nil {
return Error, fmt.Errorf("failed to read file for SHA comparison: %w", err)
}
hash := sha256.Sum256(contents)
currentSha := fmt.Sprintf("%x", hash)
// Compare the hashes
if currentSha == f.Sha256 {
// No op, or DirUpdated
return result, nil
} else {
switch dir {
case TrustDatabase:
if err := os.WriteFile(f.Path, []byte(f.contents), 0644); err != nil {
return Error, fmt.Errorf("failed to write file: %w", err)
}
return result | Restored, nil
case TrustFilesystem:
// Overwrite the database
if err = f.Backup(); err != nil {
return Error, err
} else {
return BackedUp, nil
}
default:
panic("unknown sync direction")
}
}
}
}
func (f *EnvFile) sharesRemote(remotes []string) bool {
rMap := make(map[string]bool)
for _, remote := range f.Remotes {
rMap[remote] = true
} }
for _, remote := range remotes { return nil
if rMap[remote] {
return true
}
}
return false
}
func (f *EnvFile) updateDir(newDir string) {
f.Dir = newDir
f.Path = path.Join(newDir, path.Base(f.Path))
f.Remotes = getGitRemotes(newDir)
} }
// Try to reconcile the EnvFile with the filesystem. // Try to reconcile the EnvFile with the filesystem.
// //
// If Updated is returned, [Db.Insert] should be called on file. // If Updated is returned, [Db.Insert] should be called on file.
func (file *EnvFile) Sync() (result EnvFileSyncResult, err error) { func (file *EnvFile) Sync() (result EnvFileSyncResult, err error) {
return file.sync(TrustFilesystem, nil) // Check if the path exists in the file system
_, err = os.Stat(file.Path)
if err == nil {
contents, err := os.ReadFile(file.Path)
if err != nil {
return Error, fmt.Errorf("failed to read file for SHA comparison: %w", err)
}
// Check if sha matches by reading the current file and calculating its hash
hash := sha256.Sum256(contents)
currentSha := fmt.Sprintf("%x", hash)
if file.Sha256 == currentSha {
// Nothing to do
return Noop, nil
} else {
if err = file.Backup(); err != nil {
return Error, err
} else {
return Updated, nil
}
}
} else {
if err = file.Restore(); err != nil {
return Error, err
} else {
return Restored, nil
}
}
} }
// Install the file into the file system. If the file already exists, // Update the EnvFile using the file system
// it will be overwritten.
func (file EnvFile) Restore() error {
_, err := file.sync(TrustDatabase, nil)
return err
}
// Update the EnvFile using the file system.
func (file *EnvFile) Backup() error { func (file *EnvFile) Backup() error {
// Read the contents of the file // Read the contents of the file
contents, err := os.ReadFile(file.Path) contents, err := os.ReadFile(file.Path)

30
app/features.go
View File

@@ -1,20 +1,9 @@
package app package app
import ( import (
"fmt"
"os/exec" "os/exec"
) )
type MissingFeatureError struct {
feature AvailableFeatures
}
func (m *MissingFeatureError) Error() string {
return fmt.Sprintf("Missing \"%s\" feature", m.feature)
}
// TODO: Features should really be renamed to Binaries
// Represents which binaries are present in $PATH. // Represents which binaries are present in $PATH.
// Used to fail safely when required features are unavailable // Used to fail safely when required features are unavailable
type AvailableFeatures int type AvailableFeatures int
@@ -24,7 +13,7 @@ const (
// fd // fd
Fd AvailableFeatures = 2 Fd AvailableFeatures = 2
// All features are present // All features are present
All AvailableFeatures = Git | Fd All AvailableFeatures = Git & Fd
) )
// Checks for available features. // Checks for available features.
@@ -41,20 +30,3 @@ func checkFeatures() (feats AvailableFeatures) {
return feats return feats
} }
// Returns a MissingFeature error if the given features aren't present.
func (a AvailableFeatures) validateFeatures(features ...AvailableFeatures) error {
var missing AvailableFeatures
for _, feat := range features {
if a&feat == 0 {
missing |= feat
}
}
if missing == 0 {
return nil
} else {
return &MissingFeatureError{missing}
}
}

179
build.zig
View File

@@ -1,179 +0,0 @@
const std = @import("std");
// Although this function looks imperative, it does not perform the build
// directly and instead it mutates the build graph (`b`) that will be then
// executed by an external runner. The functions in `std.Build` implement a DSL
// for defining build steps and express dependencies between them, allowing the
// build runner to parallelize the build automatically (and the cache system to
// know when a step doesn't need to be re-run).
pub fn build(b: *std.Build) void {
// Standard target options allow the person running `zig build` to choose
// what target to build for. Here we do not override the defaults, which
// means any target is allowed, and the default is native. Other options
// for restricting supported target set are available.
const target = b.standardTargetOptions(.{});
// Standard optimization options allow the person running `zig build` to select
// between Debug, ReleaseSafe, ReleaseFast, and ReleaseSmall. Here we do not
// set a preferred release mode, allowing the user to decide how to optimize.
const optimize = b.standardOptimizeOption(.{});
// It's also possible to define more custom flags to toggle optional features
// of this build script using `b.option()`. All defined flags (including
// target and optimize options) will be listed when running `zig build --help`
// in this directory.
const comma = b.addModule("comma", .{
.root_source_file = b.path("src/comma.zig"),
.target = target,
});
const sqlite = b.dependency("sqlite", .{
.target = target,
.optimize = optimize,
});
// This creates a module, which represents a collection of source files alongside
// some compilation options, such as optimization mode and linked system libraries.
// Zig modules are the preferred way of making Zig code available to consumers.
// addModule defines a module that we intend to make available for importing
// to our consumers. We must give it a name because a Zig package can expose
// multiple modules and consumers will need to be able to specify which
// module they want to access.
const mod = b.addModule("envr", .{
// The root source file is the "entry point" of this module. Users of
// this module will only be able to access public declarations contained
// in this file, which means that if you have declarations that you
// intend to expose to consumers that were defined in other files part
// of this module, you will have to make sure to re-export them from
// the root file.
.root_source_file = b.path("src/root.zig"),
// Later on we'll use this module as the root module of a test executable
// which requires us to specify a target.
.target = target,
.imports = &.{
.{ .name = "comma", .module = comma },
},
});
mod.addImport("sqlite", sqlite.module("sqlite"));
// Here we define an executable. An executable needs to have a root module
// which needs to expose a `main` function. While we could add a main function
// to the module defined above, it's sometimes preferable to split business
// logic and the CLI into two separate modules.
//
// If your goal is to create a Zig library for others to use, consider if
// it might benefit from also exposing a CLI tool. A parser library for a
// data serialization format could also bundle a CLI syntax checker, for example.
//
// If instead your goal is to create an executable, consider if users might
// be interested in also being able to embed the core functionality of your
// program in their own executable in order to avoid the overhead involved in
// subprocessing your CLI tool.
//
// If neither case applies to you, feel free to delete the declaration you
// don't need and to put everything under a single module.
const exe = b.addExecutable(.{
.name = "envr",
.root_module = b.createModule(.{
// b.createModule defines a new module just like b.addModule but,
// unlike b.addModule, it does not expose the module to consumers of
// this package, which is why in this case we don't have to give it a name.
.root_source_file = b.path("src/main.zig"),
// Target and optimization levels must be explicitly wired in when
// defining an executable or library (in the root module), and you
// can also hardcode a specific target for an executable or library
// definition if desireable (e.g. firmware for embedded devices).
.target = target,
.optimize = optimize,
// List of modules available for import in source files part of the
// root module.
.imports = &.{
// Here "envr" is the name you will use in your source code to
// import this module (e.g. `@import("envr")`). The name is
// repeated because you are allowed to rename your imports, which
// can be extremely useful in case of collisions (which can happen
// importing modules from different packages).
.{ .name = "comma", .module = comma },
.{ .name = "envr", .module = mod },
},
}),
});
const version = b.option([]const u8, "version", "application version string") orelse "dev";
const options = b.addOptions();
options.addOption([]const u8, "version", version);
exe.root_module.addOptions("config", options);
// This declares intent for the executable to be installed into the
// install prefix when running `zig build` (i.e. when executing the default
// step). By default the install prefix is `zig-out/` but can be overridden
// by passing `--prefix` or `-p`.
b.installArtifact(exe);
// This creates a top level step. Top level steps have a name and can be
// invoked by name when running `zig build` (e.g. `zig build run`).
// This will evaluate the `run` step rather than the default step.
// For a top level step to actually do something, it must depend on other
// steps (e.g. a Run step, as we will see in a moment).
const run_step = b.step("run", "Run the app");
// This creates a RunArtifact step in the build graph. A RunArtifact step
// invokes an executable compiled by Zig. Steps will only be executed by the
// runner if invoked directly by the user (in the case of top level steps)
// or if another step depends on it, so it's up to you to define when and
// how this Run step will be executed. In our case we want to run it when
// the user runs `zig build run`, so we create a dependency link.
const run_cmd = b.addRunArtifact(exe);
run_step.dependOn(&run_cmd.step);
// By making the run step depend on the default step, it will be run from the
// installation directory rather than directly from within the cache directory.
run_cmd.step.dependOn(b.getInstallStep());
// This allows the user to pass arguments to the application in the build
// command itself, like this: `zig build run -- arg1 arg2 etc`
if (b.args) |args| {
run_cmd.addArgs(args);
}
// Creates an executable that will run `test` blocks from the provided module.
// Here `mod` needs to define a target, which is why earlier we made sure to
// set the releative field.
const mod_tests = b.addTest(.{
.root_module = mod,
});
// A run step that will run the test executable.
const run_mod_tests = b.addRunArtifact(mod_tests);
// Creates an executable that will run `test` blocks from the executable's
// root module. Note that test executables only test one module at a time,
// hence why we have to create two separate ones.
const exe_tests = b.addTest(.{
.root_module = exe.root_module,
});
// A run step that will run the second test executable.
const run_exe_tests = b.addRunArtifact(exe_tests);
// A top level step for running all tests. dependOn can be called multiple
// times and since the two run steps do not depend on one another, this will
// make the two of them run in parallel.
const test_step = b.step("test", "Run tests");
test_step.dependOn(&run_mod_tests.step);
test_step.dependOn(&run_exe_tests.step);
// Just like flags, top level steps are also listed in the `--help` menu.
//
// The Zig build system is entirely implemented in userland, which means
// that it cannot hook into private compiler APIs. All compilation work
// orchestrated by the build system will result in other Zig compiler
// subcommands being invoked with the right flags defined. You can observe
// these invocations when one fails (or you pass a flag to increase
// verbosity) to validate assumptions and diagnose problems.
//
// Lastly, the Zig build system is relatively simple and self-contained,
// and reading its source code will allow you to master it.
}

84
build.zig.zon
View File

@@ -1,84 +0,0 @@
.{
// This is the default name used by packages depending on this one. For
// example, when a user runs `zig fetch --save <url>`, this field is used
// as the key in the `dependencies` table. Although the user can choose a
// different name, most users will stick with this provided value.
//
// It is redundant to include "zig" in this name because it is already
// within the Zig package namespace.
.name = .envr,
// This is a [Semantic Version](https://semver.org/).
// In a future version of Zig it will be used for package deduplication.
.version = "0.3.0",
// Together with name, this represents a globally unique package
// identifier. This field is generated by the Zig toolchain when the
// package is first created, and then *never changes*. This allows
// unambiguous detection of one package being an updated version of
// another.
//
// When forking a Zig project, this id should be regenerated (delete the
// field and run `zig build`) if the upstream project is still maintained.
// Otherwise, the fork is *hostile*, attempting to take control over the
// original project's identity. Thus it is recommended to leave the comment
// on the following line intact, so that it shows up in code reviews that
// modify the field.
.fingerprint = 0xa89bf067266a3e10, // Changing this has security and trust implications.
// Tracks the earliest Zig version that the package considers to be a
// supported use case.
.minimum_zig_version = "0.16.0",
// This field is optional.
// Each dependency must either provide a `url` and `hash`, or a `path`.
// `zig build --fetch` can be used to fetch all dependencies of a package, recursively.
// Once all dependencies are fetched, `zig build` no longer requires
// internet connectivity.
.dependencies = .{
// .age = .{ .path = "zig-vendor/age-ffi/zig" },
.sqlite = .{ .path = "zig-vendor/zig-sqlite" },
// See `zig fetch --save <url>` for a command-line interface for adding dependencies.
//.example = .{
// // When updating this field to a new URL, be sure to delete the corresponding
// // `hash`, otherwise you are communicating that you expect to find the old hash at
// // the new URL. If the contents of a URL change this will result in a hash mismatch
// // which will prevent zig from using it.
// .url = "https://example.com/foo.tar.gz",
//
// // This is computed from the file contents of the directory of files that is
// // obtained after fetching `url` and applying the inclusion rules given by
// // `paths`.
// //
// // This field is the source of truth; packages do not come from a `url`; they
// // come from a `hash`. `url` is just one of many possible mirrors for how to
// // obtain a package matching this `hash`.
// //
// // Uses the [multihash](https://multiformats.io/multihash/) format.
// .hash = "...",
//
// // When this is provided, the package is found in a directory relative to the
// // build root. In this case the package's hash is irrelevant and therefore not
// // computed. This field and `url` are mutually exclusive.
// .path = "foo",
//
// // When this is set to `true`, a package is declared to be lazily
// // fetched. This makes the dependency only get fetched if it is
// // actually used.
// .lazy = false,
//},
},
// Specifies the set of files and directories that are included in this package.
// Only files and directories listed here are included in the `hash` that
// is computed for this package. Only files listed here will remain on disk
// when using the zig package manager. As a rule of thumb, one should list
// files required for compilation plus any license(s).
// Paths are relative to the build root. Use the empty string (`""`) to refer to
// the build root itself.
// A directory listed here means that all files within, recursively, are included.
.paths = .{
"build.zig",
"build.zig.zon",
"src",
// For example...
//"LICENSE",
//"README.md",
},
}

246
cli.odin
View File

@@ -1,246 +0,0 @@
package main
import "core:bufio"
import "core:fmt"
import "core:io"
import "core:mem"
import "core:os"
import "core:strings"
Command :: struct {
name: string,
args: [dynamic]string,
flags: map[string]string,
bool_set: map[string]bool,
}
CommandInfo :: struct {
name: string,
usage: string,
short: string,
long: string,
aliases: []string,
}
COMMANDS := []CommandInfo {
{
"init",
"envr init",
"Set up envr",
"The init command generates your initial config and saves it to\n~/.envr/config in JSON format.\n\nDuring setup, you will be prompted to select one or more ssh keys with which to\nencrypt your databse. **Make 100% sure** that you have **a remote copy** of this\nkey somewhere, otherwise your data could be lost forever.",
{},
},
{"scan", "envr scan", "Find and select .env files for backup", "", {}},
{"sync", "envr sync", "Update or restore your env backups", "", {}},
{"backup", "envr backup <path>", "Import a .env file into envr", "", {"add"}},
{"restore", "envr restore <path>", "Restore a .env file from the database", "", {}},
{"list", "envr list", "View your tracked files", "", {}},
{"remove", "envr remove <path>", "Remove a .env file from your database", "", {}},
{"check", "envr check [path]", "Check if files are backed up", "", {}},
{
"deps",
"envr deps",
"Check for missing binaries",
"envr relies on external binaries for certain functionality.\n\nThe check command reports on which binaries are available and which are not.",
{},
},
{"version", "envr version", "Show envr's version", "", {}},
{"edit-config", "envr edit-config", "Edit your config with your default editor", "", {}},
{"nushell-completion", "envr nushell-completion", "Generate custom completions for nushell", "", {}},
}
parse_args :: proc() -> (cmd: Command, ok: bool) {
args := os.args
if len(args) < 2 {
print_usage()
return Command{}, false
}
cmd.name = args[1]
if cmd.name == "--help" || cmd.name == "-h" {
print_usage()
return Command{}, false
}
cmd.args = make([dynamic]string)
cmd.flags = make(map[string]string)
cmd.bool_set = make(map[string]bool)
i := 2
for i < len(args) {
arg := args[i]
if strings.starts_with(arg, "--") {
key := arg[2:]
if i + 1 < len(args) && !strings.starts_with(args[i + 1], "-") {
cmd.flags[key] = args[i + 1]
i += 2
} else {
cmd.bool_set[key] = true
i += 1
}
} else if strings.starts_with(arg, "-") && len(arg) == 2 {
key_slice := arg[1:2]
if i + 1 < len(args) && !strings.starts_with(args[i + 1], "-") {
cmd.flags[key_slice] = args[i + 1]
i += 2
} else {
cmd.bool_set[key_slice] = true
i += 1
}
} else {
append(&cmd.args, arg)
i += 1
}
}
if has_flag(&cmd, "help") {
print_command_help(cmd.name)
return Command{}, false
}
return cmd, true
}
has_flag :: proc(cmd: ^Command, name: string) -> bool {
_, ok := cmd.flags[name]
if ok {
return true
}
_, ok2 := cmd.bool_set[name]
return ok2
}
find_command :: proc(name: string) -> (CommandInfo, bool) {
for c in COMMANDS {
if c.name == name {
return c, true
}
for a in c.aliases {
if a == name {
return c, true
}
}
}
return CommandInfo{}, false
}
write_command_help :: proc(name: string, w: io.Writer) -> bool {
info, found := find_command(name)
if !found {
return false
}
fmt.wprintf(w, "Usage: %s [flags]\n\n", info.usage, flush = false)
fmt.wprintf(w, "%s\n", info.short, flush = false)
if len(info.aliases) > 0 {
fmt.wprintf(w, "\nAliases:\n %s", info.name, flush = false)
for a in info.aliases {
fmt.wprintf(w, ", %s", a, flush = false)
}
fmt.wprintf(w, "\n", flush = false)
}
if len(info.long) > 0 {
fmt.wprintf(w, "\n%s\n", info.long, flush = false)
}
fmt.wprintf(w, "\nFlags:\n -h, --help help for %s\n", info.name, flush = false)
return true
}
print_command_help :: proc(name: string) {
bw: bufio.Writer
bufio.writer_init(&bw, io.to_writer(os.to_writer(os.stdout)), mem.DEFAULT_PAGE_SIZE)
defer bufio.writer_destroy(&bw)
w := bufio.writer_to_writer(&bw)
ok := write_command_help(name, w)
if !ok {
fmt.printf("Unknown command: %s\n", name)
print_usage()
}
bufio.writer_flush(&bw)
}
write_usage :: proc(w: io.Writer) {
fmt.wprintf(
w,
`envr keeps your .env synced to a local, age encrypted database.
Is a safe and easy way to gather all your .env files in one place where they can
easily be backed by another tool such as restic or git.
All your data is stored in ~/data.age
Getting started is easy:
1. Create your configuration file and set up encrypted storage:
> envr init
2. Scan for existing .env files:
> envr scan
Select the files you want to back up from the interactive list.
3. Verify that it worked:
> envr list
4. After changing any of your .env files, update the backup with:
> envr sync
5. If you lose a repository, after re-cloning the repo into the same path it was
at before, restore your backup with:
> envr restore ~/<path to repository>/.env
Usage:
envr [command]
Available Commands:
`,
flush = false,
)
for c in COMMANDS {
name_start := len(c.name)
fmt.wprintf(w, "%s", c.name, flush = false)
for a in c.aliases {
fmt.wprintf(w, ", %s", a, flush = false)
name_start += len(a) + 2
}
padding := 20 - name_start
if padding > 0 {
for _ in 0 ..< padding {
io.write_byte(w, ' ')
}
}
fmt.wprintf(w, " %s\n", c.short, flush = false)
}
fmt.wprintf(
w,
`
Flags:
-h, --help help for envr
Use "envr [command] --help" for more information about a command.
`,
flush = false,
)
}
// TODO: Look at usages,might want to pass a writer
print_usage :: proc() {
bw: bufio.Writer
bufio.writer_init(&bw, io.to_writer(os.to_writer(os.stdout)), mem.DEFAULT_PAGE_SIZE)
defer bufio.writer_destroy(&bw)
defer bufio.writer_flush(&bw)
write_usage(bufio.writer_to_writer(&bw))
}

191
cli_test.odin
View File

@@ -1,191 +0,0 @@
#+feature dynamic-literals
package main
import "core:fmt"
import "core:strings"
import "core:testing"
@(test)
test_usage_text_contains_all_commands :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
write_usage(strings.to_writer(&b))
text := strings.to_string(b)
for c in COMMANDS {
testing.expect(
t,
strings.contains(text, c.name),
fmt.tprintf("usage missing command %q", c.name),
)
for a in c.aliases {
testing.expect(t, strings.contains(text, a), fmt.tprintf("usage missing alias %q", a))
}
}
}
@(test)
test_usage_text_contains_steps :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
write_usage(strings.to_writer(&b))
text := strings.to_string(b)
testing.expect(t, strings.contains(text, "1."), "missing step 1")
testing.expect(t, strings.contains(text, "2."), "missing step 2")
testing.expect(t, strings.contains(text, "3."), "missing step 3")
testing.expect(t, strings.contains(text, "4."), "missing step 4")
testing.expect(t, strings.contains(text, "5."), "missing step 5")
testing.expect(t, strings.contains(text, "> envr sync\n"), "step 4 missing 'envr sync'")
testing.expect(t, strings.contains(text, "> envr restore"), "step 5 missing 'envr restore'")
}
@(test)
test_usage_text_contains_flags_and_help_hint :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
write_usage(strings.to_writer(&b))
text := strings.to_string(b)
testing.expect(t, strings.contains(text, "Flags:"), "missing Flags section")
testing.expect(t, strings.contains(text, "--help"), "missing --help flag")
testing.expect(t, strings.contains(text, "Use \"envr [command] --help\""), "missing help hint")
}
@(test)
test_command_help_backup :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
ok := write_command_help("backup", strings.to_writer(&b))
testing.expect(t, ok, "write_command_help(\"backup\") returned false")
text := strings.to_string(b)
testing.expect(t, strings.contains(text, "Usage:"), "missing Usage line")
testing.expect(t, strings.contains(text, "envr backup <path>"), "missing usage pattern")
testing.expect(t, strings.contains(text, "Aliases:"), "missing Aliases section")
testing.expect(t, strings.contains(text, "add"), "missing 'add' alias")
testing.expect(t, strings.contains(text, "Flags:"), "missing Flags section")
testing.expect(t, strings.contains(text, "--help"), "missing --help in flags")
}
@(test)
test_command_help_add_alias :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
ok := write_command_help("add", strings.to_writer(&b))
testing.expect(t, ok, "write_command_help(\"add\") returned false")
text := strings.to_string(b)
testing.expect(
t,
strings.contains(text, "envr backup <path>"),
"'add' alias should resolve to backup usage",
)
testing.expect(t, strings.contains(text, "Aliases:"), "missing Aliases section")
}
@(test)
test_command_help_init_no_aliases :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
ok := write_command_help("init", strings.to_writer(&b))
testing.expect(t, ok, "write_command_help(\"init\") returned false")
text := strings.to_string(b)
testing.expect(t, strings.contains(text, "Usage:"), "missing Usage line")
testing.expect(t, !strings.contains(text, "Aliases:"), "init should not have Aliases section")
testing.expect(t, strings.contains(text, "Flags:"), "missing Flags section")
testing.expect(t, strings.contains(text, "help for init"), "missing 'help for init'")
}
@(test)
test_command_help_unknown :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
ok := write_command_help("nonexistent", strings.to_writer(&b))
testing.expect(t, !ok, "write_command_help(\"nonexistent\") should return false")
text := strings.to_string(b)
testing.expect(t, len(text) == 0, "text should be empty for unknown command")
}
@(test)
test_command_help_version :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
ok := write_command_help("version", strings.to_writer(&b))
testing.expect(t, ok, "write_command_help(\"version\") returned false")
text := strings.to_string(b)
testing.expect(t, strings.contains(text, "Usage:"), "missing Usage line")
testing.expect(
t,
!strings.contains(text, "Aliases:"),
"version should not have Aliases section",
)
}
@(test)
test_has_flag_bool_set :: proc(t: ^testing.T) {
cmd := Command {
name = "test",
bool_set = map[string]bool{"force" = true},
}
defer delete(cmd.bool_set)
testing.expect(t, has_flag(&cmd, "force"), "should find flag in bool_set")
testing.expect(t, !has_flag(&cmd, "verbose"), "should not find missing flag")
}
@(test)
test_has_flag_value_map :: proc(t: ^testing.T) {
cmd := Command {
name = "test",
flags = map[string]string{"output" = "/tmp/out"},
}
defer delete(cmd.flags)
testing.expect(t, has_flag(&cmd, "output"), "should find flag in flags map")
testing.expect(t, !has_flag(&cmd, "force"), "should not find missing flag")
}
@(test)
test_has_flag_both_maps :: proc(t: ^testing.T) {
cmd := Command {
name = "test",
flags = map[string]string{"output" = "/tmp/out"},
bool_set = map[string]bool{"force" = true},
}
defer delete(cmd.flags)
defer delete(cmd.bool_set)
testing.expect(t, has_flag(&cmd, "output"), "should find in flags")
testing.expect(t, has_flag(&cmd, "force"), "should find in bool_set")
testing.expect(t, !has_flag(&cmd, "verbose"), "should not find missing flag")
}
@(test)
test_has_flag_empty_command :: proc(t: ^testing.T) {
cmd := Command {
name = "test",
}
testing.expect(t, !has_flag(&cmd, "anything"), "empty command should have no flags")
}

11
cmd/backup.go
View File

@@ -13,10 +13,9 @@ import (
// backupCmd represents the backup command // backupCmd represents the backup command
var backupCmd = &cobra.Command{ var backupCmd = &cobra.Command{
Use: "backup <path>", Use: "backup <path>",
Short: "Import a .env file into envr", Short: "Import a .env file into envr",
Aliases: []string{"add"}, Args: cobra.ExactArgs(1),
Args: cobra.ExactArgs(1),
// Long: `Long desc` // Long: `Long desc`
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
path := args[0] path := args[0]
@@ -28,11 +27,11 @@ var backupCmd = &cobra.Command{
if err != nil { if err != nil {
return err return err
} else { } else {
defer db.Close() defer db.Close(app.Write)
record := app.NewEnvFile(path) record := app.NewEnvFile(path)
if err := db.Insert(record); err != nil { if err := db.Insert(record); err != nil {
return err panic(err)
} else { } else {
fmt.Printf("Saved %s into the database", path) fmt.Printf("Saved %s into the database", path)
return nil return nil

110
cmd/check.go
View File

@@ -1,106 +1,48 @@
package cmd package cmd
import ( import (
"fmt"
"os" "os"
"path/filepath"
"github.com/olekukonko/tablewriter"
"github.com/sbrow/envr/app" "github.com/sbrow/envr/app"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
var checkCmd = &cobra.Command{ var checkCmd = &cobra.Command{
Use: "check [path]", Use: "check",
Short: "check if files in the current directory are backed up", Short: "Check for missing binaries",
// TODO: Long description for new check command Long: `envr relies on external binaries for certain functionality.
Args: cobra.MaximumNArgs(1),
The check command reports on which binaries are available and which are not.`,
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
// Accept an optional path arg, default to current working directory
var checkPath string
if len(args) > 0 {
checkPath = args[0]
} else {
cwd, err := os.Getwd()
if err != nil {
return fmt.Errorf("failed to get current working directory: %w", err)
}
checkPath = cwd
}
// Get absolute path
absPath, err := filepath.Abs(checkPath)
if err != nil {
return fmt.Errorf("failed to get absolute path: %w", err)
}
// Open database
db, err := app.Open() db, err := app.Open()
if err != nil { if err != nil {
return fmt.Errorf("failed to open database: %w", err) return err
}
defer db.Close()
// Check if the path is a file or directory
info, err := os.Stat(absPath)
if err != nil {
return fmt.Errorf("failed to stat path: %w", err)
}
var filesInPath []string
if info.IsDir() {
// Find .env files in the specified directory
if err := db.CanScan(); err != nil {
return err
}
// Scan only the specified path for .env files
filesInPath, err = db.Scan([]string{absPath})
if err != nil {
return fmt.Errorf("failed to scan path for env files: %w", err)
}
} else { } else {
// Path is a file, just check this specific file defer db.Close(app.ReadOnly)
filesInPath = []string{absPath} features := db.Features()
}
// Get all backed up files from the database table := tablewriter.NewWriter(os.Stdout)
envFiles, err := db.List() table.Header([]string{"Feature", "Status"})
if err != nil {
return fmt.Errorf("failed to list files from database: %w", err)
}
// Check which files are not backed up // Check Git
var notBackedUp []string if features&app.Git == 1 {
for _, file := range filesInPath { table.Append([]string{"Git", "✓ Available"})
isBackedUp := false
for _, envFile := range envFiles {
if envFile.Path == file {
isBackedUp = true
break
}
}
if !isBackedUp {
notBackedUp = append(notBackedUp, file)
}
}
// Display results
if len(notBackedUp) == 0 {
if len(filesInPath) == 0 {
fmt.Println("No .env files found in the specified directory.")
} else { } else {
fmt.Println("✓ All .env files in the directory are backed up.") table.Append([]string{"Git", "✗ Missing"})
} }
} else {
fmt.Printf("Found %d .env file(s) that are not backed up:\n", len(notBackedUp))
for _, file := range notBackedUp {
fmt.Printf(" %s\n", file)
}
fmt.Println("\nRun 'envr sync' to back up these files.")
}
return nil // Check fd
if features&app.Fd == 1 {
table.Append([]string{"fd", "✓ Available"})
} else {
table.Append([]string{"fd", "✗ Missing"})
}
table.Render()
return nil
}
}, },
} }

51
cmd/deps.go
View File

@@ -1,51 +0,0 @@
package cmd
import (
"os"
"github.com/olekukonko/tablewriter"
"github.com/sbrow/envr/app"
"github.com/spf13/cobra"
)
var depsCmd = &cobra.Command{
Use: "deps",
Short: "Check for missing binaries",
Long: `envr relies on external binaries for certain functionality.
The check command reports on which binaries are available and which are not.`,
RunE: func(cmd *cobra.Command, args []string) error {
db, err := app.Open()
if err != nil {
return err
} else {
defer db.Close()
features := db.Features()
table := tablewriter.NewWriter(os.Stdout)
table.Header([]string{"Feature", "Status"})
// Check Git
if features&app.Git == 1 {
table.Append([]string{"Git", "✓ Available"})
} else {
table.Append([]string{"Git", "✗ Missing"})
}
// Check fd
if features&app.Fd == app.Fd {
table.Append([]string{"fd", "✓ Available"})
} else {
table.Append([]string{"fd", "✗ Missing"})
}
table.Render()
return nil
}
},
}
func init() {
rootCmd.AddCommand(depsCmd)
}

