feat: Encrypt the hole vault file
BREAKING-CHANGE: The previous format is not supported after this commit, so you must export your vaults in bit-warden format (before this commit) and then re-invoke them (after this commit)
This commit is contained in:
parent
359ac16af8
commit
6f6966d5b2
10 changed files with 147 additions and 165 deletions
|
@ -30,6 +30,6 @@ impl LprsCommand for Clean {
|
||||||
"Cleaning the vaults file: {:?}",
|
"Cleaning the vaults file: {:?}",
|
||||||
vault_manager.vaults_file.display()
|
vault_manager.vaults_file.display()
|
||||||
);
|
);
|
||||||
fs::write(vault_manager.vaults_file, "[]").map_err(LprsError::Io)
|
fs::write(vault_manager.vaults_file, []).map_err(LprsError::Io)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,7 +19,7 @@ use std::{fs, io::Error as IoError, io::ErrorKind as IoErrorKind, path::PathBuf}
|
||||||
use clap::Args;
|
use clap::Args;
|
||||||
|
|
||||||
use crate::{
|
use crate::{
|
||||||
vault::{BitWardenPasswords, Format, Vault, Vaults},
|
vault::{BitWardenPasswords, Format, Vaults},
|
||||||
LprsCommand, LprsError, LprsResult,
|
LprsCommand, LprsError, LprsResult,
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -31,6 +31,7 @@ pub struct Export {
|
||||||
/// Format to export vaults in
|
/// Format to export vaults in
|
||||||
#[arg(short, long, value_name = "FORMAT", default_value_t= Format::Lprs)]
|
#[arg(short, long, value_name = "FORMAT", default_value_t= Format::Lprs)]
|
||||||
format: Format,
|
format: Format,
|
||||||
|
// TODO: `force` flag to write on existing file
|
||||||
}
|
}
|
||||||
|
|
||||||
impl LprsCommand for Export {
|
impl LprsCommand for Export {
|
||||||
|
@ -42,9 +43,9 @@ impl LprsCommand for Export {
|
||||||
self.format
|
self.format
|
||||||
);
|
);
|
||||||
let exported_data = match self.format {
|
let exported_data = match self.format {
|
||||||
Format::Lprs => serde_json::to_string::<Vec<Vault>>(&vault_manager.encrypt_vaults()?),
|
Format::Lprs => vault_manager.json_export()?,
|
||||||
Format::BitWarden => serde_json::to_string(&BitWardenPasswords::from(vault_manager)),
|
Format::BitWarden => serde_json::to_string(&BitWardenPasswords::from(vault_manager))?,
|
||||||
}?;
|
};
|
||||||
|
|
||||||
fs::write(&self.path, exported_data).map_err(LprsError::from)
|
fs::write(&self.path, exported_data).map_err(LprsError::from)
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,12 @@
|
||||||
// You should have received a copy of the GNU General Public License
|
// You should have received a copy of the GNU General Public License
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
||||||
|
|
||||||
use std::{fs::File, io::Error as IoError, io::ErrorKind as IoErrorKind, path::PathBuf};
|
use std::{
|
||||||
|
fs::{self, File},
|
||||||
|
io::Error as IoError,
|
||||||
|
io::ErrorKind as IoErrorKind,
|
||||||
|
path::PathBuf,
|
||||||
|
};
|
||||||
|
|
||||||
use clap::Args;
|
use clap::Args;
|
||||||
|
|
||||||
|
@ -45,10 +50,11 @@ impl LprsCommand for Import {
|
||||||
|
|
||||||
let imported_passwords_len = match self.format {
|
let imported_passwords_len = match self.format {
|
||||||
Format::Lprs => {
|
Format::Lprs => {
|
||||||
let vaults = Vaults::try_reload(self.path, vault_manager.master_password.to_vec())?;
|
let vaults =
|
||||||
let vaults_len = vaults.vaults.len();
|
Vaults::json_reload(&vault_manager.master_password, &fs::read(self.path)?)?;
|
||||||
|
let vaults_len = vaults.len();
|
||||||
|
|
||||||
