gitorii 0.6.3

A human-first Git client with simplified commands, snapshots, multi-platform mirrors and built-in secret scanning
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

//! Local API key storage for torii cloud features.
//!
//! Storage: `~/.config/torii/auth.toml` (chmod 600 on Unix).
//!
//! Override: env var `TORII_API_KEY` always wins. Useful for CI.

use std::fs;
use std::path::PathBuf;

use crate::error::{Result, ToriiError};

const ENV_VAR: &str = "TORII_API_KEY";
const FILE_NAME: &str = "auth.toml";

#[derive(Debug, Clone, Default)]
pub struct ApiKey {
    pub key: String,
    /// Endpoint root used to validate this key. `https://api.gitorii.com` by
    /// default; can be overridden per-key for self-hosted / local dev.
    pub endpoint: String,
}

pub fn default_endpoint() -> String {
    std::env::var("TORII_API_ENDPOINT")
        .unwrap_or_else(|_| "https://api.gitorii.com".to_string())
}

/// Resolve an API key from env (highest priority) or local file.
/// Returns None when no key is configured — caller decides whether that's
/// an error or a sign to skip cloud features.
pub fn load() -> Option<ApiKey> {
    if let Ok(env_key) = std::env::var(ENV_VAR) {
        if !env_key.is_empty() {
            return Some(ApiKey {
                key: env_key,
                endpoint: default_endpoint(),
            });
        }
    }
    let path = config_path()?;
    if !path.exists() {
        return None;
    }
    let text = fs::read_to_string(&path).ok()?;
    parse(&text)
}

/// Persist a key to `~/.config/torii/auth.toml` with chmod 600.
pub fn save(key: &str, endpoint: &str) -> Result<()> {
    let path = config_path().ok_or_else(|| {
        ToriiError::InvalidConfig("could not resolve config dir".to_string())
    })?;
    if let Some(parent) = path.parent() {
        fs::create_dir_all(parent)
            .map_err(|e| ToriiError::InvalidConfig(format!("create dir: {}", e)))?;
    }
    let content = format!(
        "# torii API key — generated by `torii auth login`. Do not share.\n\
         key = \"{}\"\n\
         endpoint = \"{}\"\n",
        key, endpoint,
    );
    fs::write(&path, content)
        .map_err(|e| ToriiError::InvalidConfig(format!("write {}: {}", path.display(), e)))?;
    restrict_permissions(&path);
    Ok(())
}

/// Delete the on-disk key. Idempotent — missing file is OK.
pub fn delete() -> Result<()> {
    let Some(path) = config_path() else {
        return Ok(());
    };
    if path.exists() {
        fs::remove_file(&path)
            .map_err(|e| ToriiError::InvalidConfig(format!("remove {}: {}", path.display(), e)))?;
    }
    Ok(())
}

fn config_path() -> Option<PathBuf> {
    dirs::config_dir().map(|d| d.join("torii").join(FILE_NAME))
}

fn parse(text: &str) -> Option<ApiKey> {
    let mut key = String::new();
    let mut endpoint = default_endpoint();
    for line in text.lines() {
        let line = line.trim();
        if line.is_empty() || line.starts_with('#') {
            continue;
        }
        let (k, v) = line.split_once('=')?;
        let k = k.trim();
        let v = v.trim().trim_matches('"').to_string();
        match k {
            "key" => key = v,
            "endpoint" => endpoint = v,
            _ => {}
        }
    }
    if key.is_empty() {
        None
    } else {
        Some(ApiKey { key, endpoint })
    }
}

#[cfg(unix)]
fn restrict_permissions(path: &std::path::Path) {
    use std::os::unix::fs::PermissionsExt;
    let _ = fs::set_permissions(path, fs::Permissions::from_mode(0o600));
}

#[cfg(not(unix))]
fn restrict_permissions(_: &std::path::Path) {}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn parse_minimal() {
        let k = parse("key = \"gitorii_sk_abc\"").unwrap();
        assert_eq!(k.key, "gitorii_sk_abc");
    }

    #[test]
    fn parse_with_endpoint() {
        let k = parse("key = \"x\"\nendpoint = \"http://localhost:8080\"").unwrap();
        assert_eq!(k.endpoint, "http://localhost:8080");
    }

    #[test]
    fn parse_empty_returns_none() {
        assert!(parse("").is_none());
        assert!(parse("# comment only").is_none());
    }

    #[test]
    fn parse_ignores_unknown_keys() {
        let k = parse("key = \"x\"\nrandom = \"y\"").unwrap();
        assert_eq!(k.key, "x");
    }
}