Implemented all but update from cli client to server;

solidified encryption; setup deployment mechanism for GCP
2025-12-13 21:07:22 +00:00 · 2019-05-27 18:16:50 -07:00 · 2019-05-27 18:16:50 -07:00 · c5ae0b4ddc
commit c5ae0b4ddc
parent cd24f6e848
28 changed files with 598 additions and 295 deletions
--- a/credentials/commands/commands.go
+++ b/credentials/commands/commands.go
@ -0,0 +1,20 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"os"
+
+	"github.com/mitchell/selfpass/credentials/types"
+)
+
+type CredentialClientInit func(ctx context.Context) (c types.CredentialClient)
+
+func check(err error) {
+	if err != nil {
+		fmt.Println(err)
+		os.Exit(1)
+	}
+}
+
+const KeyPrivateKey = "private_key"
--- a/credentials/commands/create.go
+++ b/credentials/commands/create.go
@ -0,0 +1,153 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"os"
+	"time"
+
+	"github.com/atotto/clipboard"
+	"github.com/pquerna/otp/totp"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/credentials/types"
+	"github.com/mitchell/selfpass/crypto"
+)
+
+func MakeCreate(masterpass string, cfg *viper.Viper, initClient CredentialClientInit) *cobra.Command {
+	var length uint
+	var numbers bool
+	var specials bool
+
+	createCmd := &cobra.Command{
+		Use:   "create",
+		Short: "Create a credential in Selfpass",
+		Long: `Create a credential in Selfpass, and save it to the server after encrypting the
+password.`,
+
+		Run: func(_ *cobra.Command, args []string) {
+			mdqs := []*survey.Question{
+				{
+					Name:   "primary",
+					Prompt: &survey.Input{Message: "Primary user key:"},
+				},
+				{
+					Name:   "sourceHost",
+					Prompt: &survey.Input{Message: "Source host:"},
+				},
+				{
+					Name:   "loginURL",
+					Prompt: &survey.Input{Message: "Login url:"},
+				},
+				{
+					Name:   "tag",
+					Prompt: &survey.Input{Message: "Tag:"},
+				},
+			}
+			cqs := []*survey.Question{
+				{
+					Name:   "username",
+					Prompt: &survey.Input{Message: "Username:"},
+				},
+				{
+					Name:   "email",
+					Prompt: &survey.Input{Message: "Email:"},
+				},
+			}
+			var ci types.CredentialInput
+			check(survey.Ask(mdqs, &ci.MetadataInput))
+			check(survey.Ask(cqs, &ci))
+
+			key, err := hex.DecodeString(cfg.GetString(KeyPrivateKey))
+			check(err)
+
+			keypass, err := crypto.CombinePasswordAndKey([]byte(masterpass), []byte(key))
+			check(err)
+
+			var newpass bool
+			prompt := &survey.Confirm{Message: "Do you want a random password?", Default: true}
+			check(survey.AskOne(prompt, &newpass, nil))
+
+			if newpass {
+				ci.Password = crypto.GeneratePassword(int(length), numbers, specials)
+
+				var copypass bool
+				prompt = &survey.Confirm{Message: "Copy new pass to clipboard?", Default: true}
+				check(survey.AskOne(prompt, &copypass, nil))
+
+				if copypass {
+					check(clipboard.WriteAll(ci.Password))
+				}
+			} else {
+				prompt := &survey.Password{Message: "Password: "}
+				check(survey.AskOne(prompt, &ci.Password, nil))
+
+				var cpass string
+				prompt = &survey.Password{Message: "Confirm password: "}
+				check(survey.AskOne(prompt, &cpass, nil))
+
+				if ci.Password != cpass {
+					fmt.Println("passwords didn't match'")
+					os.Exit(1)
+				}
+			}
+
+			cipherpass, err := crypto.CBCEncrypt(keypass, []byte(ci.Password))
+			check(err)
+
+			ci.Password = base64.StdEncoding.EncodeToString(cipherpass)
+
+			var otp bool
+			prompt = &survey.Confirm{Message: "Do you have an OTP/MFA secret?", Default: true}
+			check(survey.AskOne(prompt, &otp, nil))
+
+			if otp {
+				var secret string
+				prompt := &survey.Password{Message: "OTP secret:"}
+				check(survey.AskOne(prompt, &secret, nil))
+
+				ciphersecret, err := crypto.CBCEncrypt(keypass, []byte(secret))
+				check(err)
+
+				ci.OTPSecret = base64.StdEncoding.EncodeToString(ciphersecret)
+
+				var copyotp bool
+				prompt2 := &survey.Confirm{Message: "Copy new OTP to clipboard?", Default: true}
+				check(survey.AskOne(prompt2, &copyotp, nil))
+
+				if copyotp {
+					otp, err := totp.GenerateCode(secret, time.Now())
+					check(err)
+
+					check(clipboard.WriteAll(otp))
+				}
+			}
+
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*5)
+			defer cancel()
+
+			c, err := initClient(ctx).Create(ctx, ci)
+			check(err)
+
+			fmt.Println(c)
+
+			var cleancb bool
+			prompt = &survey.Confirm{Message: "Do you want to clear the clipboard?", Default: true}
+			check(survey.AskOne(prompt, &cleancb, nil))
+
+			if cleancb {
+				check(clipboard.WriteAll(" "))
+			}
+		},
+	}
+
+	createCmd.Flags().BoolVarP(&numbers, "numbers", "n", true, "use numbers in the generated password")
+	createCmd.Flags().BoolVarP(&specials, "specials", "s", false, "use special characters in the generated password")
