naru-config 0.7.0

A security-first configuration manager with encryption and audit logging
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101

pub use crate::core::cipher::Cipher;
pub use crate::core::key_derivation::{generate_salt, validate_key_strength};

pub fn encrypt_data(data: &str, key: &[u8; 32]) -> Result<String, Box<dyn std::error::Error>> {
    let cipher = Cipher::new(*key);
    cipher.encrypt(data)
}

pub fn decrypt_data(
    encrypted_hex: &str,
    key: &[u8; 32],
) -> Result<String, Box<dyn std::error::Error>> {
    let cipher = Cipher::new(*key);
    cipher.decrypt(encrypted_hex)
}

pub fn encrypt_file(
    input_path: &str,
    output_path: &str,
    key: &[u8; 32],
) -> Result<(), Box<dyn std::error::Error>> {
    use crate::core::file_security::check_file_size;
    use crate::core::path_sanitizer::sanitize_file_path;

    let sanitized_input = sanitize_file_path(input_path)?;
    let sanitized_output = sanitize_file_path(output_path)?;

    check_file_size(&sanitized_input, 10 * 1024 * 1024)?;

    let content = std::fs::read_to_string(&sanitized_input)?;
    let encrypted = encrypt_data(&content, key)?;
    std::fs::write(&sanitized_output, encrypted)?;
    Ok(())
}

pub fn decrypt_file(
    input_path: &str,
    output_path: &str,
    key: &[u8; 32],
) -> Result<(), Box<dyn std::error::Error>> {
    use crate::core::file_security::check_file_size;
    use crate::core::path_sanitizer::sanitize_file_path;

    let sanitized_input = sanitize_file_path(input_path)?;
    let sanitized_output = sanitize_file_path(output_path)?;

    check_file_size(&sanitized_input, 10 * 1024 * 1024)?;

    let encrypted_content = std::fs::read_to_string(&sanitized_input)?;
    let decrypted = decrypt_data(&encrypted_content, key)?;
    std::fs::write(&sanitized_output, decrypted)?;
    Ok(())
}

#[cfg(test)]
mod tests {
    use super::*;

    #[test]
    fn test_encrypt_decrypt_data() {
        let key = [0u8; 32];
        let original = "Hello World!";

        let encrypted = encrypt_data(original, &key).unwrap();
        let decrypted = decrypt_data(&encrypted, &key).unwrap();

        assert_eq!(original, decrypted);
    }

    #[test]
    fn test_encrypt_file_integration() {
        use file_crypto::{decrypt_file, encrypt_file};
        use tempfile::TempDir;

        let temp_dir = TempDir::new().unwrap();
        let input_file = temp_dir.path().join("input.txt");
        let encrypted_file = temp_dir.path().join("encrypted.txt");
        let decrypted_file = temp_dir.path().join("decrypted.txt");

        std::fs::write(&input_file, "Test data").unwrap();

        encrypt_file(
            input_file.to_str().unwrap(),
            encrypted_file.to_str().unwrap(),
            "password",
        )
        .unwrap();

        decrypt_file(
            encrypted_file.to_str().unwrap(),
            decrypted_file.to_str().unwrap(),
            "password",
        )
        .unwrap();

        let original = std::fs::read_to_string(&input_file).unwrap();
        let decrypted = std::fs::read_to_string(&decrypted_file).unwrap();

        assert_eq!(original, decrypted);
    }
}