19
cmd/init.go
View File

@@ -11,9 +11,11 @@ import (
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// TODO: Add --force (-f) flag.
var initCmd = &cobra.Command{ var initCmd = &cobra.Command{
Use: "init", Use: "init",
Short: "Set up envr", DisableFlagsInUseLine: true,
Short: "Set up envr",
Long: `The init command generates your initial config and saves it to Long: `The init command generates your initial config and saves it to
~/.envr/config in JSON format. ~/.envr/config in JSON format.
@@ -21,10 +23,11 @@ During setup, you will be prompted to select one or more ssh keys with which to
encrypt your databse. **Make 100% sure** that you have **a remote copy** of this encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
key somewhere, otherwise your data could be lost forever.`, key somewhere, otherwise your data could be lost forever.`,
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
force, _ := cmd.Flags().GetBool("force")
config, _ := app.LoadConfig() config, _ := app.LoadConfig()
if config == nil || force { if config != nil {
return fmt.Errorf("You have already initialized envr")
} else {
keys, err := selectSSHKeys() keys, err := selectSSHKeys()
if err != nil { if err != nil {
return fmt.Errorf("Error selecting SSH keys: %v", err) return fmt.Errorf("Error selecting SSH keys: %v", err)
@@ -40,17 +43,13 @@ key somewhere, otherwise your data could be lost forever.`,
} }
fmt.Printf("Config initialized with %d SSH key(s). You are ready to use envr.\n", len(keys)) fmt.Printf("Config initialized with %d SSH key(s). You are ready to use envr.\n", len(keys))
return nil
} else {
return fmt.Errorf(`You have already initialized envr.
Run again with the --force flag if you want to reinitialize.
`)
} }
return nil
}, },
} }
func init() { func init() {
initCmd.Flags().BoolP("force", "f", false, "Overwrite an existing config")
rootCmd.AddCommand(initCmd) rootCmd.AddCommand(initCmd)
} }

2
cmd/list.go
View File

@@ -24,7 +24,7 @@ var listCmd = &cobra.Command{
if err != nil { if err != nil {
return err return err
} }
defer db.Close() defer db.Close(app.ReadOnly)
rows, err := db.List() rows, err := db.List()
if err != nil { if err != nil {

2
cmd/remove.go
View File

@@ -25,7 +25,7 @@ var removeCmd = &cobra.Command{
if err != nil { if err != nil {
return err return err
} else { } else {
defer db.Close() defer db.Close(app.Write)
if err := db.Delete(path); err != nil { if err := db.Delete(path); err != nil {
return err return err
} else { } else {

2
cmd/restore.go
View File

@@ -27,7 +27,7 @@ var restoreCmd = &cobra.Command{
if err != nil { if err != nil {
return err return err
} else { } else {
defer db.Close() defer db.Close(app.ReadOnly)
record, err := db.Fetch(path) record, err := db.Fetch(path)
if err != nil { if err != nil {

6
cmd/scan.go
View File

@@ -28,7 +28,7 @@ var scanCmd = &cobra.Command{
return err return err
} }
files, err := db.Scan(nil) files, err := db.Scan()
if err != nil { if err != nil {
return err return err
} }
@@ -57,7 +57,7 @@ var scanCmd = &cobra.Command{
// Close database with write mode to persist changes // Close database with write mode to persist changes
if addedCount > 0 { if addedCount > 0 {
err = db.Close() err = db.Close(app.Write)
if err != nil { if err != nil {
return fmt.Errorf("Error saving changes: %v\n", err) return fmt.Errorf("Error saving changes: %v\n", err)
} else { } else {
@@ -65,7 +65,7 @@ var scanCmd = &cobra.Command{
return nil return nil
} }
} else { } else {
err = db.Close() err = db.Close(app.ReadOnly)
if err != nil { if err != nil {
return fmt.Errorf("Error closing database: %v\n", err) return fmt.Errorf("Error closing database: %v\n", err)
} }

67
cmd/sync.go
View File

@@ -1,93 +1,54 @@
package cmd package cmd
import ( import (
"encoding/json" "fmt"
"os"
"github.com/mattn/go-isatty"
"github.com/olekukonko/tablewriter"
"github.com/sbrow/envr/app" "github.com/sbrow/envr/app"
"github.com/spf13/cobra" "github.com/spf13/cobra"
) )
// TODO: Detect when file paths have moved and update accordingly.
var syncCmd = &cobra.Command{ var syncCmd = &cobra.Command{
Use: "sync", Use: "sync",
Short: "Update or restore your env backups", Short: "Update or restore your env backups",
RunE: func(cmd *cobra.Command, args []string) error { RunE: func(cmd *cobra.Command, args []string) error {
db, err := app.Open() db, err := app.Open()
if err != nil { if err != nil {
return err return err
} else { } else {
defer db.Close() defer db.Close(app.Write)
files, err := db.List() files, err := db.List()
if err != nil { if err != nil {
return err return err
} else { } else {
type syncResult struct {
Path string `json:"path"`
Status string `json:"status"`
}
var results []syncResult
for _, file := range files { for _, file := range files {
// Syncronize the filesystem with the database. fmt.Printf("%s\n", file.Path)
oldPath := file.Path
changed, err := db.Sync(&file) // Syncronize the filesystem with the database.
changed, err := file.Sync()
var status string
switch changed { switch changed {
case app.BackedUp: case app.Updated:
status = "Backed Up" fmt.Printf("File updated - changes saved\n")
if err := db.Insert(file); err != nil { if err := db.Insert(file); err != nil {
return err return err
} }
case app.Restored: case app.Restored:
fallthrough fmt.Printf("File missing - restored backup\n")
case app.RestoredAndDirUpdated:
status = "Restored"
case app.Error: case app.Error:
if err == nil { if err == nil {
panic("err cannot be nil when Sync returns Error") panic("err cannot be nil when Sync returns Error")
} else {
fmt.Printf("%s\n", err)
} }
status = err.Error()
case app.Noop: case app.Noop:
status = "OK" fmt.Println("Nothing to do")
case app.DirUpdated:
status = "Moved"
default: default:
panic("Unknown result") panic("Unknown result")
} }
if changed&app.DirUpdated == app.DirUpdated { fmt.Println("")
if err := db.Delete(oldPath); err != nil {
return err
}
}
if db.UpdateRequired(changed) {
if err := db.Insert(file); err != nil {
return err
}
}
results = append(results, syncResult{
Path: file.Path,
Status: status,
})
}
if isatty.IsTerminal(os.Stdout.Fd()) {
table := tablewriter.NewWriter(os.Stdout)
table.Header([]string{"File", "Status"})
for _, result := range results {
table.Append([]string{result.Path, result.Status})
}
table.Render()
} else {
encoder := json.NewEncoder(os.Stdout)
return encoder.Encode(results)
} }
return nil return nil

1
cmd/version.go
View File

@@ -15,7 +15,6 @@ var (
var long bool var long bool
// versionCmd represents the version command // versionCmd represents the version command
// Deprecated: Remove when Zig has the chance to emit help
var versionCmd = &cobra.Command{ var versionCmd = &cobra.Command{
Use: "version", Use: "version",
Short: "Show envr's version", Short: "Show envr's version",

34
cmd_backup.odin
View File

@@ -1,34 +0,0 @@
package main
import "core:fmt"
import "core:strings"
cmd_backup :: proc(cmd: ^Command) {
if len(cmd.args) != 1 {
print_command_help("backup")
return
}
path := cmd.args[0]
if len(strings.trim_space(path)) == 0 {
fmt.println("Error: No path provided")
return
}
file, ok := new_env_file(path)
if !ok {
return
}
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
if !db_insert(&db, file) {
return
}
fmt.printf("Saved %s into the database\n", path)
}

84
cmd_check.odin
View File

@@ -1,84 +0,0 @@
package main
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:strings"
cmd_check :: proc(cmd: ^Command) {
feats := check_features()
check_path: string
if len(cmd.args) > 0 {
check_path = cmd.args[0]
} else {
cwd, cwd_err := os.get_working_directory(context.allocator)
if cwd_err != nil {
fmt.printf("Error getting current directory: %v\n", cwd_err)
return
}
check_path = cwd
}
abs_path: string
if filepath.is_abs(check_path) {
abs_path = check_path
} else {
resolved, abs_err := filepath.abs(check_path)
if abs_err != nil {
fmt.printf("Error getting absolute path: %v\n", abs_err)
return
}
abs_path = resolved
}
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
is_dir := os.is_directory(abs_path)
files_in_path: [dynamic]string
if is_dir {
if cant_scan(feats) {
fmt.println(
"Error: please install fd to use the check command (https://github.com/sharkdp/fd)",
)
return
}
scanned, scan_ok := scan_path(abs_path, db.cfg)
if !scan_ok {
fmt.println("Error scanning directory for .env files")
return
}
files_in_path = scanned
} else {
append(&files_in_path, abs_path)
}
db_files, list_ok := db_list(&db)
if !list_ok {
return
}
not_backed := find_unbacked(files_in_path[:], db_files[:])
if len(not_backed) == 0 {
if len(files_in_path) == 0 {
fmt.println("No .env files found in the specified directory.")
} else {
fmt.println("✓ All .env files in the directory are backed up.")
}
} else {
fmt.printf("Found %d .env file(s) that are not backed up:\n", len(not_backed))
for file in not_backed {
fmt.printf(" %s\n", file)
}
fmt.println("\nRun 'envr sync' to back up these files.")
}
}

48
cmd_check_test.odin
View File

@@ -1,48 +0,0 @@
package main
import "core:fmt"
import "core:testing"
@(test)
test_find_unbacked_finds_missing :: proc(t: ^testing.T) {
local := []string{"/a/.env", "/b/.env", "/c/.env"}
db := []EnvFile{{Path = "/a/.env"}, {Path = "/b/.env"}}
result := find_unbacked(local, db[:])
testing.expect(t, len(result) == 1, fmt.tprintf("expected 1 unbacked, got %d", len(result)))
if len(result) > 0 {
testing.expect(
t,
result[0] == "/c/.env",
fmt.tprintf("expected /c/.env, got %s", result[0]),
)
}
}
@(test)
test_find_unbacked_all_backed :: proc(t: ^testing.T) {
local := []string{"/a/.env", "/b/.env"}
db := []EnvFile{{Path = "/a/.env"}, {Path = "/b/.env"}}
result := find_unbacked(local, db[:])
testing.expect(t, len(result) == 0, fmt.tprintf("expected 0 unbacked, got %d", len(result)))
}
@(test)
test_find_unbacked_no_local :: proc(t: ^testing.T) {
local: []string
db := []EnvFile{{Path = "/a/.env"}}
result := find_unbacked(local, db[:])
testing.expect(t, len(result) == 0, fmt.tprintf("expected 0 unbacked, got %d", len(result)))
}
@(test)
test_find_unbacked_none_backed :: proc(t: ^testing.T) {
local := []string{"/a/.env", "/b/.env"}
db: []EnvFile
result := find_unbacked(local, db[:])
testing.expect(t, len(result) == 2, fmt.tprintf("expected 2 unbacked, got %d", len(result)))
}

30
cmd_deps.odin
View File

@@ -1,30 +0,0 @@
package main
import "core:fmt"
cmd_deps :: proc(cmd: ^Command) {
feats := check_features()
headers := []string{"Feature", "Status"}
rows: [dynamic][]string
if .Git in feats {
append(&rows, []string{"Git", "\u2713 Available"})
} else {
append(&rows, []string{"Git", "\u2717 Missing"})
}
if .Fd in feats {
append(&rows, []string{"fd", "\u2713 Available"})
} else {
append(&rows, []string{"fd", "\u2717 Missing"})
}
if .Age in feats {
append(&rows, []string{"age", "\u2713 Available"})
} else {
append(&rows, []string{"age", "\u2717 Missing"})
}
render_table(headers, rows[:])
}

49
cmd_edit_config.odin
View File

@@ -1,49 +0,0 @@
package main
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:strings"
cmd_edit_config :: proc(cmd: ^Command) {
editor := os.get_env("EDITOR", context.allocator)
if len(editor) == 0 {
fmt.println("Error: $EDITOR environment variable is not set")
return
}
config_path, join_err := filepath.join([]string{envr_dir(), "config.json"})
if join_err != nil {
fmt.printf("Error building config path: %v\n", join_err)
return
}
_, stat_err := os.stat(config_path, context.allocator)
if stat_err != nil {
fmt.printf("Config file does not exist at %s. Run 'envr init' first.\n", config_path)
return
}
args := []string{editor, config_path}
desc := os.Process_Desc{
command = args,
stdin = os.stdin,
stdout = os.stdout,
stderr = os.stderr,
}
p, start_err := os.process_start(desc)
if start_err != nil {
fmt.printf("Error running editor: %v\n", start_err)
return
}
state, wait_err := os.process_wait(p)
if wait_err != nil {
fmt.printf("Error waiting for editor: %v\n", wait_err)
return
}
if state.exit_code != 0 {
os.exit(int(state.exit_code))
}
}

53
cmd_init.odin
View File

@@ -1,53 +0,0 @@
package main
import "core:fmt"
cmd_init :: proc(cmd: ^Command) {
force := has_flag(cmd, "force") || has_flag(cmd, "f")
_, cfg_exists := load_config()
if cfg_exists && !force {
fmt.println("You have already initialized envr.")
fmt.println("Run again with the --force flag if you want to reinitialize.")
return
}
keys, ok := find_ssh_private_keys()
if !ok {
return
}
if len(keys) == 0 {
fmt.println("No SSH private keys found in ~/.ssh")
return
}
selected, result := multi_select("Select SSH private keys:", keys[:])
if result == .Cancel {
fmt.println("\x1b[2mCancelled.\x1b[0m")
return
}
selected_paths := make([dynamic]string, 0, min(1, len(keys) / 2))
for i in 0 ..< len(keys) {
if selected[i] {
append(&selected_paths, keys[i])
}
}
if len(selected_paths) == 0 {
fmt.println("No SSH keys selected - Config not created")
return
}
cfg := new_config(selected_paths[:])
if !save_config(cfg, force = force) {
return
}
fmt.printf(
"Config initialized with %d SSH key(s). You are ready to use envr.\n",
len(selected_paths),
)
}

57
cmd_list.odin
View File

@@ -1,57 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
import "core:path/filepath"
import "core:strings"
ListEntry :: struct {
Directory: string `json:"directory"`,
Path: string `json:"path"`,
}
cmd_list :: proc(cmd: ^Command) {
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
rows, list_ok := db_list(&db)
if !list_ok {
return
}
defer delete(rows)
if is_tty() {
headers := []string{"Directory", "Path"}
table_rows := make([dynamic][]string, 0, len(rows))
for row in rows {
dir_str := strings.concatenate({row.Dir, "/"})
filename := filepath.base(row.Path)
row_slice := make([]string, 2)
row_slice[0] = dir_str
row_slice[1] = filename
append(&table_rows, row_slice)
}
render_table(headers, table_rows[:])
} else {
entries: [dynamic]ListEntry
for row in rows {
filename := filepath.base(row.Path)
append(&entries, ListEntry{
Directory = strings.concatenate({row.Dir, "/"}),
Path = filename,
})
}
data, marshal_err := json.marshal(entries[:])
if marshal_err != nil {
fmt.printf("Error marshaling JSON: %v\n", marshal_err)
return
}
fmt.println(string(data))
}
}

18
cmd_list_test.odin
View File

@@ -1,18 +0,0 @@
package main
import "core:path/filepath"
import "core:testing"
@(test)
test_filepath_base_equals_rel :: proc(t: ^testing.T) {
cases := []string{"/home/user/.env", "/home/user/project/.envrc", "/tmp/foo", "/a/b/c/d.txt"}
for path in cases {
dir := filepath.dir(path)
rel, rel_err := filepath.rel(dir, path, context.temp_allocator)
testing.expect(t, rel_err == nil, "filepath.rel returned an error")
base := filepath.base(path)
testing.expect(t, rel == base, "filepath.rel(dir, path) should equal filepath.base(path)")
}
}

9
cmd_nushell_completion.odin
View File

@@ -1,9 +0,0 @@
package main
import "core:fmt"
COMPLETION_SCRIPT: string : string(#load("mod.nu"))
cmd_nushell_completion :: proc(cmd: ^Command) {
fmt.print(COMPLETION_SCRIPT)
}

36
cmd_nushell_completion_test.odin
View File

@@ -1,36 +0,0 @@
package main
import "core:fmt"
import "core:strings"
import "core:testing"
@(test)
test_nushell_completion_nonempty :: proc(t: ^testing.T) {
testing.expect(t, len(COMPLETION_SCRIPT) > 0, "completion script should not be empty")
}
@(test)
test_nushell_completion_contains_externs :: proc(t: ^testing.T) {
expected := []string{
"tracked-paths",
"untracked-paths",
"envr backup",
"envr check",
"envr edit-config",
"envr help",
"envr init",
"envr list",
"envr remove",
"envr restore",
"envr scan",
"envr sync",
"envr nushell-completion",
}
for ext in expected {
testing.expect(
t,
strings.contains(COMPLETION_SCRIPT, ext),
fmt.tprintf("expected script to contain %q", ext),
)
}
}

42
cmd_remove.odin
View File

@@ -1,42 +0,0 @@
package main
import "core:fmt"
import "core:path/filepath"
import "core:strings"
cmd_remove :: proc(cmd: ^Command) {
if len(cmd.args) != 1 {
print_command_help("remove")
return
}
path := cmd.args[0]
if len(strings.trim_space(path)) == 0 {
fmt.println("Error: No path provided")
return
}
abs_path: string
if filepath.is_abs(path) {
abs_path = path
} else {
resolved, abs_err := filepath.abs(path)
if abs_err != nil {
fmt.printf("Error getting absolute path: %v\n", abs_err)
return
}
abs_path = resolved
}
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
if !db_delete(&db, abs_path) {
return
}
fmt.printf("Removed %s from the database\n", abs_path)
}

53
cmd_restore.odin
View File

@@ -1,53 +0,0 @@
package main
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:strings"
cmd_restore :: proc(cmd: ^Command) {
if len(cmd.args) != 1 {
print_command_help("restore")
return
}
path := cmd.args[0]
if len(strings.trim_space(path)) == 0 {
fmt.println("Error: No path provided")
return
}
abs_path: string
if filepath.is_abs(path) {
abs_path = path
} else {
resolved, abs_err := filepath.abs(path)
if abs_err != nil {
fmt.printf("Error getting absolute path: %v\n", abs_err)
return
}
abs_path = resolved
}
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
file, fetch_ok := db_fetch(&db, abs_path)
if !fetch_ok {
return
}
dir := filepath.dir(file.Path)
os.mkdir_all(dir)
write_err := os.write_entire_file(file.Path, file.contents)
if write_err != nil {
fmt.printf("Error writing file: %v\n", write_err)
return
}
fmt.printf("Restored %s\n", file.Path)
}

91
cmd_scan.odin
View File

@@ -1,91 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
cmd_scan :: proc(cmd: ^Command) {
feats := check_features()
if cant_scan(feats) {
fmt.println(
"Error: please install fd to use the scan command (https://github.com/sharkdp/fd)",
)
return
}
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
search_dirs := search_paths(db.cfg)
if len(search_dirs) == 0 {
fmt.println("No search paths configured. Please run `envr init` or edit your config.")
return
}
// TODO: Figure out a sane default
all_files: [dynamic]string
for dir in search_dirs {
found, scan_ok := scan_path(dir, db.cfg)
if !scan_ok {
fmt.printf("Error scanning %s\n", dir)
continue
}
for f in found {
append(&all_files, f)
}
}
db_files, list_ok := db_list(&db)
if !list_ok {
return
}
files := find_unbacked(all_files[:], db_files[:])
if len(files) == 0 {
fmt.println("No .env files found to add.")
return
}
if !is_tty() {
output, marshal_err := json.marshal(files[:])
if marshal_err != nil {
fmt.printf("Error marshaling files to JSON: %v\n", marshal_err)
return
}
fmt.println(string(output))
return
}
selected, result := multi_select("Select .env files to backup:", files[:])
if result == .Cancel {
fmt.println("\x1b[2mCancelled.\x1b[0m")
return
}
added_count: int
for i in 0 ..< len(files) {
if !selected[i] {
continue
}
env_file, ok := new_env_file(files[i])
if !ok {
fmt.printf("Error reading %s\n", files[i])
continue
}
if !db_insert(&db, env_file) {
fmt.printf("Error adding %s\n", files[i])
continue
}
added_count += 1
}
if added_count > 0 {
fmt.printf("\x1b[1;32mSuccessfully added %d file(s) to backup.\x1b[0m\n", added_count)
} else {
fmt.println("\x1b[2mNo files were added.\x1b[0m")
}
}

95
cmd_sync.odin
View File

@@ -1,95 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
import "core:strings"
SyncEntry :: struct {
Path: string `json:"path"`,
Status: string `json:"status"`,
}
cmd_sync :: proc(cmd: ^Command) {
db, db_ok := db_open()
if !db_ok {
return
}
defer db_close(&db)
files, list_ok := db_list(&db)
if !list_ok {
return
}
defer delete(files)
results: [dynamic]SyncEntry
for &file in files {
old_path: string
old_path, _ = strings.clone(file.Path)
result, err_msg := db_sync(&db, &file)
status: string
s := i32(result)
is_error := (s & i32(SyncResult.Error)) != 0
is_backed := (s & i32(SyncResult.BackedUp)) != 0
is_restored := (s & i32(SyncResult.Restored)) != 0
is_dir_updated := (s & i32(SyncResult.DirUpdated)) != 0
if is_error {
if len(err_msg) > 0 {
status = err_msg
} else {
status = "error"
}
} else if is_backed {
status = "Backed Up"
if !db_insert(&db, file) {
return
}
} else if is_restored {
status = "Restored"
} else if is_dir_updated && !is_restored {
status = "Moved"
} else {
status = "OK"
}
if is_dir_updated {
if !db_delete(&db, old_path) {
return
}
}
if db_update_required(result) {
if !db_insert(&db, file) {
return
}
}
path_str, _ := strings.clone(file.Path)
status_str, _ := strings.clone(status)
append(&results, SyncEntry{Path = path_str, Status = status_str})
}
if is_tty() {
headers := []string{"File", "Status"}
table_rows := make([dynamic][]string, 0, len(results))
for res in results {
row_slice := make([]string, 2)
row_slice[0] = res.Path
row_slice[1] = res.Status
append(&table_rows, row_slice)
}
render_table(headers, table_rows[:])
} else {
data, marshal_err := json.marshal(results[:])
if marshal_err != nil {
fmt.printf("Error marshaling JSON: %v\n", marshal_err)
return
}
fmt.println(string(data))
}
}

223
config.odin
View File

@@ -1,223 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:strings"
SshKeyPair :: struct {
Private: string `json:"private"`,
Public: string `json:"public"`,
}
ScanConfig :: struct {
Matcher: string `json:"matcher"`,
Exclude: [dynamic]string `json:"exclude"`,
Include: [dynamic]string `json:"include"`,
}
Config :: struct {
Keys: [dynamic]SshKeyPair `json:"keys"`,
ScanConfig: ScanConfig `json:"scan"`,
}
load_config :: proc() -> (Config, bool) {
home, home_err := os.user_home_dir(context.temp_allocator)
if home_err != nil {
fmt.printf("Error getting home dir: %v\n", home_err)
return Config{}, false
}
config_path, join_err := filepath.join([]string{home, ".envr", "config.json"})
if join_err != nil {
return Config{}, false
}
data, read_err := os.read_entire_file_from_path(config_path, context.allocator)
if read_err != nil {
fmt.println("No config file found. Please run `envr init` to generate one.")
return Config{}, false
}
cfg: Config
err := json.unmarshal(data, &cfg)
if err != nil {
fmt.printf("Error parsing config: %v\n", err)
return Config{}, false
}
return cfg, true
}
delete_config :: proc(cfg: Config) {
delete(cfg.Keys)
delete(cfg.ScanConfig.Exclude)
delete(cfg.ScanConfig.Include)
}
envr_dir :: proc() -> string {
home, _ := os.user_home_dir(context.allocator)
dir, _ := filepath.join([]string{home, ".envr"})
return dir
}
data_age_path :: proc() -> string {
dir := envr_dir()
path, _ := filepath.join([]string{dir, "data.age"})
return path
}
find_ssh_private_keys :: proc() -> (keys: [dynamic]string, ok: bool) {
home, home_err := os.user_home_dir(context.allocator)
if home_err != nil {
fmt.printf("Error getting home dir: %v\n", home_err)
return
}
ssh_dir, join_err := filepath.join([]string{home, ".ssh"})
if join_err != nil {
fmt.printf("Error building ssh path: %v\n", join_err)
return
}
entries, dir_err := os.read_all_directory_by_path(ssh_dir, context.allocator)
if dir_err != nil {
fmt.printf("Could not read ~/.ssh directory: %v\n", dir_err)
return
}
defer os.file_info_slice_delete(entries, context.allocator)
for entry in entries {
name := entry.name
if entry.type == .Directory {
continue
}
if strings.has_suffix(name, ".pub") {
continue
}
if strings.contains(name, "known_hosts") {
continue
}
if strings.contains(name, "config") {
continue
}
full_path, _ := filepath.join([]string{ssh_dir, name})
append(&keys, full_path)
}
ok = true
return
}
new_config :: proc(private_key_paths: []string) -> Config {
keys := make([dynamic]SshKeyPair, 0, len(private_key_paths))
for priv in private_key_paths {
// TODO: Is this bad?
pub, _ := strings.concatenate([]string{priv, ".pub"}, context.temp_allocator)
append(&keys, SshKeyPair{Private = priv, Public = pub})
}
exclude := make([dynamic]string, 0, 4)
append(&exclude, "*\\.envrc")
append(&exclude, "\\.local/")
append(&exclude, "node_modules")
append(&exclude, "vendor")
include := make([dynamic]string, 0, 1)
append(&include, "~")
scan_cfg := ScanConfig {
Matcher = "\\.env",
Exclude = exclude,
Include = include,
}
return Config{Keys = keys, ScanConfig = scan_cfg}
}
save_config :: proc(cfg: Config, force: bool = false) -> bool {
home, home_err := os.user_home_dir(context.allocator)
if home_err != nil {
fmt.printf("Error getting home dir: %v\n", home_err)
return false
}
config_dir, _ := filepath.join([]string{home, ".envr"})
if !os.exists(config_dir) {
mkdir_err := os.make_directory(config_dir)
if mkdir_err != nil {
fmt.printf("Error creating ~/.envr directory: %v\n", mkdir_err)
return false
}
}
config_path, _ := filepath.join([]string{config_dir, "config.json"})
if os.exists(config_path) && !force {
info, stat_err := os.stat(config_path, context.allocator)
if stat_err == nil {
defer os.file_info_delete(info, context.allocator)
if info.size > 0 {
fmt.println("Config file already exists. Run again with --force to reinitialize.")
return false
}
}
}
data, marshal_err := json.marshal(cfg, {pretty = true, use_spaces = true, spaces = 2})
if marshal_err != nil {
fmt.printf("Error marshaling config: %v\n", marshal_err)
return false
}
write_err := os.write_entire_file(config_path, data)
if write_err != nil {
fmt.printf("Error writing config: %v\n", write_err)
return false
}
return true
}
search_paths :: proc(cfg: Config) -> (paths: [dynamic]string) {
home, _ := os.user_home_dir(context.allocator)
for include in cfg.ScanConfig.Include {
expanded, _ := strings.replace(include, "~", home, 1)
cloned, _ := strings.clone(expanded)
if filepath.is_abs(cloned) {
append(&paths, cloned)
} else {
resolved, err := filepath.abs(cloned)
if err == nil {
append(&paths, resolved)
}
}
}
return
}
find_git_roots :: proc(cfg: Config) -> (roots: [dynamic]string, ok: bool) {
paths := search_paths(cfg)
for sp in paths {
args := []string{"fd", "-H", "-t", "d", "^\\.git$", sp}
lines, fd_ok := run_fd(args)
if !fd_ok {
return
}
for line in lines {
cleaned, _ := filepath.clean(line)
parent := filepath.dir(cleaned)
cloned, _ := strings.clone(parent)
append(&roots, cloned)
}
}
ok = true
return
}

63
config_test.odin
View File

@@ -1,63 +0,0 @@
package main
import "core:testing"
@(test)
test_new_config_single_key :: proc(t: ^testing.T) {
paths := []string{"/home/user/.ssh/id_ed25519"}
cfg := new_config(paths)
defer delete_config(cfg)
testing.expect(t, len(cfg.Keys) == 1, "should have 1 key")
testing.expect(t, cfg.Keys[0].Private == "/home/user/.ssh/id_ed25519", "Private path mismatch")
testing.expect(
t,
cfg.Keys[0].Public == "/home/user/.ssh/id_ed25519.pub",
"Public path mismatch",
)
}
@(test)
test_new_config_multiple_keys :: proc(t: ^testing.T) {
paths := []string{"/home/user/.ssh/id_ed25519", "/home/user/.ssh/id_rsa"}
cfg := new_config(paths)
defer delete_config(cfg)
testing.expect(t, len(cfg.Keys) == 2, "should have 2 keys")
testing.expect(t, cfg.Keys[0].Private == "/home/user/.ssh/id_ed25519")
testing.expect(t, cfg.Keys[1].Private == "/home/user/.ssh/id_rsa")
}
@(test)
test_new_config_empty_keys :: proc(t: ^testing.T) {
paths: []string
cfg := new_config(paths)
defer delete_config(cfg)
testing.expect(t, len(cfg.Keys) == 0, "should have 0 keys")
}
@(test)
test_new_config_scan_defaults :: proc(t: ^testing.T) {
paths := []string{"/home/user/.ssh/id_ed25519"}
cfg := new_config(paths)
defer delete_config(cfg)
testing.expect(t, cfg.ScanConfig.Matcher == "\\.env", "matcher should be \\.env")
testing.expect(t, len(cfg.ScanConfig.Exclude) == 4, "should have 4 exclude patterns")
testing.expect(t, len(cfg.ScanConfig.Include) == 1, "should have 1 include path")
testing.expect(t, cfg.ScanConfig.Include[0] == "~", "include should be ~")
}
@(test)
test_new_config_exclude_patterns :: proc(t: ^testing.T) {
paths := []string{"/home/user/.ssh/id_ed25519"}
cfg := new_config(paths)
defer delete_config(cfg)
expected := []string{"*\\.envrc", "\\.local/", "node_modules", "vendor"}
for i in 0 ..< len(expected) {
testing.expect(t, cfg.ScanConfig.Exclude[i] == expected[i])
}
}

