Skip to content

Commit

Permalink
Merge pull request #4 from oluceps/fix-parser-1
Browse files Browse the repository at this point in the history
Fix occasionly parser crash
  • Loading branch information
oluceps authored Nov 10, 2024
2 parents 8a5d2d1 + 51ac47f commit c38ab09
Show file tree
Hide file tree
Showing 10 changed files with 118 additions and 84 deletions.
17 changes: 17 additions & 0 deletions .github/workflows/clippy.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
on: push
name: Clippy check

# Make sure CI fails on all warnings, including Clippy lints
env:
RUSTFLAGS: "-Dwarnings"

jobs:
clippy_check:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check
run: |
rustup default nightly
rustup component add clippy
cargo clippy --all-targets --all-features
3 changes: 2 additions & 1 deletion flake.nix
Original file line number Diff line number Diff line change
Expand Up @@ -102,7 +102,8 @@
buildInputs = with pkgs; [
just
nushell
rust-bin.beta.latest.complete
cargo-fuzz
rust-bin.nightly.latest.complete
];
};

Expand Down
4 changes: 1 addition & 3 deletions src/cmd/check.rs
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@ impl Profile {
self.settings.host_pubkey.as_str(),
)
.inner()
.into_values()
.map(|p| {
.into_values().try_for_each(|p| {
debug!("checking in-store path: {}", p.path.display());
if !p.path.exists() {
error!("path not found: {}", p.path.display());
Expand All @@ -25,6 +24,5 @@ impl Profile {
}
Ok(())
})
.collect()
}
}
26 changes: 14 additions & 12 deletions src/cmd/deploy.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,11 @@ fn deploy_to_fs(
.map_err(|e| eyre!("parse octal permission err: {}", e))?;
let permissions = Permissions::from_mode(mode);

let file = OpenOptions::new().create(true).write(true).open(p)?;
let file = OpenOptions::new()
.create(true)
.truncate(true)
.write(true)
.open(p)?;

file.set_permissions(permissions)?;

Expand Down Expand Up @@ -120,7 +124,7 @@ impl Profile {
let res = match self.read_decrypted_mount_point() {
Err(e) if e.kind() == ErrorKind::NotFound => {
let support_ramfs =
SupportedFilesystems::new().and_then(|fss| Ok(fss.is_supported("ramfs")));
SupportedFilesystems::new().map(|fss| fss.is_supported("ramfs"));
if !support_ramfs? {
let err =
"ramfs not supported! Refusing extract secret since it will write to disk";
Expand Down Expand Up @@ -203,10 +207,10 @@ impl Profile {
.wrap_err(eyre!(
"cannot create target extract dir with generation number"
))
.and_then(|p| {
let _ = fs::set_permissions(&p, Permissions::from_mode(0o751))
.wrap_err(eyre!("set permission"));
Ok(p)
.inspect(|p| {
fs::set_permissions(p, Permissions::from_mode(0o751))
.wrap_err(eyre!("set permission"))
.expect("set permission");
})?
};

Expand All @@ -222,7 +226,7 @@ impl Profile {
.expect("err");
});

if self.templates.len() != 0 {
if !self.templates.is_empty() {
info!("start deploy templates");
use sha2::{Digest, Sha256};

Expand All @@ -236,7 +240,7 @@ impl Profile {
let hashstr_ctx_map: HashMap<Vec<u8>, &Vec<u8>> = plain_map
.inner_ref()
.iter()
.map(|(k, v)| (get_hashed_id(*k), v))
.map(|(k, v)| (get_hashed_id(k), v))
.collect();

self.templates.clone().iter().for_each(|(_, t)| {
Expand Down Expand Up @@ -285,10 +289,8 @@ mod tests {
fn parse_ssh_host_pub_key() {
// all 0x01
let cipher_str = "age1qyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqszqgpqyqs3290gq";
if let Ok(_) = age::ssh::Recipient::from_str(&cipher_str) {
assert!(true)
} else {
let _ = age::x25519::Recipient::from_str(&cipher_str).unwrap();
if age::ssh::Recipient::from_str(cipher_str).is_err() {
let _ = age::x25519::Recipient::from_str(cipher_str).unwrap();
}
}
}
7 changes: 4 additions & 3 deletions src/cmd/renc.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ impl Profile {
);

