From 4abaf05f0715ee22413e95adb2a1771623a71ac9 Mon Sep 17 00:00:00 2001
From: Hatter Jiang <jht5945@gmail.com>
Date: Tue, 17 Mar 2026 23:57:14 +0800
Subject: [PATCH] update osssendfile

---
 osssendfile-rs/justfile    |  2 +
 osssendfile-rs/src/main.rs | 98 ++++++++++++++++++++++++++++++++------
 2 files changed, 85 insertions(+), 15 deletions(-)

diff --git a/osssendfile-rs/justfile b/osssendfile-rs/justfile
index ef83a23..fdca8b7 100644
--- a/osssendfile-rs/justfile
+++ b/osssendfile-rs/justfile
@@ -1,6 +1,8 @@
 _:
   @just --list
 
+alias xbuild:=build-linux-x64-musl
+
 build-linux-x64-musl:
   cargo zigbuild --release --target x86_64-unknown-linux-musl
 
diff --git a/osssendfile-rs/src/main.rs b/osssendfile-rs/src/main.rs
index cfc1b91..9108916 100755
--- a/osssendfile-rs/src/main.rs
+++ b/osssendfile-rs/src/main.rs
@@ -52,6 +52,48 @@ const INSTANCE_IDENTITY_PKCS7_TOKEN: &str = "X-aliyun-ecs-metadata-token";
 
 const ENV_OSS_SEND_FILE_CONFIG: &str = "OSS_SEND_FILE_CONFIG";
 
+const TINY_ENCRYPT_CONFIG: &str = r##"{
+  "envelops": [
+    {
+      "type": "piv-p384",
+      "sid": "piv-83-ecdh-p384",
+      "kid": "02c9f887e28c15e7d80ac176fba5ea271acae6ab473fe7414adca8e2566c791084296f8e568e64ab3900a57e906e66dbb3",
+      "desc": "PIV --slot 83",
+      "args": [ "83" ],
+      "publicPart": "04c9f887e28c15e7d80ac176fba5ea271acae6ab473fe7414adca8e2566c791084296f8e568e64ab3900a57e906e66dbb3f99bf4b4b15f1b19e553ad43c2fea1e74eeeae159a16fe76c3fdb3d4df167413f7f43a35a1682648f48e5ec4aa7ad703"
+    },
+    {
+      "type": "key-p256",
+      "sid": "macbook-m4-air-bio",
+      "kid": "keychain:02126aaa5ef17f0879a42ac3766742e7e913741caf489f17676b106ceb41a78bf1",
+      "desc": "Secure Enclave P256 require Bio @MacBook M4 Air",
+      "publicPart": "04126aaa5ef17f0879a42ac3766742e7e913741caf489f17676b106ceb41a78bf17ecaf6cb06459456fdf37250d674dd2161f3cd2f636d9068d33dbeb435b3e858"
+    },
+    {
+      "type": "key-p256",
+      "sid": "mbpse",
+      "kid": "keychain:02c408fcb810f7d9ecceb4cca297a93b7d34c336feda4f06ac4553846099a32b38",
+      "desc": "Secure Enclave P256 require Bio @MacBook Intel Pro",
+      "publicPart": "04c408fcb810f7d9ecceb4cca297a93b7d34c336feda4f06ac4553846099a32b381afcb7ff2abb2b235a53cc6eb71894243bf573db0096a1af10a05bddfb70fc66"
+    },
+    {
+      "type": "pgp-x25519",
+      "sid": "pgp-x25519-yubikey-5n",
+      "kid": "C0FAD5E563B80E819603B0D9FFC2A910806894FD",
+      "desc": "Card serial no. = 0006 16138686",
+      "publicPart": "7FEBAAB0D80CED24730B613F3D86924560EBCF13A838DEBC065F63C69C24C61E"
+    }
+  ],
+  "profiles": {
+    "default": [
+      "02c9f887e28c15e7d80ac176fba5ea271acae6ab473fe7414adca8e2566c791084296f8e568e64ab3900a57e906e66dbb3",
+      "keychain:02126aaa5ef17f0879a42ac3766742e7e913741caf489f17676b106ceb41a78bf1",
+      "keychain:02c408fcb810f7d9ecceb4cca297a93b7d34c336feda4f06ac4553846099a32b38",
+      "C0FAD5E563B80E819603B0D9FFC2A910806894FD"
+    ]
+  }
+}"##;
+
 #[derive(Debug, Parser)]
 #[command(name = "osssendfile-rs", bin_name = "osssendfile.rs")]
 #[command(about = "OSS send file Rust edition", long_about = None)]
@@ -62,9 +104,12 @@ struct OssSendFileArgs {
     // /// Do not encrypt
     // #[arg(long)]
     // no_enc: bool,
-    // /// Do remove source file
+    /// Do remove source file
     #[arg(long)]
     remove_source_file: bool,
+    /// Tiny encrypt
+    #[arg(long)]
+    tiny_encrypt: bool,
     // /// JWK
     // #[arg(long, short = 'j')]
     // jwk: Option<String>,
@@ -166,24 +211,32 @@ async fn main() -> XResult<()> {
     information!("Get STS success");
 
     let mut pending_remove_file = None::<String>;
+    let mut pending_remove_file_2 = None::<String>;
     let mut source_file = args.file.clone();
 
     let metadata = fs::metadata(&source_file)?;
     let filename = source_file.file_name().unwrap().to_str().unwrap().to_string();
 