vault_manager.vaults.extend(vaults.vaults);
|
vault_manager.vaults.extend(vaults);
|
||||||
vault_manager.try_export()?;
|
vault_manager.try_export()?;
|
||||||
vaults_len
|
vaults_len
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
// You should have received a copy of the GNU General Public License
|
// You should have received a copy of the GNU General Public License
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
||||||
|
|
||||||
use std::path::PathBuf;
|
use std::{fs, path::PathBuf};
|
||||||
|
|
||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
|
|
||||||
|
@ -73,6 +73,13 @@ impl Cli {
|
||||||
pub fn run(self) -> LprsResult<()> {
|
pub fn run(self) -> LprsResult<()> {
|
||||||
let vaults_file = if let Some(path) = self.vaults_file {
|
let vaults_file = if let Some(path) = self.vaults_file {
|
||||||
log::info!("Using the given vaults file");
|
log::info!("Using the given vaults file");
|
||||||
|
if let Some(parent) = path.parent() {
|
||||||
|
if parent.to_str() != Some("") && !parent.exists() {
|
||||||
|
log::info!("Creating the parent vaults file directory");
|
||||||
|
fs::create_dir_all(parent)?;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
fs::File::create(&path)?;
|
||||||
path
|
path
|
||||||
} else {
|
} else {
|
||||||
log::info!("Using the default vaults file");
|
log::info!("Using the default vaults file");
|
||||||
|
@ -91,11 +98,9 @@ impl Cli {
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
log::info!("Reloading the vaults file");
|
log::info!("Reloading the vaults file");
|
||||||
let master_password = utils::master_password_prompt(&vaults_file)?;
|
let master_password =
|
||||||
Vaults::try_reload(
|
utils::master_password_prompt(fs::read(&vaults_file)?.is_empty())?;
|
||||||
vaults_file,
|
Vaults::try_reload(vaults_file, master_password)?
|
||||||
master_password.into_bytes().into_iter().take(32).collect(),
|
|
||||||
)?
|
|
||||||
};
|
};
|
||||||
|
|
||||||
self.command.run(vault_manager)
|
self.command.run(vault_manager)
|
||||||
|
|
|
@ -20,15 +20,11 @@ pub type Result<T> = std::result::Result<T, Error>;
|
||||||
|
|
||||||
#[derive(Debug, thiserror::Error)]
|
#[derive(Debug, thiserror::Error)]
|
||||||
pub enum Error {
|
pub enum Error {
|
||||||
#[error("Invalid Json Path Error: {0}")]
|
|
||||||
InvalidJsonPath(String),
|
|
||||||
#[error("Encryption Error: {0}")]
|
#[error("Encryption Error: {0}")]
|
||||||
Encryption(String),
|
Encryption(String),
|
||||||
#[error("Decryption Error: {0}")]
|
#[error("Decryption Error: The given key cannot decrypt the given data. Either the data has been tampered with or the key is incorrect.")]
|
||||||
Decryption(String),
|
Decryption,
|
||||||
#[error(
|
#[error("Wrong Master Password Error: Wrong decryption password")]
|
||||||
"Wrong Master Password Error: Wrong password or you may have played with the password file"
|
|
||||||
)]
|
|
||||||
WrongMasterPassword,
|
WrongMasterPassword,
|
||||||
#[error("Weak Password Error: {0}")]
|
#[error("Weak Password Error: {0}")]
|
||||||
WeakPassword(String),
|
WeakPassword(String),
|
||||||
|
@ -45,6 +41,8 @@ pub enum Error {
|
||||||
InvalidRegex(#[from] regex::Error),
|
InvalidRegex(#[from] regex::Error),
|
||||||
#[error("UTF8 Error: {0}")]
|
#[error("UTF8 Error: {0}")]
|
||||||
Utf8(#[from] FromUtf8Error),
|
Utf8(#[from] FromUtf8Error),
|
||||||
|
#[error("Bincode Error: {0}")]
|
||||||
|
Bincode(#[from] bincode::Error),
|
||||||
#[error("Base64 Decode Error: {0}")]