// check if flake root
if !fs::read_dir(&flake_root)?.into_iter().any(|e| {
if !fs::read_dir(&flake_root)?.any(|e| {
e.is_ok_and(|ie| {
ie.file_name()
.into_string()
Expand All @@ -44,7 +44,8 @@ impl Profile {
let renc_path = {
let mut p = flake_root.clone();
p.push(self.settings.storage_location.clone());
if let Err(_) = p.canonicalize() {
// pretend err is not found
if p.canonicalize().is_err() {
fs::create_dir_all(&p).wrap_err_with(|| eyre!("create storageLocation error"))?
};
p.canonicalize()?;
Expand All @@ -67,7 +68,7 @@ impl Profile {
let key = key_pair.get_identity();

let recip = self.get_host_recip()?;
if let Err(e) = data.map.makeup(vec![recip], &**key) {
if let Err(e) = data.map.makeup(vec![recip], key) {
return Err(eyre!("makeup error: {}", e));
} else {
let o = add_to_store(renc_path)?;
Expand Down
4 changes: 2 additions & 2 deletions src/helper/callback.rs
Original file line number Diff line number Diff line change
Expand Up @@ -73,9 +73,9 @@ pub fn read_secret(
.with_prompt(prompt)
.with_timeout(30);
if let Some(confirm_prompt) = confirm {
input.with_confirmation(confirm_prompt, &mismatch_error);
input.with_confirmation(confirm_prompt, mismatch_error);
} else {
input.required(&empty_error);
input.required(empty_error);
}
input.interact()
} else {
Expand Down
14 changes: 7 additions & 7 deletions src/helper/parse_identity.rs
Original file line number Diff line number Diff line change
Expand Up @@ -16,11 +16,11 @@ impl ParsedIdentity {
recipient,
}
}
pub fn get_identity(&self) -> &Box<dyn Identity> {
&self.identity
pub fn get_identity(&self) -> &dyn Identity {
self.identity.as_ref()
}
pub fn _get_recipient(&self) -> &Box<dyn Recipient> {
&self.recipient
pub fn _get_recipient(&self) -> &dyn Recipient {
self.recipient.as_ref()
}
}

Expand All @@ -32,9 +32,9 @@ impl TryInto<ParsedIdentity> for RawIdentity {
pubkey: _, // not required. gen from prv key so fast.
} = self;
if identity.is_empty() {
return Err(eyre!(
Err(eyre!(
"No identity found, require `vaultix.settings.identity`."
));
))
} else {
macro_rules! create {
($method:ident, $err_context:expr) => {{
Expand All @@ -52,7 +52,7 @@ impl TryInto<ParsedIdentity> for RawIdentity {

let recip = create!(to_recipients, "into recip fail");

return Ok(ParsedIdentity::from_exist(ident, recip));
Ok(ParsedIdentity::from_exist(ident, recip))
}
}
}
4 changes: 2 additions & 2 deletions src/helper/secret_buf.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ impl<T> SecBuf<T> {

use eyre::Result;
impl<T> SecBuf<T> {
pub fn buf_ref<'a>(&'a self) -> &'a Vec<u8> {
pub fn buf_ref(&self) -> &Vec<u8> {
self.buf.as_ref()
}
pub fn decrypt(&self, ident: &dyn Identity) -> Result<SecBuf<Plain>> {
Expand Down Expand Up @@ -115,7 +115,7 @@ mod tests {
let _ = buf
.renc(
&key as &dyn Identity,
Rc::new(age::x25519::Recipient::from_str(&new_recip_str).unwrap())
Rc::new(age::x25519::Recipient::from_str(new_recip_str).unwrap())
as Rc<dyn Recipient>,
)
.unwrap();
Expand Down
67 changes: 33 additions & 34 deletions src/helper/stored.rs
Original file line number Diff line number Diff line change
Expand Up @@ -95,20 +95,21 @@ macro_rules! impl_from_iterator_for_secmap {
}
impl_from_iterator_for_secmap!(Vec<u8>, blake3::Hash, UniPath, SecBuf<HostEnc>);

macro_rules! impl_into_secmap_for_themap {
macro_rules! impl_from_for_secmap {
($($t:ty),*) => {
$(
impl<'a> Into<SecMap<'a, SecPBWith<$t>>>
for HashMap<&'a profile::Secret, SecPBWith<$t>>
impl<'a> From<HashMap<&'a profile::Secret, SecPBWith<$t>>>
for SecMap<'a, SecPBWith<$t>>
{
fn into(self) -> SecMap<'a, SecPBWith<$t>> {
SecMap::<SecPBWith<$t>>(self)
fn from(map: HashMap<&'a profile::Secret, SecPBWith<$t>>) -> Self {
SecMap::<SecPBWith<$t>>(map)
}
}
)*
};
}
impl_into_secmap_for_themap!(InCfg, InStore);

impl_from_for_secmap!(InCfg, InStore);

