hatter/local-mini-kms
1
1
Fork 0
Code Issues 2 Pull Requests Projects Releases Wiki Activity

feat: v3.2

Browse Source
This commit is contained in:
Hatter Jiang
2023-08-13 22:58:59 +08:00
parent 56f6ccd777
commit 7f6b8ab819
7 changed files with 37 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Cargo.lock generated
View File

@@ -741,7 +741,7 @@ checksum = "57bcfdad1b858c2db7c38303a6d2ad4dfaf5eb53dfeb0910128b2c26d6158503"
[[package]]
name = "local-mini-kms"
version = "0.3.1"
version = "0.3.2"
dependencies = [
"base64",
"clap",

2
Cargo.toml
View File

@@ -1,6 +1,6 @@
[package]
name = "local-mini-kms"
version = "0.3.1"
version = "0.3.2"
edition = "2021"
# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

5
README.md
View File

@@ -54,3 +54,8 @@ curl -X POST http://127.0.0.1:5567/read \
-d '{"name":"test"}'
```
Upgrade to v3.2
```sql
ALTER TABLE keys ADD COLUMN comment TEXT;
```

9
src/cli.rs
View File

@@ -32,6 +32,7 @@ impl Command for CommandImpl {
.arg(Arg::with_name("value-hex").long("value-hex").short("x").takes_value(true).help("Value(hex), for encrypt"))
.arg(Arg::with_name("value-base64").long("value-base64").short("b").takes_value(true).help("Value(base64), for encrypt"))
.arg(Arg::with_name("yubikey-challenge").long("yubikey-challenge").short("c").takes_value(true).help("Yubikey challenge"))
.arg(Arg::with_name("comment").long("comment").takes_value(true).help("Comment"))
.arg(Arg::with_name("force-write").long("force-write").short("F").help("Force write value"))
}
@@ -151,12 +152,14 @@ async fn do_write(_arg_matches: &ArgMatches<'_>, sub_arg_matches: &ArgMatches<'_
let value_hex = sub_arg_matches.value_of("value-hex");
let value_base64 = sub_arg_matches.value_of("value-base64");
let force_write = sub_arg_matches.is_present("force-write");
let comment = sub_arg_matches.value_of("comment");
let body = if let Some(value) = value {
json!({ "name": key, "force_write": force_write, "value": json!({"value": value}) })
json!({ "name": key, "force_write": force_write, "comment": comment, "value": json!({"value": value}) })
} else if let Some(value_hex) = value_hex {
json!({ "name": key, "force_write": force_write, "value": json!({"value_hex": value_hex}) })
json!({ "name": key, "force_write": force_write, "comment": comment, "value": json!({"value_hex": value_hex}) })
} else if let Some(value_base64) = value_base64 {
json!({ "name": key, "force_write": force_write, "value": json!({"value_base64": value_base64}) })
json!({ "name": key, "force_write": force_write, "comment": comment, "value": json!({"value_base64": value_base64}) })
} else {
return simple_error!("Require one of value, value-hex, value-base64");
};

30
src/db.rs
View File

@@ -6,6 +6,7 @@ pub const DEFAULT_MASTER_KEY_VERIFICATION_KEY: &'static str = "__master_verifica
pub struct Key {
pub name: String,
pub encrypted_key: String,
pub comment: Option<String>,
}
pub fn make_db_key_name(name: &str) -> String {
@@ -19,7 +20,8 @@ pub fn open_db(db: &str) -> XResult<Connection> {
}
pub fn init_db(conn: &Connection) -> XResult<bool> {
let mut stmt = conn.prepare("SELECT name FROM sqlite_master WHERE type='table' AND name='keys'")?;
let mut stmt = conn.prepare(
"SELECT name FROM sqlite_master WHERE type='table' AND name='keys'")?;
let mut rows = stmt.query(())?;
if rows.next()?.is_some() {
information!("Table keys exists, skip init");
@@ -30,7 +32,8 @@ pub fn init_db(conn: &Connection) -> XResult<bool> {
CREATE TABLE keys (
id INTEGER PRIMARY KEY,
name TEXT NOT NULL,
value TEXT
value TEXT,
comment TEXT
)
"##, ())?;
success!("Table keys created");
@@ -38,27 +41,36 @@ pub fn init_db(conn: &Connection) -> XResult<bool> {
}
pub fn insert_key(conn: &Connection, key: &Key) -> XResult<()> {
let default_comment = "".to_string();
let _ = conn.execute(
"INSERT INTO keys (name, value) VALUES (?1, ?2)",
(&key.name, &key.encrypted_key),
"INSERT INTO keys (name, value, comment) VALUES (?1, ?2, ?3)",
(&key.name, &key.encrypted_key, key.comment.as_ref().unwrap_or_else(|| &default_comment)),
)?;
Ok(())
}
pub fn update_key(conn: &Connection, key: &Key) -> XResult<()> {
let _ = conn.execute(
"UPDATE keys SET value = ?1 WHERE name = ?2",
(&key.encrypted_key, &key.name),
)?;
if let Some(comment) = &key.comment {
let _ = conn.execute(
"UPDATE keys SET value = ?1, comment = ?2 WHERE name = ?3",
(&key.encrypted_key, comment, &key.name),
)?;
} else {
let _ = conn.execute(
"UPDATE keys SET value = ?1 WHERE name = ?2",
(&key.encrypted_key, &key.name),
)?;
}
Ok(())
}
pub fn find_key(conn: &Connection, name: &str) -> XResult<Option<Key>> {
let mut stmt = conn.prepare("SELECT id, name, value FROM keys WHERE name = ?1")?;
let mut stmt = conn.prepare("SELECT id, name, value, comment FROM keys WHERE name = ?1")?;
let mut key_iter = stmt.query_map(params![name], |row| {
Ok(Key {
name: row.get(1)?,
encrypted_key: row.get(2)?,
comment: Some(row.get(3)?),
})
})?;
match key_iter.next() {

1
src/serve_init.rs
View File

@@ -71,6 +71,7 @@ pub async fn inner_init_request(init_request: InitRequest) -> XResult<(StatusCod
let key = Key {
name: db::DEFAULT_MASTER_KEY_VERIFICATION_KEY.to_string(),
encrypted_key: jose::serialize_jwe_aes("LOCAL-MINI-KMS:MAGIC-VERIFICATION-KEY".as_bytes(), &clear_master_key)?,
comment: None,
};
db::insert_key(&conn, &key)?;
}

2
src/serve_read_write.rs
View File

@@ -19,6 +19,7 @@ struct NamedValue {
name: String,
force_write: Option<bool>,
value: MultipleViewValue,
comment: Option<String>,
}
pub async fn read(req: Request<Body>) -> Result<Response<Body>> {
@@ -86,6 +87,7 @@ async fn inner_write(req: Request<Body>) -> XResult<(StatusCode, Value)> {
let new_db_key = Key {
name: db_key_name,
encrypted_key: encrypt_value.clone(),
comment: named_value.comment,
};
let response_body = if let Some(db_key) = db_key {