package auth
import (
"encoding/base64"
"encoding/json"
"errors"
"fmt"
"strconv"
"strings"
"time"
"github.com/MichaelMure/git-bug/entity"
"github.com/MichaelMure/git-bug/repository"
)
const (
keyringKeyPrefix = "auth-"
keyringKeyKind = "kind"
keyringKeyTarget = "target"
keyringKeyCreateTime = "createtime"
keyringKeySalt = "salt"
keyringKeyPrefixMeta = "meta."
MetaKeyLogin = "login"
MetaKeyBaseURL = "base-url"
)
type CredentialKind string
const (
KindToken CredentialKind = "token"
KindLogin CredentialKind = "login"
KindLoginPassword CredentialKind = "login-password"
)
var ErrCredentialNotExist = errors.New("credential doesn't exist")
func NewErrMultipleMatchCredential(matching []entity.Id) *entity.ErrMultipleMatch {
return entity.NewErrMultipleMatch("credential", matching)
}
type Credential interface {
ID() entity.Id
Kind() CredentialKind
Target() string
CreateTime() time.Time
Salt() []byte
Validate() error
Metadata() map[string]string
GetMetadata(key string) (string, bool)
SetMetadata(key string, value string)
// Return all the specific properties of the credential that need to be saved into the configuration.
// This does not include Target, Kind, CreateTime, Metadata or Salt.
toConfig() map[string]string
}
// Load loads a credential from the repo config
func LoadWithId(repo repository.RepoKeyring, id entity.Id) (Credential, error) {
key := fmt.Sprintf("%s%s", keyringKeyPrefix, id)
item, err := repo.Keyring().Get(key)
if err == repository.ErrKeyringKeyNotFound {
return nil, ErrCredentialNotExist
}
if err != nil {
return nil, err
}
return decode(item)
}
// LoadWithPrefix load a credential from the repo config with a prefix
func LoadWithPrefix(repo repository.RepoKeyring, prefix string) (Credential, error) {
keys, err := repo.Keyring().Keys()
if err != nil {
return nil, err
}
// preallocate but empty
matching := make([]Credential, 0, 5)
for _, key := range keys {
if !strings.HasPrefix(key, keyringKeyPrefix+prefix) {
continue
}
item, err := repo.Keyring().Get(key)
if err != nil {
return nil, err
}
cred, err := decode(item)
if err != nil {
return nil, err
}
matching = append(matching, cred)
}
if len(matching) > 1 {
ids := make([]entity.Id, len(matching))
for i, cred := range matching {
ids[i] = cred.ID()
}
return nil, NewErrMultipleMatchCredential(ids)
}
if len(matching) == 0 {
return nil, ErrCredentialNotExist
}
return matching[0], nil
}
// decode is a helper to construct a Credential from the keyring Item
func decode(item repository.Item) (Credential, error) {
data := make(map[string]string)
err := json.Unmarshal(item.Data, &data)
if err != nil {
return nil, err
}
var cred Credential
switch CredentialKind(data[keyringKeyKind]) {
case KindToken:
cred, err = NewTokenFromConfig(data)
case KindLogin:
cred, err = NewLoginFromConfig(data)
case KindLoginPassword:
cred, err = NewLoginPasswordFromConfig(data)
default:
return nil, fmt.Errorf("unknown credential type \"%s\"", data[keyringKeyKind])
}
if err != nil {
return nil, fmt.Errorf("loading credential: %v", err)
}
return cred, nil
}
// List load all existing credentials
func List(repo repository.RepoKeyring, opts ...ListOption) ([]Credential, error) {
keys, err := repo.Keyring().Keys()
if err != nil {
return nil, err
}
matcher := matcher(opts)
var credentials []Credential
for _, key := range keys {
if !strings.HasPrefix(key, keyringKeyPrefix) {
continue
}
item, err := repo.Keyring().Get(key)
if err != nil {
return nil, err
}
cred, err := decode(item)
if err != nil {
return nil, err
}
if matcher.Match(cred) {
credentials = append(credentials, cred)
}
}
return credentials, nil
}
// IdExist return whether a credential id exist or not
func IdExist(repo repository.RepoKeyring, id entity.Id) bool {
_, err := LoadWithId(repo, id)
return err == nil
}
// PrefixExist return whether a credential id prefix exist or not
func PrefixExist(repo repository.RepoKeyring, prefix string) bool {
_, err := LoadWithPrefix(repo, prefix)
return err == nil
}
// Store stores a credential in the global git config
func Store(repo repository.RepoKeyring, cred Credential) error {
if len(cred.Salt()) != 16 {
panic("credentials need to be salted")
}
confs := cred.toConfig()
confs[keyringKeyKind] = string(cred.Kind())
confs[keyringKeyTarget] = cred.Target()
confs[keyringKeyCreateTime] = strconv.Itoa(int(cred.CreateTime().Unix()))
confs[keyringKeySalt] = base64.StdEncoding.EncodeToString(cred.Salt())
for key, val := range cred.Metadata() {
confs[keyringKeyPrefixMeta+key] = val
}
data, err := json.Marshal(confs)
if err != nil {
return err
}
return repo.Keyring().Set(repository.Item{
Key: keyringKeyPrefix + cred.ID().String(),
Data: data,
})
}
// Remove removes a credential from the global git config
func Remove(repo repository.RepoKeyring, id entity.Id) error {
return repo.Keyring().Remove(keyringKeyPrefix + id.String())
}
/*
* Sorting
*/
type ById []Credential
func (b ById) Len() int {
return len(b)
}
func (b ById) Less(i, j int) bool {
return b[i].ID() < b[j].ID()
}
func (b ById) Swap(i, j int) {
b[i], b[j] = b[j], b[i]
}