+    // zip file when is dir
     let temp_zip_file = format!("{}.zip", filename);
     if metadata.is_dir() {
         if let Ok(_) = fs::metadata(&temp_zip_file) {
             return simple_error!("File {} exists", temp_zip_file);
         }
-        match zip_dir(&temp_zip_file, source_file.to_str().unwrap()) {
-            Ok(_) => {
-                information!("Zip {} to {} success", source_file.display(), temp_zip_file);
-                  source_file = PathBuf::from(temp_zip_file.clone());
-                pending_remove_file = Some(temp_zip_file.clone());
-            }
-            Err(e) => return simple_error!("Zip {} to {} failed: {}", source_file.display(), temp_zip_file, e),
-        }
+        zip_dir(&temp_zip_file, source_file.to_str().unwrap())?;
+        information!("Zip {} to {} success", source_file.display(), temp_zip_file);
+        source_file = PathBuf::from(temp_zip_file.clone());
+        pending_remove_file = Some(temp_zip_file.clone());
+    }
+    let filename = source_file.file_name().unwrap().to_str().unwrap().to_string();
+
+    // encrypt file via tiny encrypt
+    let temp_tiny_encrypt_file = format!("{}.tinyenc", filename);
+    if args.tiny_encrypt {
+        tiny_encrypt_file(source_file.to_str().unwrap())?;
+        information!("Tiny encrypt {} to {} success", source_file.display(), temp_tiny_encrypt_file);
+        source_file = PathBuf::from(temp_tiny_encrypt_file.clone());
+        pending_remove_file_2 = Some(temp_tiny_encrypt_file.clone());
     }
 
     let filename = source_file.file_name().unwrap().to_str().unwrap().to_string();
@@ -279,6 +332,10 @@ async fn main() -> XResult<()> {
         fs::remove_file(&pending_remove_file)?;
         success!("Remove pending remove file: {} success", &pending_remove_file);
     }
+    if let Some(pending_remove_file_2) = pending_remove_file_2 {
+        fs::remove_file(&pending_remove_file_2)?;
+        success!("Remove pending remove file: {} success", &pending_remove_file_2);
+    }
 
     success!("File {} upload success", filename);
     Ok(())
@@ -415,7 +472,7 @@ struct StsTokenForAssumeRoleByKeyResponse {
 #[derive(Debug, Deserialize)]
 struct AssumeRoleByKeyResponse {
     pub status: i32,
-    pub message: Option<String>,
+    // pub message: Option<String>,
     pub data: Option<StsTokenForAssumeRoleByKeyResponse>,
 }
 
@@ -486,16 +543,27 @@ async fn parse_sts_response(response: Response) -> XResult<Sts> {
     Ok(sts)
 }
 
-fn encrypt_file() {
-    // config == "base64:"
-    // tiny-encrypt ::: encrypt file
+fn tiny_encrypt_file(target: &str) -> XResult<()> {
+    let tiny_encrypt_config = format!("base64:{}", STANDARD.encode(TINY_ENCRYPT_CONFIG));
+    let mut cmd = Command::new("tiny-encrypt");
+    cmd.args(["encrypt", "--config", &tiny_encrypt_config, target]);
+    match  rust_util::util_cmd::run_command_and_wait(&mut cmd) {
+        Ok(exit_status) => if !exit_status.success() {
+            return simple_error!("Encrypt file {} failed, status: {}", target, exit_status);
+        }
+        Err(e) => return simple_error!("Encrypt file {} failed: {}", target, e),
+    }
+    Ok(())
 }
 
 fn zip_dir(temp_zip_file: &str, target: &str) -> XResult<()> {
     let mut cmd = Command::new("zip");
     cmd.args(&["-r", temp_zip_file, target]);
-    if let Err(e) = rust_util::util_cmd::run_command_and_wait(&mut cmd) {
-        return simple_error!("Zip {} to {} failed: {}", target, temp_zip_file, e);
+    match  rust_util::util_cmd::run_command_and_wait(&mut cmd) {
+        Ok(exit_status) => if !exit_status.success() {
+            return simple_error!("Zip {} to {} failed, status: {}", target, temp_zip_file, exit_status);
+        }
+        Err(e) => return simple_error!("Zip {} to {} failed: {}", target, temp_zip_file, e),
     }
     Ok(())
 }