feat: script-sign-rs script-verify-rs

2025-01-23 00:25:34 +08:00
parent 912332da97
commit c2af7ec23b
12 changed files with 1238 additions and 115 deletions
--- a/script-verify-rs/Cargo.lock
+++ b/script-verify-rs/Cargo.lock
--- a/script-verify-rs/Cargo.toml
+++ b/script-verify-rs/Cargo.toml
@@ -0,0 +1,9 @@
+[package]
+name = "script-verify-rs"
+version = "0.1.1"
+edition = "2021"
+
+[dependencies]
+clap = { version = "4.5", features = ["derive"] }
+rust_util = "0.6"
+script-sign = "0.1"
--- a/script-verify-rs/README.md
+++ b/script-verify-rs/README.md
@@ -0,0 +1,8 @@
+# script-verify
+
+
+Signature format (last line):
+
+```plain
+// @SCRIPT-SIGNATURE-V1: <key-id>.<algotirhm>.<time>.<signature-value-in-base64>
+```
--- a/script-verify-rs/src/main.rs
+++ b/script-verify-rs/src/main.rs
@@ -0,0 +1,84 @@
+#!/usr/bin/env runrs
+
+//! ```cargo
+//! [dependencies]
+//! clap = { version = "4.5", features = ["derive"] }
+//! rust_util = "0.6"
+//! script-sign = "0.1"
+//! ```
+
+use clap::Parser;
+use rust_util::{failure, information, success, warning};
+use script_sign::{KeyMap, Script};
+use std::fs;
+use std::path::PathBuf;
+
+/// Script signing tool
+#[derive(Parser, Debug)]
+#[command(version, about, long_about = None, bin_name = "script-verify.rs")]
+struct Args {
+    /// Script file path
+    scripts: Vec<PathBuf>,
+}
+
+fn main() {
+    let args = Args::parse();
+
+    let key_map = KeyMap::system();
+    let total_scripts = args.scripts.len();
+    if total_scripts == 0 {
+        warning!("No scripts assigned.");
+        return;
+    }
+
+    for (i, script_path) in args.scripts.iter().enumerate() {
+        information!(
+            "Verifying {}/{}: {}",
+            (i + 1),
+            total_scripts,
+            script_path.display()
+        );
+
+        if !script_path.is_file() {
+            warning!("Not a file: {}", script_path.display());
+            continue;
+        }
+
+        let script_content = match fs::read_to_string(script_path) {
+            Ok(script_content) => script_content,
+            Err(e) => {
+                warning!("Read script: {} failed: {}", script_path.display(), e);
+                continue;
+            }
+        };
+
+        let script = match Script::parse(&script_content) {
+            Ok(script) => script,
+            Err(e) => {
+                warning!("Read script: {} failed: {}", script_path.display(), e);
+                continue;
+            }
+        };
+
+        if let Some(signature) = &script.signature {
+            match script.verify(&key_map) {
+                Ok(true) => {
+                    success!(
+                        "Verify script success: {}, key ID: {}, sign date: {}",
+                        script_path.display(),
+                        signature.key_id,
+                        signature.time
+                    );
+                }
+                Ok(false) => {
+                    failure!("Verify script failed: {}", script_path.display());
+                }
+                Err(e) => {
+                    warning!("Verify script: {} failed: {}", script_path.display(), e);
+                }
+            }
+        } else {
+            warning!("Script is not signed: {}", script_path.display());
+        }
+    }
+}
--- a/script-verify-rs/test.js
+++ b/script-verify-rs/test.js
@@ -0,0 +1,4 @@
+console.log('hello world');
+
+// @SCRIPT-SIGNATURE-V1: yk-r1.ES256.20250123T001551+08:00.MEQCIAS0qLGvA++l+8EeA2/t
+// qHUZ1JtPfjExH1VAfN2ka4WyAiB+m2tkiwR8iK8a7DL96dr1HVC8MtYiPA5P9qJCPv3dJA==