635
db.odin
View File

@@ -1,635 +0,0 @@
package main
import "core:c"
import "core:crypto/hash"
import "core:encoding/hex"
import "core:encoding/json"
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:strings"
import "core:time"
import "sqlite"
SyncResult :: enum i32 {
Noop = 0,
DirUpdated = 1,
Restored = 1 << 1,
BackedUp = 1 << 2,
Error = 1 << 3,
}
SyncDirection :: enum {
TrustDatabase,
TrustFilesystem,
}
Db :: struct {
db: ^rawptr,
cfg: Config,
changed: bool,
}
EnvFile :: struct {
Path: string,
Dir: string,
Remotes: [dynamic]string,
Sha256: string,
contents: string,
}
make_temp_path :: proc() -> string {
ts := time.time_to_unix(time.now())
b: strings.Builder
strings.builder_init(&b)
fmt.sbprintf(&b, "/tmp/envr-%d-%d.db", os.get_pid(), ts)
return strings.to_string(b)
}
db_open :: proc() -> (Db, bool) {
cfg, ok := load_config()
if !ok {
return Db{}, false
}
age_path := data_age_path()
_, stat_err := os.stat(age_path, context.allocator)
db: ^rawptr
rc := sqlite.db_open(":memory:", &db)
if rc != sqlite.OK {
fmt.printf("Error opening in-memory database: %s\n", sqlite.db_errmsg(db))
return Db{}, false
}
create_sql := "CREATE TABLE IF NOT EXISTS envr_env_files (path TEXT PRIMARY KEY NOT NULL, remotes TEXT, sha256 TEXT NOT NULL, contents TEXT NOT NULL)"
rc = sqlite.db_exec(db, string_to_cstring(create_sql), nil, nil, nil)
if rc != sqlite.OK {
fmt.printf("Error creating table: %s\n", sqlite.db_errmsg(db))
sqlite.db_close(db)
return Db{}, false
}
if stat_err == nil {
if !db_restore_from_age(db, cfg) {
sqlite.db_close(db)
return Db{}, false
}
}
return Db{db = db, cfg = cfg, changed = stat_err != nil}, true
}
db_close :: proc(d: ^Db) {
if d.changed {
tmp_path := make_temp_path()
if !db_vacuum_to_file(d.db, tmp_path) {
os.remove(tmp_path)
sqlite.db_close(d.db)
return
}
db_encrypt_file(tmp_path, d.cfg.Keys[:])
os.remove(tmp_path)
d.changed = false
}
sqlite.db_close(d.db)
}
db_list :: proc(d: ^Db) -> (results: [dynamic]EnvFile, ok: bool) {
sql := "SELECT path, remotes, sha256, contents FROM envr_env_files"
stmt: ^rawptr
rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
if rc != sqlite.OK {
fmt.printf("Error preparing query: %s\n", sqlite.db_errmsg(d.db))
return
}
for {
rc = sqlite.step(stmt)
if rc == sqlite.DONE {
break
}
if rc != sqlite.ROW {
fmt.printf("Error stepping query: %s\n", sqlite.db_errmsg(d.db))
sqlite.finalize(stmt)
return
}
path := cstring_to_string(sqlite.column_text(stmt, 0))
remotes_json := cstring_to_string(sqlite.column_text(stmt, 1))
sha := cstring_to_string(sqlite.column_text(stmt, 2))
contents := cstring_to_string(sqlite.column_text(stmt, 3))
remotes: [dynamic]string
if len(remotes_json) > 0 {
json.unmarshal_string(remotes_json, &remotes)
}
append(
&results,
EnvFile {
Path = path,
Dir = filepath.dir(path),
Remotes = remotes,
Sha256 = sha,
contents = contents,
},
)
}
sqlite.finalize(stmt)
ok = true
return
}
db_vacuum_to_file :: proc(db: ^rawptr, path: string) -> bool {
b: strings.Builder
strings.builder_init(&b)
fmt.sbprintf(&b, "VACUUM INTO '%s'", path)
sql := strings.to_string(b)
rc := sqlite.db_exec(db, string_to_cstring(sql), nil, nil, nil)
if rc != sqlite.OK {
fmt.printf("Error vacuuming database: %s\n", sqlite.db_errmsg(db))
return false
}
return true
}
db_restore_from_age :: proc(db: ^rawptr, cfg: Config) -> bool {
tmp_path := make_temp_path()
defer os.remove(tmp_path)
if !db_decrypt_to_file(tmp_path, cfg.Keys[:]) {
return false
}
if !db_attach_and_copy(db, tmp_path) {
return false
}
return true
}
db_decrypt_to_file :: proc(tmp_path: string, keys: []SshKeyPair) -> bool {
age_path := data_age_path()
args := make([dynamic]string)
append(&args, "age")
append(&args, "--decrypt")
append(&args, "-o")
append(&args, tmp_path)
for key in keys {
append(&args, "-i")
append(&args, key.Private)
}
append(&args, age_path)
desc := os.Process_Desc {
command = args[:],
stdout = os.stderr,
stderr = os.stderr,
}
p, err := os.process_start(desc)
if err != nil {
fmt.printf("Error running age decrypt: %v\n", err)
return false
}
state, wait_err := os.process_wait(p)
if wait_err != nil {
fmt.printf("Error waiting for age: %v\n", wait_err)
return false
}
if state.exit_code != 0 {
fmt.println("Error: age decryption failed")
return false
}
return true
}
db_encrypt_file :: proc(tmp_path: string, keys: []SshKeyPair) -> bool {
age_path := data_age_path()
envr_d := envr_dir()
os.mkdir_all(envr_d)
args := make([dynamic]string)
append(&args, "age")
append(&args, "--encrypt")
for key in keys {
append(&args, "-r")
pub_data, pub_err := os.read_entire_file_from_path(key.Public, context.allocator)
if pub_err != nil {
fmt.printf("Error reading public key: %s\n", key.Public)
return false
}
pub_str := string(pub_data)
if strings.has_suffix(pub_str, "\n") {
pub_str = pub_str[:len(pub_str) - 1]
}
append(&args, pub_str)
}
append(&args, "-o")
append(&args, age_path)
append(&args, tmp_path)
desc := os.Process_Desc {
command = args[:],
stdout = os.stderr,
stderr = os.stderr,
}
p, err := os.process_start(desc)
if err != nil {
fmt.printf("Error running age encrypt: %v\n", err)
return false
}
state, wait_err := os.process_wait(p)
if wait_err != nil {
fmt.printf("Error waiting for age: %v\n", wait_err)
return false
}
if state.exit_code != 0 {
fmt.println("Error: age encryption failed")
return false
}
return true
}
db_attach_and_copy :: proc(mem_db: ^rawptr, src_path: string) -> bool {
b: strings.Builder
strings.builder_init(&b)
fmt.sbprintf(&b, "ATTACH DATABASE '%s' AS source", src_path)
attach_sql := strings.to_string(b)
rc := sqlite.db_exec(mem_db, string_to_cstring(attach_sql), nil, nil, nil)
if rc != sqlite.OK {
fmt.printf("Error attaching database: %s\n", sqlite.db_errmsg(mem_db))
return false
}
rc = sqlite.db_exec(
mem_db,
"INSERT INTO main.envr_env_files SELECT * FROM source.envr_env_files",
nil,
nil,
nil,
)
if rc != sqlite.OK {
fmt.printf("Error copying data: %s\n", sqlite.db_errmsg(mem_db))
sqlite.db_exec(mem_db, "DETACH DATABASE source", nil, nil, nil)
return false
}
sqlite.db_exec(mem_db, "DETACH DATABASE source", nil, nil, nil)
return true
}
get_git_remotes :: proc(dir: string) -> [dynamic]string {
remotes: [dynamic]string
remote_set: map[string]bool
b: strings.Builder
strings.builder_init(&b)
fmt.sbprintf(&b, "%s-git-remotes", make_temp_path())
tmp_path := strings.to_string(b)
tmp_file, tmp_err := os.open(tmp_path, os.O_CREATE | os.O_WRONLY | os.O_TRUNC)
if tmp_err != nil {
return remotes
}
args := []string{"git", "remote", "-v"}
desc := os.Process_Desc {
command = args,
stdout = tmp_file,
stderr = nil,
working_dir = dir,
}
p, start_err := os.process_start(desc)
os.close(tmp_file)
if start_err != nil {
os.remove(tmp_path)
return remotes
}
state, wait_err := os.process_wait(p)
if wait_err != nil || state.exit_code != 0 {
os.remove(tmp_path)
return remotes
}
data, read_err := os.read_entire_file_from_path(tmp_path, context.allocator)
os.remove(tmp_path)
if read_err != nil {
return remotes
}
output_str := string(data)
lines := strings.split(output_str, "\n")
for &line in lines {
line = strings.trim_space(line)
if len(line) == 0 {
continue
}
parts := strings.fields(line)
if len(parts) >= 2 {
remote_set[parts[1]] = true
}
}
for remote, _ in remote_set {
cloned, _ := strings.clone(remote)
append(&remotes, cloned)
}
return remotes
}
new_env_file :: proc(path: string) -> (EnvFile, bool) {
abs_path, abs_err := filepath.abs(path)
if abs_err != nil {
fmt.printf("Error getting absolute path: %v\n", abs_err)
return EnvFile{}, false
}
cloned_path, _ := strings.clone(abs_path)
dir := filepath.dir(cloned_path)
remotes := get_git_remotes(dir)
data, read_err := os.read_entire_file_from_path(cloned_path, context.allocator)
if read_err != nil {
fmt.printf("Error reading file %s: %v\n", cloned_path, read_err)
return EnvFile{}, false
}
digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
hex_bytes, _ := hex.encode(digest)
sha_str := string(hex_bytes)
return EnvFile {
Path = cloned_path,
Dir = dir,
Remotes = remotes,
Sha256 = sha_str,
contents = string(data),
},
true
}
db_insert :: proc(d: ^Db, file: EnvFile) -> bool {
remotes_json, marshal_err := json.marshal(file.Remotes)
if marshal_err != nil {
fmt.printf("Error marshaling remotes: %v\n", marshal_err)
return false
}
sql := "INSERT OR REPLACE INTO envr_env_files (path, remotes, sha256, contents) VALUES (?, ?, ?, ?)"
stmt: ^rawptr
rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
if rc != sqlite.OK {
fmt.printf("Error preparing insert: %s\n", sqlite.db_errmsg(d.db))
return false
}
defer sqlite.finalize(stmt)
rc = sqlite.bind_text(stmt, 1, string_to_cstring(file.Path), -1, nil)
rc = sqlite.bind_text(stmt, 2, string_to_cstring(string(remotes_json)), -1, nil)
rc = sqlite.bind_text(stmt, 3, string_to_cstring(file.Sha256), -1, nil)
rc = sqlite.bind_text(stmt, 4, string_to_cstring(file.contents), -1, nil)
rc = sqlite.step(stmt)
if rc != sqlite.DONE {
fmt.printf("Error inserting: %s\n", sqlite.db_errmsg(d.db))
return false
}
d.changed = true
return true
}
db_fetch :: proc(d: ^Db, path: string) -> (EnvFile, bool) {
sql := "SELECT path, remotes, sha256, contents FROM envr_env_files WHERE path = ?"
stmt: ^rawptr
rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
if rc != sqlite.OK {
fmt.printf("Error preparing fetch: %s\n", sqlite.db_errmsg(d.db))
return EnvFile{}, false
}
defer sqlite.finalize(stmt)
rc = sqlite.bind_text(stmt, 1, string_to_cstring(path), -1, nil)
rc = sqlite.step(stmt)
if rc == sqlite.DONE {
fmt.printf("No file found with path: %s\n", path)
return EnvFile{}, false
}
if rc != sqlite.ROW {
fmt.printf("Error fetching: %s\n", sqlite.db_errmsg(d.db))
return EnvFile{}, false
}
file_path := cstring_to_string(sqlite.column_text(stmt, 0))
remotes_json := cstring_to_string(sqlite.column_text(stmt, 1))
sha := cstring_to_string(sqlite.column_text(stmt, 2))
contents := cstring_to_string(sqlite.column_text(stmt, 3))
remotes: [dynamic]string
if len(remotes_json) > 0 {
json.unmarshal_string(remotes_json, &remotes)
}
cloned_path, _ := strings.clone(file_path)
return EnvFile {
Path = cloned_path,
Dir = filepath.dir(cloned_path),
Remotes = remotes,
Sha256 = sha,
contents = contents,
},
true
}
db_delete :: proc(d: ^Db, path: string) -> bool {
sql := "DELETE FROM envr_env_files WHERE path = ?"
stmt: ^rawptr
rc := sqlite.prepare_v2(d.db, string_to_cstring(sql), -1, &stmt, nil)
if rc != sqlite.OK {
fmt.printf("Error preparing delete: %s\n", sqlite.db_errmsg(d.db))
return false
}
defer sqlite.finalize(stmt)
rc = sqlite.bind_text(stmt, 1, string_to_cstring(path), -1, nil)
rc = sqlite.step(stmt)
if rc != sqlite.DONE {
fmt.printf("Error deleting: %s\n", sqlite.db_errmsg(d.db))
return false
}
if sqlite.changes(d.db) == 0 {
fmt.printf("No file found with path: %s\n", path)
return false
}
d.changed = true
return true
}
cstring_to_string :: proc(cs: cstring) -> string {
if cs == nil {
return ""
}
s, _ := strings.clone_from_cstring(cs)
return s
}
string_to_cstring :: proc(s: string) -> cstring {
cs, _ := strings.clone_to_cstring(s)
return cs
}
db_update_required :: proc(status: SyncResult) -> bool {
s := i32(status)
return (s & (i32(SyncResult.BackedUp) | i32(SyncResult.DirUpdated))) != 0
}
shares_remote :: proc(f: ^EnvFile, remotes: []string) -> bool {
for r1 in f.Remotes {
for r2 in remotes {
if r1 == r2 {
return true
}
}
}
return false
}
update_dir :: proc(f: ^EnvFile, new_dir: string) {
f.Dir = new_dir
base := filepath.base(f.Path)
new_path, _ := strings.concatenate({new_dir, "/", base})
f.Path = new_path
f.Remotes = get_git_remotes(new_dir)
}
find_moved_dirs :: proc(d: ^Db, f: ^EnvFile) -> ([dynamic]string, bool) {
feats := check_features()
if .Fd not_in feats || .Git not_in feats {
fmt.println("Error: fd and git are required for moved dir detection")
return {}, false
}
roots, roots_ok := find_git_roots(d.cfg)
if !roots_ok {
return {}, false
}
moved: [dynamic]string
for root in roots {
remotes := get_git_remotes(root)
if shares_remote(f, remotes[:]) {
cloned, _ := strings.clone(root)
append(&moved, cloned)
}
}
return moved, true
}
env_file_backup :: proc(f: ^EnvFile) -> bool {
data, read_err := os.read_entire_file_from_path(f.Path, context.allocator)
if read_err != nil {
fmt.printf("Error reading file %s: %v\n", f.Path, read_err)
return false
}
f.contents = string(data)
digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
hex_bytes, _ := hex.encode(digest)
f.Sha256 = string(hex_bytes)
return true
}
env_file_sync :: proc(f: ^EnvFile, dir: SyncDirection, d: ^Db) -> (SyncResult, string) {
result: SyncResult = .Noop
err_msg: string
_, stat_err := os.stat(f.Dir, context.allocator)
if stat_err != nil {
moved_dirs: [dynamic]string
if d != nil {
dirs, dirs_ok := find_moved_dirs(d, f)
if !dirs_ok {
return .Error, "failed to find moved dirs"
}
moved_dirs = dirs
}
if len(moved_dirs) == 0 {
return .Error, "directory missing"
} else if len(moved_dirs) == 1 {
update_dir(f, moved_dirs[0])
result = .DirUpdated
} else {
return .Error, "multiple directories found"
}
}
_, file_stat_err := os.stat(f.Path, context.allocator)
if file_stat_err != nil {
write_err := os.write_entire_file(f.Path, f.contents)
if write_err != nil {
msg, _ := strings.concatenate({"failed to write file: ", fmt.tprintf("%v", write_err)})
return .Error, msg
}
s := i32(result) | i32(SyncResult.Restored)
return SyncResult(s), ""
}
data, read_err := os.read_entire_file_from_path(f.Path, context.allocator)
if read_err != nil {
msg, _ := strings.concatenate(
{"failed to read file for SHA comparison: ", fmt.tprintf("%v", read_err)},
)
return .Error, msg
}
digest := hash.hash_bytes(hash.Algorithm.SHA256, data)
hex_bytes, _ := hex.encode(digest)
current_sha := string(hex_bytes)
if current_sha == f.Sha256 {
return result, ""
}
switch dir {
case .TrustDatabase:
write_err := os.write_entire_file(f.Path, f.contents)
if write_err != nil {
msg, _ := strings.concatenate({"failed to write file: ", fmt.tprintf("%v", write_err)})
return .Error, msg
}
s := i32(result) | i32(SyncResult.Restored)
return SyncResult(s), ""
case .TrustFilesystem:
if !env_file_backup(f) {
return .Error, "failed to backup file"
}
return .BackedUp, ""
}
return result, ""
}
db_sync :: proc(d: ^Db, f: ^EnvFile) -> (SyncResult, string) {
return env_file_sync(f, .TrustFilesystem, d)
}

90
db_test.odin
View File

@@ -1,90 +0,0 @@
package main
import "core:testing"
@(test)
test_db_update_required_noop :: proc(t: ^testing.T) {
testing.expect(t, !db_update_required(.Noop), "Noop should not require update")
}
@(test)
test_db_update_required_backed_up :: proc(t: ^testing.T) {
testing.expect(t, db_update_required(.BackedUp), "BackedUp should require update")
}
@(test)
test_db_update_required_dir_updated :: proc(t: ^testing.T) {
testing.expect(t, db_update_required(.DirUpdated), "DirUpdated should require update")
}
@(test)
test_db_update_required_restored :: proc(t: ^testing.T) {
testing.expect(t, !db_update_required(.Restored), "Restored alone should not require update")
}
@(test)
test_db_update_required_error :: proc(t: ^testing.T) {
testing.expect(t, !db_update_required(.Error), "Error alone should not require update")
}
@(test)
test_db_update_required_combined :: proc(t: ^testing.T) {
s := i32(SyncResult.DirUpdated) | i32(SyncResult.Restored)
combined := SyncResult(s)
testing.expect(t, db_update_required(combined), "DirUpdated|Restored should require update")
}
@(test)
test_shares_remote_overlap :: proc(t: ^testing.T) {
f := EnvFile {
Remotes = make([dynamic]string, 2, context.temp_allocator),
}
append(&f.Remotes, "git@github.com:user/repo.git")
append(&f.Remotes, "git@gitlab.com:user/repo.git")
remotes := []string{"git@github.com:user/repo.git"}
testing.expect(t, shares_remote(&f, remotes), "should share remote")
}
@(test)
test_shares_remote_no_overlap :: proc(t: ^testing.T) {
f := EnvFile {
Remotes = make([dynamic]string, 1, context.temp_allocator),
}
append(&f.Remotes, "git@github.com:user/repo.git")
remotes := []string{"git@github.com:other/repo.git"}
testing.expect(t, !shares_remote(&f, remotes), "should not share remote")
}
@(test)
test_shares_remote_empty_file_remotes :: proc(t: ^testing.T) {
f := EnvFile {
Remotes = make([dynamic]string, 0, context.temp_allocator),
}
remotes := []string{"git@github.com:user/repo.git"}
testing.expect(t, !shares_remote(&f, remotes), "empty file remotes should not share")
}
@(test)
test_shares_remote_empty_check_remotes :: proc(t: ^testing.T) {
f := EnvFile {
Remotes = make([dynamic]string, 1, context.temp_allocator),
}
append(&f.Remotes, "git@github.com:user/repo.git")
remotes: []string
testing.expect(t, !shares_remote(&f, remotes), "empty check remotes should not share")
}
@(test)
test_shares_remote_both_empty :: proc(t: ^testing.T) {
f := EnvFile {
Remotes = make([dynamic]string, 0),
}
remotes: []string
testing.expect(t, !shares_remote(&f, remotes), "both empty should not share")
}

3
docs/cli/envr.md
View File

@@ -44,8 +44,7 @@ at before, restore your backup with:
### SEE ALSO ### SEE ALSO
* [envr backup](envr_backup.md) - Import a .env file into envr * [envr backup](envr_backup.md) - Import a .env file into envr
* [envr check](envr_check.md) - check if files in the current directory are backed up * [envr check](envr_check.md) - Check for missing binaries
* [envr deps](envr_deps.md) - Check for missing binaries
* [envr edit-config](envr_edit-config.md) - Edit your config with your default editor * [envr edit-config](envr_edit-config.md) - Edit your config with your default editor
* [envr init](envr_init.md) - Set up envr * [envr init](envr_init.md) - Set up envr
* [envr list](envr_list.md) - View your tracked files * [envr list](envr_list.md) - View your tracked files

10
docs/cli/envr_check.md
View File

@@ -1,9 +1,15 @@
## envr check ## envr check
check if files in the current directory are backed up Check for missing binaries
### Synopsis
envr relies on external binaries for certain functionality.
The check command reports on which binaries are available and which are not.
``` ```
envr check [path] [flags] envr check [flags]
``` ```
### Options ### Options

24
docs/cli/envr_deps.md
View File

@@ -1,24 +0,0 @@
## envr deps
Check for missing binaries
### Synopsis
envr relies on external binaries for certain functionality.
The check command reports on which binaries are available and which are not.
```
envr deps [flags]
```
### Options
```
-h, --help help for deps
```
### SEE ALSO
* [envr](envr.md) - Manage your .env files.

5
docs/cli/envr_init.md
View File

@@ -12,14 +12,13 @@ encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
key somewhere, otherwise your data could be lost forever. key somewhere, otherwise your data could be lost forever.
``` ```
envr init [flags] envr init
``` ```
### Options ### Options
``` ```
-f, --force Overwrite an existing config -h, --help help for init
-h, --help help for init
``` ```
### SEE ALSO ### SEE ALSO

55
features.odin
View File

@@ -1,55 +0,0 @@
package main
import "base:runtime"
import "core:mem"
import "core:os"
import "core:strings"
Feature :: enum {
Git,
Fd,
Age,
}
AvailableFeatures :: bit_set[Feature]
check_features :: proc() -> AvailableFeatures {
feats: AvailableFeatures
s: mem.Scratch
mem.scratch_init(&s, 4 * mem.DEFAULT_PAGE_SIZE)
defer mem.scratch_destroy(&s)
context.temp_allocator = mem.scratch_allocator(&s)
path_env := os.get_env("PATH", context.temp_allocator)
paths := strings.split(path_env, ":", context.temp_allocator)
if find_binary(paths, "git") != "" {
feats += {.Git}
}
if find_binary(paths, "fd") != "" {
feats += {.Fd}
}
if find_binary(paths, "age") != "" {
feats += {.Age}
}
return feats
}
find_binary :: proc(
paths: []string,
name: string,
allocator: runtime.Allocator = context.temp_allocator,
) -> string {
for p in paths {
candidate := strings.join({strings.trim_right(p, "/"), name}, "/", allocator)
_, err := os.stat(candidate, allocator)
if err == nil {
return candidate
}
}
return ""
}

34
features_test.odin
View File

@@ -1,34 +0,0 @@
package main
import "core:os"
import "core:strings"
import "core:testing"
@(test)
test_find_binary_exists :: proc(t: ^testing.T) {
path := os.get_env("PATH", context.temp_allocator)
paths := strings.split(path, ":", context.temp_allocator)
result := find_binary(paths, "sh")
testing.expect(t, result != "", "sh should be found on PATH")
}
@(test)
test_find_binary_not_exists :: proc(t: ^testing.T) {
old_path := os.get_env("PATH", context.temp_allocator)
defer {
if old_path != "" {
os.set_env("PATH", old_path)
}
}
os.set_env("PATH", "/tmp/envr-nope")
path := os.get_env("PATH", context.temp_allocator)
paths := strings.split(path, ":", context.temp_allocator)
result := find_binary(paths, "no_such_binary_xyz")
testing.expect(t, result == "", "nonexistent binary should not be found")
}

21
fixtures/default_config.json
View File

@@ -1,21 +0,0 @@
{
"db_path": "~/.envr/data.age",
"keys": [
{
"private": "~/.ssh/id_ed25519",
"public": "~/.ssh/id_ed25519.pub"
}
],
"scan": {
"matcher": "\\.env",
"exclude": [
"*\\.envrc",
"\\.local",
"node_modules",
"vendor"
],
"include": [
"~"
]
}
}

BIN
fixtures/encrypted-example.db.age
View File

Binary file not shown.

BIN
fixtures/encrypted-single-file.db.age
View File

Binary file not shown.

BIN
fixtures/example.db
View File

Binary file not shown.

5
fixtures/hello-world.age
View File

@@ -1,5 +0,0 @@
age-encryption.org/v1
-> ssh-ed25519 Boe0UQ 2ngx7jSJ8/yuAzTgeiiCTYZRSkBCeJfaHTL0u7k6ziU
0XmEy0bOTeW1MF9ev32n4xISPDl9UQNHzEB0vsZHDuU
--- UV7IjWFCCg79Pf3T9vUWBxT4MhgeARWp6E+LK9tMy1g
u‡No2Zÿꥡé–Ý…++˜‡°ð¾ÓYÏóíð<C3AD>y:æ@' xP¾

1
fixtures/hello-world.txt
View File

@@ -1 +0,0 @@
Hello, World!

7
fixtures/insecure-test-key
View File

@@ -1,7 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACCbll0MJper9prPwGn2wwikH3hTByL8tlzmhViuvfrryAAAAJCkxfzapMX8
2gAAAAtzc2gtZWQyNTUxOQAAACCbll0MJper9prPwGn2wwikH3hTByL8tlzmhViuvfrryA
AAAEDXQExhs89b3fjqJHkhuo9QX4JEjXiEC+vSnCAYc8OxcpuWXQwml6v2ms/AafbDCKQf
eFMHIvy2XOaFWK69+uvIAAAACnNwZW5jZXJAZncBAgM=
-----END OPENSSH PRIVATE KEY-----

1
fixtures/insecure-test-key.pub
View File

@@ -1 +0,0 @@
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJuWXQwml6v2ms/AafbDCKQfeFMHIvy2XOaFWK69+uvI spencer@fw

BIN
fixtures/single-file.db
View File

Binary file not shown.