|
#[error("Base64 Decode Error: {0}")]
|
||||||
BaseDecodeError(#[from] base64::DecodeError),
|
BaseDecodeError(#[from] base64::DecodeError),
|
||||||
#[error("Json Error: {0}")]
|
#[error("Json Error: {0}")]
|
||||||
|
|
13
src/main.rs
13
src/main.rs
|
@ -14,13 +14,9 @@
|
||||||
// You should have received a copy of the GNU General Public License
|
// You should have received a copy of the GNU General Public License
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
||||||
|
|
||||||
use std::process::ExitCode;
|
|
||||||
|
|
||||||
use base64::{
|
|
||||||
alphabet,
|
|
||||||
engine::{general_purpose::PAD, GeneralPurpose},
|
|
||||||
};
|
|
||||||
use clap::Parser;
|
use clap::Parser;
|
||||||
|
use inquire::InquireError;
|
||||||
|
use std::process::ExitCode;
|
||||||
|
|
||||||
pub mod cli;
|
pub mod cli;
|
||||||
pub mod errors;
|
pub mod errors;
|
||||||
|
@ -30,12 +26,11 @@ pub mod vault;
|
||||||
mod macros;
|
mod macros;
|
||||||
mod traits;
|
mod traits;
|
||||||
|
|
||||||
|
pub use base64::engine::general_purpose::STANDARD as BASE64;
|
||||||
pub use errors::{Error as LprsError, Result as LprsResult};
|
pub use errors::{Error as LprsError, Result as LprsResult};
|
||||||
use inquire::InquireError;
|
|
||||||
pub use traits::*;
|
pub use traits::*;
|
||||||
|
|
||||||
pub const STANDARDBASE: GeneralPurpose = GeneralPurpose::new(&alphabet::STANDARD, PAD);
|
pub const DEFAULT_VAULTS_FILE: &str = "vaults.lprs";
|
||||||
pub const DEFAULT_VAULTS_FILE: &str = "vaults.json";
|
|
||||||
|
|
||||||
#[cfg(feature = "update-notify")]
|
#[cfg(feature = "update-notify")]
|
||||||
pub const VERSION: &str = env!("CARGO_PKG_VERSION");
|
pub const VERSION: &str = env!("CARGO_PKG_VERSION");
|
||||||
|
|
22
src/utils.rs
22
src/utils.rs
|
@ -14,14 +14,12 @@
|
||||||
// You should have received a copy of the GNU General Public License
|
// You should have received a copy of the GNU General Public License
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
||||||
|
|
||||||
use std::{
|
use std::{fs, path::PathBuf};
|
||||||
fs,
|
|
||||||
path::{Path, PathBuf},
|
|
||||||
};
|
|
||||||
|
|
||||||
use inquire::validator::Validation;
|
use inquire::validator::Validation;
|
||||||
|
use sha2::Digest;
|
||||||
|
|
||||||
use crate::{vault, LprsError, LprsResult};
|
use crate::{LprsError, LprsResult};
|
||||||
|
|
||||||
/// Returns the local project dir joined with the given file name
|
/// Returns the local project dir joined with the given file name
|
||||||
pub fn local_project_file(filename: &str) -> LprsResult<PathBuf> {
|
pub fn local_project_file(filename: &str) -> LprsResult<PathBuf> {
|
||||||
|
@ -42,11 +40,7 @@ pub fn local_project_file(filename: &str) -> LprsResult<PathBuf> {
|
||||||
pub fn vaults_file() -> LprsResult<PathBuf> {
|
pub fn vaults_file() -> LprsResult<PathBuf> {
|
||||||
let vaults_file = local_project_file(crate::DEFAULT_VAULTS_FILE)?;
|
let vaults_file = local_project_file(crate::DEFAULT_VAULTS_FILE)?;
|
||||||
if !vaults_file.exists() {
|
if !vaults_file.exists() {
|
||||||
log::info!(
|
fs::File::create(&vaults_file)?;
|
||||||
"Vaults file not found, creating a new one: {:?}",
|
|
||||||
vaults_file.display()
|
|
||||||
);
|
|
||||||
fs::write(&vaults_file, "[]")?;
|
|
||||||
}
|
}
|
||||||
Ok(vaults_file)
|
Ok(vaults_file)
|
||||||
}
|
}
|
||||||
|
@ -71,9 +65,9 @@ pub fn password_validator(password: &str) -> Result<Validation, inquire::CustomU
