1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
use std::env;
use magic_crypt::{MagicCrypt256, MagicCryptTrait};
use proc_macro::{TokenStream, TokenTree};
use proc_macro2::Literal;
use quote::quote;
use rand::{distributions::Alphanumeric, rngs::OsRng, Rng};
#[proc_macro]
pub fn envcrypt(tokens: TokenStream) -> TokenStream {
let variable = get_variable(tokens);
let EncryptedVariable { key, iv, encrypted } = encrypt(variable);
quote! {
{
envcrypt::__internal::decrypt(#key, #iv, #encrypted)
}
}
.into()
}
struct EncryptedVariable {
key: Literal,
iv: Literal,
encrypted: Literal,
}
fn encrypt(variable: String) -> EncryptedVariable {
let key = OsRng
.sample_iter(Alphanumeric)
.take(256)
.map(char::from)
.collect::<String>();
let iv = OsRng
.sample_iter(Alphanumeric)
.take(256)
.map(char::from)
.collect::<String>();
let magic = MagicCrypt256::new(&key, Some(&iv));
let encrypted = magic.encrypt_str_to_base64(variable);
EncryptedVariable {
key: Literal::string(&key),
iv: Literal::string(&iv),
encrypted: Literal::string(&encrypted),
}
}
fn get_variable(tokens: TokenStream) -> String {
let key = if let Some(TokenTree::Literal(literal)) = tokens.into_iter().next() {
let with_quotes = literal.to_string();
with_quotes[1..with_quotes.len() - 1].to_owned()
} else {
panic!("Expected a string literal")
};
if let Ok(var) = env::var(&key) {
var
} else {
panic!("Failed to find environment variable {key}")
}
}