30
flake.lock generated
View File

@@ -5,11 +5,11 @@
"nixpkgs-lib": "nixpkgs-lib" "nixpkgs-lib": "nixpkgs-lib"
}, },
"locked": { "locked": {
"lastModified": 1778716662, "lastModified": 1751413152,
"narHash": "sha256-m1Yf0wZ8j1OHjTc2UwHwyQRSnNeSgLJOd7q5Y45hzi4=", "narHash": "sha256-Tyw1RjYEsp5scoigs1384gIg6e0GoBVjms4aXFfRssQ=",
"owner": "hercules-ci", "owner": "hercules-ci",
"repo": "flake-parts", "repo": "flake-parts",
"rev": "f7c1a2d347e4c52d5fb8d10cb4d94b5884e546fb", "rev": "77826244401ea9de6e3bac47c2db46005e1f30b5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -20,11 +20,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1767313136, "lastModified": 1761597516,
"narHash": "sha256-16KkgfdYqjaeRGBaYsNrhPRRENs0qzkQVUooNHtoy2w=", "narHash": "sha256-wxX7u6D2rpkJLWkZ2E932SIvDJW8+ON/0Yy8+a5vsDU=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "ac62194c3917d5f474c1a844b6fd6da2db95077d", "rev": "daf6dc47aa4b44791372d6139ab7b25269184d55",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -36,11 +36,11 @@
}, },
"nixpkgs-lib": { "nixpkgs-lib": {
"locked": { "locked": {
"lastModified": 1777168982, "lastModified": 1751159883,
"narHash": "sha256-GOkGPcboWE9BmGCRMLX3worL4EMnsnG8MyKmXNeYuhQ=", "narHash": "sha256-urW/Ylk9FIfvXfliA1ywh75yszAbiTEVgpPeinFyVZo=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nixpkgs.lib", "repo": "nixpkgs.lib",
"rev": "f5901329dade4a6ea039af1433fb087bd9c1fe14", "rev": "14a40a1d7fb9afa4739275ac642ed7301a9ba1ab",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -51,11 +51,11 @@
}, },
"nixpkgs-unstable": { "nixpkgs-unstable": {
"locked": { "locked": {
"lastModified": 1781173989, "lastModified": 1751949589,
"narHash": "sha256-fnzKKPvS+oieI/pTzotA5tkoM47EB1NpaBcgk4R97hE=", "narHash": "sha256-mgFxAPLWw0Kq+C8P3dRrZrOYEQXOtKuYVlo9xvPntt8=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "8c91a71d13451abc40eb9dae8910f972f979852f", "rev": "9b008d60392981ad674e04016d25619281550a9d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@@ -80,11 +80,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1780220602, "lastModified": 1752055615,
"narHash": "sha256-eynAfOmbmxJnkp7YewvCEbShNnnYJ9gLLqkzsYtBPeM=", "narHash": "sha256-19m7P4O/Aw/6+CzncWMAJu89JaKeMh3aMle1CNQSIwM=",
"owner": "numtide", "owner": "numtide",
"repo": "treefmt-nix", "repo": "treefmt-nix",
"rev": "db947814a175b7ca6ded66e21383d938df01c227", "rev": "c9d477b5d5bd7f26adddd3f96cfd6a904768d4f9",
"type": "github" "type": "github"
}, },
"original": { "original": {

22
flake.nix
View File

@@ -21,12 +21,7 @@
imports = [ imports = [
inputs.treefmt-nix.flakeModule inputs.treefmt-nix.flakeModule
]; ];
systems = [ systems = [ "x86_64-linux" ];
"x86_64-linux"
"aarch64-linux"
"aarch64-darwin"
];
perSystem = perSystem =
{ pkgs, system, inputs', ... }: { { pkgs, system, inputs', ... }: {
@@ -61,7 +56,7 @@
packages.default = pkgs.buildGoModule rec { packages.default = pkgs.buildGoModule rec {
pname = "envr"; pname = "envr";
version = "0.2.0"; version = "0.1.0";
src = ./.; src = ./.;
# If the build complains, uncomment this line # If the build complains, uncomment this line
# vendorHash = "sha256:0000000000000000000000000000000000000000000000000000"; # vendorHash = "sha256:0000000000000000000000000000000000000000000000000000";
@@ -93,23 +88,10 @@
nushell nushell
go go
gopls gopls
sqlite
gotools gotools
cobra-cli cobra-cli
age
sqlite
unstable.odin
unstable.ols
# Build tools
age
unstable.cargo
zip
opencode
# IDE # IDE
unstable.helix unstable.helix
typescript-language-server typescript-language-server

44
main.odin
View File

@@ -1,44 +0,0 @@
package main
import "core:fmt"
import "core:os"
main :: proc() {
cmd, ok := parse_args()
if !ok {
return
}
switch cmd.name {
case "init":
cmd_init(&cmd)
case "version":
cmd_version(&cmd)
case "deps":
cmd_deps(&cmd)
case "list":
cmd_list(&cmd)
case "backup", "add":
cmd_backup(&cmd)
case "remove":
cmd_remove(&cmd)
case "restore":
cmd_restore(&cmd)
case "edit-config":
cmd_edit_config(&cmd)
case "check":
cmd_check(&cmd)
case "scan":
cmd_scan(&cmd)
case "sync":
cmd_sync(&cmd)
case "nushell-completion":
cmd_nushell_completion(&cmd)
case:
fmt.printf("Unknown command: %s\n", cmd.name)
print_usage()
os.exit(1)
}
}

71
mod.nu
View File

@@ -1,71 +0,0 @@
# envr command extern definitions for Nushell
# A tool for managing environment files and backups
export def tracked-paths [] {
(
^envr list
| from json
| each {
[$in.directory $in.path] | path join
}
)
}
export def untracked-paths [] {
(
^envr scan
| from json
)
}
export extern envr [
...args: any
--help(-h) # Show help information
]
export extern "envr backup" [
--help(-h) # Show help for backup command
path: path@untracked-paths # Path to .env file to backup
]
export extern "envr check" [
--help(-h) # Show help for check command
]
export extern "envr edit-config" [
--help(-h) # Show help for edit-config command
]
export extern "envr help" [
command?: string # Show help for specific command
]
export extern "envr init" [
--help(-h) # Show help for init command
]
export extern "envr list" [
--help(-h) # Show help for list command
]
export extern "envr remove" [
--help(-h) # Show help for remove command
path: path@tracked-paths
]
export extern "envr restore" [
--help(-h) # Show help for restore command
path: path@tracked-paths
]
export extern "envr scan" [
--help(-h) # Show help for scan command
]
export extern "envr sync" [
--help(-h) # Show help for sync command
]
export extern "envr nushell-completion" [
--help(-h) # Show help for nushell-completion command
]

193
prompt.odin
View File

@@ -1,193 +0,0 @@
package main
import "core:fmt"
import "core:sys/posix"
Raw_State :: struct {
original: posix.termios,
fd: posix.FD,
}
enable_raw_mode :: proc(fd: posix.FD) -> (Raw_State, bool) {
state: Raw_State
state.fd = fd
if posix.tcgetattr(fd, &state.original) != .OK {
return state, false
}
attr: posix.termios = state.original
attr.c_lflag -= {.ICANON, .ECHO, .ISIG, .IEXTEN}
attr.c_iflag -= {.IXON, .ICRNL, .BRKINT, .INPCK, .ISTRIP}
attr.c_oflag -= {.OPOST}
attr.c_cflag += {.CS8}
attr.c_cc[.VMIN] = 1
attr.c_cc[.VTIME] = 0
if posix.tcsetattr(fd, .TCSAFLUSH, &attr) != .OK {
return state, false
}
return state, true
}
disable_raw_mode :: proc(state: ^Raw_State) {
posix.tcsetattr(state.fd, .TCSAFLUSH, &state.original)
}
Key :: enum {
Up,
Down,
Space,
Enter,
Escape,
Unknown,
}
read_key :: proc() -> Key {
buf: [3]u8
n := posix.read(posix.STDIN_FILENO, &buf[0], 1)
if n <= 0 {
return .Unknown
}
switch buf[0] {
case ' ':
return .Space
case '\n', '\r':
return .Enter
case 0x03:
return .Escape
case 0x1b:
tv: posix.timeval
tv.tv_sec = 0
tv.tv_usec = posix.suseconds_t(100000)
set: posix.fd_set
posix.FD_ZERO(&set)
posix.FD_SET(posix.STDIN_FILENO, &set)
ready := posix.select(1, &set, nil, nil, &tv)
if ready <= 0 {
return .Escape
}
n2 := posix.read(posix.STDIN_FILENO, &buf[1], 1)
if n2 <= 0 || buf[1] != '[' {
return .Escape
}
posix.FD_ZERO(&set)
posix.FD_SET(posix.STDIN_FILENO, &set)
tv.tv_sec = 0
tv.tv_usec = posix.suseconds_t(100000)
ready = posix.select(1, &set, nil, nil, &tv)
if ready <= 0 {
return .Escape
}
n3 := posix.read(posix.STDIN_FILENO, &buf[2], 1)
if n3 <= 0 {
return .Escape
}
switch buf[2] {
case 'A':
return .Up
case 'B':
return .Down
case:
return .Escape
}
case:
return .Unknown
}
}
MultiSelect_Result :: enum {
Confirm,
Cancel,
}
MAX_VISIBLE :: 7
multi_select :: proc(
prompt: string,
options: []string,
) -> (selected: [dynamic]bool, result: MultiSelect_Result) {
if len(options) == 0 {
return
}
selected = make([dynamic]bool, len(options))
cursor: int = 0
scroll_offset: int = 0
fmt.printf("\x1b[?25l")
visible := render_options(prompt, options, selected[:], cursor, scroll_offset)
raw, ok := enable_raw_mode(posix.STDIN_FILENO)
if !ok {
fmt.printf("\x1b[?25h")
return
}
defer disable_raw_mode(&raw)
for {
key := read_key()
switch key {
case .Up:
if cursor > 0 {
cursor -= 1
}
case .Down:
if cursor < len(options) - 1 {
cursor += 1
}
case .Space:
selected[cursor] = !selected[cursor]
case .Enter:
fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
result = .Confirm
return
case .Escape:
fmt.printf("\x1b[%dA\x1b[J\x1b[?25h", visible + 1)
result = .Cancel
return
case .Unknown:
}
scroll_offset = max(0, min(cursor - MAX_VISIBLE / 2, len(options) - MAX_VISIBLE))
fmt.printf("\x1b[%dA\x1b[0J", visible + 1)
visible = render_options(prompt, options, selected[:], cursor, scroll_offset)
}
}
render_options :: proc(prompt: string, options: []string, selected: []bool, cursor: int, scroll_offset: int) -> int {
fmt.printf(
"\x1b[1;36m%s\x1b[0m (↑/↓ move, space select, enter confirm)\r\n",
prompt,
)
end := scroll_offset + MAX_VISIBLE
if end > len(options) {
end = len(options)
}
for i in scroll_offset..<end {
checkbox := " "
if selected[i] {
checkbox = "x"
}
if i == cursor {
fmt.printf("\x1b[1;32m> \x1b[0m[\x1b[32m%s\x1b[0m] %s\r\n", checkbox, options[i])
} else {
fmt.printf(" [\x1b[2m%s\x1b[0m] %s\r\n", checkbox, options[i])
}
}
return end - scroll_offset
}

146
scan.odin
View File

@@ -1,146 +0,0 @@
package main
import "core:fmt"
import "core:os"
import "core:strings"
import "core:sync"
fd_counter: sync.Atomic_Mutex
fd_seq: int
// Caller is responsible for freeing paths
scan_path :: proc(search_path: string, cfg: Config) -> (paths: [dynamic]string, ok: bool) {
if is_tty() {
fmt.printf("Searching for all files in \"%s\"...\n", search_path)
}
all_files, all_ok := run_fd(build_fd_args(search_path, cfg, true))
if !all_ok {
return
}
if is_tty() {
fmt.printf("Search for unignored fies in \"%s\"...\n", search_path)
}
unignored_files, unignored_ok := run_fd(build_fd_args(search_path, cfg, false))
if !unignored_ok {
return
}
unignored_set := make(map[string]bool, len(unignored_files), context.temp_allocator)
for file in unignored_files {
unignored_set[file] = true
}
for file in all_files {
if !(file in unignored_set) {
append(&paths, file)
}
}
ok = true
return
}
@(private = "file")
build_fd_args :: proc(search_path: string, cfg: Config, include_ignored: bool) -> []string {
args_len := 3 + 2 * len(cfg.ScanConfig.Exclude) + 2
args := make([dynamic]string, 0, args_len, context.temp_allocator)
append(&args, "fd")
append(&args, "-a")
append(&args, cfg.ScanConfig.Matcher)
for exclude in cfg.ScanConfig.Exclude {
append(&args, "-E")
append(&args, exclude)
}
if include_ignored {
append(&args, "-HI")
} else {
append(&args, "-H")
}
append(&args, search_path)
return args[:]
}
run_fd :: proc(args: []string) -> (lines: []string, ok: bool) {
tmp_path := next_fd_tmp_path()
tmp_file, tmp_err := os.open(tmp_path, os.O_CREATE | os.O_WRONLY | os.O_TRUNC)
if tmp_err != nil {
return
}
desc := os.Process_Desc {
command = args,
stdout = tmp_file,
stderr = nil,
}
p, start_err := os.process_start(desc)
os.close(tmp_file)
if start_err != nil {
os.remove(tmp_path)
return
}
state, wait_err := os.process_wait(p)
if wait_err != nil || state.exit_code != 0 {
os.remove(tmp_path)
return
}
data, read_err := os.read_entire_file_from_path(tmp_path, context.temp_allocator)
os.remove(tmp_path)
if read_err != nil {
return
}
output := string(data)
output = strings.trim_space(output)
if len(output) == 0 {
ok = true
return
}
raw_lines := strings.split(output, "\n", context.temp_allocator)
result := make([dynamic]string, 0, len(raw_lines), context.temp_allocator)
for line in raw_lines {
trimmed := strings.trim_space(line)
if len(trimmed) > 0 {
append(&result, trimmed)
}
}
return result[:], true
}
@(private = "file")
next_fd_tmp_path :: proc() -> string {
sync.atomic_mutex_lock(&fd_counter)
n := fd_seq
fd_seq += 1
sync.atomic_mutex_unlock(&fd_counter)
return fmt.tprintf("/tmp/envr-fd-%d-%d", os.get_pid(), n)
}
cant_scan :: proc(feats: AvailableFeatures) -> bool {
return Feature.Fd not_in feats
}
find_unbacked :: proc(local_files: []string, db_files: []EnvFile) -> []string {
// Lives until the end of the function
backed_set := make(map[string]bool, len(db_files), context.temp_allocator)
for file in db_files {
backed_set[file.Path] = true
}
unbacked := make([dynamic]string, 0, len(db_files) / 2, context.temp_allocator)
for file in local_files {
if !(file in backed_set) {
append(&unbacked, file)
}
}
return unbacked[:]
}

87
scan_test.odin
View File

@@ -1,87 +0,0 @@
package main
import "core:fmt"
import "core:os"
import "core:path/filepath"
import "core:testing"
@(test)
test_scan_path_finds_gitignored_env_files :: proc(t: ^testing.T) {
feats := check_features()
testing.expect(t, cant_scan(feats) == false)
base := fmt.tprintf("/tmp/envr-scan-test-%d", os.get_pid())
os.mkdir_all(base)
defer os.remove_all(base)
git_init := os.Process_Desc {
command = []string{"git", "-c", "advice.defaultBranchName=false", "init", "-q"},
working_dir = base,
stdout = os.stderr,
stderr = os.stderr,
}
p, err := os.process_start(git_init)
if err != nil {
return
}
_, wait_err := os.process_wait(p)
if wait_err != nil {
return
}
gitignore_path := fmt.tprintf("%s/.gitignore", base)
_ = os.write_entire_file(gitignore_path, ".env*\n")
_ = os.write_entire_file(fmt.tprintf("%s/.env", base), "SECRET=1")
_ = os.write_entire_file(fmt.tprintf("%s/.env.testing", base), "TEST=1")
_ = os.write_entire_file(fmt.tprintf("%s/config.yaml", base), "key: value")
cfg := Config {
ScanConfig = ScanConfig{Matcher = "\\.env"},
}
results, ok := scan_path(base, cfg)
defer delete(results)
testing.expect(t, ok, "scan_path should succeed")
found_env := false
found_testing := false
found_config := false
for path in results {
_, filename := filepath.split(path)
if filename == ".env" {
found_env = true
}
if filename == ".env.testing" {
found_testing = true
}
if filename == "config.yaml" {
found_config = true
}
}
testing.expect(t, found_env, "should find .env (gitignored)")
testing.expect(t, found_testing, "should find .env.testing (gitignored)")
testing.expect(t, !found_config, "should NOT find config.yaml (not gitignored)")
}
@(test)
test_scan_path_empty_dir :: proc(t: ^testing.T) {
feats := check_features()
testing.expect(t, cant_scan(feats) == false)
base := fmt.tprintf("/tmp/envr-scan-empty-%d", os.get_pid())
os.mkdir_all(base)
defer os.remove_all(base)
cfg := Config {
ScanConfig = ScanConfig{Matcher = "\\.env"},
}
results, ok := scan_path(base, cfg)
defer delete(results)
testing.expect(t, ok, "scan_path should succeed")
testing.expect(t, len(results) == 0, fmt.tprintf("expected 0 results, got %d", len(results)))
}

34
sqlite/sqlite.odin
View File

@@ -1,34 +0,0 @@
package sqlite
import "core:c"
foreign import lib "system:sqlite3"
OK :: 0
ROW :: 100
DONE :: 101
foreign lib {
@(link_name="sqlite3_open")
db_open :: proc(filename: cstring, ppDb: ^^rawptr) -> c.int ---
@(link_name="sqlite3_close")
db_close :: proc(db: ^rawptr) -> c.int ---
@(link_name="sqlite3_errmsg")
db_errmsg :: proc(db: ^rawptr) -> cstring ---
@(link_name="sqlite3_exec")
db_exec :: proc(db: ^rawptr, sql: cstring, callback: rawptr, callback_arg: rawptr, errmsg: ^cstring) -> c.int ---
@(link_name="sqlite3_prepare_v2")
prepare_v2 :: proc(db: ^rawptr, sql: cstring, nByte: c.int, ppStmt: ^^rawptr, pzTail: ^cstring) -> c.int ---
@(link_name="sqlite3_step")
step :: proc(stmt: ^rawptr) -> c.int ---
@(link_name="sqlite3_finalize")
finalize :: proc(stmt: ^rawptr) -> c.int ---
@(link_name="sqlite3_column_text")
column_text :: proc(stmt: ^rawptr, iCol: c.int) -> cstring ---
@(link_name="sqlite3_column_bytes")
column_bytes :: proc(stmt: ^rawptr, iCol: c.int) -> c.int ---
@(link_name="sqlite3_bind_text")
bind_text :: proc(stmt: ^rawptr, idx: c.int, val: cstring, n: c.int, destructor: rawptr) -> c.int ---
@(link_name="sqlite3_changes")
changes :: proc(db: ^rawptr) -> c.int ---
}

226
src/Config.zig
View File

@@ -1,226 +0,0 @@
const std = @import("std");
db_path: []const u8 = "~/.envr/data.age",
/// Keys that are available for encryption
keys: []const SSHKeyPair = &.{
.from_pub_path("~/.ssh/id_ed25519.pub"),
},
/// Rules for how to match the scan command
scan: ScanConfig = .default,
// TODO: Allow incomplete pairs
pub const SSHKeyPair = struct {
private: []const u8,
public: []const u8,
/// Caller owns the returned memory
pub fn from_path(
gpa: std.mem.Allocator,
path: []const u8,
) error{OutOfMemory}!SSHKeyPair {
if (std.mem.eql(u8, std.fs.path.extension(path), ".pub")) {
return from_pub_path(path);
} else {
return .{
.public = try std.mem.concat(gpa, u8, &.{ path, ".pub" }),
.private = path,
};
}
}
pub fn from_pub_path(path: []const u8) SSHKeyPair {
std.debug.assert(std.mem.eql(u8, std.fs.path.extension(path), ".pub"));
return .{
.public = path,
.private = path[0 .. path.len - 4],
};
}
};
/// Configuration for the scan command
pub const ScanConfig = struct {
/// the file extension to look for
matcher: []const u8,
/// Glob patterns to ignore
exclude: []const []const u8,
/// paths to search in
include: []const []const u8,
const default: @This() = .{
.matcher = "\\.env",
.exclude = &.{
"*\\.envrc",
"\\.local",
"node_modules",
"vendor",
},
.include = &.{"~"},
};
};
/// Load the Config from the file at path
/// TODO: Use a concrete error set
pub fn load(
io: std.Io,
gpa: std.mem.Allocator,
path: []const u8,
) !std.json.Parsed(@This()) {
var file = try std.Io.Dir.cwd().openFile(
io,
path,
.{ .mode = .read_only },
);
defer file.close(io);
var buffer: [4096]u8 = undefined;
var reader = file.reader(io, &buffer);
var json_reader: std.json.Reader = .init(gpa, &reader.interface);
defer json_reader.deinit();
return try std.json.parseFromTokenSource(
@This(),
gpa,
&json_reader,
.{},
);
}
/// Save the config to the given file
pub fn save(
self: *@This(),
io: std.Io,
dir: std.Io.Dir,
path: []const u8,
) !void {
// TODO: Remove dependence on string?
var string: std.Io.Writer.Allocating = .init(std.testing.allocator);
defer string.deinit();
try string.writer.print(
"{f}",
.{std.json.fmt(self, .{ .whitespace = .indent_2 })},
);
var file = try dir.createFile(io, path, .{ .truncate = true });
defer file.close(io);
try file.writeStreamingAll(io, string.written());
}
test "loading the default config from disk matches expected values" {
const gpa = std.testing.allocator;
const parsed = try load(std.testing.io, gpa, "./fixtures/default_config.json");
defer parsed.deinit();
const got = parsed.value;
try std.testing.expectEqualDeep(got.scan, ScanConfig.default);
}
test "saving to a new file upserts the file" {
const io = std.testing.io;
var cfg: @This() = .{};
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
var dir = tmp.dir;
try std.testing.expectError(
error.FileNotFound,
dir.statFile(io, "config.json", .{}),
);
try cfg.save(io, dir, "config.json");
const contents = try dir.readFileAlloc(
io,
"config.json",
std.testing.allocator,
.unlimited,
);
defer std.testing.allocator.free(contents);
const want =
\\{
\\ "db_path": "~/.envr/data.age",
\\ "keys": [
\\ {
\\ "private": "~/.ssh/id_ed25519",
\\ "public": "~/.ssh/id_ed25519.pub"
\\ }
\\ ],
\\ "scan": {
\\ "matcher": "\\.env",
\\ "exclude": [
\\ "*\\.envrc",
\\ "\\.local",
\\ "node_modules",
\\ "vendor"
\\ ],
\\ "include": [
\\ "~"
\\ ]
\\ }
\\}
;
try std.testing.expectEqualSlices(u8, want, contents);
}
test "saving to an existing file updates the file" {
const io = std.testing.io;
var cfg: @This() = .{};
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
var dir = tmp.dir;
try dir.writeFile(io, .{ .sub_path = "config.json", .data = "{}" });
_ = try dir.statFile(io, "config.json", .{});
try cfg.save(io, dir, "config.json");
const contents = try dir.readFileAlloc(
io,
"config.json",
std.testing.allocator,
.unlimited,
);
defer std.testing.allocator.free(contents);
const want =
\\{
\\ "db_path": "~/.envr/data.age",
\\ "keys": [
\\ {
\\ "private": "~/.ssh/id_ed25519",
\\ "public": "~/.ssh/id_ed25519.pub"
\\ }
\\ ],
\\ "scan": {
\\ "matcher": "\\.env",
\\ "exclude": [
\\ "*\\.envrc",
\\ "\\.local",
\\ "node_modules",
\\ "vendor"
\\ ],
\\ "include": [
\\ "~"
\\ ]
\\ }
\\}
;
try std.testing.expectEqualSlices(u8, want, contents);
}

488
src/Db.zig
View File

@@ -1,488 +0,0 @@
//! Db interacts with an age encrypted sqlite database.
//!
const std = @import("std");
const sqlite = @import("sqlite");
const age = @import("age.zig");
const Config = @import("Config.zig");
/// controls the keys and filepaths used for saving
opts: OpenOptions,
/// The underlying data store.
sql_db: sqlite.Db,
/// Set to true whenever the data updates. If false when close() is called,
/// the database will be closed without saving
changed: bool = false,
/// Decrypts the database into a temporary file and opens it in memory
// FIXME: Test me with real file
pub fn open(
io: std.Io,
gpa: std.mem.Allocator,
opts: OpenOptions,
) !@This() {
// FIXME: cheating here
const db_path = try std.fs.path.join(gpa, &.{
opts.home,
opts.config.db_path[2..],
});
defer gpa.free(db_path);
// const tmp_dir = try std.Io.Dir.cwd().openDir(io, tmp, .{});
// defer tmp_dir.deleteFile(io, "envr.db");
const tmp_db_path = try std.fs.path.joinZ(gpa, &.{ opts.tmp, "envr.db" });
defer gpa.free(tmp_db_path);
if (db_exists(io, db_path)) {
// TODO: Use std.MultiArrayList? Had json issues
{
var private_keys: std.ArrayList([]const u8) = try .initCapacity(
gpa,
opts.config.keys.len,
);
defer private_keys.deinit(gpa);
for (opts.config.keys) |key| {
// FIXME: cheating here
if (std.mem.startsWith(u8, key.private, "~/")) {
const key_path = try std.fs.path.join(gpa, &.{
opts.home,
key.private[2..],
});
private_keys.appendAssumeCapacity(key_path);
// defer gpa.free(key_path);
} else {
private_keys.appendAssumeCapacity(key.private);
}
}
// TODO: Pass key(s) from Config
try age.decrypt(io, gpa, private_keys.items, db_path, tmp_db_path);
for (opts.config.keys, 0..) |key, i| {
if (std.mem.startsWith(u8, key.private, "~/")) {
gpa.free(private_keys.items[i]);
}
}
}
}
return open_decrypted(opts, tmp_db_path);
}
const OpenOptions = struct {
config: Config = .{},
/// The path to the home directory
home: []const u8 = "~/",
/// The path to the /tmp directory
// FIXME: Support windows
tmp: []const u8 = "/tmp",
};
/// Create a new instance of the database
fn open_decrypted(opts: OpenOptions, tmp_db_path: [:0]const u8) !@This() {
var db = try sqlite.Db.init(.{
.mode = .{ .File = tmp_db_path },
.open_flags = .{
.write = true,
.create = true,
},
.threading_mode = .MultiThread,
});
try db.exec(
\\create table if not exists envr_env_files (
\\ path text primary key not null
\\, remotes text -- JSON
\\, sha256 text not null
\\, contents text not null
\\)
, .{}, .{});
return .{
.sql_db = db,
.opts = opts,
};
}
/// Returns true if a file exists at ~/.envr/data.age
fn db_exists(io: std.Io, path: []const u8) bool {
if (std.Io.Dir.cwd().access(io, path, .{ .read = true })) {
return true;
} else |_| {
return false;
}
}
// TODO: Finish
// pub fn tmpDir(opts: std.fs.Dir.OpenDirOptions) TmpDir {
// var random_bytes: [TmpDir.random_bytes_count]u8 = undefined;
// std.crypto.random.bytes(&random_bytes);
// var sub_path: [TmpDir.sub_path_len]u8 = undefined;
// _ = std.fs.base64_encoder.encode(&sub_path, &random_bytes);
// }
//
// const TmpDir = struct {};
/// Close the database
/// FIXME: Test me with data but no changes
/// FIXME: Test me with data and changes
pub fn close(
self: *@This(),
io: std.Io,
gpa: std.mem.Allocator,
) !void {
defer self.sql_db.deinit();
if (self.changed) {
const tmp_db_path = try std.fs.path.join(gpa, &.{ self.opts.tmp, "envr.db" });
defer gpa.free(tmp_db_path);
try self.sql_db.exec("VACUUM INTO ?", .{}, .{tmp_db_path});
const db_path = try std.fs.path.join(gpa, &.{ self.opts.home, ".envr", "data.age" });
defer gpa.free(db_path);
{
// TODO: Use std.MultiArrayList? Had json issues
var public_keys: std.ArrayList([]const u8) = try .initCapacity(
gpa,
self.opts.config.keys.len,
);
defer public_keys.deinit(gpa);
for (self.opts.config.keys) |key| {
public_keys.appendAssumeCapacity(key.private);
}
try age.encrypt(io, gpa, public_keys.items, tmp_db_path, db_path);
}
self.changed = false;
}
}
/// Returns a list of all the .env files present in the database.
/// The caller is responsible for freeing memory
pub fn list(self: *@This(), gpa: std.mem.Allocator) ![]EnvFile {
var stmt = try self.sql_db.prepare(
"select path, remotes, sha256, contents from envr_env_files",
);
defer stmt.deinit();
return stmt.all(EnvFile, gpa, .{}, .{});
}
pub const EnvFile = struct {
// TODO: Should use file_name in the struct and derive from the path.
path: []const u8,
// /// dir is derived from Path, and is not stored in the database.
// dir: []const u8,
/// JSON encoded list of strings
remotes: []const u8,
sha256: []const u8,
contents: []const u8,
pub fn deinit(self: *EnvFile, alloc: std.mem.Allocator) void {
alloc.free(self.path);
alloc.free(self.remotes);
alloc.free(self.sha256);
alloc.free(self.contents);
}
};
test {
std.testing.refAllDecls(@import("age.zig"));
}
test "simple database can be opened" {
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = "./fixtures/example.db" },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}
test "encrypted database can be opened" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const decrypted_path = try std.fs.path.joinZ(gpa, &.{ dir_path, "example.db" });
defer gpa.free(decrypted_path);
try age.decrypt(
io,
gpa,
&.{"./fixtures/insecure-test-key"},
"./fixtures/encrypted-example.db.age",
decrypted_path,
);
var db = try sqlite.Db.init(.{
.mode = sqlite.Db.Mode{ .File = decrypted_path },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var stmt = try db.prepare("SELECT * FROM hello");
defer stmt.deinit();
const alloc = std.testing.allocator;
if (try stmt.oneAlloc(struct { text: []const u8 }, alloc, .{}, .{})) |got| {
defer alloc.free(got.text);
try std.testing.expectEqualSlices(u8, "world!", got.text);
} else {
return error.TestUnexpectedResult;
}
}
test "Closing a fresh database does not create a file" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp_dir = std.testing.tmpDir(.{});
defer tmp_dir.cleanup();
try tmp_dir.dir.createDir(io, "home", .default_dir);
try tmp_dir.dir.createDir(io, "tmp", .default_dir);
const tmp_dir_path = try tmp_dir.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(tmp_dir_path);
const home = try std.fs.path.join(gpa, &.{ tmp_dir_path, "home" });
defer gpa.free(home);
const tmp = try std.fs.path.join(gpa, &.{ tmp_dir_path, "tmp" });
defer gpa.free(tmp);
// TODO: Pass testing keys
var db: @This() = try .open(io, gpa, .{ .home = home, .tmp = tmp });
// TODO: Get rid of direct access
const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
defer gpa.free(db_path);
try std.testing.expectError(
error.FileNotFound,
tmp_dir.dir.access(io, db_path, .{ .read = true }),
);
try db.close(io, gpa);
try std.testing.expectError(
error.FileNotFound,
tmp_dir.dir.access(io, db_path, .{ .read = true }),
);
}
test "single-file.db has envr_env_files table" {
const io = std.testing.io;
const gpa = std.testing.allocator;
const dir_path = try std.Io.Dir.cwd().realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const path = try std.fs.path.joinZ(
gpa,
&.{ dir_path, "fixtures", "single-file.db" },
);
defer gpa.free(path);
var db = try sqlite.Db.init(.{
.mode = .{ .File = path },
.open_flags = .{
.write = false,
.create = false,
},
.threading_mode = .MultiThread,
});
var diags: sqlite.Diagnostics = .{};
var stmt = db.prepareDynamicWithDiags(
"select name from sqlite_master where type='table'",
.{ .diags = &diags },
) catch |err| {
std.log.err(
"unable to prepare statement, got error {}. diagnostics: {f}",
.{ err, diags },
);
return err;
};
defer stmt.deinit();
const tables = (try stmt.oneAlloc(
[]const u8,
gpa,
.{ .diags = &diags },
.{},
)).?;
defer gpa.free(tables);
try std.testing.expectEqualSlices(u8, "envr_env_files", tables);
}
// test "raw restore works" {
// const io = std.testing.io;
// const gpa = std.testing.allocator;
// var db = try sqlite.Db.init(.{
// .mode = .Memory,
// .open_flags = .{
// .write = true,
// .create = true,
// },
// .threading_mode = .MultiThread,
// });
// try db.exec(
// \\create table envr_env_files (
// \\ path text primary key not null
// \\, remotes text -- JSON
// \\, sha256 text not null
// \\, contents text not null
// \\)
// , .{}, .{});
// const dir_path = try std.Io.Dir.cwd().realPathFileAlloc(io, ".", gpa);
// defer gpa.free(dir_path);
// const path = try std.fs.path.join(
// gpa,
// &.{ dir_path, "fixtures", "single-file.db" },
// );
// defer gpa.free(path);
// std.debug.print("path: {s}\n", .{path});
// try db.exec(
// "ATTACH DATABASE ? AS source",
// .{},
// .{path},
// );
// defer db.exec("DETACH DATABASE source", .{}, .{}) catch unreachable;
// var diags: sqlite.Diagnostics = .{};
// db.exec(
// "INSERT INTO main.envr_env_files SELECT * FROM source.envr_env_files",
// .{ .diags = &diags },
// .{},
// ) catch |err| {
// std.log.err(
// "unable to prepare statement, got error {}. diagnostics: {f}",
// .{ err, diags },
// );
// return err;
// };
// }
// test "Closing a modified database does create a file" {}
test "list displays the database's keys" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp_dir = std.testing.tmpDir(.{});
defer tmp_dir.cleanup();
try tmp_dir.dir.createDir(io, "home", .default_dir);
try tmp_dir.dir.createDir(io, "home/.envr", .default_dir);
try tmp_dir.dir.createDir(io, "tmp", .default_dir);
const tmp_dir_path = try tmp_dir.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(tmp_dir_path);
const home = try std.fs.path.join(gpa, &.{ tmp_dir_path, "home" });
defer gpa.free(home);
const tmp = try std.fs.path.join(gpa, &.{ tmp_dir_path, "tmp" });
defer gpa.free(tmp);
// TODO: Get rid of direct access
const db_path = try std.fs.path.join(gpa, &.{ home, ".envr", "data.age" });
defer gpa.free(db_path);
try std.Io.Dir.cwd().copyFile(
"fixtures/encrypted-single-file.db.age",
tmp_dir.dir,
"home/.envr/data.age",
io,
.{},
);
// Asserts file existence
try tmp_dir.dir.access(io, db_path, .{ .read = true });
// TODO: Pass testing keys
const config: Config = .{
.keys = &.{.from_pub_path("fixtures/insecure-test-key.pub")},
};
var db: @This() = try .open(io, gpa, .{
.config = config,
.home = home,
.tmp = tmp,
});
const env_files = try db.list(gpa);
defer gpa.free(env_files);
try std.testing.expectEqual(1, env_files.len);
var hasher = std.crypto.hash.sha2.Sha256.init(.{});
try std.testing.expectEqual(1, env_files.len);
for (env_files) |*file| {
defer file.deinit(gpa);
try std.testing.expectEqualSlices(
u8,
"~/project/.env.example",
file.path,
);
try std.testing.expectEqualSlices(
u8,
"API_KEY=\\\"sk_my_api_key\\\"\\nAPP_ENV=testing",
file.contents,
);
try std.testing.expectEqualSlices(
u8,
"[\"git@github.com:user/project.git\"]",
file.remotes,
);
hasher.update(file.contents);
const hash = hasher.finalResult();
try std.testing.expectEqualStrings(&std.fmt.bytesToHex(&hash, .lower), file.sha256);
}
try db.close(io, gpa);
}