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Ask the user for the master password, then returns it
|
/// Ask the user for the master password, then returns it
|
||||||
pub fn master_password_prompt(vaults_file: &Path) -> LprsResult<String> {
|
///
|
||||||
let is_new_vaults_file = vault::is_new_vaults_file(vaults_file)?;
|
/// Return's the password as 32 bytes after hash it (256 bit)
|
||||||
|
pub fn master_password_prompt(is_new_vaults_file: bool) -> LprsResult<[u8; 32]> {
|
||||||
inquire::Password {
|
inquire::Password {
|
||||||
message: "Master Password:",
|
message: "Master Password:",
|
||||||
enable_confirmation: is_new_vaults_file,
|
enable_confirmation: is_new_vaults_file,
|
||||||
|
@ -87,7 +81,7 @@ pub fn master_password_prompt(vaults_file: &Path) -> LprsResult<String> {
|
||||||
.with_formatter(&|p| "*".repeat(p.chars().count()))
|
.with_formatter(&|p| "*".repeat(p.chars().count()))
|
||||||
.with_display_mode(inquire::PasswordDisplayMode::Masked)
|
.with_display_mode(inquire::PasswordDisplayMode::Masked)
|
||||||
.prompt()
|
.prompt()
|
||||||
.map(sha256::digest)
|
.map(|p| sha2::Sha256::digest(p).into())
|
||||||
.map_err(Into::into)
|
.map_err(Into::into)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -14,53 +14,44 @@
|
||||||
// You should have received a copy of the GNU General Public License
|
// You should have received a copy of the GNU General Public License
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
||||||
|
|
||||||
use base64::Engine;
|
use aes::cipher::{block_padding::Pkcs7, BlockDecryptMut, BlockEncryptMut, KeyIvInit};
|
||||||
use soft_aes::aes::{aes_dec_ecb, aes_enc_ecb};
|
use rand::{rngs::StdRng, Rng, SeedableRng};
|
||||||
|
use std::time::{SystemTime, UNIX_EPOCH};
|
||||||
|
|
||||||
use crate::{LprsError, LprsResult};
|
use crate::{LprsError, LprsResult};
|
||||||
|
|
||||||
/// Encrypt the string with AEC ECB
|
type Aes256CbcEnc = cbc::Encryptor<aes::Aes256>;
|
||||||
pub fn encrypt(master_password: &[u8], data: &str) -> LprsResult<String> {
|
type Aes256CbcDec = cbc::Decryptor<aes::Aes256>;
|
||||||
let padding = Some("PKCS7");
|
|
||||||
|
|
||||||
aes_enc_ecb(data.as_bytes(), master_password, padding)
|
/// Encrypt the given data by the given key using AES-256 CBC
|
||||||
.map(|d| crate::STANDARDBASE.encode(d))
|
///
|
||||||
.map_err(|err| LprsError::Encryption(err.to_string()))
|
/// Note: The IV will be add it to the end of the ciphertext (Last 16 bytes)
|
||||||
}
|
pub(crate) fn encrypt(master_password: &[u8; 32], data: &[u8]) -> Vec<u8> {
|
||||||
|
let iv: [u8; 16] = StdRng::seed_from_u64(
|
||||||
/// Decrypt the string with AEC ECB
|
SystemTime::now()
|
||||||
pub fn decrypt(master_password: &[u8], data: &str) -> LprsResult<String> {
|
.duration_since(UNIX_EPOCH)
|
||||||
let padding = Some("PKCS7");
|
.expect("SystemTime before UNIX EPOCH!")
|
||||||
|
.as_secs(),
|
||||||
aes_dec_ecb(
|
|
||||||
crate::STANDARDBASE.decode(data)?.as_slice(),
|
|
||||||
master_password,
|
|
||||||
padding,
|
|
||||||
)
|
)
|
||||||
.map_err(|err| {
|
.gen();
|
||||||
if err.to_string().contains("Invalid padding") {
|
|
||||||
LprsError::WrongMasterPassword
|
let mut ciphertext =
|
||||||
} else {
|
Aes256CbcEnc::new(master_password.into(), &iv.into()).encrypt_padded_vec_mut::<Pkcs7>(data);
|
||||||
LprsError::Decryption(err.to_string())
|
ciphertext.extend(&iv);
|
||||||
}
|
ciphertext
|
||||||
})
|
|
||||||
.map(|d| String::from_utf8(d).map_err(LprsError::Utf8))?
