rudric 0.1.7

CLI tool for managing secrets in a secure way
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

use std::path::Path;

use anyhow::{bail, Result};
use orion::aead;
use sqlx::SqlitePool;

use crate::{db, prompt};

use super::{session::SessionToken, user::User};

pub struct App {
    pub db: SqlitePool,
    pub master_key: aead::SecretKey,
    pub auth_method: AuthMethod,
}

#[derive(PartialEq)]
pub enum AuthMethod {
    Password,
    Session,
}

impl App {
    pub async fn new(config_dir: &Path, check_session: bool) -> Result<Self> {
        if !db::exists(config_dir).await? {
            bail!(
                "Vault not found at {}",
                db::db_path(config_dir).to_string_lossy()
            )
        }

        let db = db::connect(config_dir).await?;

        if check_session {
            if let Ok(st) = SessionToken::from_env() {
                let master_key = st.into_master_key(&db).await?;
                return Ok(Self {
                    db,
                    master_key,
                    auth_method: AuthMethod::Session,
                });
            }
        };

        let input_password = prompt::read_password()?;
        let user = Self::authenticate_user(&db, &input_password).await?;
        let master_key = user.master_key(&input_password)?;

        Ok(Self {
            db,
            master_key,
            auth_method: AuthMethod::Password,
        })
    }

    pub async fn authenticate_user(db: &SqlitePool, password: &str) -> Result<User> {
        let user = User::load(db).await?;

        if user.authenticate(password) {
            Ok(user)
        } else {
            bail!("Invalid master password")
        }
    }
}