153
src/age.zig
View File

@@ -1,153 +0,0 @@
const std = @import("std");
/// Decrypts the file into output path
pub fn decrypt(
io: std.Io,
gpa: std.mem.Allocator,
private_keys: []const []const u8,
input_path: []const u8,
output_path: []const u8,
) !void {
// TODO: use raw array?
var argv: std.ArrayList([]const u8) = try .initCapacity(gpa, 2 + (2 * private_keys.len) + 3);
defer argv.deinit(gpa);
argv.appendAssumeCapacity("age");
argv.appendAssumeCapacity("-d");
for (private_keys) |key| {
argv.appendAssumeCapacity("-i");
argv.appendAssumeCapacity(key);
}
argv.appendAssumeCapacity("-o");
argv.appendAssumeCapacity(output_path);
argv.appendAssumeCapacity(input_path);
const result = try std.process.run(gpa, io, .{
.argv = argv.items,
});
defer gpa.free(result.stderr);
defer gpa.free(result.stdout);
if (result.stdout.len > 0) {
std.debug.print("stdout: \"{s}\"\n", .{result.stdout});
unreachable;
}
if (result.stderr.len > 0) {
std.debug.print("stderr: \"{s}\"\n", .{result.stderr});
unreachable;
}
}
/// Encrypts the file into output path
pub fn encrypt(
io: std.Io,
gpa: std.mem.Allocator,
// TODO: Accept multiple keys
public_keys: []const []const u8,
input_path: []const u8,
output_path: []const u8,
) !void {
var argv: std.ArrayList([]const u8) = try .initCapacity(gpa, 2 + (2 * public_keys.len) + 3);
defer argv.deinit(gpa);
argv.appendAssumeCapacity("age");
argv.appendAssumeCapacity("-e");
for (public_keys) |key| {
argv.appendAssumeCapacity("-R");
argv.appendAssumeCapacity(key);
}
argv.appendAssumeCapacity("-o");
argv.appendAssumeCapacity(output_path);
argv.appendAssumeCapacity(input_path);
const result = try std.process.run(gpa, io, .{
.argv = argv.items,
});
defer gpa.free(result.stderr);
defer gpa.free(result.stdout);
if (result.stdout.len > 0) {
std.debug.print("stdout: \"{s}\"\n", .{result.stdout});
unreachable;
}
if (result.stderr.len > 0) {
std.debug.print("stderr: \"{s}\"\n", .{result.stderr});
unreachable;
}
}
test "sample file can be decrypted" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const output_path = try std.fs.path.join(gpa, &.{ dir_path, "got.txt" });
defer gpa.free(output_path);
try decrypt(
io,
gpa,
&.{"./fixtures/insecure-test-key"},
"./fixtures/hello-world.age",
output_path,
);
const contents = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
defer gpa.free(contents);
try std.testing.expectEqualSlices(u8, "Hello, World!\n", contents);
}
test "sample file can be encrypted" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp = std.testing.tmpDir(.{});
defer tmp.cleanup();
const dir_path = try tmp.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(dir_path);
const output_path = try std.fs.path.join(gpa, &.{ dir_path, "hello-world.age" });
defer gpa.free(output_path);
try encrypt(
io,
gpa,
&.{"./fixtures/insecure-test-key.pub"},
"./fixtures/hello-world.txt",
output_path,
);
const got = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
defer gpa.free(got);
const want = try std.Io.Dir.cwd().readFileAlloc(
io,
"./fixtures/hello-world.age",
gpa,
.unlimited,
);
defer gpa.free(want);
const contents = try tmp.dir.readFileAlloc(io, output_path, gpa, .unlimited);
defer gpa.free(contents);
try std.testing.expectEqual(want.len, got.len);
// FIXME: Test that decrypted file contents match
// try std.testing.expectEqualSlices(u8, "Hello, World!\n", decrypted_contents);
}

146
src/comma.zig
View File

@@ -1,146 +0,0 @@
//! By convention, root.zig is the root source file when making a package.
const std = @import("std");
const Io = std.Io;
pub const Command = struct {
name: []const u8,
short: ?[]const u8 = null,
long: ?[]const u8 = null,
subcommands: []const Command = &.{},
examples: [][]const u8 = &.{},
/// The enum type of the command
Type: type,
/// The type of struct that holds the Commands's flags and arguments
// Params: type,
pub fn new(cmd: CommandOptions) Command {
const subcommands: [cmd.subcommands.len]Command = blk: {
var result: [cmd.subcommands.len]Command = undefined;
inline for (cmd.subcommands, 0..) |sub, idx| {
result[idx] = new(sub);
}
break :blk result;
};
return .{
.name = cmd.name,
.short = cmd.short,
.long = cmd.long,
.subcommands = &subcommands,
.Type = cmd.as_enum(),
};
}
pub fn parse(comptime self: @This(), args: []const []const u8) self.Type {
if (args.len == 0) {
return @enumFromInt(0);
}
const target = args[0];
inline for (self.subcommands, 1..) |cmd, idx| {
if (std.mem.eql(u8, target, cmd.name)) {
return @enumFromInt(idx);
}
}
return @enumFromInt(self.subcommands.len + 1);
}
/// Used for indentation when printing command help
const tab = " ";
/// Print usage information to the console.
pub fn help(self: @This(), w: *Io.Writer) !void {
defer w.flush() catch {};
if (self.long) |long| {
try w.print("{s}\n\n", .{long});
}
try w.print("Usage:\n{s}{s}\n", .{ tab, self.name });
if (self.subcommands.len > 0) {
try w.print("\nAvailable Commands:\n", .{});
var max_width: u8 = 0;
inline for (self.subcommands) |cmd| {
max_width = @max(max_width, cmd.name.len);
}
// Print short command description
inline for (self.subcommands) |cmd| {
try w.print(
"{s}{s}",
.{
tab,
cmd.name,
},
);
for (0..(max_width - cmd.name.len)) |_| {
try w.print(" ", .{});
}
try w.print(
" {s}\n",
.{
cmd.short orelse "",
},
);
}
try w.print("\n", .{});
}
// TODO: Print flags
// TODO: Print arguments
if (self.subcommands.len > 0) {
try w.print(
"Use \"{s} [command] --help\" for more information about a command.",
.{self.name},
);
}
}
};
pub const ParseError = error{
InvalidType,
};
const CommandOptions = struct {
name: []const u8,
short: ?[]const u8 = null,
long: ?[]const u8 = null,
subcommands: []const CommandOptions = &[0]CommandOptions{},
fn as_enum(self: @This()) type {
var field_names: [self.subcommands.len + 2][]const u8 = undefined;
var field_values: [self.subcommands.len + 2]u32 = undefined;
field_names[0] = self.name;
field_values[0] = 0;
inline for (self.subcommands, 1..) |cmd, idx| {
field_names[idx] = cmd.name;
field_values[idx] = idx;
}
field_names[self.subcommands.len + 1] = "unknown";
field_values[self.subcommands.len + 1] = self.subcommands.len + 1;
return @Enum(
u32,
.exhaustive,
&field_names,
&field_values,
);
}
};
// /// parses the args into params
// pub fn params(cmd: Command, args: [][]const u8) cmd.Params {
// }

149
src/main.zig
View File

@@ -1,149 +0,0 @@
const std = @import("std");
const Io = std.Io;
const config = @import("config");
const comma = @import("comma");
const envr = @import("envr");
const goBinary = "envr-go";
pub fn main(init: std.process.Init) !void {
// This is appropriate for anything that lives as long as the process.
const arena: std.mem.Allocator = init.arena.allocator();
const args = try init.minimal.args.toSlice(arena);
try run(init.environ_map, init.io, arena, args);
}
/// Attempt to run the requested command.
fn run(
environ_map: *std.process.Environ.Map,
io: Io,
arena: std.mem.Allocator,
args: []const [:0]const u8,
) !void {
const page_size = std.heap.pageSize();
const cmd = envr.root.parse(args[1..]);
switch (cmd) {
.envr => {
var stdout_buffer: [page_size]u8 = undefined;
var stdout_file_writer: Io.File.Writer = .init(.stdout(), io, &stdout_buffer);
const stdout_writer = &stdout_file_writer.interface;
return envr.root.help(stdout_writer);
},
.deps => {
var stdout_buffer: [1024]u8 = undefined;
var stdout_file_writer: Io.File.Writer = .init(.stdout(), io, &stdout_buffer);
const stdout_writer = &stdout_file_writer.interface;
return envr.deps(
io,
stdout_writer,
environ_map.get("PATH").?,
);
},
.init => {
var stdout_buffer: [1024]u8 = undefined;
var stdout_file_writer: Io.File.Writer = .init(.stdout(), io, &stdout_buffer);
const stdout_writer = &stdout_file_writer.interface;
try envr.init_cmd(
io,
arena,
stdout_writer,
environ_map.get("HOME").?,
.{
// TODO: Actually parse this
.force = true,
},
);
},
.list => {
var stdout_buffer: [page_size]u8 = undefined;
var stdout_file_writer: Io.File.Writer = .init(.stdout(), io, &stdout_buffer);
const stdout_writer = &stdout_file_writer.interface;
return envr.list(
io,
arena,
stdout_writer,
environ_map.get("HOME").?,
// TODO: Don't hardcode this?
"/tmp",
);
},
.version => {
var stdout_buffer: [1024]u8 = undefined;
var stdout_file_writer: Io.File.Writer = .init(.stdout(), io, &stdout_buffer);
const stdout_writer = &stdout_file_writer.interface;
return version(stdout_writer);
},
.unknown => {
return fallback_to_go(io, arena, args);
},
}
}
fn version(writer: *Io.Writer) !void {
try writer.print("{s}\n", .{config.version});
try writer.flush();
}
fn fallback_to_go(
io: Io,
arena: std.mem.Allocator,
args: []const [:0]const u8,
) std.process.ReplaceError {
// Remap args
var childArgs = try std.ArrayList([]const u8).initCapacity(arena, args.len);
childArgs.appendAssumeCapacity(goBinary);
for (args[1..]) |arg| {
childArgs.appendAssumeCapacity(arg);
}
return std.process.replace(io, .{ .argv = childArgs.items });
}
test "simple test" {
const gpa = std.testing.allocator;
var alist: std.ArrayList(i32) = .empty;
defer alist.deinit(gpa); // Try commenting this out and see if zig detects the memory leak!
try alist.append(gpa, 42);
try std.testing.expectEqual(@as(i32, 42), alist.pop());
}
test "fuzz example" {
try std.testing.fuzz({}, testOne, .{});
}
fn testOne(context: void, smith: *std.testing.Smith) !void {
_ = context;
// Try passing `--fuzz` to `zig build test` and see if it manages to fail this test case!
const gpa = std.testing.allocator;
var alist: std.ArrayList(u8) = .empty;
defer alist.deinit(gpa);
while (!smith.eos()) switch (smith.value(enum { add_data, dup_data })) {
.add_data => {
const slice = try alist.addManyAsSlice(gpa, smith.value(u4));
smith.bytes(slice);
},
.dup_data => {
if (alist.items.len == 0) continue;
if (alist.items.len > std.math.maxInt(u32)) return error.SkipZigTest;
const len = smith.valueRangeAtMost(u32, 1, @min(32, alist.items.len));
const off = smith.valueRangeAtMost(u32, 0, @intCast(alist.items.len - len));
try alist.appendSlice(gpa, alist.items[off..][0..len]);
try std.testing.expectEqualSlices(
u8,
alist.items[off..][0..len],
alist.items[alist.items.len - len ..],
);
},
};
}

423
src/root.zig
View File

@@ -1,423 +0,0 @@
//! By convention, root.zig is the root source file when making a package.
const std = @import("std");
const Io = std.Io;
const Command = @import("comma").Command;
const Config = @import("Config.zig");
const Db = @import("Db.zig");
const tabula = @import("./tabula.zig");
pub const root: Command = .new(.{
.name = "envr",
.short = "Manage your .env files.",
.long =
\\envr keeps your .env synced to a local, age encrypted database.
\\It is a safe and eay way to gather all your .env files in one place where they can
\\easily be backed by another tool such as restic or git.
\\All your data is stored in ~/data.age
\\
\\Getting started is easy:
\\
\\1. Create your configuration file and set up encrypted storage:
\\
\\> envr init
\\
\\2. Scan for existing .env files:
\\
\\> envr scan
\\
\\Select the files you want to back up from the interactive list.
\\
\\3. Verify that it worked:
\\
\\> envr list
\\
\\4. After changing any of your .env files, update the backup with:
\\
\\> envr sync
\\
\\5. If you lose a repository, after re-cloning the repo into the same path it was
\\at before, restore your backup with:
\\
\\> envr restore <path to repository> .env
,
.subcommands = &.{
.{
.name = "deps",
.short = "Check for missing binaries",
.long =
\\envr relies on external binaries for certain functionality.
\\
\\ The deps command reports which binaries are available and which are not."
,
},
.{
.name = "init",
.short = "Set up envr",
.long =
\\The init command generates your initial config and saves it to
\\~/.envr/config in JSON format.
\\
\\During setup, you will be prompted to select one or more ssh keys with which to
\\encrypt your databse. **Make 100% sure** that you have **a remote copy** of this
\\key somewhere, otherwise your data could be lost forever.
,
//.flags = struct { force: bool }
},
.{
.name = "list",
.short = "View your tracked files",
},
.{
.name = "version",
.short = "Show envr's version",
},
},
});
// Display dependency statuses
pub fn deps(
io: Io,
writer: *Io.Writer,
path: []const u8,
) !void {
const feats: Features = try .scan(io, path);
// FIXME: Draw as a table
try writer.print("features: {}", .{feats});
try writer.flush();
}
const Features = packed struct {
git: bool = false,
fd: bool = false,
const all_features: Features = .{
.git = true,
.fd = true,
};
/// Scans your PATH variable for programs.
pub fn scan(io: Io, path: []const u8) !@This() {
var feats: Features = .{};
var dirs = std.mem.splitScalar(u8, path, std.fs.path.delimiter);
loop: while (dirs.next()) |dir| {
const dirt = Io.Dir.openDir(Io.Dir.cwd(), io, dir, .{ .follow_symlinks = true, .iterate = true }) catch continue;
defer dirt.close(io);
var dir_paths = dirt.iterate();
while (try dir_paths.next(io)) |file| {
// FIXME: Check if executable
if (std.mem.eql(u8, std.fs.path.basename(file.name), "git")) {
feats.git = true;
if (feats == Features.all_features) {
break :loop;
}
}
if (std.mem.eql(u8, std.fs.path.basename(file.name), "fd")) {
feats.fd = true;
if (feats == Features.all_features) {
break :loop;
}
}
}
}
return feats;
}
};
pub fn init_cmd(
io: Io,
arena: std.mem.Allocator,
out: *std.Io.Writer,
home: []const u8,
flags: struct { force: bool },
) !void {
defer out.flush() catch unreachable;
// TODO: Don't hardcode
const cfgPath = try std.fs.path.join(arena, &.{ home, ".envr", "config.json" });
defer arena.free(cfgPath);
if (flags.force or !file_exists(io, cfgPath)) {
const keys = try select_ssh_keys(io, arena, home, out);
// defer {
// for (keys) |*key| {
// arena.destroy(key);
// }
// arena.free(&keys);
// }
// const cfg: Config = .{ .keys = keys };
// TODO: How to handle this error?
// try cfg.save(io, cfgPath);
try out.print(
"Config initialized with {} SSH key(s). You are ready to use envr.\n",
.{keys.len},
);
} else {
try out.writeAll(
\\You have already initialized envr.
\\Run again with the --force flag if you want to reinitialize.
\\
,
);
}
}
/// Returns true if the file exists
fn file_exists(io: std.Io, path: []const u8) bool {
if (std.Io.Dir.cwd().access(io, path, .{ .read = true })) {
return true;
} else |_| {
return false;
}
}
/// Returns a list of keys that the user has selected to add to their config.
/// Caller owns the returned memory
// TODO: Write a test for this
fn select_ssh_keys(
io: std.Io,
alloc: std.mem.Allocator,
home_path: []const u8,
out: *std.Io.Writer,
) ![]Config.SSHKeyPair {
const ssh_path = try std.fs.path.join(alloc, &.{ home_path, ".ssh" });
defer alloc.free(ssh_path);
// TODO: Arbitrary capacity chosen
var keys: std.ArrayList(Config.SSHKeyPair) = try .initCapacity(alloc, 3);
{
const ssh_dir = try std.Io.Dir.cwd().openDir(io, ssh_path, .{ .iterate = true });
defer ssh_dir.close(io);
var itr = ssh_dir.iterate();
const expect1 =
\\-----BEGIN OPENSSH PRIVATE KEY-----
\\
;
const expect2 =
\\-----BEGIN RSA PRIVATE KEY-----
\\
;
var buf: [expect1.len]u8 = undefined;
while (try itr.next(io)) |entry| {
switch (entry.kind) {
.file => {
var file = try ssh_dir.openFile(io, entry.name, .{});
_ = try file.readPositionalAll(io, &buf, 0);
// TODO: Faster to use hash or something?
if ( // zig fmt: off
std.mem.eql(u8, expect1, &buf) or
std.mem.eql(u8, expect2, buf[0..expect2.len])
) { // zig fmt: on
// File is a private ssh key
const full_path = try ssh_dir.realPathFileAlloc(
io,
entry.name,
alloc,
);
try keys.append(alloc, try .from_path(alloc, full_path));
}
},
.sym_link => {
// TODO: Handle symlinks
},
.block_device,
.character_device,
.directory,
.named_pipe,
.unix_domain_socket,
.whiteout,
.door,
.event_port,
.unknown,
=> continue,
}
}
}
for (keys.items, 1..) |key, n| {
try out.print("{d}. {s}\n", .{ n, key.private });
}
try out.writeAll(
"\nPlease enter the number(s) of SSH keys you'd like to use for encryption:\n> ",
);
try out.flush();
defer out.writeAll("\n\n") catch unreachable;
// TODO: ask user for number(s) to use.
// TODO: confirm with a y/n prompt
// TODO: only return selected keys
return keys.toOwnedSlice(alloc);
}
pub fn list(
io: Io,
arena: std.mem.Allocator,
out: *std.Io.Writer,
home: []const u8,
tmp: []const u8,
) !void {
// TODO: Don't hardcode
const cfgPath = try std.fs.path.join(arena, &.{ home, ".envr", "config.json" });
defer arena.free(cfgPath);
var cfg = (try Config.load(io, arena, cfgPath));
defer cfg.deinit();
var db: Db = try .open(io, arena, .{
.config = cfg.value,
.home = home,
.tmp = tmp,
});
const files = try db.list(arena);
defer arena.free(files);
const table: tabula.Table(Db.EnvFile, .initOne(.path)) = .{ .items = files };
try out.print("{f}", .{table});
try out.flush();
try db.close(io, arena); // TODO: Defer this
for (files) |*file| {
file.deinit(arena);
}
}
test {
std.testing.refAllDecls(@import("Config.zig"));
std.testing.refAllDecls(@import("Db.zig"));
}
test "enum type" {
const got: root.Type = @enumFromInt(3);
try std.testing.expectEqual(.version, got);
}
test "parse deps" {
const args = &[_][]const u8{"deps"};
const cmd = root.parse(args);
try std.testing.expectEqual(.deps, cmd);
}
test "parse list" {
const args = &[_][]const u8{"list"};
const cmd = root.parse(args);
try std.testing.expectEqual(.list, cmd);
}
test "parse version" {
const args = &[_][]const u8{"version"};
const cmd = root.parse(args);
try std.testing.expectEqual(.version, cmd);
}
test "parse unknown" {
const args = &[_][]const u8{ "bad", "value" };
const cmd = root.parse(args);
try std.testing.expectEqual(.unknown, cmd);
}
test "list returns a table" {
const io = std.testing.io;
const gpa = std.testing.allocator;
var tmp_dir = std.testing.tmpDir(.{});
defer tmp_dir.cleanup();
try tmp_dir.dir.createDir(io, "home", .default_dir);
try tmp_dir.dir.createDir(io, "home/.envr", .default_dir);
try tmp_dir.dir.createDir(io, "home/.ssh", .default_dir);
try tmp_dir.dir.createDir(io, "tmp", .default_dir);
const tmp_dir_path = try tmp_dir.dir.realPathFileAlloc(io, ".", gpa);
defer gpa.free(tmp_dir_path);
const home = try std.fs.path.join(gpa, &.{ tmp_dir_path, "home" });
defer gpa.free(home);
const tmp = try std.fs.path.join(gpa, &.{ tmp_dir_path, "tmp" });
defer gpa.free(tmp);
try std.Io.Dir.cwd().copyFile(
"fixtures/encrypted-single-file.db.age",
tmp_dir.dir,
"home/.envr/data.age",
io,
.{},
);
try std.Io.Dir.cwd().copyFile(
"fixtures/default_config.json",
tmp_dir.dir,
"home/.envr/config.json",
io,
.{},
);
try std.Io.Dir.cwd().copyFile(
"fixtures/insecure-test-key",
tmp_dir.dir,
"home/.ssh/id_ed25519",
io,
.{},
);
try std.Io.Dir.cwd().copyFile(
"fixtures/insecure-test-key.pub",
tmp_dir.dir,
"home/.ssh/id_ed25519.pub",
io,
.{},
);
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
// Run Test
try list(
io,
std.testing.allocator,
&out.writer,
home,
tmp,
);
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌────────────────────────┐
\\│ path │
\\├────────────────────────┤
\\│ ~/project/.env.example │
\\└────────────────────────┘
\\
, got);
}

311
src/tabula.zig
View File

@@ -1,311 +0,0 @@
const std = @import("std");
const hor = "";
const tl = "";
const tm = "";
const tr = "";
const sep = "";
const ml = "";
const mm = "";
const mr = "";
const bl = "";
const bm = "";
const br = "";
/// Prepare a TUI table to be written to a writer.
pub fn Table(
comptime T: type,
comptime fields: std.EnumSet(std.meta.FieldEnum(T)),
) type {
return struct {
items: []const T,
pub fn format(self: @This(), writer: *std.Io.Writer) !void {
const max_column_widths = determine_col_widths(T, self.items);
try header(T, fields, &max_column_widths, writer);
// Print body
for (self.items) |item| {
try writer.writeAll(sep);
comptime var itr = fields.iterator();
comptime var i: usize = 0;
inline while (comptime itr.next()) |c| : (i += 1) {
try writer.writeByte(' ');
try write_aligned(writer, @field(item, @tagName(c)), max_column_widths[i], .left);
try writer.print(" {s}", .{sep});
}
try writer.writeAll("\n");
}
// Print post-body
{
try writer.writeAll(bl);
var itr = fields.iterator();
var i: usize = 0;
while (itr.next()) |_| : (i += 1) {
if (i > 0) {
try writer.writeAll(bm);
}
const padding = max_column_widths[i] + 2;
for (0..padding) |_| {
try writer.writeAll(hor);
}
}
try writer.writeAll(br ++ "\n");
}
}
};
}
fn determine_col_widths(
T: type,
items: []const T,
) [@typeInfo(T).@"struct".fields.len]usize {
const all_fields = @typeInfo(T).@"struct".fields;
var max_column_widths: [all_fields.len]usize = @splat(0);
for (items) |item| {
inline for (all_fields, 0..) |field, i| {
// TODO: Get str len of item
const value_len = @field(item, field.name).len;
max_column_widths[i] = @max(
max_column_widths[i],
field.name.len,
value_len,
);
}
}
return max_column_widths;
}
// Print the header of a table
fn header(
T: type,
comptime fields: std.EnumSet(std.meta.FieldEnum(T)),
max_column_widths: []const usize,
writer: *std.Io.Writer,
) !void {
// Print Pre-Header
{
try writer.writeAll(tl);
inline for (0..comptime fields.count()) |i| {
if (i > 0) {
try writer.writeAll(tm);
}
const padding = max_column_widths[i] + 2;
for (0..padding) |_| {
try writer.writeAll(hor);
}
}
try writer.writeAll(tr ++ "\n");
}
// Main Header
{
try writer.writeAll(sep);
comptime var itr = fields.iterator();
comptime var i: usize = 0;
inline while (comptime itr.next()) |field| : (i += 1) {
try writer.writeByte(' ');
try write_aligned(
writer,
@tagName(field),
max_column_widths[i],
.center,
);
try writer.print(" {s}", .{sep});
}
try writer.writeByte('\n');
}
// Print post-header
{
try writer.writeAll(ml);
inline for (0..comptime fields.count()) |i| {
if (i > 0) {
try writer.writeAll(mm);
}
const padding = max_column_widths[i] + 2;
for (0..padding) |_| {
try writer.writeAll(hor);
}
}
try writer.writeAll(mr ++ "\n");
}
}
fn write_aligned(
writer: *std.Io.Writer,
data: []const u8,
max_width: usize,
alignment: Alignment,
) !void {
std.debug.assert(data.len > 0);
std.debug.assert(max_width >= data.len);
const padding: [2]usize = switch (alignment) {
.left => .{ 0, max_width - data.len },
.right => .{ max_width - data.len, 0 },
.center => blk: {
// Faster to inline the divFloor?
const half = @divFloor(max_width - data.len, 2);
break :blk .{ half, max_width - data.len - half };
},
};
for (0..padding[0]) |_| {
try writer.writeByte(' ');
}
try writer.writeAll(data);
for (0..padding[1]) |_| {
try writer.writeByte(' ');
}
}
const Alignment = enum { left, center, right };
test "can print a simple table" {
const gpa = std.testing.allocator;
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
const F = struct { foo: []const u8, bar: []const u8 };
const table: Table(F, .full) = .{
.items = &.{.{ .foo = "bat", .bar = "baz" }},
};
try out.writer.print("{f}", .{table});
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌─────┬─────┐
\\│ foo │ bar │
\\├─────┼─────┤
\\│ bat │ baz │
\\└─────┴─────┘
\\
, got);
}
test "can print a table with varying header widths" {
const gpa = std.testing.allocator;
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
const F = struct { foo: []const u8, abart: []const u8 };
const table: Table(F, .full) = .{
.items = &.{.{ .foo = "bat", .abart = "baz" }},
};
try out.writer.print("{f}", .{table});
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌─────┬───────┐
\\│ foo │ abart │
\\├─────┼───────┤
\\│ bat │ baz │
\\└─────┴───────┘
\\
, got);
}
test "can print a table with varying column widths" {
const gpa = std.testing.allocator;
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
const F = struct { foo: []const u8, bar: []const u8 };
const table: Table(F, .full) = .{ .items = &.{.{ .foo = "bat", .bar = "bazzar" }} };
try out.writer.print("{f}", .{table});
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌─────┬────────┐
\\│ foo │ bar │
\\├─────┼────────┤
\\│ bat │ bazzar │
\\└─────┴────────┘
\\
, got);
}
test "can print a multi row table with varying column widths" {
const gpa = std.testing.allocator;
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
const F = struct { foo: []const u8, bar: []const u8 };
const table: Table(F, .full) = .{
.items = &.{
.{ .foo = "baz", .bar = "quz" },
.{ .foo = "bat", .bar = "bazzar" },
},
};
try out.writer.print("{f}", .{table});
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌─────┬────────┐
\\│ foo │ bar │
\\├─────┼────────┤
\\│ baz │ quz │
\\│ bat │ bazzar │
\\└─────┴────────┘
\\
, got);
}
test "can print a table with limited columns" {
const gpa = std.testing.allocator;
var out: std.Io.Writer.Allocating = .init(gpa);
defer out.deinit();
const F = struct { foo: []const u8, bar: []const u8 };
const table: Table(F, .initOne(.foo)) = .{
.items = &.{.{ .foo = "bat", .bar = "baz" }},
};
try out.writer.print("{f}", .{table});
const got = try out.toOwnedSlice();
defer gpa.free(got);
try std.testing.expectEqualStrings(
\\┌─────┐
\\│ foo │
\\├─────┤
\\│ bat │
\\└─────┘
\\
, got);
}