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encrypt if the `Option` are `Some`
|
/// Decrypt the given data by the given key, the data should
|
||||||
pub fn encrypt_some(
|
/// be encrypted by AES-256 CBC. The IV will be extraxted
|
||||||
master_password: &[u8],
|
/// from the last 16 bytes.
|
||||||
data: Option<impl AsRef<str>>,
|
pub(crate) fn decrypt(master_password: &[u8; 32], data: &[u8]) -> LprsResult<Vec<u8>> {
|
||||||
) -> LprsResult<Option<String>> {
|
let (ciphertext, iv) = data.split_at(
|
||||||
data.map(|d| encrypt(master_password, d.as_ref()))
|
data.len()
|
||||||
.transpose()
|
.checked_sub(16)
|
||||||
}
|
.ok_or_else(|| LprsError::Decryption)?,
|
||||||
|
);
|
||||||
|
|
||||||
/// Decrypt if the `Option` are `Some`
|
Aes256CbcDec::new(master_password.into(), iv.into())
|
||||||
pub fn decrypt_some(
|
.decrypt_padded_vec_mut::<Pkcs7>(ciphertext)
|
||||||
master_password: &[u8],
|
.map_err(|_| LprsError::Decryption)
|
||||||
data: Option<impl AsRef<str>>,
|
|
||||||
) -> LprsResult<Option<String>> {
|
|
||||||
data.map(|d| decrypt(master_password, d.as_ref()))
|
|
||||||
.transpose()
|
|
||||||
}
|
}
|
||||||
|
|
115
src/vault/mod.rs
115
src/vault/mod.rs
|
@ -16,6 +16,7 @@
|
||||||
|
|
||||||
use std::{fs, path::PathBuf};
|
use std::{fs, path::PathBuf};
|
||||||
|
|
||||||
|
use base64::Engine;
|
||||||
use clap::{Parser, ValueEnum};
|
use clap::{Parser, ValueEnum};
|
||||||
use serde::{Deserialize, Serialize};
|
use serde::{Deserialize, Serialize};
|
||||||
|
|
||||||
|
@ -24,10 +25,8 @@ use crate::{LprsError, LprsResult};
|
||||||
pub mod cipher;
|
pub mod cipher;
|
||||||
|
|
||||||
mod bitwarden;
|
mod bitwarden;
|
||||||
mod validator;
|
|
||||||
|
|
||||||
pub use bitwarden::*;
|
pub use bitwarden::*;
|
||||||
pub use validator::*;
|
|
||||||
|
|
||||||
#[derive(Clone, Debug, ValueEnum)]
|
#[derive(Clone, Debug, ValueEnum)]
|
||||||
pub enum Format {
|
pub enum Format {
|
||||||
|
@ -36,7 +35,6 @@ pub enum Format {
|
||||||
}
|
}
|
||||||
|
|
||||||
/// The vault struct
|
/// The vault struct
|
||||||
#[serde_with_macros::skip_serializing_none]
|
|
||||||
#[derive(Clone, Debug, Deserialize, Serialize, Parser)]
|
#[derive(Clone, Debug, Deserialize, Serialize, Parser)]
|
||||||
pub struct Vault {
|
pub struct Vault {
|
||||||
/// The name of the vault
|
/// The name of the vault
|
||||||
|
@ -60,7 +58,7 @@ pub struct Vault {
|
||||||
#[derive(Default)]
|
#[derive(Default)]
|
||||||
pub struct Vaults {
|
pub struct Vaults {
|
||||||
/// Hash of the master password
|
/// Hash of the master password
|
||||||
pub master_password: Vec<u8>,
|
pub master_password: [u8; 32],
|
||||||
/// The json vaults file
|
/// The json vaults file
|
||||||
pub vaults_file: PathBuf,
|
pub vaults_file: PathBuf,
|
||||||
/// The vaults
|
/// The vaults
|
||||||
|
@ -85,28 +83,6 @@ impl Vault {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Decrypt the vault
|
|
||||||
pub fn decrypt(&self, master_password: &[u8]) -> LprsResult<Vault> {
|
|
||||||
Ok(Vault::new(
|
|
||||||
cipher::decrypt(master_password, &self.name)?,
|
|
||||||
cipher::decrypt_some(master_password, self.username.as_ref())?,
|
|
||||||
cipher::decrypt_some(master_password, self.password.as_ref())?,
|
|
||||||
cipher::decrypt_some(master_password, self.service.as_ref())?,
|
|
||||||