+	createCmd.Flags().UintVarP(&length, "length", "l", 32, "length of the generated password")
+
+	return createCmd
+}
--- a/credentials/commands/delete.go
+++ b/credentials/commands/delete.go
@ -0,0 +1,33 @@
+package commands
+
+import (
+	"context"
+	"time"
+
+	"github.com/spf13/cobra"
+	"gopkg.in/AlecAivazis/survey.v1"
+)
+
+func MakeDelete(initConfig CredentialClientInit) *cobra.Command {
+	deleteCmd := &cobra.Command{
+		Use:   "delete [id]",
+		Short: "Delete a credential using the given ID",
+		Long:  `Delete a credential using the given ID, permanently. THERE IS NO UNDOING THIS ACTION.`,
+		Args:  cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			var confirmed bool
+			prompt := &survey.Confirm{Message: "Are you sure you want to permanently delete this credential?"}
+			check(survey.AskOne(prompt, &confirmed, nil))
+
+			if confirmed {
+				ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
+				defer cancel()
+
+				check(initConfig(ctx).Delete(ctx, args[0]))
+			}
+		},
+	}
+
+	return deleteCmd
+}
--- a/credentials/commands/get.go
+++ b/credentials/commands/get.go
@ -0,0 +1,92 @@
+package commands
+
+import (
+	"context"
+	"encoding/base64"
+	"encoding/hex"
+	"fmt"
+	"time"
+
+	"github.com/atotto/clipboard"
+	"github.com/pquerna/otp/totp"
+	"github.com/spf13/cobra"
+	"github.com/spf13/viper"
+	"gopkg.in/AlecAivazis/survey.v1"
+
+	"github.com/mitchell/selfpass/crypto"
+)
+
+func MakeGet(masterpass string, cfg *viper.Viper, initClient CredentialClientInit) *cobra.Command {
+	getCmd := &cobra.Command{
+		Use:   "get [id]",
+		Short: "Get a credential info and copy password to clipboard",
+		Long: `Get a credential's info and copy password to clipboard, from Selfpass server, after
+decrypting password.`,
+		Args: cobra.ExactArgs(1),
+
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
+			defer cancel()
+
+			cred, err := initClient(ctx).Get(ctx, args[0])
+			check(err)
+
+			fmt.Println(cred)
+
+			check(clipboard.WriteAll(string(cred.Primary)))
+
+			fmt.Println("Wrote primary user key to clipboard.")
+
+			key, err := hex.DecodeString(cfg.GetString(KeyPrivateKey))
+			check(err)
+
+			passkey, err := crypto.CombinePasswordAndKey([]byte(masterpass), key)
+			check(err)
+
+			var copyPass bool
+			prompt := &survey.Confirm{Message: "Copy password to clipboard?", Default: true}
+			check(survey.AskOne(prompt, &copyPass, nil))
+
+			if copyPass {
+				passbytes, err := base64.StdEncoding.DecodeString(cred.Password)
+				check(err)
+
+				plainpass, err := crypto.CBCDecrypt(passkey, passbytes)
+
+				check(clipboard.WriteAll(string(plainpass)))
+
+				fmt.Println("Wrote password to clipboard.")
+			}
+
+			if cred.OTPSecret != "" {
+				var newOTP bool
+				prompt = &survey.Confirm{Message: "Generate one time password and copy to clipboard?", Default: true}
+				check(survey.AskOne(prompt, &newOTP, nil))
+
+				if newOTP {
+					secretbytes, err := base64.StdEncoding.DecodeString(cred.OTPSecret)
+					check(err)
+
+					plainsecret, err := crypto.CBCDecrypt(passkey, secretbytes)
+
+					otp, err := totp.GenerateCode(string(plainsecret), time.Now())
+					check(err)
+
+					check(clipboard.WriteAll(otp))
+
+					fmt.Println("Wrote one time password to clipboard.")
+				}
+			}
+
+			var cleancb bool
+			prompt = &survey.Confirm{Message: "Do you want to clear the clipboard?", Default: true}
+			check(survey.AskOne(prompt, &cleancb, nil))
+
+			if cleancb {
+				check(clipboard.WriteAll(" "))
+			}
+		},
+	}
+
+	return getCmd
+}
--- a/credentials/commands/list.go
+++ b/credentials/commands/list.go
@ -0,0 +1,57 @@
+package commands
+
+import (
+	"context"
+	"fmt"
+	"time"
+
+	"github.com/spf13/cobra"
+)
+
+func MakeList(initClient CredentialClientInit) *cobra.Command {
+	var sourceHost string
+
+	listCmd := &cobra.Command{
+		Use:   "list",
+		Short: "List the metadata for all credentials",
+		Long: `List the metadata for all credentials, with the option to filter by source host. Metadata
+includes almost all the information but the most sensitive.`,
+
+		Run: func(cmd *cobra.Command, args []string) {
+			ctx, cancel := context.WithTimeout(context.Background(), time.Second*3)
+			defer cancel()
+
+			mdch, errch := initClient(ctx).GetAllMetadata(ctx, sourceHost)
+
+		receive:
+			for {
+				select {
+				case <-ctx.Done():
+					check(fmt.Errorf("context timeout"))
+
+				case err := <-errch:
+					check(err)
+
+				case md, ok := <-mdch:
+					if !ok {
+						break receive
+					}
+
+					fmt.Println(md)
+				}
+			}
+
+			fmt.Println("Done listing.")
+		},
+	}
+
+	listCmd.Flags().StringVarP(
+		&sourceHost,
+		"source-host",
+		"s",
+		"",
+		"specify which source host to filter the results by",
+	)
+
+	return listCmd
+}