97
table.odin
View File

@@ -1,97 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
import "core:io"
import "core:os"
import "core:strings"
render_table :: proc(headers: []string, rows: [][]string) {
if !is_tty() {
w := io.to_writer(os.to_writer(os.stdout))
render_json_rows(w, headers, rows)
io.write_string(w, "\n")
return
}
col_widths := make([dynamic]int, 0, len(headers))
for i in 0 ..< len(headers) {
append(&col_widths, strings.rune_count(headers[i]))
}
for r in rows {
for i in 0 ..< len(r) {
w := strings.rune_count(r[i])
if i < len(col_widths) && w > col_widths[i] {
col_widths[i] = w
}
}
}
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
defer delete(col_widths)
hline :: proc(b: ^strings.Builder, left, mid, right: string, widths: [dynamic]int) {
strings.write_string(b, left)
for i in 0 ..< len(widths) {
for _ in 0 ..< widths[i] + 2 {
strings.write_string(b, "\u2500")
}
if i < len(widths) - 1 {
strings.write_string(b, mid)
} else {
strings.write_string(b, right)
}
}
fmt.println(strings.to_string(b^))
strings.builder_reset(b)
}
hline(&b, "\u250c", "\u252c", "\u2510", col_widths)
cell :: proc(b: ^strings.Builder, s: string, width: int) {
extra := len(s) - strings.rune_count(s)
fmt.sbprintf(b, " %-*s \u2502", width + extra, s)
}
strings.write_string(&b, "\u2502")
for i in 0 ..< len(headers) {
cell(&b, headers[i], col_widths[i])
}
fmt.println(strings.to_string(b))
strings.builder_reset(&b)
hline(&b, "\u251c", "\u253c", "\u2524", col_widths)
for r in rows {
strings.write_string(&b, "\u2502")
for i in 0 ..< len(r) {
cell(&b, r[i], col_widths[i])
}
fmt.println(strings.to_string(b))
strings.builder_reset(&b)
}
hline(&b, "\u2514", "\u2534", "\u2518", col_widths)
}
render_json_rows :: proc(w: io.Writer, headers: []string, rows: [][]string) {
entries := make([dynamic]map[string]string, 0, len(rows), context.temp_allocator)
for row in rows {
entry := make(map[string]string, len(headers), context.temp_allocator)
for i in 0 ..< len(headers) {
entry[headers[i]] = row[i]
}
append(&entries, entry)
}
data, err := json.marshal(entries[:], allocator = context.temp_allocator)
if err != nil {
fmt.eprintf("Error marshaling JSON: %v\n", err)
return
}
fmt.wprintf(w, "%s", data, flush = false)
}

105
table_test.odin
View File

@@ -1,105 +0,0 @@
package main
import "core:encoding/json"
import "core:fmt"
import "core:io"
import "core:strings"
import "core:testing"
@(test)
test_render_json_rows_normal :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
headers := []string{"name", "path"}
rows := [][]string{{"foo", "/home/user/.env"}, {"bar", "/home/user/project/.env"}}
w := strings.to_writer(&b)
render_json_rows(w, headers, rows)
output := strings.to_string(b)
result: []map[string]string = ---
unmarshal_err := json.unmarshal_string(output, &result, allocator = context.temp_allocator)
testing.expect(
t,
unmarshal_err == nil,
fmt.tprintf("json unmarshal failed: %v\noutput was: %q", unmarshal_err, output),
)
testing.expect(t, len(result) == 2, fmt.tprintf("expected 2 rows, got %d", len(result)))
testing.expect(
t,
result[0]["name"] == "foo",
fmt.tprintf("expected name=foo, got %q", result[0]["name"]),
)
testing.expect(t, result[0]["path"] == "/home/user/.env")
testing.expect(t, result[1]["name"] == "bar")
testing.expect(t, result[1]["path"] == "/home/user/project/.env")
}
@(test)
test_render_json_rows_special_chars :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
headers := []string{"key", "value"}
rows := [][]string {
{"quote", `has "double quotes"`},
{"backslash", `path\to\file`},
{"newline", "line1\nline2"},
{"mixed", `a "b" c\nd`},
}
w := strings.to_writer(&b)
render_json_rows(w, headers, rows)
output := strings.to_string(b)
result: []map[string]string = ---
unmarshal_err := json.unmarshal(
transmute([]byte)output,
&result,
allocator = context.temp_allocator,
)
testing.expect(
t,
unmarshal_err == nil,
fmt.tprintf("json unmarshal failed: %v\noutput was: %q", unmarshal_err, output),
)
testing.expect(t, len(result) == 4)
testing.expect(
t,
result[0]["value"] == `has "double quotes"`,
fmt.tprintf("got %q", result[0]["value"]),
)
testing.expect(t, result[1]["value"] == `path\to\file`)
testing.expect(t, result[2]["value"] == "line1\nline2")
testing.expect(t, result[3]["value"] == `a "b" c\nd`)
}
@(test)
test_render_json_rows_empty :: proc(t: ^testing.T) {
b: strings.Builder
strings.builder_init(&b)
defer strings.builder_destroy(&b)
headers := []string{"name"}
rows: [][]string
w := strings.to_writer(&b)
render_json_rows(w, headers, rows)
output := strings.to_string(b)
result: []map[string]string = ---
unmarshal_err := json.unmarshal_string(output, &result, allocator = context.temp_allocator)
testing.expect(
t,
unmarshal_err == nil,
fmt.tprintf("json unmarshal failed: %v\noutput was: %q", unmarshal_err, output),
)
testing.expect(t, len(result) == 0)
}

8
tty.odin
View File

@@ -1,8 +0,0 @@
package main
import "core:sys/posix"
is_tty :: proc() -> bool {
return bool(posix.isatty(1))
}

13
version.odin
View File

@@ -1,13 +0,0 @@
package main
import "core:fmt"
VERSION :: "0.2.0"
cmd_version :: proc(cmd: ^Command) {
if has_flag(cmd, "long") || has_flag(cmd, "l") {
fmt.printf("envr version %s\n", VERSION)
} else {
fmt.println(VERSION)
}
}

1
zig-vendor/age-ffi/.gitignore vendored
View File

@@ -1 +0,0 @@
target

1936
zig-vendor/age-ffi/Cargo.lock generated
View File

File diff suppressed because it is too large Load Diff

15
zig-vendor/age-ffi/Cargo.toml
View File

@@ -1,15 +0,0 @@
[package]
name = "age-ffi"
version = "0.1.0"
edition = "2021"
[lib]
crate-type = ["staticlib"]
[dependencies]
age = { version = "0.11", features = ["armor", "ssh", "plugin", "cli-common"] }
secrecy = "0.10"
libc = "0.2"
[profile.release]
lto = true

165
zig-vendor/age-ffi/README.md
View File

@@ -1,165 +0,0 @@
# age-ffi
A Rust FFI wrapper for the [age](https://github.com/str4d/rage) encryption library, with Zig bindings.
## Overview
This library provides C-compatible FFI bindings for the age encryption library, making it easy to use age encryption from other languages. It includes comprehensive Zig bindings and examples.
## Features
- **X25519 encryption** - Standard age public key encryption (`age1...`)
- **SSH key support** - Encrypt to SSH keys (`ssh-ed25519`, `ssh-rsa`)
- **Plugin support** - Full support for age plugins including:
- [age-plugin-se](https://github.com/remko/age-plugin-se) (Secure Enclave on macOS)
- [age-plugin-yubikey](https://github.com/str4d/age-plugin-yubikey)
- Any other age-compatible plugin
- **Passphrase encryption** - Scrypt-based passphrase encryption
- **Multiple recipients** - Encrypt to multiple recipients at once
- **Armor format** - ASCII-armored output support
- **File operations** - Direct file encryption/decryption
- **Memory-safe API** - Proper error handling and memory management
- **Comprehensive test suite**
## Supported Identity/Recipient Types
| Type | Recipient Format | Identity Format |
|------|-----------------|-----------------|
| X25519 | `age1...` | `AGE-SECRET-KEY-1...` |
| SSH | `ssh-ed25519 ...`, `ssh-rsa ...` | SSH private key file |
| Plugin | `age1<plugin>1...` | `AGE-PLUGIN-<NAME>-1...` |
| Passphrase | N/A | Passphrase string |
## Building
### Rust Library
```bash
cargo build --release
```
This produces `target/release/libage_ffi.a` (static library).
### Zig Bindings
```bash
cd zig
zig build
```
Run the example:
```bash
cd zig
zig build run
```
Run tests:
```bash
cd zig
zig build test
```
## Usage
### Zig
```zig
const age = @import("age");
// Generate a keypair
var keypair = try age.generateKeypair();
defer keypair.deinit();
// Encrypt data
const plaintext = "Hello, World!";
var encrypted = try age.encrypt(plaintext, keypair.getPublicKey());
defer encrypted.deinit();
// Decrypt data
var decrypted = try age.decrypt(encrypted.toSlice(), keypair.getPrivateKey());
defer decrypted.deinit();
// File operations with plugin support
try age.encryptToFile(plaintext, "age1se1...", "/path/to/output.age");
var content = try age.decryptFile("/path/to/file.age", "/path/to/identities");
defer content.deinit();
```
### C
```c
#include <age_ffi.h>
// Generate keypair
AgeKeypair keypair;
age_generate_keypair(&keypair);
// Encrypt
AgeBuffer encrypted;
age_encrypt(plaintext, plaintext_len, keypair.public_key, &encrypted);
// Decrypt
AgeBuffer decrypted;
age_decrypt(encrypted.data, encrypted.len, keypair.private_key, &decrypted);
// Free resources
age_free_buffer(&encrypted);
age_free_buffer(&decrypted);
age_free_keypair(&keypair);
```
## Plugin Support
This library supports the [age plugin protocol](https://github.com/C2SP/C2SP/blob/main/age.md), allowing encryption and decryption with hardware-backed keys and other plugin-based identities.
### Requirements
- The plugin binary must be in your `$PATH` (e.g., `age-plugin-se`)
- For Secure Enclave: macOS with Touch ID or Apple Watch
### Example with Secure Enclave
```bash
# Install the plugin
brew install age-plugin-se
# Generate a Secure Enclave identity
age-plugin-se --generate -o ~/.age/se-identity.txt
# The library will automatically use the plugin when it sees:
# - Recipients starting with age1se1...
# - Identities starting with AGE-PLUGIN-SE-...
```
## API Reference
### Key Generation
- `age_generate_keypair()` - Generate X25519 keypair
- `age_generate_x25519()` - Generate X25519 keypair (alias)
- `age_x25519_to_public()` - Derive public key from private key
### Encryption
- `age_encrypt()` - Encrypt to a single recipient
- `age_encrypt_multi()` - Encrypt to multiple recipients
- `age_encrypt_armor()` - Encrypt with ASCII armor
- `age_encrypt_passphrase()` - Encrypt with passphrase
- `age_encrypt_to_file()` - Encrypt directly to file
### Decryption
- `age_decrypt()` - Decrypt with identity string
- `age_decrypt_multi()` - Decrypt with multiple identities
- `age_decrypt_file()` - Decrypt file using identity file (supports plugins)
- `age_decrypt_passphrase()` - Decrypt with passphrase
### Utilities
- `age_armor()` - Wrap binary data in ASCII armor
- `age_dearmor()` - Unwrap ASCII-armored data
- `age_validate_recipient()` - Check if recipient string is valid
- `age_validate_identity()` - Check if identity string is valid
- `age_version()` - Get library version
## License
This project is dual-licensed under MIT and Apache-2.0, matching the age library.

95
zig-vendor/age-ffi/src/armor.rs
View File

@@ -1,95 +0,0 @@
//! ASCII armor utilities.
use crate::helpers::cstr_to_str;
use crate::helpers::string_to_cstr;
use crate::types::{AgeBuffer, AgeResult};
use std::io::{Read, Write};
use std::os::raw::c_char;
/// Wrap binary data in ASCII armor.
///
/// # Arguments
/// * `data` - Pointer to the binary data
/// * `data_len` - Length of the data
/// * `output` - Pointer to receive the armored string
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_armor(
data: *const u8,
data_len: usize,
output: *mut *mut c_char,
) -> AgeResult {
if data.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let data = unsafe { std::slice::from_raw_parts(data, data_len) };
let mut armored = Vec::new();
let mut writer = match age::armor::ArmoredWriter::wrap_output(&mut armored, age::armor::Format::AsciiArmor) {
Ok(w) => w,
Err(_) => return AgeResult::ArmorError,
};
if writer.write_all(data).is_err() {
return AgeResult::ArmorError;
}
if writer.finish().is_err() {
return AgeResult::ArmorError;
}
let armored_str = match String::from_utf8(armored) {
Ok(s) => s,
Err(_) => return AgeResult::ArmorError,
};
let c_output = match string_to_cstr(armored_str) {
Ok(s) => s,
Err(e) => return e,
};
unsafe {
*output = c_output;
}
AgeResult::Success
}
/// Remove ASCII armor from data.
///
/// # Arguments
/// * `armored` - The armored string
/// * `output` - Pointer to receive the binary buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_dearmor(
armored: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if output.is_null() {
return AgeResult::InvalidInput;
}
let armored_str = match unsafe { cstr_to_str(armored) } {
Ok(s) => s,
Err(e) => return e,
};
let mut reader = age::armor::ArmoredReader::new(armored_str.as_bytes());
let mut dearmored = Vec::new();
if reader.read_to_end(&mut dearmored).is_err() {
return AgeResult::ArmorError;
}
unsafe {
*output = AgeBuffer::from_vec(dearmored);
}
AgeResult::Success
}

175
zig-vendor/age-ffi/src/armor_tests.rs
View File

@@ -1,175 +0,0 @@
//! Tests for ASCII armor utilities.
use crate::armor::*;
use crate::encrypt::*;
use crate::keys::*;
use crate::memory::*;
use crate::types::*;
use std::ffi::{CStr, CString};
use std::os::raw::c_char;
#[test]
fn test_armor_basic() {
let data = b"Hello, this is binary data to armor!";
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_armor(data.as_ptr(), data.len(), &mut armored);
assert_eq!(result, AgeResult::Success);
assert!(!armored.is_null());
let armored_str = unsafe { CStr::from_ptr(armored).to_str().unwrap() };
assert!(armored_str.starts_with("-----BEGIN AGE ENCRYPTED FILE-----"));
assert!(armored_str.contains("-----END AGE ENCRYPTED FILE-----"));
age_free_string(armored);
}
#[test]
fn test_dearmor_basic() {
let data = b"Test data for dearmoring";
let mut armored: *mut c_char = std::ptr::null_mut();
age_armor(data.as_ptr(), data.len(), &mut armored);
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored, &mut dearmored);
assert_eq!(result, AgeResult::Success);
let dearmored_slice = unsafe { std::slice::from_raw_parts(dearmored.data, dearmored.len) };
assert_eq!(dearmored_slice, data);
age_free_string(armored);
age_free_buffer(&mut dearmored);
}
#[test]
fn test_armor_round_trip() {
// Test with various data sizes (skip empty - armor requires data)
let test_data = [
b"A".to_vec(),
b"Short".to_vec(),
(0u16..256).map(|i| i as u8).collect::<Vec<u8>>(),
vec![0u8; 1000],
(0..10000).map(|i| (i % 256) as u8).collect::<Vec<u8>>(),
];
for data in &test_data {
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_armor(data.as_ptr(), data.len(), &mut armored);
assert_eq!(result, AgeResult::Success, "Failed to armor data of len {}", data.len());
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored, &mut dearmored);
assert_eq!(result, AgeResult::Success, "Failed to dearmor data of len {}", data.len());
let dearmored_slice = unsafe { std::slice::from_raw_parts(dearmored.data, dearmored.len) };
assert_eq!(dearmored_slice, data.as_slice());
age_free_string(armored);
age_free_buffer(&mut dearmored);
}
}
#[test]
fn test_armor_null_input() {
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_armor(std::ptr::null(), 0, &mut armored);
assert_eq!(result, AgeResult::InvalidInput);
let result = age_armor(b"test".as_ptr(), 4, std::ptr::null_mut());
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_dearmor_null_input() {
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(std::ptr::null(), &mut dearmored);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_dearmor_null_output() {
let data = b"test";
let mut armored: *mut c_char = std::ptr::null_mut();
age_armor(data.as_ptr(), data.len(), &mut armored);
let result = age_dearmor(armored, std::ptr::null_mut());
assert_eq!(result, AgeResult::InvalidInput);
age_free_string(armored);
}
#[test]
fn test_dearmor_invalid_armor() {
let invalid_armor = CString::new("This is not valid armor").unwrap();
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(invalid_armor.as_ptr(), &mut dearmored);
// Should still succeed but return the data as-is or fail gracefully
// The ArmoredReader is forgiving and may just return the raw data
// Let's check that it doesn't crash at least
if result == AgeResult::Success {
age_free_buffer(&mut dearmored);
}
}
#[test]
fn test_encrypt_armor_and_dearmor() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Test encrypt -> armor -> dearmor -> decrypt";
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_encrypt_armor(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut armored,
);
assert_eq!(result, AgeResult::Success);
// Dearmor
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored, &mut dearmored);
assert_eq!(result, AgeResult::Success);
// Decrypt
let mut decrypted = AgeBuffer::null();
let result = crate::decrypt::age_decrypt(
dearmored.data,
dearmored.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_string(armored);
age_free_buffer(&mut dearmored);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_armor_binary_data() {
// Test with binary data including null bytes
let binary_data: Vec<u8> = (0u16..256).map(|i| i as u8).collect();
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_armor(binary_data.as_ptr(), binary_data.len(), &mut armored);
assert_eq!(result, AgeResult::Success);
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored, &mut dearmored);
assert_eq!(result, AgeResult::Success);
let dearmored_slice = unsafe { std::slice::from_raw_parts(dearmored.data, dearmored.len) };
assert_eq!(dearmored_slice, binary_data.as_slice());
age_free_string(armored);
age_free_buffer(&mut dearmored);
}

299
zig-vendor/age-ffi/src/decrypt.rs
View File

@@ -1,299 +0,0 @@
//! In-memory decryption functions.
use crate::helpers::cstr_to_str;
use crate::types::{AgeBuffer, AgeResult};
use age::ssh;
use std::io::{BufReader, Read};
use std::os::raw::c_char;
use std::str::FromStr;
/// Decrypt data in memory using a single x25519 identity.
/// This is a simple API for common use cases.
///
/// # Arguments
/// * `ciphertext` - Pointer to the encrypted data
/// * `ciphertext_len` - Length of the ciphertext
/// * `identity` - The private key string (AGE-SECRET-KEY-1...)
/// * `output` - Pointer to receive the decrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_decrypt(
ciphertext: *const u8,
ciphertext_len: usize,
identity: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if ciphertext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let ciphertext = unsafe { std::slice::from_raw_parts(ciphertext, ciphertext_len) };
let identity_str = match unsafe { cstr_to_str(identity) } {
Ok(s) => s,
Err(e) => return e,
};
let identity = match age::x25519::Identity::from_str(identity_str) {
Ok(i) => i,
Err(_) => return AgeResult::InvalidIdentity,
};
let decrypted = match age::decrypt(&identity, ciphertext) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}
/// Decrypt data in memory using multiple identities.
/// The library will try each identity until one succeeds.
///
/// # Arguments
/// * `ciphertext` - Pointer to the encrypted data
/// * `ciphertext_len` - Length of the ciphertext
/// * `identities` - Array of identity C strings
/// * `identity_count` - Number of identities
/// * `output` - Pointer to receive the decrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_decrypt_multi(
ciphertext: *const u8,
ciphertext_len: usize,
identities: *const *const c_char,
identity_count: usize,
output: *mut AgeBuffer,
) -> AgeResult {
if ciphertext.is_null() || identities.is_null() || output.is_null() || identity_count == 0 {
return AgeResult::InvalidInput;
}
let ciphertext = unsafe { std::slice::from_raw_parts(ciphertext, ciphertext_len) };
let identity_ptrs = unsafe { std::slice::from_raw_parts(identities, identity_count) };
let mut parsed_identities: Vec<Box<dyn age::Identity>> = Vec::new();
for &ptr in identity_ptrs {
let identity_str = match unsafe { cstr_to_str(ptr) } {
Ok(s) => s.trim(),
Err(e) => return e,
};
// Try x25519 first
if let Ok(i) = age::x25519::Identity::from_str(identity_str) {
parsed_identities.push(Box::new(i));
continue;
}
// Skip comments and empty lines
if identity_str.is_empty() || identity_str.starts_with('#') {
continue;
}
return AgeResult::InvalidIdentity;
}
if parsed_identities.is_empty() {
return AgeResult::NoIdentities;
}
let decryptor = match age::Decryptor::new(ciphertext) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(parsed_identities.iter().map(|i| i.as_ref())) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}
/// Decrypt data using an SSH private key.
/// Supports both Ed25519 and RSA SSH keys.
///
/// # Arguments
/// * `ciphertext` - Pointer to the encrypted data
/// * `ciphertext_len` - Length of the ciphertext
/// * `ssh_key` - The SSH private key in PEM or OpenSSH format
/// * `passphrase` - Optional passphrase for encrypted SSH keys (can be null)
/// * `output` - Pointer to receive the decrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_decrypt_ssh(
ciphertext: *const u8,
ciphertext_len: usize,
ssh_key: *const c_char,
passphrase: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if ciphertext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let ciphertext = unsafe { std::slice::from_raw_parts(ciphertext, ciphertext_len) };
let ssh_key_str = match unsafe { cstr_to_str(ssh_key) } {
Ok(s) => s,
Err(e) => return e,
};
// Parse SSH identity from buffer
let buf_reader = BufReader::new(ssh_key_str.as_bytes());
let identity = match ssh::Identity::from_buffer(buf_reader, None) {
Ok(id) => id,
Err(_) => return AgeResult::SshKeyError,
};
// Handle encrypted SSH keys - keep as ssh::Identity since it implements age::Identity
let identity: ssh::Identity = match identity {
ssh::Identity::Unencrypted(_) => identity,
ssh::Identity::Encrypted(enc) => {
let passphrase_str = if passphrase.is_null() {
return AgeResult::PassphraseRequired;
} else {
match unsafe { cstr_to_str(passphrase) } {
Ok(s) if !s.is_empty() => s,
_ => return AgeResult::PassphraseRequired,
}
};
match enc.decrypt(age::secrecy::SecretString::from(passphrase_str.to_string())) {
Ok(id) => ssh::Identity::Unencrypted(id),
Err(_) => return AgeResult::InvalidPassphrase,
}
}
ssh::Identity::Unsupported(_) => return AgeResult::UnsupportedKey,
};
let decryptor = match age::Decryptor::new(ciphertext) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(std::iter::once(&identity as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}
/// Decrypt data using an SSH private key file.
///
/// # Arguments
/// * `ciphertext` - Pointer to the encrypted data
/// * `ciphertext_len` - Length of the ciphertext
/// * `ssh_key_path` - Path to the SSH private key file
/// * `passphrase` - Optional passphrase for encrypted SSH keys (can be null)
/// * `output` - Pointer to receive the decrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_decrypt_ssh_file(
ciphertext: *const u8,
ciphertext_len: usize,
ssh_key_path: *const c_char,
passphrase: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if ciphertext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let ciphertext = unsafe { std::slice::from_raw_parts(ciphertext, ciphertext_len) };
let path_str = match unsafe { cstr_to_str(ssh_key_path) } {
Ok(s) => s,
Err(e) => return e,
};
// The filename is passed as a hint for error messages
let filename = Some(path_str.to_string());
// Read and parse SSH key file
let ssh_key_data = match std::fs::read(path_str) {
Ok(data) => data,
Err(_) => return AgeResult::IoError,
};
let buf_reader = BufReader::new(ssh_key_data.as_slice());
let identity = match ssh::Identity::from_buffer(buf_reader, filename) {
Ok(id) => id,
Err(_) => return AgeResult::SshKeyError,
};
// Handle encrypted SSH keys - keep as ssh::Identity since it implements age::Identity
let identity: ssh::Identity = match identity {
ssh::Identity::Unencrypted(_) => identity,
ssh::Identity::Encrypted(enc) => {
// Parse passphrase if provided
let passphrase_str = if passphrase.is_null() {
return AgeResult::PassphraseRequired;
} else {
match unsafe { cstr_to_str(passphrase) } {
Ok(s) if !s.is_empty() => s,
_ => return AgeResult::PassphraseRequired,
}
};
match enc.decrypt(age::secrecy::SecretString::from(passphrase_str.to_string())) {
Ok(id) => ssh::Identity::Unencrypted(id),
Err(_) => return AgeResult::InvalidPassphrase,
}
}
ssh::Identity::Unsupported(_) => return AgeResult::UnsupportedKey,
};
let decryptor = match age::Decryptor::new(ciphertext) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(std::iter::once(&identity as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}

430
zig-vendor/age-ffi/src/decrypt_tests.rs
View File

@@ -1,430 +0,0 @@
//! Tests for in-memory decryption functions.
use crate::decrypt::*;
use crate::encrypt::*;
use crate::keys::*;
use crate::memory::*;
use crate::types::*;
use std::ffi::CString;
use std::os::raw::c_char;
#[test]
fn test_basic_decrypt() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Decryption test message";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_null_ciphertext() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
std::ptr::null(),
0,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_null_output() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_invalid_identity() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
let invalid_identity = CString::new("not-a-valid-identity").unwrap();
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
invalid_identity.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidIdentity);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_wrong_key() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
let plaintext = b"Secret message";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair1.public_key, &mut encrypted);
// Try to decrypt with wrong key
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair2.private_key, // Wrong key!
&mut decrypted,
);
assert_eq!(result, AgeResult::DecryptionFailed);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_decrypt_corrupted_ciphertext() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Original message";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
// Corrupt the ciphertext
if encrypted.len > 50 {
unsafe {
*encrypted.data.add(50) ^= 0xFF;
}
}
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
&mut decrypted,
);
// Should fail (either DecryptionFailed or other error depending on what was corrupted)
assert_ne!(result, AgeResult::Success);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_with_multiple_identities() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
let plaintext = b"Multi-identity message";
let recipients: [*const c_char; 1] = [keypair1.public_key as *const c_char];
let mut encrypted = AgeBuffer::null();
age_encrypt_multi(
plaintext.as_ptr(),
plaintext.len(),
recipients.as_ptr(),
1,
false,
&mut encrypted,
);
// Decrypt with multiple identities (one valid, one invalid for this message)
let identities: [*const c_char; 2] = [
keypair2.private_key as *const c_char, // Wrong key first
keypair1.private_key as *const c_char, // Correct key
];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
2,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_decrypt_multi_empty_identities() {
let plaintext = b"test";
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
std::ptr::null(),
0,
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_null_identity() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
std::ptr::null(),
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_null_identity_in_array() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
// Array with a null pointer inside
let identities: [*const c_char; 2] = [
keypair.private_key as *const c_char,
std::ptr::null(),
];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
2,
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_with_comments_and_empty() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test with comments";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
// Mix of comments, empty strings, and valid identity
let comment = CString::new("# This is a comment").unwrap();
let empty = CString::new("").unwrap();
let identities: [*const c_char; 3] = [
comment.as_ptr(),
empty.as_ptr(),
keypair.private_key as *const c_char,
];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
3,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_only_comments() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
// Only comments and empty - no valid identities
let comment1 = CString::new("# Comment 1").unwrap();
let comment2 = CString::new("# Comment 2").unwrap();
let empty = CString::new("").unwrap();
let identities: [*const c_char; 3] = [
comment1.as_ptr(),
comment2.as_ptr(),
empty.as_ptr(),
];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
3,
&mut decrypted,
);
assert_eq!(result, AgeResult::NoIdentities);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_invalid_identity_format() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair.public_key, &mut encrypted);
// Invalid identity (not a comment, not empty, not valid key)
let invalid = CString::new("invalid-key-format").unwrap();
let identities: [*const c_char; 1] = [invalid.as_ptr()];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
1,
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidIdentity);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_corrupted_ciphertext() {
let corrupted = b"not valid age encrypted data at all";
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let identities: [*const c_char; 1] = [keypair.private_key as *const c_char];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
corrupted.as_ptr(),
corrupted.len(),
identities.as_ptr(),
1,
&mut decrypted,
);
assert_eq!(result, AgeResult::DecryptionFailed);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_multi_wrong_key_only() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
age_encrypt(plaintext.as_ptr(), plaintext.len(), keypair1.public_key, &mut encrypted);
// Only provide wrong key
let identities: [*const c_char; 1] = [keypair2.private_key as *const c_char];
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_multi(
encrypted.data,
encrypted.len,
identities.as_ptr(),
1,
&mut decrypted,
);
assert_eq!(result, AgeResult::DecryptionFailed);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}