cipher::decrypt_some(master_password, self.note.as_ref())?,
|
|
||||||
))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Encrypt the vault
|
|
||||||
pub fn encrypt(&self, master_password: &[u8]) -> LprsResult<Vault> {
|
|
||||||
Ok(Vault::new(
|
|
||||||
cipher::encrypt(master_password, &self.name)?,
|
|
||||||
cipher::encrypt_some(master_password, self.username.as_ref())?,
|
|
||||||
cipher::encrypt_some(master_password, self.password.as_ref())?,
|
|
||||||
cipher::encrypt_some(master_password, self.service.as_ref())?,
|
|
||||||
cipher::encrypt_some(master_password, self.note.as_ref())?,
|
|
||||||
))
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Return the name of the vault with the service if there
|
/// Return the name of the vault with the service if there
|
||||||
pub fn list_name(&self) -> String {
|
pub fn list_name(&self) -> String {
|
||||||
use std::fmt::Write;
|
use std::fmt::Write;
|
||||||
|
@ -126,7 +102,7 @@ impl Vault {
|
||||||
|
|
||||||
impl Vaults {
|
impl Vaults {
|
||||||
/// Create new [`Vaults`] instnce
|
/// Create new [`Vaults`] instnce
|
||||||
pub fn new(master_password: Vec<u8>, vaults_file: PathBuf, vaults: Vec<Vault>) -> Self {
|
pub fn new(master_password: [u8; 32], vaults_file: PathBuf, vaults: Vec<Vault>) -> Self {
|
||||||
Self {
|
Self {
|
||||||
master_password,
|
master_password,
|
||||||
vaults_file,
|
vaults_file,
|
||||||
|
@ -134,22 +110,65 @@ impl Vaults {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encrypt the vaults
|
/// Add new vault
|
||||||
pub fn encrypt_vaults(&self) -> LprsResult<Vec<Vault>> {
|
pub fn add_vault(&mut self, vault: Vault) {
|
||||||
self.vaults
|
self.vaults.push(vault)
|
||||||
.iter()
|
|
||||||
.map(|p| p.encrypt(&self.master_password))
|
|
||||||
.collect()
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Reload the vaults from the file then decrypt it
|
/// Encrypt the vaults then returns it as json.
|
||||||
pub fn try_reload(vaults_file: PathBuf, master_password: Vec<u8>) -> LprsResult<Self> {
|
///
|
||||||
let vaults = serde_json::from_str::<Vec<Vault>>(&fs::read_to_string(&vaults_file)?)?
|
/// This function used to backup the vaults.
|
||||||
.into_iter()
|
///
|
||||||
.map(|p| p.decrypt(master_password.as_slice()))
|
/// Note: The returned string is `Vec<Vault>`
|
||||||
.collect::<LprsResult<Vec<Vault>>>()?;
|
pub fn json_export(&self) -> LprsResult<String> {
|
||||||
|
let encrypt = |val: &str| {
|
||||||
|
LprsResult::Ok(
|
||||||
|
crate::BASE64.encode(cipher::encrypt(&self.master_password, val.as_ref())),
|
||||||
|
)
|
||||||
|
};
|
||||||
|
|
||||||
Ok(Self::new(master_password, vaults_file, vaults))
|
serde_json::to_string(
|
||||||
|
&self
|
||||||
|
.vaults
|
||||||
|
.iter()
|
||||||
|
.map(|v| {
|
||||||
|
LprsResult::Ok(Vault::new(
|
||||||
|
encrypt(&v.name)?,
|
||||||
|
v.username.as_ref().and_then(|u| encrypt(u).ok()),
|
||||||
|
v.password.as_ref().and_then(|p| encrypt(p).ok()),
|
||||||
|
v.service.as_ref().and_then(|s| encrypt(s).ok()),
|
||||||
|
v.note.as_ref().and_then(|n| encrypt(n).ok()),
|
||||||
|
))
|
||||||
|
})
|
||||||
|
.collect::<LprsResult<Vec<_>>>()?,
|
||||||
|
)
|
||||||
|
.map_err(Into::into)
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Reload the vaults from json data.
|
||||||
|
///
|
||||||
|
/// This function used to import backup vaults.
