oboron-cli-core 0.1.0

Shared CLI plumbing for the oboron protocol tooling — profile/config management for the ~/.oboron/ dir, key normalization, file backup.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191

//! Per-profile files at `~/.oboron/profiles/<NAME>.json`.

use anyhow::{anyhow, bail, Context, Result};
use serde_json::Value;
use std::fs;
use std::path::PathBuf;

use crate::config::{read_json_or_empty, write_json};
use crate::key::{normalize_key_classify, normalize_key_to_hex, KeyFormat};
use crate::paths::{backup_dir, profile_dir, profile_path};

#[derive(Debug, Default, Clone)]
pub struct KeyProfile {
    /// The key as stored. May be hex (128 chars, canonical) or base64
    /// (86 chars, legacy/deprecated).
    pub key: Option<String>,
}

/// Validate a profile name (no path traversal; alphanumeric + `-` + `_` only).
pub fn validate_profile_name(name: &str) -> Result<()> {
    if name.is_empty() {
        bail!("profile name is empty");
    }
    if name.contains('/') || name.contains('\\') || name.contains("..") {
        bail!("profile name '{name}' contains invalid path characters");
    }
    if !name
        .chars()
        .all(|c| c.is_alphanumeric() || c == '-' || c == '_')
    {
        bail!(
            "profile name '{name}' contains invalid characters; \
             only alphanumeric, '-' and '_' allowed"
        );
    }
    Ok(())
}

pub fn load_profile(name: &str) -> Result<KeyProfile> {
    let path = profile_path(name)?;
    if !path.exists() {
        bail!("profile '{name}' not found (looked at {})", path.display());
    }
    let v = crate::config::read_json(&path)?;
    let key = v.get("key").and_then(Value::as_str).map(str::to_string);
    Ok(KeyProfile { key })
}

/// Load `<name>`'s key and return it as a 128-char hex string.
pub fn load_profile_key_as_hex(name: &str) -> Result<String> {
    let p = load_profile(name)?;
    let key = p
        .key
        .ok_or_else(|| anyhow!("profile '{name}' has no `key` field"))?;
    normalize_key_to_hex(&key).with_context(|| format!("invalid key in profile '{name}'"))
}

/// Result of [`load_profile_key`]: the canonical hex key plus, if a
/// migration happened, the path to the backup of the pre-migration
/// profile file.
#[derive(Debug, Clone)]
pub struct LoadedKey {
    pub hex: String,
    /// `Some(path)` if the stored profile had a legacy base64 key
    /// that we just rewrote in place to canonical hex; `None`
    /// otherwise. Callers should display this to the user as a
    /// migration notice.
    pub migrated_backup: Option<PathBuf>,
}

/// Load `<name>`'s key as canonical hex, **auto-migrating** any
/// legacy base64 profile in place.
///
/// If the stored key was 86-char base64, this rewrites the profile
/// file with the equivalent 128-char hex (creating a backup of the
/// pre-migration file). The returned [`LoadedKey::migrated_backup`]
/// is `Some(path)` in that case, so callers can print a notice.
///
/// Used by the `ob` and `obc` CLIs during the base64 → hex transition;
/// once base64 support is removed before oboron 1.0, this function
/// becomes equivalent to [`load_profile_key_as_hex`].
pub fn load_profile_key(name: &str) -> Result<LoadedKey> {
    let p = load_profile(name)?;
    let key = p
        .key
        .ok_or_else(|| anyhow!("profile '{name}' has no `key` field"))?;
    let (hex, fmt) = normalize_key_classify(&key)
        .with_context(|| format!("invalid key in profile '{name}'"))?;
    let migrated_backup = if fmt == KeyFormat::LegacyBase64 {
        // Rewrite the profile with the canonical hex form.
        save_profile(
            name,
            &KeyProfile {
                key: Some(hex.clone()),
            },
        )?
    } else {
        None
    };
    Ok(LoadedKey {
        hex,
        migrated_backup,
    })
}

/// Save a profile. Preserves unknown fields; backs up the existing
/// file (if any) before overwriting. Returns the backup path, if one
/// was created.
pub fn save_profile(name: &str, profile: &KeyProfile) -> Result<Option<PathBuf>> {
    validate_profile_name(name)?;
    let backup = backup_profile(name)?;
    let path = profile_path(name)?;
    let mut v = read_json_or_empty(&path)?;
    let obj = v
        .as_object_mut()
        .ok_or_else(|| anyhow!("{} is not a JSON object", path.display()))?;
    if let Some(k) = &profile.key {
        obj.insert("key".into(), Value::String(k.clone()));
    }
    write_json(&path, &v)?;
    Ok(backup)
}

/// List all profile names, sorted.
pub fn list_profiles() -> Result<Vec<String>> {
    let dir = profile_dir()?;
    if !dir.exists() {
        return Ok(Vec::new());
    }
    let mut names = Vec::new();
    for entry in fs::read_dir(&dir).context("read profile directory")? {
        let entry = entry.context("read profile entry")?;
        let path = entry.path();
        if path.extension().and_then(|s| s.to_str()) == Some("json") {
            if let Some(name) = path.file_stem().and_then(|s| s.to_str()) {
                names.push(name.to_string());
            }
        }
    }
    names.sort();
    Ok(names)
}

pub fn delete_profile(name: &str) -> Result<Option<PathBuf>> {
    validate_profile_name(name)?;
    let path = profile_path(name)?;
    if !path.exists() {
        bail!("profile '{name}' does not exist");
    }
    let backup = backup_profile(name)?;
    fs::remove_file(&path).with_context(|| format!("remove {}", path.display()))?;
    Ok(backup)
}

pub fn rename_profile(old_name: &str, new_name: &str) -> Result<Option<PathBuf>> {
    validate_profile_name(old_name)?;
    validate_profile_name(new_name)?;
    let old_path = profile_path(old_name)?;
    let new_path = profile_path(new_name)?;
    if !old_path.exists() {
        bail!("profile '{old_name}' does not exist");
    }
    if new_path.exists() {
        bail!("profile '{new_name}' already exists — cannot rename onto it");
    }
    let backup = backup_profile(old_name)?;
    fs::rename(&old_path, &new_path).with_context(|| {
        format!("rename {}{}", old_path.display(), new_path.display())
    })?;
    Ok(backup)
}

/// Back up a profile file (if it exists). Returns the backup path, or
/// `None` if the source didn't exist.
fn backup_profile(name: &str) -> Result<Option<PathBuf>> {
    let path = profile_path(name)?;
    if !path.exists() {
        return Ok(None);
    }
    let ts = std::time::SystemTime::now()
        .duration_since(std::time::UNIX_EPOCH)
        .map_err(|e| anyhow!("system time error: {e}"))?
        .as_secs();
    let backup_path = backup_dir()?.join(format!("{name}-{ts}.json"));
    if let Some(parent) = backup_path.parent() {
        fs::create_dir_all(parent).context("create backup directory")?;
    }
    fs::copy(&path, &backup_path)
        .with_context(|| format!("backup profile '{name}'"))?;
    Ok(Some(backup_path))
}