210
zig-vendor/age-ffi/src/encrypt.rs
View File

@@ -1,210 +0,0 @@
//! In-memory encryption functions.
use crate::helpers::{cstr_to_str, string_to_cstr};
use crate::types::{AgeBuffer, AgeResult};
use std::io::Write;
use std::os::raw::c_char;
/// Encrypt data in memory using a single x25519 recipient.
/// This is a simple API for common use cases.
///
/// # Arguments
/// * `plaintext` - Pointer to the plaintext data
/// * `plaintext_len` - Length of the plaintext
/// * `recipient` - The recipient public key (age1...)
/// * `output` - Pointer to receive the encrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_encrypt(
plaintext: *const u8,
plaintext_len: usize,
recipient: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if plaintext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext, plaintext_len) };
let recipient_str = match unsafe { cstr_to_str(recipient) } {
Ok(s) => s,
Err(e) => return e,
};
let recipient = match recipient_str.parse::<age::x25519::Recipient>() {
Ok(r) => r,
Err(_) => return AgeResult::InvalidRecipient,
};
let encrypted = match age::encrypt(&recipient, plaintext) {
Ok(e) => e,
Err(_) => return AgeResult::EncryptionFailed,
};
unsafe {
*output = AgeBuffer::from_vec(encrypted);
}
AgeResult::Success
}
/// Encrypt data in memory using multiple recipients.
///
/// # Arguments
/// * `plaintext` - Pointer to the plaintext data
/// * `plaintext_len` - Length of the plaintext
/// * `recipients` - Array of recipient public key C strings
/// * `recipient_count` - Number of recipients
/// * `armor` - If true, output will be ASCII-armored
/// * `output` - Pointer to receive the encrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_encrypt_multi(
plaintext: *const u8,
plaintext_len: usize,
recipients: *const *const c_char,
recipient_count: usize,
armor: bool,
output: *mut AgeBuffer,
) -> AgeResult {
if plaintext.is_null() || recipients.is_null() || output.is_null() || recipient_count == 0 {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext, plaintext_len) };
let recipient_ptrs = unsafe { std::slice::from_raw_parts(recipients, recipient_count) };
let mut parsed_recipients: Vec<Box<dyn age::Recipient + Send>> = Vec::new();
for &ptr in recipient_ptrs {
let recipient_str = match unsafe { cstr_to_str(ptr) } {
Ok(s) => s.trim(),
Err(e) => return e,
};
// Try x25519 first
if let Ok(r) = recipient_str.parse::<age::x25519::Recipient>() {
parsed_recipients.push(Box::new(r));
continue;
}
// Try SSH
if let Ok(r) = recipient_str.parse::<age::ssh::Recipient>() {
parsed_recipients.push(Box::new(r));
continue;
}
return AgeResult::InvalidRecipient;
}
if parsed_recipients.is_empty() {
return AgeResult::NoRecipients;
}
let encryptor = match age::Encryptor::with_recipients(
parsed_recipients.iter().map(|r| r.as_ref() as &dyn age::Recipient)
) {
Ok(e) => e,
Err(_) => return AgeResult::EncryptionFailed,
};
let mut encrypted = Vec::new();
let result = if armor {
let armor_writer = age::armor::ArmoredWriter::wrap_output(&mut encrypted, age::armor::Format::AsciiArmor)
.map_err(|_| AgeResult::ArmorError);
match armor_writer {
Ok(armor) => {
match encryptor.wrap_output(armor) {
Ok(mut writer) => {
if writer.write_all(plaintext).is_err() {
return AgeResult::EncryptionFailed;
}
match writer.finish() {
Ok(armor) => armor.finish().map_err(|_| AgeResult::ArmorError),
Err(_) => return AgeResult::EncryptionFailed,
}
}
Err(_) => return AgeResult::EncryptionFailed,
}
}
Err(e) => return e,
}
} else {
match encryptor.wrap_output(&mut encrypted) {
Ok(mut writer) => {
if writer.write_all(plaintext).is_err() {
return AgeResult::EncryptionFailed;
}
writer.finish().map_err(|_| AgeResult::EncryptionFailed)
}
Err(_) => return AgeResult::EncryptionFailed,
}
};
if result.is_err() {
return AgeResult::EncryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(encrypted);
}
AgeResult::Success
}
/// Encrypt data with ASCII armor for text-safe output.
///
/// # Arguments
/// * `plaintext` - Pointer to the plaintext data
/// * `plaintext_len` - Length of the plaintext
/// * `recipient` - The recipient public key (age1...)
/// * `output` - Pointer to receive the armored string (null-terminated)
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_encrypt_armor(
plaintext: *const u8,
plaintext_len: usize,
recipient: *const c_char,
output: *mut *mut c_char,
) -> AgeResult {
if plaintext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext, plaintext_len) };
let recipient_str = match unsafe { cstr_to_str(recipient) } {
Ok(s) => s,
Err(e) => return e,
};
let recipient = match recipient_str.parse::<age::x25519::Recipient>() {
Ok(r) => r,
Err(_) => return AgeResult::InvalidRecipient,
};
let encrypted = match age::encrypt_and_armor(&recipient, plaintext) {
Ok(e) => e,
Err(_) => return AgeResult::EncryptionFailed,
};
let c_output = match string_to_cstr(encrypted) {
Ok(s) => s,
Err(e) => return e,
};
unsafe {
*output = c_output;
}
AgeResult::Success
}

232
zig-vendor/age-ffi/src/encrypt_tests.rs
View File

@@ -1,232 +0,0 @@
//! Tests for in-memory encryption functions.
use crate::encrypt::*;
use crate::decrypt::*;
use crate::keys::*;
use crate::memory::*;
use crate::types::*;
use std::ffi::CString;
use std::os::raw::c_char;
#[test]
fn test_basic_encrypt() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Hello, encryption!";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
assert!(!encrypted.data.is_null());
assert!(encrypted.len > plaintext.len()); // Encrypted should be larger
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_null_plaintext() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
std::ptr::null(),
0,
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_null_output() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_invalid_recipient() {
let invalid_recipient = CString::new("not-a-valid-recipient").unwrap();
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
invalid_recipient.as_ptr(),
&mut encrypted,
);
assert_eq!(result, AgeResult::InvalidRecipient);
}
#[test]
fn test_encrypt_multi_two_recipients() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
let plaintext = b"Message for both recipients";
let recipients: [*const c_char; 2] = [
keypair1.public_key as *const c_char,
keypair2.public_key as *const c_char,
];
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_multi(
plaintext.as_ptr(),
plaintext.len(),
recipients.as_ptr(),
2,
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Both recipients should be able to decrypt
let mut decrypted1 = AgeBuffer::null();
let result = age_decrypt(encrypted.data, encrypted.len, keypair1.private_key, &mut decrypted1);
assert_eq!(result, AgeResult::Success);
let mut decrypted2 = AgeBuffer::null();
let result = age_decrypt(encrypted.data, encrypted.len, keypair2.private_key, &mut decrypted2);
assert_eq!(result, AgeResult::Success);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted1);
age_free_buffer(&mut decrypted2);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_encrypt_multi_with_armor() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Armored multi-recipient message";
let recipients: [*const c_char; 1] = [keypair.public_key as *const c_char];
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_multi(
plaintext.as_ptr(),
plaintext.len(),
recipients.as_ptr(),
1,
true, // armor
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Check it's armored
let encrypted_slice = unsafe { std::slice::from_raw_parts(encrypted.data, encrypted.len) };
let encrypted_str = std::str::from_utf8(encrypted_slice).unwrap();
assert!(encrypted_str.contains("-----BEGIN AGE ENCRYPTED FILE-----"));
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_multi_empty_recipients() {
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_multi(
plaintext.as_ptr(),
plaintext.len(),
std::ptr::null(),
0,
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_encrypt_armor() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Armored message";
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_encrypt_armor(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut armored,
);
assert_eq!(result, AgeResult::Success);
assert!(!armored.is_null());
let armored_str = unsafe { std::ffi::CStr::from_ptr(armored).to_str().unwrap() };
assert!(armored_str.starts_with("-----BEGIN AGE ENCRYPTED FILE-----"));
assert!(armored_str.contains("-----END AGE ENCRYPTED FILE-----"));
age_free_string(armored);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_various_sizes() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let sizes = [0, 1, 16, 256, 1024, 4096, 65536];
for size in sizes {
let plaintext: Vec<u8> = (0..size).map(|i| (i % 256) as u8).collect();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success, "Failed for size {}", size);
// Verify we can decrypt it back
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(encrypted.data, encrypted.len, keypair.private_key, &mut decrypted);
assert_eq!(result, AgeResult::Success, "Decrypt failed for size {}", size);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext.as_slice(), "Mismatch for size {}", size);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
age_free_keypair(&mut keypair);
}

351
zig-vendor/age-ffi/src/file.rs
View File

@@ -1,351 +0,0 @@
//! File-based encryption and decryption operations.
use crate::helpers::{cstr_to_str, cstr_to_string};
use crate::types::{AgeBuffer, AgeResult};
use age::secrecy::SecretString;
use std::fs::File;
use std::io::{Read, Write};
use std::os::raw::c_char;
use std::str::FromStr;
/// Encrypt data to a file using a recipient.
///
/// # Arguments
/// * `plaintext` - The data to encrypt
/// * `plaintext_len` - Length of the plaintext
/// * `output_path` - Path to write the encrypted .age file
/// * `recipient` - The recipient public key (age1...) or path to recipients file
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_encrypt_to_file(
plaintext: *const c_char,
plaintext_len: usize,
output_path: *const c_char,
recipient: *const c_char,
) -> AgeResult {
if plaintext.is_null() || output_path.is_null() || recipient.is_null() {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext as *const u8, plaintext_len) };
let output_path = match unsafe { cstr_to_str(output_path) } {
Ok(s) => s,
Err(e) => return e,
};
let recipient_str = match unsafe { cstr_to_str(recipient) } {
Ok(s) => s,
Err(e) => return e,
};
// Parse recipients - could be a file path or a direct recipient key
// Supports: x25519 (age1...), plugin (age1<plugin>1...), and ssh (ssh-...)
let mut recipients: Vec<Box<dyn age::Recipient + Send>> = Vec::new();
let mut plugin_recipients: Vec<age::plugin::Recipient> = Vec::new();
let recipient_lines: Vec<&str> = if recipient_str.starts_with("age1") || recipient_str.starts_with("ssh-") {
vec![recipient_str]
} else {
// Assume it's a file path containing recipients
match std::fs::read_to_string(recipient_str) {
Ok(contents) => {
// We need to own the string for the lines
let contents_leaked: &'static str = Box::leak(contents.into_boxed_str());
contents_leaked
.lines()
.filter(|line| !line.starts_with('#') && !line.is_empty())
.map(|line| line.trim())
.collect()
}
Err(_) => return AgeResult::IoError,
}
};
for line in recipient_lines {
// Try x25519 first
if let Ok(r) = line.parse::<age::x25519::Recipient>() {
recipients.push(Box::new(r));
continue;
}
// Then try plugin recipient - collect these separately
if let Ok(r) = line.parse::<age::plugin::Recipient>() {
plugin_recipients.push(r);
continue;
}
// Finally try SSH
if let Ok(r) = line.parse::<age::ssh::Recipient>() {
recipients.push(Box::new(r));
continue;
}
// Skip unrecognized lines
}
// Create plugin recipients wrapper if we have any plugin recipients
// Group them by plugin name
if !plugin_recipients.is_empty() {
use std::collections::HashMap;
let mut by_plugin: HashMap<String, Vec<age::plugin::Recipient>> = HashMap::new();
for r in plugin_recipients {
by_plugin.entry(r.plugin().to_string()).or_default().push(r);
}
for (plugin_name, plugin_recs) in by_plugin {
match age::plugin::RecipientPluginV1::new(
&plugin_name,
&plugin_recs,
&[],
age::NoCallbacks,
) {
Ok(plugin) => recipients.push(Box::new(plugin)),
Err(_) => return AgeResult::InvalidRecipient,
}
}
}
if recipients.is_empty() {
return AgeResult::InvalidRecipient;
}
let output_file = match File::create(output_path) {
Ok(f) => f,
Err(_) => return AgeResult::IoError,
};
let encryptor = match age::Encryptor::with_recipients(recipients.iter().map(|r| r.as_ref() as &dyn age::Recipient)) {
Ok(e) => e,
Err(_) => return AgeResult::EncryptionFailed,
};
let mut writer = match encryptor.wrap_output(output_file) {
Ok(w) => w,
Err(_) => return AgeResult::EncryptionFailed,
};
if writer.write_all(plaintext).is_err() {
return AgeResult::EncryptionFailed;
}
if writer.finish().is_err() {
return AgeResult::EncryptionFailed;
}
AgeResult::Success
}
/// Encrypt data to a file with ASCII armor.
#[no_mangle]
pub extern "C" fn age_encrypt_to_file_armor(
plaintext: *const u8,
plaintext_len: usize,
output_path: *const c_char,
recipient: *const c_char,
) -> AgeResult {
if plaintext.is_null() || output_path.is_null() {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext, plaintext_len) };
let output_path = match unsafe { cstr_to_str(output_path) } {
Ok(s) => s,
Err(e) => return e,
};
let recipient_str = match unsafe { cstr_to_str(recipient) } {
Ok(s) => s,
Err(e) => return e,
};
let recipient = match recipient_str.parse::<age::x25519::Recipient>() {
Ok(r) => r,
Err(_) => return AgeResult::InvalidRecipient,
};
let encrypted = match age::encrypt_and_armor(&recipient, plaintext) {
Ok(e) => e,
Err(_) => return AgeResult::EncryptionFailed,
};
if std::fs::write(output_path, encrypted).is_err() {
return AgeResult::IoError;
}
AgeResult::Success
}
/// Decrypt data from a file using an identity file.
///
/// This function supports all identity types including:
/// - Standard x25519 identities (AGE-SECRET-KEY-...)
/// - SSH identities
/// - Plugin identities (AGE-PLUGIN-...)
#[no_mangle]
pub extern "C" fn age_decrypt_file(
encrypted_path: *const c_char,
identity_path: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if output.is_null() {
return AgeResult::InvalidInput;
}
let encrypted_path = match unsafe { cstr_to_str(encrypted_path) } {
Ok(s) => s,
Err(e) => return e,
};
let identity_path = match unsafe { cstr_to_str(identity_path) } {
Ok(s) => s,
Err(e) => return e,
};
// Use IdentityFile to parse the identity file - this supports all identity types
// including plugin identities (AGE-PLUGIN-...)
let identity_file = match age::IdentityFile::from_file(identity_path.to_string()) {
Ok(f) => f,
Err(_) => return AgeResult::IoError,
};
// Get all identities from the file
let identities = match identity_file.into_identities() {
Ok(ids) => ids,
Err(_) => return AgeResult::InvalidIdentity,
};
if identities.is_empty() {
return AgeResult::InvalidIdentity;
}
let encrypted_file = match File::open(encrypted_path) {
Ok(f) => f,
Err(_) => return AgeResult::IoError,
};
let decryptor = match age::Decryptor::new(encrypted_file) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(identities.iter().map(|i| i.as_ref() as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}
/// Decrypt data from a file using a single identity string.
#[no_mangle]
pub extern "C" fn age_decrypt_file_with_identity(
encrypted_path: *const c_char,
identity: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if output.is_null() {
return AgeResult::InvalidInput;
}
let encrypted_path = match unsafe { cstr_to_str(encrypted_path) } {
Ok(s) => s,
Err(e) => return e,
};
let identity_str = match unsafe { cstr_to_str(identity) } {
Ok(s) => s,
Err(e) => return e,
};
let identity = match age::x25519::Identity::from_str(identity_str) {
Ok(i) => i,
Err(_) => return AgeResult::InvalidIdentity,
};
let encrypted_file = match File::open(encrypted_path) {
Ok(f) => f,
Err(_) => return AgeResult::IoError,
};
let decryptor = match age::Decryptor::new(encrypted_file) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(std::iter::once(&identity as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}
/// Decrypt a file using a passphrase.
#[no_mangle]
pub extern "C" fn age_decrypt_file_passphrase(
encrypted_path: *const c_char,
passphrase: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if output.is_null() {
return AgeResult::InvalidInput;
}
let encrypted_path = match unsafe { cstr_to_str(encrypted_path) } {
Ok(s) => s,
Err(e) => return e,
};
let passphrase_str = match unsafe { cstr_to_string(passphrase) } {
Ok(s) => s,
Err(e) => return e,
};
let secret = SecretString::from(passphrase_str);
let identity = age::scrypt::Identity::new(secret);
let encrypted_file = match File::open(encrypted_path) {
Ok(f) => f,
Err(_) => return AgeResult::IoError,
};
let decryptor = match age::Decryptor::new(encrypted_file) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(std::iter::once(&identity as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}

808
zig-vendor/age-ffi/src/file_tests.rs
View File

@@ -1,808 +0,0 @@
//! Tests for file-based encryption and decryption functions.
use crate::file::*;
use crate::keys::*;
use crate::memory::*;
use crate::passphrase::*;
use crate::types::*;
use std::ffi::CString;
use std::fs;
use std::io::Write;
fn create_temp_file(suffix: &str) -> String {
let temp_dir = std::env::temp_dir();
let unique_id = std::time::SystemTime::now()
.duration_since(std::time::UNIX_EPOCH)
.unwrap()
.as_nanos();
format!("{}/age_test_{}_{}", temp_dir.display(), unique_id, suffix)
}
// ============= age_encrypt_to_file tests =============
#[test]
fn test_encrypt_to_file_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Hello, file encryption!";
let output_path = create_temp_file("encrypted.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
output_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
assert!(std::path::Path::new(&output_path).exists());
// Clean up
fs::remove_file(&output_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_to_file_null_plaintext() {
let output_path = create_temp_file("test.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let recipient = CString::new("age1test").unwrap();
let result = age_encrypt_to_file(
std::ptr::null(),
0,
output_path_c.as_ptr(),
recipient.as_ptr(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_encrypt_to_file_null_output_path() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
std::ptr::null(),
keypair.public_key,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_to_file_null_recipient() {
let plaintext = b"test";
let output_path = create_temp_file("test.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
output_path_c.as_ptr(),
std::ptr::null(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_encrypt_to_file_invalid_recipient() {
let plaintext = b"test";
let output_path = create_temp_file("test.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let invalid_recipient = CString::new("age1invalid_not_a_real_key").unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
output_path_c.as_ptr(),
invalid_recipient.as_ptr(),
);
assert_eq!(result, AgeResult::InvalidRecipient);
}
#[test]
fn test_encrypt_to_file_and_decrypt_with_identity() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Round trip file encryption test!";
let output_path = create_temp_file("roundtrip.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
// Encrypt to file
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
output_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Decrypt with identity string
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
output_path_c.as_ptr(),
keypair.private_key,
&mut output,
);
assert_eq!(result, AgeResult::Success);
let decrypted = unsafe { std::slice::from_raw_parts(output.data, output.len) };
assert_eq!(decrypted, plaintext);
// Clean up
fs::remove_file(&output_path).ok();
age_free_buffer(&mut output);
age_free_keypair(&mut keypair);
}
// ============= age_encrypt_to_file_armor tests =============
#[test]
fn test_encrypt_to_file_armor_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Armored file test";
let output_path = create_temp_file("armored.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let result = age_encrypt_to_file_armor(
plaintext.as_ptr(),
plaintext.len(),
output_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Verify the file is armored
let contents = fs::read_to_string(&output_path).unwrap();
assert!(contents.contains("-----BEGIN AGE ENCRYPTED FILE-----"));
assert!(contents.contains("-----END AGE ENCRYPTED FILE-----"));
// Clean up
fs::remove_file(&output_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_to_file_armor_null_plaintext() {
let output_path = create_temp_file("test.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let recipient = CString::new("age1test").unwrap();
let result = age_encrypt_to_file_armor(
std::ptr::null(),
0,
output_path_c.as_ptr(),
recipient.as_ptr(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_encrypt_to_file_armor_null_output_path() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"test";
let result = age_encrypt_to_file_armor(
plaintext.as_ptr(),
plaintext.len(),
std::ptr::null(),
keypair.public_key,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_to_file_armor_invalid_recipient() {
let plaintext = b"test";
let output_path = create_temp_file("test.age");
let output_path_c = CString::new(output_path.as_str()).unwrap();
let invalid_recipient = CString::new("not-a-recipient").unwrap();
let result = age_encrypt_to_file_armor(
plaintext.as_ptr(),
plaintext.len(),
output_path_c.as_ptr(),
invalid_recipient.as_ptr(),
);
assert_eq!(result, AgeResult::InvalidRecipient);
}
// ============= age_decrypt_file tests =============
#[test]
fn test_decrypt_file_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Decrypt from identity file test";
// Create encrypted file
let encrypted_path = create_temp_file("encrypted.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Create identity file
let identity_path = create_temp_file("identity.txt");
let private_key = unsafe { std::ffi::CStr::from_ptr(keypair.private_key).to_str().unwrap() };
fs::write(&identity_path, private_key).unwrap();
let identity_path_c = CString::new(identity_path.as_str()).unwrap();
// Decrypt
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
encrypted_path_c.as_ptr(),
identity_path_c.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::Success);
let decrypted = unsafe { std::slice::from_raw_parts(output.data, output.len) };
assert_eq!(decrypted, plaintext);
// Clean up
fs::remove_file(&encrypted_path).ok();
fs::remove_file(&identity_path).ok();
age_free_buffer(&mut output);
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_file_null_output() {
let encrypted_path = CString::new("/tmp/test.age").unwrap();
let identity_path = CString::new("/tmp/identity.txt").unwrap();
let result = age_decrypt_file(
encrypted_path.as_ptr(),
identity_path.as_ptr(),
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_null_encrypted_path() {
let identity_path = CString::new("/tmp/identity.txt").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
std::ptr::null(),
identity_path.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_nonexistent_identity_file() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Create a real encrypted file
let plaintext = b"test";
let encrypted_path = create_temp_file("test_enc.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Try to decrypt with nonexistent identity file
let identity_path = CString::new("/nonexistent/identity.txt").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
encrypted_path_c.as_ptr(),
identity_path.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::IoError);
fs::remove_file(&encrypted_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_file_nonexistent_encrypted_file() {
// Create a valid identity file
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let identity_path = create_temp_file("identity.txt");
let private_key = unsafe { std::ffi::CStr::from_ptr(keypair.private_key).to_str().unwrap() };
fs::write(&identity_path, private_key).unwrap();
let identity_path_c = CString::new(identity_path.as_str()).unwrap();
let encrypted_path = CString::new("/nonexistent/encrypted.age").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
encrypted_path.as_ptr(),
identity_path_c.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::IoError);
fs::remove_file(&identity_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_file_empty_identity_file() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Create encrypted file
let plaintext = b"test";
let encrypted_path = create_temp_file("enc.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Create empty identity file
let identity_path = create_temp_file("empty_identity.txt");
fs::write(&identity_path, "").unwrap();
let identity_path_c = CString::new(identity_path.as_str()).unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
encrypted_path_c.as_ptr(),
identity_path_c.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::InvalidIdentity);
fs::remove_file(&encrypted_path).ok();
fs::remove_file(&identity_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_file_with_comments_in_identity() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Create encrypted file
let plaintext = b"test with comments";
let encrypted_path = create_temp_file("enc_comments.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
// Create identity file with comments
let identity_path = create_temp_file("identity_with_comments.txt");
let private_key = unsafe { std::ffi::CStr::from_ptr(keypair.private_key).to_str().unwrap() };
let content = format!("# This is a comment\n\n{}\n# Another comment", private_key);
fs::write(&identity_path, content).unwrap();
let identity_path_c = CString::new(identity_path.as_str()).unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file(
encrypted_path_c.as_ptr(),
identity_path_c.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::Success);
let decrypted = unsafe { std::slice::from_raw_parts(output.data, output.len) };
assert_eq!(decrypted, plaintext);
fs::remove_file(&encrypted_path).ok();
fs::remove_file(&identity_path).ok();
age_free_buffer(&mut output);
age_free_keypair(&mut keypair);
}
// ============= age_decrypt_file_with_identity tests =============
#[test]
fn test_decrypt_file_with_identity_null_output() {
let encrypted_path = CString::new("/tmp/test.age").unwrap();
let identity = CString::new("AGE-SECRET-KEY-1TEST").unwrap();
let result = age_decrypt_file_with_identity(
encrypted_path.as_ptr(),
identity.as_ptr(),
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_with_identity_null_path() {
let identity = CString::new("AGE-SECRET-KEY-1TEST").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
std::ptr::null(),
identity.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_with_identity_invalid_identity() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Create encrypted file
let plaintext = b"test";
let encrypted_path = create_temp_file("enc_invalid_id.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair.public_key,
);
assert_eq!(result, AgeResult::Success);
let invalid_identity = CString::new("not-a-valid-identity").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path_c.as_ptr(),
invalid_identity.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::InvalidIdentity);
fs::remove_file(&encrypted_path).ok();
age_free_keypair(&mut keypair);
}
#[test]
fn test_decrypt_file_with_identity_wrong_key() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
// Encrypt with keypair1
let plaintext = b"secret message";
let encrypted_path = create_temp_file("wrong_key.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
keypair1.public_key,
);
assert_eq!(result, AgeResult::Success);
// Try to decrypt with keypair2
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path_c.as_ptr(),
keypair2.private_key,
&mut output,
);
assert_eq!(result, AgeResult::DecryptionFailed);
fs::remove_file(&encrypted_path).ok();
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_decrypt_file_with_identity_nonexistent_file() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let encrypted_path = CString::new("/nonexistent/file.age").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path.as_ptr(),
keypair.private_key,
&mut output,
);
assert_eq!(result, AgeResult::IoError);
age_free_keypair(&mut keypair);
}
// ============= age_decrypt_file_passphrase tests =============
#[test]
fn test_decrypt_file_passphrase_basic() {
let passphrase = CString::new("mysecretpassword").unwrap();
let plaintext = b"Passphrase protected content";
// Encrypt with passphrase first (using in-memory function)
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Write encrypted content to file
let encrypted_path = create_temp_file("passphrase.age");
let encrypted_slice = unsafe { std::slice::from_raw_parts(encrypted.data, encrypted.len) };
fs::write(&encrypted_path, encrypted_slice).unwrap();
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
// Decrypt file with passphrase
let mut output = AgeBuffer::null();
let result = age_decrypt_file_passphrase(
encrypted_path_c.as_ptr(),
passphrase.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::Success);
let decrypted = unsafe { std::slice::from_raw_parts(output.data, output.len) };
assert_eq!(decrypted, plaintext);
// Clean up
fs::remove_file(&encrypted_path).ok();
age_free_buffer(&mut encrypted);
age_free_buffer(&mut output);
}
#[test]
fn test_decrypt_file_passphrase_null_output() {
let encrypted_path = CString::new("/tmp/test.age").unwrap();
let passphrase = CString::new("password").unwrap();
let result = age_decrypt_file_passphrase(
encrypted_path.as_ptr(),
passphrase.as_ptr(),
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_passphrase_null_path() {
let passphrase = CString::new("password").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_passphrase(
std::ptr::null(),
passphrase.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_decrypt_file_passphrase_wrong_passphrase() {
let passphrase = CString::new("correctpassword").unwrap();
let wrong_passphrase = CString::new("wrongpassword").unwrap();
let plaintext = b"Secret content";
// Encrypt with passphrase
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Write to file
let encrypted_path = create_temp_file("wrong_pass.age");
let encrypted_slice = unsafe { std::slice::from_raw_parts(encrypted.data, encrypted.len) };
fs::write(&encrypted_path, encrypted_slice).unwrap();
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
// Try to decrypt with wrong passphrase
let mut output = AgeBuffer::null();
let result = age_decrypt_file_passphrase(
encrypted_path_c.as_ptr(),
wrong_passphrase.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::DecryptionFailed);
// Clean up
fs::remove_file(&encrypted_path).ok();
age_free_buffer(&mut encrypted);
}
#[test]
fn test_decrypt_file_passphrase_nonexistent_file() {
let passphrase = CString::new("password").unwrap();
let encrypted_path = CString::new("/nonexistent/passphrase.age").unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_passphrase(
encrypted_path.as_ptr(),
passphrase.as_ptr(),
&mut output,
);
assert_eq!(result, AgeResult::IoError);
}
// ============= Recipient file tests =============
#[test]
fn test_encrypt_to_file_with_recipients_file() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
// Create recipients file
let recipients_path = create_temp_file("recipients.txt");
let pub_key1 = unsafe { std::ffi::CStr::from_ptr(keypair1.public_key).to_str().unwrap() };
let pub_key2 = unsafe { std::ffi::CStr::from_ptr(keypair2.public_key).to_str().unwrap() };
let content = format!("# Comment line\n{}\n{}\n", pub_key1, pub_key2);
fs::write(&recipients_path, content).unwrap();
let recipients_path_c = CString::new(recipients_path.as_str()).unwrap();
// Encrypt to file
let plaintext = b"Multi-recipient from file test";
let encrypted_path = create_temp_file("multi_recip.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
recipients_path_c.as_ptr(),
);
assert_eq!(result, AgeResult::Success);
// Both recipients should be able to decrypt
let mut output1 = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path_c.as_ptr(),
keypair1.private_key,
&mut output1,
);
assert_eq!(result, AgeResult::Success);
let mut output2 = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path_c.as_ptr(),
keypair2.private_key,
&mut output2,
);
assert_eq!(result, AgeResult::Success);
// Clean up
fs::remove_file(&recipients_path).ok();
fs::remove_file(&encrypted_path).ok();
age_free_buffer(&mut output1);
age_free_buffer(&mut output2);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_encrypt_to_file_empty_recipients_file() {
let plaintext = b"test";
let encrypted_path = create_temp_file("empty_recip.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
// Create empty recipients file
let recipients_path = create_temp_file("empty_recipients.txt");
fs::write(&recipients_path, "# Only comments\n\n").unwrap();
let recipients_path_c = CString::new(recipients_path.as_str()).unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
recipients_path_c.as_ptr(),
);
assert_eq!(result, AgeResult::InvalidRecipient);
// Clean up
fs::remove_file(&recipients_path).ok();
}
#[test]
fn test_encrypt_to_file_nonexistent_recipients_file() {
let plaintext = b"test";
let encrypted_path = create_temp_file("test.age");
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let recipients_path = CString::new("/nonexistent/recipients.txt").unwrap();
let result = age_encrypt_to_file(
plaintext.as_ptr() as *const i8,
plaintext.len(),
encrypted_path_c.as_ptr(),
recipients_path.as_ptr(),
);
assert_eq!(result, AgeResult::IoError);
}
#[test]
fn test_decrypt_file_corrupted_file() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Create corrupted encrypted file
let encrypted_path = create_temp_file("corrupted.age");
fs::write(&encrypted_path, "not valid age encrypted content").unwrap();
let encrypted_path_c = CString::new(encrypted_path.as_str()).unwrap();
let mut output = AgeBuffer::null();
let result = age_decrypt_file_with_identity(
encrypted_path_c.as_ptr(),
keypair.private_key,
&mut output,
);
assert_eq!(result, AgeResult::DecryptionFailed);
// Clean up
fs::remove_file(&encrypted_path).ok();
age_free_keypair(&mut keypair);
}

27
zig-vendor/age-ffi/src/helpers.rs
View File

@@ -1,27 +0,0 @@
//! Internal helper functions for FFI conversions.
use crate::types::AgeResult;
use std::ffi::{CStr, CString};
use std::os::raw::c_char;
/// Safely convert a C string pointer to a Rust &str
pub unsafe fn cstr_to_str<'a>(ptr: *const c_char) -> Result<&'a str, AgeResult> {
if ptr.is_null() {
return Err(AgeResult::InvalidInput);
}
CStr::from_ptr(ptr)
.to_str()
.map_err(|_| AgeResult::InvalidUtf8)
}
/// Safely convert a C string pointer to a Rust String
pub unsafe fn cstr_to_string(ptr: *const c_char) -> Result<String, AgeResult> {
cstr_to_str(ptr).map(|s| s.to_owned())
}
/// Convert a Rust String to a C string pointer (caller must free)
pub fn string_to_cstr(s: String) -> Result<*mut c_char, AgeResult> {
CString::new(s)
.map(|cs| cs.into_raw())
.map_err(|_| AgeResult::InvalidInput)
}