|
||||||
|
pub fn json_reload(master_password: &[u8; 32], json_data: &[u8]) -> LprsResult<Vec<Vault>> {
|
||||||
|
let decrypt = |val: &str| {
|
||||||
|
String::from_utf8(cipher::decrypt(
|
||||||
|
master_password,
|
||||||
|
&crate::BASE64.decode(val)?,
|
||||||
|
)?)
|
||||||
|
.map_err(|err| LprsError::Other(err.to_string()))
|
||||||
|
};
|
||||||
|
|
||||||
|
serde_json::from_slice::<Vec<Vault>>(json_data)?
|
||||||
|
.into_iter()
|
||||||
|
.map(|v| {
|
||||||
|
LprsResult::Ok(Vault::new(
|
||||||
|
decrypt(&v.name)?,
|
||||||
|
v.username.as_ref().and_then(|u| decrypt(u).ok()),
|
||||||
|
v.password.as_ref().and_then(|p| decrypt(p).ok()),
|
||||||
|
v.service.as_ref().and_then(|s| decrypt(s).ok()),
|
||||||
|
v.note.as_ref().and_then(|n| decrypt(n).ok()),
|
||||||
|
))
|
||||||
|
})
|
||||||
|
.collect()
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Encrypt the vaults then export it to the file
|
/// Encrypt the vaults then export it to the file
|
||||||
|
@ -160,14 +179,22 @@ impl Vaults {
|
||||||
);
|
);
|
||||||
fs::write(
|
fs::write(
|
||||||
&self.vaults_file,
|
&self.vaults_file,
|
||||||
serde_json::to_string(&self.encrypt_vaults()?)?,
|
cipher::encrypt(&self.master_password, &bincode::serialize(&self.vaults)?),
|
||||||
)
|
)
|
||||||
.map_err(LprsError::Io)
|
.map_err(LprsError::Io)
|
||||||
}
|
}
|
||||||
|
|
||||||
/// Add new vault
|
/// Reload the vaults from the file then decrypt it
|
||||||
pub fn add_vault(&mut self, vault: Vault) {
|
pub fn try_reload(vaults_file: PathBuf, master_password: [u8; 32]) -> LprsResult<Self> {
|
||||||
self.vaults.push(vault)
|
let vaults_data = fs::read(&vaults_file)?;
|
||||||
|
|
||||||
|
let vaults: Vec<Vault> = if vaults_data.is_empty() {
|
||||||
|
vec![]
|
||||||
|
} else {
|
||||||
|
bincode::deserialize(&cipher::decrypt(&master_password, &vaults_data)?)?
|
||||||
|
};
|
||||||
|
|
||||||
|
Ok(Self::new(master_password, vaults_file, vaults))
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -1,35 +0,0 @@
|
||||||
// Lprs - A local CLI vault manager
|
|
||||||
// Copyright (C) 2024 Awiteb <a@4rs.nl>
|
|
||||||
//
|
|
||||||
// This program is free software: you can redistribute it and/or modify
|
|
||||||
// it under the terms of the GNU General Public License as published by
|
|
||||||
// the Free Software Foundation, either version 3 of the License, or
|
|
||||||
// (at your option) any later version.
|
|
||||||
//
|
|
||||||
// This program is distributed in the hope that it will be useful,
|
|
||||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
||||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
||||||
// GNU General Public License for more details.
|
|
||||||
//
|
|
||||||
// You should have received a copy of the GNU General Public License
|
|
||||||
// along with this program. If not, see <https://www.gnu.org/licenses/gpl-3.0.html>.
|
|
||||||
|
|
||||||
use std::{fs, path::Path};
|
|
||||||
|
|
||||||
use crate::LprsResult;
|
|
||||||
|
|
||||||
use super::Vault;
|
|
||||||
|
|
||||||
/// Return if the vaults file new file or not
|
|
||||||
pub fn is_new_vaults_file(path: &Path) -> LprsResult<bool> {
|
|
||||||
if path.exists() {
|
|
||||||
let file_content = fs::read_to_string(path)?;
|
|
||||||
if !file_content.is_empty()
|
|
||||||
&& file_content.trim() != "[]"
|
|
||||||
&& serde_json::from_str::<Vec<Vault>>(&file_content).is_ok()
|
|
||||||
{
|
|
||||||
return Ok(false);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(true)
|
|
||||||
}
|
|
Loading…
Reference in a new issue