#[derive(Debug, Clone)]
pub struct SecMap<'a, P>(HashMap<&'a profile::Secret, P>);
Expand All @@ -122,7 +123,7 @@ impl<'a, T> SecMap<'a, T> {
}
}

impl<'a, T> SecMap<'a, SecPath<PathBuf, T>> {
impl<T> SecMap<'_, SecPath<PathBuf, T>> {
fn have(&self, p: &PathBuf) -> bool {
for ip in self.inner_ref().values() {
if &ip.path == p {
Expand Down Expand Up @@ -167,7 +168,7 @@ impl<'a> SecMap<'a, SecPBWith<InStore>> {
pub fn bake_ctx(self) -> Result<SecMap<'a, SecBuf<HostEnc>>> {
self.inner()
.into_iter()
.map(|(k, v)| v.read_buffer().and_then(|b| Ok((k, SecBuf::from(b)))))
.map(|(k, v)| v.read_buffer().map(|b| (k, SecBuf::from(b))))
.try_collect::<SecMap<SecBuf<HostEnc>>>()
}
}
Expand All @@ -193,7 +194,7 @@ pub struct Renc<'a> {
impl<'a> Renc<'a> {
pub fn create(secrets: &'a SecretSet, host_dir: PathBuf, host_recip: &'a str) -> Self {
let instore = SecMap::<SecPBWith<InStore>>::create(secrets);
let incfg = SecMap::<SecPBWith<InCfg>>::create(&secrets, host_dir.clone(), host_recip);
let incfg = SecMap::<SecPBWith<InCfg>>::create(secrets, host_dir.clone(), host_recip);
incfg.clean_old(host_dir.clone()).expect("success");
let map = incfg
.inner()
Expand All @@ -219,7 +220,7 @@ impl<'a> Renc<'a> {
.inner()
.into_iter()
.filter_map(|(k, v)| {
let enc_hash = v.store.calc_hash(&self.host_recip).ok()?;
let enc_hash = v.store.calc_hash(self.host_recip).ok()?;
let mut renc_path = self.host_dir.clone();
renc_path.push(enc_hash.to_string());
if renc_path.exists() {
Expand All @@ -236,31 +237,29 @@ impl<'a> Renc<'a> {
}
}

impl<'a> SecMap<'a, UniPath> {
impl SecMap<'_, UniPath> {
pub fn makeup(self, recips: Vec<Rc<dyn Recipient>>, ident: &dyn Identity) -> Result<()> {
self.inner()
.into_iter()
.map(|(_sec, sec_path)| {
let UniPath { store, real } = sec_path;
use std::io::Write;

trace!("re-encrypted output path {}", real.path.display());
let enc_ctx = store.read_buffer().expect("read buffer in store err");
// rencrypt
let renc_ctx = SecBuf::<AgeEnc>::new(enc_ctx)
.renc(ident, recips.first().expect("have").clone())
.expect("renc_ctx err");

let mut target_file = fs::OpenOptions::new()
.write(true)
.create(true)
.open(real.path.clone())?;

target_file
.write_all(renc_ctx.buf_ref())
.wrap_err_with(|| eyre!("write renc file error"))
})
.collect()
self.inner().into_values().try_for_each(|sec_path| {
let UniPath { store, real } = sec_path;
use std::io::Write;

trace!("re-encrypted output path {}", real.path.display());
let enc_ctx = store.read_buffer().expect("read buffer in store err");
// rencrypt
let renc_ctx = SecBuf::<AgeEnc>::new(enc_ctx)
.renc(ident, recips.first().expect("have").clone())
.expect("renc_ctx err");

let mut target_file = fs::OpenOptions::new()
.write(true)
.create(true)
.truncate(true)
.open(real.path.clone())?;

target_file
.write_all(renc_ctx.buf_ref())
.wrap_err_with(|| eyre!("write renc file error"))
})
}
}

Expand Down
Loading

0 comments on commit c38ab09

Please sign in to comment.