92
zig-vendor/age-ffi/src/keys.rs
View File

@@ -1,92 +0,0 @@
//! Key generation and derivation functions.
use crate::helpers::{cstr_to_str, string_to_cstr};
use crate::types::{AgeKeypair, AgeResult};
use age::secrecy::ExposeSecret;
use std::ffi::CString;
use std::os::raw::c_char;
use std::str::FromStr;
/// Generate a new age x25519 keypair.
///
/// # Arguments
/// * `keypair` - Pointer to receive the generated keypair
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_generate_x25519(keypair: *mut AgeKeypair) -> AgeResult {
if keypair.is_null() {
return AgeResult::InvalidInput;
}
let identity = age::x25519::Identity::generate();
let public_key = identity.to_public().to_string();
let private_key = identity.to_string().expose_secret().to_string();
let c_public = match string_to_cstr(public_key) {
Ok(s) => s,
Err(e) => return e,
};
let c_private = match string_to_cstr(private_key) {
Ok(s) => s,
Err(e) => {
unsafe { drop(CString::from_raw(c_public)); }
return e;
}
};
unsafe {
(*keypair).public_key = c_public;
(*keypair).private_key = c_private;
}
AgeResult::Success
}
/// Alias for age_generate_x25519 for backwards compatibility.
#[no_mangle]
pub extern "C" fn age_generate_keypair(keypair: *mut AgeKeypair) -> AgeResult {
age_generate_x25519(keypair)
}
/// Derive the public key from a private x25519 identity.
///
/// # Arguments
/// * `private_key` - The private key string (AGE-SECRET-KEY-1...)
/// * `public_key` - Pointer to receive the public key string
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_x25519_to_public(
private_key: *const c_char,
public_key: *mut *mut c_char,
) -> AgeResult {
if public_key.is_null() {
return AgeResult::InvalidInput;
}
let private_str = match unsafe { cstr_to_str(private_key) } {
Ok(s) => s,
Err(e) => return e,
};
let identity = match age::x25519::Identity::from_str(private_str) {
Ok(i) => i,
Err(_) => return AgeResult::InvalidIdentity,
};
let public_str = identity.to_public().to_string();
let c_public = match string_to_cstr(public_str) {
Ok(s) => s,
Err(e) => return e,
};
unsafe {
*public_key = c_public;
}
AgeResult::Success
}

122
zig-vendor/age-ffi/src/keys_tests.rs
View File

@@ -1,122 +0,0 @@
//! Tests for key generation and derivation functions.
use crate::keys::*;
use crate::memory::*;
use crate::types::*;
use std::ffi::CStr;
#[test]
fn test_generate_x25519_keypair() {
let mut keypair = AgeKeypair::null();
let result = age_generate_x25519(&mut keypair);
assert_eq!(result, AgeResult::Success);
assert!(!keypair.public_key.is_null());
assert!(!keypair.private_key.is_null());
unsafe {
let public = CStr::from_ptr(keypair.public_key).to_str().unwrap();
let private = CStr::from_ptr(keypair.private_key).to_str().unwrap();
assert!(public.starts_with("age1"), "Public key should start with 'age1'");
assert!(private.starts_with("AGE-SECRET-KEY-1"), "Private key should start with 'AGE-SECRET-KEY-1'");
// Check key lengths are reasonable
assert!(public.len() > 50, "Public key should be at least 50 chars");
assert!(private.len() > 50, "Private key should be at least 50 chars");
}
age_free_keypair(&mut keypair);
}
#[test]
fn test_generate_keypair_alias() {
let mut keypair = AgeKeypair::null();
let result = age_generate_keypair(&mut keypair);
assert_eq!(result, AgeResult::Success);
assert!(!keypair.public_key.is_null());
assert!(!keypair.private_key.is_null());
age_free_keypair(&mut keypair);
}
#[test]
fn test_generate_x25519_null_pointer() {
let result = age_generate_x25519(std::ptr::null_mut());
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_derive_public_key() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let mut derived_public: *mut std::os::raw::c_char = std::ptr::null_mut();
let result = age_x25519_to_public(keypair.private_key, &mut derived_public);
assert_eq!(result, AgeResult::Success);
assert!(!derived_public.is_null());
// The derived public key should match the original
let original = unsafe { CStr::from_ptr(keypair.public_key).to_str().unwrap() };
let derived = unsafe { CStr::from_ptr(derived_public).to_str().unwrap() };
assert_eq!(original, derived);
age_free_string(derived_public);
age_free_keypair(&mut keypair);
}
#[test]
fn test_derive_public_key_invalid_input() {
use std::ffi::CString;
let mut derived_public: *mut std::os::raw::c_char = std::ptr::null_mut();
// Null output pointer
let result = age_x25519_to_public(std::ptr::null(), std::ptr::null_mut());
assert_eq!(result, AgeResult::InvalidInput);
// Invalid private key
let invalid_key = CString::new("not-a-valid-key").unwrap();
let result = age_x25519_to_public(invalid_key.as_ptr(), &mut derived_public);
assert_eq!(result, AgeResult::InvalidIdentity);
}
#[test]
fn test_derive_public_key_null_private_key() {
let mut derived_public: *mut std::os::raw::c_char = std::ptr::null_mut();
// Null private key but valid output pointer
let result = age_x25519_to_public(std::ptr::null(), &mut derived_public);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_multiple_keypair_generation() {
// Generate multiple keypairs and ensure they're all unique
let mut keypairs: Vec<AgeKeypair> = Vec::new();
for _ in 0..10 {
let mut keypair = AgeKeypair::null();
let result = age_generate_x25519(&mut keypair);
assert_eq!(result, AgeResult::Success);
keypairs.push(keypair);
}
// Check all public keys are unique
let public_keys: Vec<String> = keypairs.iter().map(|kp| {
unsafe { CStr::from_ptr(kp.public_key).to_str().unwrap().to_string() }
}).collect();
for i in 0..public_keys.len() {
for j in (i+1)..public_keys.len() {
assert_ne!(public_keys[i], public_keys[j], "Keypairs should be unique");
}
}
// Cleanup
for keypair in &mut keypairs {
age_free_keypair(keypair);
}
}

88
zig-vendor/age-ffi/src/lib.rs
View File

@@ -1,88 +0,0 @@
//! Complete FFI wrapper for the age encryption library.
//!
//! Provides C-compatible functions for all age encryption operations:
//! - Key generation (x25519, SSH)
//! - Encryption/decryption (memory and file-based)
//! - Passphrase-based encryption (scrypt)
//! - ASCII armor support
//! - Multiple recipients support
extern crate libc;
// Internal modules
mod helpers;
// Public modules
pub mod types;
pub mod keys;
pub mod encrypt;
pub mod decrypt;
pub mod passphrase;
pub mod file;
pub mod armor;
pub mod validation;
pub mod memory;
// Re-export all public types
pub use types::{AgeBuffer, AgeEncryptConfig, AgeKeypair, AgeResult};
// Re-export all public functions
pub use keys::{age_generate_keypair, age_generate_x25519, age_x25519_to_public};
pub use encrypt::{age_encrypt, age_encrypt_armor, age_encrypt_multi};
pub use decrypt::{age_decrypt, age_decrypt_multi, age_decrypt_ssh, age_decrypt_ssh_file};
pub use passphrase::{age_decrypt_passphrase, age_encrypt_passphrase};
pub use file::{
age_decrypt_file, age_decrypt_file_passphrase, age_decrypt_file_with_identity,
age_encrypt_to_file, age_encrypt_to_file_armor,
};
pub use armor::{age_armor, age_dearmor};
pub use validation::{
age_is_valid_ssh_recipient, age_is_valid_x25519_identity, age_is_valid_x25519_recipient,
age_recipient_type,
};
pub use memory::{age_free_buffer, age_free_keypair, age_free_string};
use std::os::raw::c_char;
/// Get the version of the age-ffi library.
/// Returns a static string, do not free.
#[no_mangle]
pub extern "C" fn age_version() -> *const c_char {
static VERSION: &[u8] = b"0.1.0\0";
VERSION.as_ptr() as *const c_char
}
/// Get the version of the underlying age library.
/// Returns a static string, do not free.
#[no_mangle]
pub extern "C" fn age_lib_version() -> *const c_char {
static VERSION: &[u8] = b"0.11.0\0";
VERSION.as_ptr() as *const c_char
}
#[cfg(test)]
mod tests;
#[cfg(test)]
mod keys_tests;
#[cfg(test)]
mod encrypt_tests;
#[cfg(test)]
mod decrypt_tests;
#[cfg(test)]
mod passphrase_tests;
#[cfg(test)]
mod armor_tests;
#[cfg(test)]
mod validation_tests;
#[cfg(test)]
mod memory_tests;
#[cfg(test)]
mod file_tests;

60
zig-vendor/age-ffi/src/memory.rs
View File

@@ -1,60 +0,0 @@
//! Memory management functions.
use crate::types::{AgeBuffer, AgeKeypair};
use std::ffi::CString;
use std::os::raw::c_char;
/// Free a buffer allocated by this library.
///
/// # Safety
/// The buffer must have been allocated by one of the age_* functions.
#[no_mangle]
pub extern "C" fn age_free_buffer(buffer: *mut AgeBuffer) {
if buffer.is_null() {
return;
}
unsafe {
let buf = &*buffer;
if !buf.data.is_null() && buf.capacity > 0 {
// Reconstruct the boxed slice and drop it
let slice = std::slice::from_raw_parts_mut(buf.data, buf.capacity);
drop(Box::from_raw(slice as *mut [u8]));
}
(*buffer) = AgeBuffer::null();
}
}
/// Free a string allocated by this library.
///
/// # Safety
/// The pointer must have been allocated by one of the age_* functions.
#[no_mangle]
pub extern "C" fn age_free_string(s: *mut c_char) {
if !s.is_null() {
unsafe {
drop(CString::from_raw(s));
}
}
}
/// Free a keypair allocated by age_generate_keypair.
///
/// # Safety
/// The keypair must have been allocated by age_generate_keypair.
#[no_mangle]
pub extern "C" fn age_free_keypair(keypair: *mut AgeKeypair) {
if keypair.is_null() {
return;
}
unsafe {
if !(*keypair).public_key.is_null() {
drop(CString::from_raw((*keypair).public_key));
}
if !(*keypair).private_key.is_null() {
drop(CString::from_raw((*keypair).private_key));
}
(*keypair) = AgeKeypair::null();
}
}

208
zig-vendor/age-ffi/src/memory_tests.rs
View File

@@ -1,208 +0,0 @@
//! Tests for memory management functions.
use crate::encrypt::*;
use crate::keys::*;
use crate::memory::*;
use crate::types::*;
use std::os::raw::c_char;
#[test]
fn test_free_buffer_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Test message for buffer freeing";
let mut encrypted = AgeBuffer::null();
age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
// Should not crash
age_free_buffer(&mut encrypted);
// Buffer should be nulled out
assert!(encrypted.data.is_null());
assert_eq!(encrypted.len, 0);
assert_eq!(encrypted.capacity, 0);
age_free_keypair(&mut keypair);
}
#[test]
fn test_free_buffer_null() {
// Should not crash on null pointer
age_free_buffer(std::ptr::null_mut());
}
#[test]
fn test_free_buffer_already_null() {
let mut buffer = AgeBuffer::null();
// Should not crash on already-null buffer
age_free_buffer(&mut buffer);
}
#[test]
fn test_free_string_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Test";
let mut armored: *mut c_char = std::ptr::null_mut();
crate::encrypt::age_encrypt_armor(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut armored,
);
// Should not crash
age_free_string(armored);
age_free_keypair(&mut keypair);
}
#[test]
fn test_free_string_null() {
// Should not crash on null pointer
age_free_string(std::ptr::null_mut());
}
#[test]
fn test_free_keypair_basic() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Should not crash
age_free_keypair(&mut keypair);
// Keypair should be nulled out
assert!(keypair.public_key.is_null());
assert!(keypair.private_key.is_null());
}
#[test]
fn test_free_keypair_null() {
// Should not crash on null pointer
age_free_keypair(std::ptr::null_mut());
}
#[test]
fn test_free_keypair_already_null() {
let mut keypair = AgeKeypair::null();
// Should not crash on already-null keypair
age_free_keypair(&mut keypair);
}
#[test]
fn test_double_free_buffer() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Test";
let mut encrypted = AgeBuffer::null();
age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
age_free_buffer(&mut encrypted);
// Double free should be safe because we null out the pointer
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_double_free_keypair() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
age_free_keypair(&mut keypair);
// Double free should be safe because we null out the pointers
age_free_keypair(&mut keypair);
}
#[test]
fn test_multiple_allocations_and_frees() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Allocate and free multiple times
for _ in 0..100 {
let plaintext = b"Test message for repeated allocation";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
age_free_buffer(&mut encrypted);
}
age_free_keypair(&mut keypair);
}
#[test]
fn test_large_allocation_and_free() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// Allocate a large buffer (1MB)
let plaintext: Vec<u8> = vec![0x42; 1024 * 1024];
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
assert!(encrypted.len > 1024 * 1024);
age_free_buffer(&mut encrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_age_buffer_from_vec() {
// Test the internal from_vec function
let vec = vec![1u8, 2, 3, 4, 5];
let buffer = AgeBuffer::from_vec(vec);
assert!(!buffer.data.is_null());
assert_eq!(buffer.len, 5);
assert_eq!(buffer.capacity, 5);
// Verify data
let slice = unsafe { std::slice::from_raw_parts(buffer.data, buffer.len) };
assert_eq!(slice, &[1, 2, 3, 4, 5]);
// Clean up
let mut buffer = buffer;
age_free_buffer(&mut buffer);
}
#[test]
fn test_age_buffer_null() {
let buffer = AgeBuffer::null();
assert!(buffer.data.is_null());
assert_eq!(buffer.len, 0);
assert_eq!(buffer.capacity, 0);
}
#[test]
fn test_age_keypair_null() {
let keypair = AgeKeypair::null();
assert!(keypair.public_key.is_null());
assert!(keypair.private_key.is_null());
}

139
zig-vendor/age-ffi/src/passphrase.rs
View File

@@ -1,139 +0,0 @@
//! Passphrase-based encryption and decryption (scrypt).
use crate::helpers::cstr_to_string;
use crate::types::{AgeBuffer, AgeResult};
use age::secrecy::SecretString;
use std::io::{Read, Write};
use std::os::raw::c_char;
/// Encrypt data using a passphrase.
///
/// # Arguments
/// * `plaintext` - Pointer to the plaintext data
/// * `plaintext_len` - Length of the plaintext
/// * `passphrase` - The passphrase string
/// * `armor` - If true, output will be ASCII-armored
/// * `output` - Pointer to receive the encrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_encrypt_passphrase(
plaintext: *const u8,
plaintext_len: usize,
passphrase: *const c_char,
armor: bool,
output: *mut AgeBuffer,
) -> AgeResult {
if plaintext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let plaintext = unsafe { std::slice::from_raw_parts(plaintext, plaintext_len) };
let passphrase_str = match unsafe { cstr_to_string(passphrase) } {
Ok(s) => s,
Err(e) => return e,
};
let secret = SecretString::from(passphrase_str);
let encryptor = age::Encryptor::with_user_passphrase(secret);
let mut encrypted = Vec::new();
let result = if armor {
let armor_writer = age::armor::ArmoredWriter::wrap_output(&mut encrypted, age::armor::Format::AsciiArmor)
.map_err(|_| AgeResult::ArmorError);
match armor_writer {
Ok(armor) => {
match encryptor.wrap_output(armor) {
Ok(mut writer) => {
if writer.write_all(plaintext).is_err() {
return AgeResult::EncryptionFailed;
}
match writer.finish() {
Ok(armor) => armor.finish().map_err(|_| AgeResult::ArmorError),
Err(_) => return AgeResult::EncryptionFailed,
}
}
Err(_) => return AgeResult::EncryptionFailed,
}
}
Err(e) => return e,
}
} else {
match encryptor.wrap_output(&mut encrypted) {
Ok(mut writer) => {
if writer.write_all(plaintext).is_err() {
return AgeResult::EncryptionFailed;
}
writer.finish().map_err(|_| AgeResult::EncryptionFailed)
}
Err(_) => return AgeResult::EncryptionFailed,
}
};
if result.is_err() {
return AgeResult::EncryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(encrypted);
}
AgeResult::Success
}
/// Decrypt data using a passphrase.
///
/// # Arguments
/// * `ciphertext` - Pointer to the encrypted data
/// * `ciphertext_len` - Length of the ciphertext
/// * `passphrase` - The passphrase string
/// * `output` - Pointer to receive the decrypted buffer
///
/// # Returns
/// AgeResult indicating success or failure
#[no_mangle]
pub extern "C" fn age_decrypt_passphrase(
ciphertext: *const u8,
ciphertext_len: usize,
passphrase: *const c_char,
output: *mut AgeBuffer,
) -> AgeResult {
if ciphertext.is_null() || output.is_null() {
return AgeResult::InvalidInput;
}
let ciphertext = unsafe { std::slice::from_raw_parts(ciphertext, ciphertext_len) };
let passphrase_str = match unsafe { cstr_to_string(passphrase) } {
Ok(s) => s,
Err(e) => return e,
};
let secret = SecretString::from(passphrase_str);
let identity = age::scrypt::Identity::new(secret);
let decryptor = match age::Decryptor::new(ciphertext) {
Ok(d) => d,
Err(_) => return AgeResult::DecryptionFailed,
};
let mut decrypted = Vec::new();
let mut reader = match decryptor.decrypt(std::iter::once(&identity as &dyn age::Identity)) {
Ok(r) => r,
Err(_) => return AgeResult::DecryptionFailed,
};
if reader.read_to_end(&mut decrypted).is_err() {
return AgeResult::DecryptionFailed;
}
unsafe {
*output = AgeBuffer::from_vec(decrypted);
}
AgeResult::Success
}

329
zig-vendor/age-ffi/src/passphrase_tests.rs
View File

@@ -1,329 +0,0 @@
//! Tests for passphrase-based encryption and decryption.
use crate::passphrase::*;
use crate::armor::*;
use crate::memory::*;
use crate::types::*;
use std::ffi::CString;
#[test]
fn test_passphrase_encrypt_decrypt() {
let plaintext = b"Secret passphrase message";
let passphrase = CString::new("my-secure-passphrase").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_passphrase_wrong_passphrase() {
let plaintext = b"Secret message";
let correct_passphrase = CString::new("correct-passphrase").unwrap();
let wrong_passphrase = CString::new("wrong-passphrase").unwrap();
let mut encrypted = AgeBuffer::null();
age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
correct_passphrase.as_ptr(),
false,
&mut encrypted,
);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
wrong_passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::DecryptionFailed);
age_free_buffer(&mut encrypted);
}
#[test]
fn test_passphrase_empty_passphrase() {
let plaintext = b"Message with empty passphrase";
let empty_passphrase = CString::new("").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
empty_passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
empty_passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_passphrase_special_characters() {
let plaintext = b"Message with special passphrase";
let special_passphrase = CString::new("p@$$w0rd!#$%^&*()_+-=[]{}|;':\",./<>?").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
special_passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
special_passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_passphrase_with_armor() {
let plaintext = b"Armored passphrase message";
let passphrase = CString::new("armor-test-pass").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
true, // armor = true
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Verify it's armored
let encrypted_slice = unsafe { std::slice::from_raw_parts(encrypted.data, encrypted.len) };
let encrypted_str = std::str::from_utf8(encrypted_slice).unwrap();
assert!(encrypted_str.contains("-----BEGIN AGE ENCRYPTED FILE-----"));
// Dearmor first
let armored_cstr = CString::new(encrypted_str).unwrap();
let mut dearmored = AgeBuffer::null();
age_dearmor(armored_cstr.as_ptr(), &mut dearmored);
// Then decrypt
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
dearmored.data,
dearmored.len,
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut dearmored);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_passphrase_null_input() {
let passphrase = CString::new("test").unwrap();
let mut output = AgeBuffer::null();
// Null plaintext
let result = age_encrypt_passphrase(
std::ptr::null(),
0,
passphrase.as_ptr(),
false,
&mut output,
);
assert_eq!(result, AgeResult::InvalidInput);
// Null output
let plaintext = b"test";
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_passphrase_long_passphrase() {
let plaintext = b"Message with very long passphrase";
// 1000 character passphrase
let long_passphrase = CString::new("a".repeat(1000)).unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
long_passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
long_passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_passphrase_encrypt_null_passphrase() {
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
std::ptr::null(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_passphrase_decrypt_null_passphrase() {
let passphrase = CString::new("test").unwrap();
let plaintext = b"test";
// First encrypt with valid passphrase
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Try to decrypt with null passphrase
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
std::ptr::null(),
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
}
#[test]
fn test_passphrase_decrypt_null_output() {
let passphrase = CString::new("test").unwrap();
let plaintext = b"test";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Try to decrypt with null output
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
passphrase.as_ptr(),
std::ptr::null_mut(),
);
assert_eq!(result, AgeResult::InvalidInput);
age_free_buffer(&mut encrypted);
}
#[test]
fn test_passphrase_decrypt_null_ciphertext() {
let passphrase = CString::new("test").unwrap();
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
std::ptr::null(),
0,
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::InvalidInput);
}
#[test]
fn test_passphrase_decrypt_corrupted_data() {
let passphrase = CString::new("test").unwrap();
let corrupted = b"not valid encrypted data";
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
corrupted.as_ptr(),
corrupted.len(),
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::DecryptionFailed);
}

337
zig-vendor/age-ffi/src/tests.rs
View File

@@ -1,337 +0,0 @@
//! Tests for the age-ffi library.
use crate::*;
use std::ffi::{CStr, CString};
use std::os::raw::c_char;
#[test]
fn test_keygen() {
let mut keypair = AgeKeypair::null();
let result = age_generate_x25519(&mut keypair);
assert_eq!(result, AgeResult::Success);
assert!(!keypair.public_key.is_null());
assert!(!keypair.private_key.is_null());
unsafe {
let public = CStr::from_ptr(keypair.public_key).to_str().unwrap();
let private = CStr::from_ptr(keypair.private_key).to_str().unwrap();
assert!(public.starts_with("age1"));
assert!(private.starts_with("AGE-SECRET-KEY-1"));
}
age_free_keypair(&mut keypair);
}
#[test]
fn test_encrypt_decrypt() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Hello, world!";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
assert!(!encrypted.data.is_null());
assert!(encrypted.len > 0);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_passphrase_encrypt_decrypt() {
let plaintext = b"Secret message";
let passphrase = CString::new("my-secret-passphrase").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
encrypted.data,
encrypted.len,
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_validation() {
let invalid = CString::new("not-a-key").unwrap();
assert!(!age_is_valid_x25519_recipient(invalid.as_ptr()));
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
assert!(age_is_valid_x25519_recipient(keypair.public_key));
assert!(age_is_valid_x25519_identity(keypair.private_key));
assert_eq!(age_recipient_type(keypair.public_key), 1);
age_free_keypair(&mut keypair);
}
#[test]
fn test_armor_encrypt_decrypt() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"Armored message";
let mut armored: *mut c_char = std::ptr::null_mut();
let result = age_encrypt_armor(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut armored,
);
assert_eq!(result, AgeResult::Success);
assert!(!armored.is_null());
let armored_str = unsafe { CStr::from_ptr(armored).to_str().unwrap() };
assert!(armored_str.contains("-----BEGIN AGE ENCRYPTED FILE-----"));
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored, &mut dearmored);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
dearmored.data,
dearmored.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_string(armored);
age_free_buffer(&mut dearmored);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_derive_public_key() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let mut derived_public: *mut c_char = std::ptr::null_mut();
let result = age_x25519_to_public(keypair.private_key, &mut derived_public);
assert_eq!(result, AgeResult::Success);
let original = unsafe { CStr::from_ptr(keypair.public_key).to_str().unwrap() };
let derived = unsafe { CStr::from_ptr(derived_public).to_str().unwrap() };
assert_eq!(original, derived);
age_free_string(derived_public);
age_free_keypair(&mut keypair);
}
#[test]
fn test_multi_recipient_encrypt() {
let mut keypair1 = AgeKeypair::null();
let mut keypair2 = AgeKeypair::null();
age_generate_x25519(&mut keypair1);
age_generate_x25519(&mut keypair2);
let plaintext = b"Message for multiple recipients";
let recipients: [*const c_char; 2] = [
keypair1.public_key as *const c_char,
keypair2.public_key as *const c_char,
];
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_multi(
plaintext.as_ptr(),
plaintext.len(),
recipients.as_ptr(),
recipients.len(),
false,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Decrypt with first key
let mut decrypted1 = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair1.private_key,
&mut decrypted1,
);
assert_eq!(result, AgeResult::Success);
let slice1 = unsafe { std::slice::from_raw_parts(decrypted1.data, decrypted1.len) };
assert_eq!(slice1, plaintext);
// Decrypt with second key
let mut decrypted2 = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair2.private_key,
&mut decrypted2,
);
assert_eq!(result, AgeResult::Success);
let slice2 = unsafe { std::slice::from_raw_parts(decrypted2.data, decrypted2.len) };
assert_eq!(slice2, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted1);
age_free_buffer(&mut decrypted2);
age_free_keypair(&mut keypair1);
age_free_keypair(&mut keypair2);
}
#[test]
fn test_version_functions() {
let version = age_version();
assert!(!version.is_null());
let version_str = unsafe { CStr::from_ptr(version).to_str().unwrap() };
assert!(!version_str.is_empty());
let lib_version = age_lib_version();
assert!(!lib_version.is_null());
let lib_version_str = unsafe { CStr::from_ptr(lib_version).to_str().unwrap() };
assert!(lib_version_str.starts_with("0.11"));
}
#[test]
fn test_passphrase_with_armor() {
let plaintext = b"Armored passphrase message";
let passphrase = CString::new("test-passphrase-123").unwrap();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt_passphrase(
plaintext.as_ptr(),
plaintext.len(),
passphrase.as_ptr(),
true, // armor = true
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
// Verify it's armored
let encrypted_slice = unsafe { std::slice::from_raw_parts(encrypted.data, encrypted.len) };
let encrypted_str = std::str::from_utf8(encrypted_slice).unwrap();
assert!(encrypted_str.contains("-----BEGIN AGE ENCRYPTED FILE-----"));
// Dearmor first, then decrypt
let armored_cstr = CString::new(encrypted_str).unwrap();
let mut dearmored = AgeBuffer::null();
let result = age_dearmor(armored_cstr.as_ptr(), &mut dearmored);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt_passphrase(
dearmored.data,
dearmored.len,
passphrase.as_ptr(),
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut dearmored);
age_free_buffer(&mut decrypted);
}
#[test]
fn test_empty_plaintext() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
let plaintext = b"";
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
assert_eq!(decrypted.len, 0);
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}
#[test]
fn test_large_plaintext() {
let mut keypair = AgeKeypair::null();
age_generate_x25519(&mut keypair);
// 1MB of data
let plaintext: Vec<u8> = (0..1024 * 1024).map(|i| (i % 256) as u8).collect();
let mut encrypted = AgeBuffer::null();
let result = age_encrypt(
plaintext.as_ptr(),
plaintext.len(),
keypair.public_key,
&mut encrypted,
);
assert_eq!(result, AgeResult::Success);
let mut decrypted = AgeBuffer::null();
let result = age_decrypt(
encrypted.data,
encrypted.len,
keypair.private_key,
&mut decrypted,
);
assert_eq!(result, AgeResult::Success);
let decrypted_slice = unsafe { std::slice::from_raw_parts(decrypted.data, decrypted.len) };
assert_eq!(decrypted_slice, plaintext.as_slice());
age_free_buffer(&mut encrypted);
age_free_buffer(&mut decrypted);
age_free_keypair(&mut keypair);
}

92
zig-vendor/age-ffi/src/types.rs
View File

@@ -1,92 +0,0 @@
//! FFI-compatible data types for the age encryption library.
use std::os::raw::c_char;
/// Result codes for FFI functions
#[repr(C)]
#[derive(Debug, Clone, Copy, PartialEq, Eq)]
pub enum AgeResult {
Success = 0,
InvalidInput = 1,
EncryptionFailed = 2,
DecryptionFailed = 3,
KeygenFailed = 4,
IoError = 5,
InvalidRecipient = 6,
InvalidIdentity = 7,
NoRecipients = 8,
NoIdentities = 9,
ArmorError = 10,
PassphraseRequired = 11,
InvalidPassphrase = 12,
SshKeyError = 13,
MemoryAllocationFailed = 14,
InvalidUtf8 = 15,
UnsupportedKey = 16,
}
/// A buffer containing binary data allocated by the library.
/// Caller must free using age_free_buffer.
#[repr(C)]
pub struct AgeBuffer {
pub data: *mut u8,
pub len: usize,
pub capacity: usize,
}
impl AgeBuffer {
pub fn null() -> Self {
AgeBuffer {
data: std::ptr::null_mut(),
len: 0,
capacity: 0,
}
}
pub fn from_vec(v: Vec<u8>) -> Self {
let mut v = v.into_boxed_slice();
let data = v.as_mut_ptr();
let len = v.len();
std::mem::forget(v);
AgeBuffer {
data,
len,
capacity: len,
}
}
}
/// A keypair containing public and private keys as C strings.
/// Caller must free both strings using age_free_string.
#[repr(C)]
pub struct AgeKeypair {
pub public_key: *mut c_char,
pub private_key: *mut c_char,
}
impl AgeKeypair {
pub fn null() -> Self {
AgeKeypair {
public_key: std::ptr::null_mut(),
private_key: std::ptr::null_mut(),
}
}
}
/// Configuration for encryption operations.
#[repr(C)]
pub struct AgeEncryptConfig {
/// If true, output will be ASCII-armored
pub armor: bool,
/// Work factor for scrypt (0 = default, typically 18-22)
pub scrypt_work_factor: u8,
}
impl Default for AgeEncryptConfig {
fn default() -> Self {
AgeEncryptConfig {
armor: false,
scrypt_work_factor: 0,
}
}
}

Some files were not shown because too many files have changed in this diff Show More