envcrypt-macro 0.5.0

internal
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79

//! Contains the implementation of the encryption side of `envcrypt!`

use chacha20poly1305::{
    aead::{Aead, AeadCore, KeyInit, OsRng},
    ChaCha20Poly1305,
};
use proc_macro::TokenStream;
use proc_macro2::Literal;
use quote::quote;

/// Encrypts an environment variable and returns a tokenized byte array of the encrypted
/// variable along with a key and nonce to decrypt it.
///
/// The implementation here should be the exact inverse of `envcrypt::__internal::decrypt`
pub(crate) fn encrypt<V: Into<UnencryptedVariable>>(v: V) -> TokenStream {
    let unencrypted_variable: UnencryptedVariable = v.into();
    if let Some(variable) = unencrypted_variable.inner() {
        let key = ChaCha20Poly1305::generate_key(&mut OsRng);
        let nonce = ChaCha20Poly1305::generate_nonce(&mut OsRng);

        let cipher = ChaCha20Poly1305::new(&key);

        let encrypted_variable = cipher.encrypt(&nonce, variable.as_bytes()).unwrap();

        let data = key
            .into_iter()
            .chain(nonce.into_iter())
            .chain(encrypted_variable.into_iter())
            .collect::<Vec<_>>();

        let bytestring = Literal::byte_string(&data);

        if unencrypted_variable.is_optional() {
            quote!(::core::option::Option::Some(::envcrypt::__internal::decrypt(#bytestring)))
        } else {
            quote!(::envcrypt::__internal::decrypt(#bytestring))
        }
    } else {
        quote!(::core::option::Option::<&'static str>::None)
    }
    .into()
}

/// The types of environment variables we can encrypt: optional ones (via `option_envc!`) and required
/// ones (via `envc!`)
pub(crate) enum UnencryptedVariable {
    /// A required environment variable
    Required(String),

    /// An optional environment variable
    Optional(Option<String>),
}

impl From<String> for UnencryptedVariable {
    fn from(unencrypted_variable: String) -> Self {
        UnencryptedVariable::Required(unencrypted_variable)
    }
}

impl From<Option<String>> for UnencryptedVariable {
    fn from(option_unencrypted_variable: Option<String>) -> Self {
        UnencryptedVariable::Optional(option_unencrypted_variable)
    }
}

impl UnencryptedVariable {
    /// Get the inner variable, if it exists
    fn inner(&self) -> Option<&String> {
        match self {
            UnencryptedVariable::Optional(ref option) => option.as_ref(),
            UnencryptedVariable::Required(ref v) => Some(v),
        }
    }

    /// Check if the variable is optional
    fn is_optional(&self) -> bool {
        matches!(self, UnencryptedVariable::Optional(_))
    }
}